Add slashable helper (#1658)

* Adds the helper function `verify_slashable_vote_data`

* Fix import

* Various formatting fixes from the linter

* Turn constants into function parameters

* Use appropriate python instead of pseudocode from spec

* Handle import/use of SignatureDomain enum properly

* Some light refactoring while preferring tuples over lists

Tuples are preferred in this codebase (over lists) due to their immutability.

This commit also contains some other refactorings to break the verification
down into small distinct steps (for better understandability).

* Use 'forward references' for types that need to avoid import issues

* Adjust grammar to be consistent with repo standard

* formatting

* Use more specific name for signature function

* Formatting fixes to satisfy linter

* Move messages generation to property of `SlashableVoteData` class

* Insert missing class for "params" field into test fixture

The prior implementation was passing a flat dictionary (rather than
instantiating a class of the appropriate type with said dictionary) and the
existing tests didn't have a problem with this as they were simply checking
for equality of this dictionary.

This yields a SlashableVoteData instance that fails rlp serialization however
which is fixed by instantiating the appropriate class when we get the
constructor arguments for this fixture

* Add tests performing sanity checks on SlashableVoteData properties

* Minimize the interface this function requests

The function requests less now; this is good practice and if anything makes the
tests easier to write

* Add tests for `verify_slashable_vote_data` helper

* Add `validators` property on BeaconState for convenience

* Change hash of `SlashableVoteData` to be the attestation data

This value is likely to change soon so we just want _some_ hash for now.

We use the attestation data as before we were hashing the entire container
including the signature putting us in a catch-22.

* Update test to reflect updated hash

* Remove unused import to satisfy linter

* variety of linter fixes

* formatting

* Linter caught unused variable that is unnecessary

Change allows for simplification of code

* Linter caught unused function that, in fact, should be tested

* Add additional test property

* Code clean-up

* Be more precise in how we "corrupt" the vote count

* Remove property that may be confused for other representation

* Formatting fixes, some small code adjustments based on feedback

* Tighter test condition

* Use a value for the errant `privkey` that produces invalid signature

The previous value of `0` seems to produce a signature that verifies any message

Author: ralexstokes

eth/beacon/helpers.py

@@ -20,25 +20,36 @@
     get_bitfield_length,
     has_voted,
 )
+import eth._utils.bls as bls
 from eth._utils.numeric import (
     clamp,
 )
 
-from eth.beacon.block_committees_info import BlockCommitteesInfo
-from eth.beacon.types.shard_committees import ShardCommittee
-from eth.beacon.types.validator_registry_delta_block import ValidatorRegistryDeltaBlock
+from eth.beacon.types.validator_registry_delta_block import (
+    ValidatorRegistryDeltaBlock,
+)
+from eth.beacon.block_committees_info import (
+    BlockCommitteesInfo,
+)
+from eth.beacon.enums import (
+    SignatureDomain,
+)
+from eth.beacon.types.shard_committees import (
+    ShardCommittee,
+)
 from eth.beacon._utils.random import (
     shuffle,
     split,
 )
+import functools
 
 
 if TYPE_CHECKING:
-    from eth.beacon.enums import SignatureDomain  # noqa: F401
     from eth.beacon.types.attestation_data import AttestationData  # noqa: F401
     from eth.beacon.types.blocks import BaseBeaconBlock  # noqa: F401
     from eth.beacon.types.states import BeaconState  # noqa: F401
     from eth.beacon.types.fork_data import ForkData  # noqa: F401
+    from eth.beacon.types.slashable_vote_data import SlashableVoteData  # noqa: F401
     from eth.beacon.types.validator_records import ValidatorRecord  # noqa: F401
 
 
@@ -387,7 +398,7 @@ def get_fork_version(fork_data: 'ForkData',
 
 def get_domain(fork_data: 'ForkData',
                slot: int,
-               domain_type: 'SignatureDomain') -> int:
+               domain_type: SignatureDomain) -> int:
     """
     Return the domain number of the current fork and ``domain_type``.
     """
@@ -398,6 +409,72 @@ def get_domain(fork_data: 'ForkData',
     ) * 4294967296 + domain_type
 
 
+@to_tuple
+def get_pubkey_for_indices(validators: Sequence['ValidatorRecord'],
+                           indices: Sequence[int]) -> Iterable[int]:
+    for index in indices:
+        yield validators[index].pubkey
+
+
+@to_tuple
+def generate_aggregate_pubkeys(validators: Sequence['ValidatorRecord'],
+                               vote_data: 'SlashableVoteData') -> Iterable[int]:
+    """
+    Compute the aggregate pubkey we expect based on
+    the proof-of-custody indices found in the ``vote_data``.
+    """
+    proof_of_custody_0_indices = vote_data.aggregate_signature_poc_0_indices
+    proof_of_custody_1_indices = vote_data.aggregate_signature_poc_1_indices
+    all_indices = (proof_of_custody_0_indices, proof_of_custody_1_indices)
+    get_pubkeys = functools.partial(get_pubkey_for_indices, validators)
+    return map(
+        bls.aggregate_pubkeys,
+        map(get_pubkeys, all_indices),
+    )
+
+
+def verify_vote_count(vote_data: 'SlashableVoteData', max_casper_votes: int) -> bool:
+    """
+    Ensure we have no more than ``max_casper_votes`` in the ``vote_data``.
+    """
+    return vote_data.vote_count <= max_casper_votes
+
+
+def verify_slashable_vote_data_signature(state: 'BeaconState',
+                                         vote_data: 'SlashableVoteData') -> bool:
+    """
+    Ensure we have a valid aggregate signature for the ``vote_data``.
+    """
+    pubkeys = generate_aggregate_pubkeys(state.validator_registry, vote_data)
+
+    messages = vote_data.messages
+
+    signature = vote_data.aggregate_signature
+
+    domain = get_domain(state.fork_data, state.slot, SignatureDomain.DOMAIN_ATTESTATION)
+
+    return bls.verify_multiple(
+        pubkeys=pubkeys,
+        messages=messages,
+        signature=signature,
+        domain=domain,
+    )
+
+
+def verify_slashable_vote_data(state: 'BeaconState',
+                               vote_data: 'SlashableVoteData',
+                               max_casper_votes: int) -> bool:
+    """
+    Ensure that the ``vote_data`` is properly assembled and contains the signature
+    we expect from the validators we expect. Otherwise, return False as
+    the ``vote_data`` is invalid.
+    """
+    return (
+        verify_vote_count(vote_data, max_casper_votes) and
+        verify_slashable_vote_data_signature(state, vote_data)
+    )
+
+
 def is_double_vote(attestation_data_1: 'AttestationData',
                    attestation_data_2: 'AttestationData') -> bool:
     """

eth/beacon/types/slashable_vote_data.py

@@ -4,7 +4,12 @@
 )
 from typing import (
     Sequence,
+    Tuple,
 )
+from eth_typing import (
+    Hash32,
+)
+from eth.beacon._utils.hash import hash_eth2
 from eth.rlp.sedes import (
     uint24,
     uint384,
@@ -38,3 +43,39 @@ def __init__(self,
             data,
             aggregate_signature,
         )
+
+    _hash = None
+
+    @property
+    def hash(self) -> Hash32:
+        if self._hash is None:
+            self._hash = hash_eth2(rlp.encode(self.data))
+        return self._hash
+
+    @property
+    def root(self) -> Hash32:
+        # Alias of `hash`.
+        # Using flat hash, will likely use SSZ tree hash.
+        return self.hash
+
+    _vote_count = None
+
+    @property
+    def vote_count(self) -> int:
+        if self._vote_count is None:
+            count_zero_indices = len(self.aggregate_signature_poc_0_indices)
+            count_one_indices = len(self.aggregate_signature_poc_1_indices)
+            self._vote_count = count_zero_indices + count_one_indices
+        return self._vote_count
+
+    @property
+    def messages(self) -> Tuple[bytes, bytes]:
+        """
+        Build the messages that validators are expected to sign for a ``CasperSlashing`` operation.
+        """
+        # TODO: change to hash_tree_root(vote_data) when we have SSZ tree hashing
+        vote_data_root = self.root
+        return (
+            vote_data_root + (0).to_bytes(1, 'big'),
+            vote_data_root + (1).to_bytes(1, 'big'),
+        )

tests/beacon/conftest.py

@@ -283,7 +283,7 @@ def sample_slashable_vote_data_params(sample_attestation_data_params):
     return {
         'aggregate_signature_poc_0_indices': (10, 11, 12, 15, 28),
         'aggregate_signature_poc_1_indices': (7, 8, 100, 131, 249),
-        'data': sample_attestation_data_params,
+        'data': AttestationData(**sample_attestation_data_params),
         'aggregate_signature': (1, 2, 3, 4, 5),
     }