Merge pull request #2276 from input-output-hk/jpraynaud/certify-protocol-parameters-certificate-chain

Feat: certify protocol parameters and epoch in certificate chain

Author: jpraynaud

CHANGELOG.md

@@ -15,6 +15,8 @@ As a minor extension, we have adopted a slightly different versioning convention
 
 - Activate aggregator HTTP responses compression by the reverse proxy in the infrastructure.
 
+- Support certification of the protocol parameters and epoch in the certificate chain.
+
 - **UNSTABLE** Cardano database incremental certification:
 
   - Implement the artifact routes of the aggregator for the signed entity type `CardanoDatabase`.

Cargo.lock

@@ -37,7 +37,9 @@ Where the following notations have been used:
 - `VK(n)`: Verification key at epoch `n`
 - `AVK(n)`: Aggregrate verification key at epoch `n` such as `AVK(n) = MKT_ROOT(SD(n) || VK(n))`
 - `MKT_ROOT()`: Merkle-tree root
-- `BEACON(p,n)`: Beacon at trigger `p` and epoch `n`
+- `PPARAMS(n)`: Protocol parameters at epoch `n`
+- `EPOCH(n)`: Epoch `n`
+- `BEACON(p,n)`: Beacon at trigger `p` and epoch `n` (includes `EPOCH(n)`)
 - `METADATA(p,n)`: Metadata of the certificate at trigger `p` and epoch `n`
 - `MSG(p,n)`: Message of the certificate at trigger `p` and epoch `n`
 - `MULTI_SIG(p,n)`: Multi-signature created to the message `H(MSG(p,n) || AVK(n-1))`
@@ -92,18 +94,23 @@ An implementation of the algorithm would work as follows for a certificate:
 - **Step 2**: Verify (or fail) that the `current_hash` of the `current_certificate` is valid by computing it and comparing it with the `hash` field of the certificate
 - **Step 3**: Get the `previous_hash` of the `previous_certificate` by reading its value in the `current_certificate`
 - **Step 4**: Verify (or fail) that the `multi_signature` of the `current_certificate` is valid
-- **Step 5**: Retrieve the `previous_certificate` that has the hash `previous_hash`:
-  - **Step 5.1**: If it is not a `genesis_certificate`:
-    - **Step 5.1.1**: Verify (or fail) that the `previous_hash` of the `previous_certificate` is valid by computing it and comparing it with the `hash` field of the certificate:
-    - **Step 5.1.2**: Verify the `current_avk`:
-      - **Step 5.1.2.1**: If the `current_certificate` is the `first_certificate` of the epoch, verify (or fail) that the `current_avk` of the `current_certificate` is part of the message signed by the multi-signature of the `previous_certificate`
-      - **Step 5.1.2.2**: Else verify (or fail) that the `current_avk` of the `current_certificate` is the same as the `current_avk` of the `previous_certificate`
-    - **Step 5.1.3**: Verify (or fail) that the `multi_signature` of the `previous_certificate` is valid
-    - **Step 5.1.4**: Use the `previous_certificate` as `current_certificate` and start again at **Step 2**
-  - **Step 5.2**: If it is a `genesis_certificate`:
-    - **Step 5.2.1**: Verify (or fail) that the `previous_hash` of the `previous_certificate` is valid by computing it and comparing it with the `hash` field of the certificate
-    - **Step 5.2.2**: Verify (or fail) that the `current_avk` of the `current_certificate` is part of the message signed by the genesis signature of the `previous_certificate`
-    - **Step 5.2.3**: The certificate is valid (success).
+- **Step 5**: Verify (or fail) that the `current_epoch` of the `current_certificate` is part of the message signed by the multi-signature of the `current_certificate`
+- **Step 6**: Retrieve the `previous_certificate` that has the hash `previous_hash`:
+  - **Step 6.1**: If it is not a `genesis_certificate`:
+    - **Step 6.1.1**: Verify (or fail) that the `previous_hash` of the `previous_certificate` is valid by computing it and comparing it with the `hash` field of the certificate:
+    - **Step 6.1.2**: Verify the `current_avk`:
+      - **Step 6.1.2.1**: If the `current_certificate` is the `first_certificate` of the epoch
+        - **Step 6.1.2.1.1**: Verify (or fail) that the `current_avk` of the `current_certificate` is part of the message signed by the multi-signature of the `previous_certificate`
+        - **Step 6.1.2.1.2**: Verify (or fail) that the `current_protocol_parameters` of the `current_certificate` is part of the message signed by the multi-signature of the `previous_certificate`
+      - **Step 6.1.2.2**: Else verify (or fail) that the `current_avk` of the `current_certificate` is the same as the `current_avk` of the `previous_certificate`
+    - **Step 6.1.3**: Verify (or fail) that the `multi_signature` of the `previous_certificate` is valid
+    - **Step 6.1.4**: Use the `previous_certificate` as `current_certificate` and start again at **Step 2**
+  - **Step 6.2**: If it is a `genesis_certificate`:
+    - **Step 6.2.1**: Verify (or fail) that the `previous_hash` of the `previous_certificate` is valid by computing it and comparing it with the `hash` field of the certificate
+    - **Step 6.2.2**: Verify (or fail) that the `current_epoch` of the `previous_certificate` is part of the message signed by the genesis_certificate of the `previous_certificate`
+    - **Step 6.2.3**: Verify (or fail) that the `current_avk` of the `current_certificate` is part of the message signed by the genesis signature of the `previous_certificate`
+    - **Step 6.2.4**: Verify (or fail) that the `current_protocol_parameters` of the `current_certificate` is part of the message signed by the genesis signature of the `previous_certificate`
+    - **Step 6.2.5**: The certificate is valid (success).
 
 ## The coexistence of multiple certificate chains
 

docs/website/root/mithril/advanced/mithril-protocol/certificates.md

@@ -1176,7 +1176,6 @@ impl DependenciesBuilder {
             &self.configuration.db_directory,
             self.root_logger(),
         ));
-        let era_checker = self.get_era_checker().await?;
         let signable_builders_dependencies = SignableBuilderServiceDependencies::new(
             mithril_stake_distribution_builder,
             immutable_signable_builder,
@@ -1185,7 +1184,6 @@ impl DependenciesBuilder {
             cardano_database_signable_builder,
         );
         let signable_builder_service = Arc::new(MithrilSignableBuilderService::new(
-            era_checker,
             seed_signable_builder,
             signable_builders_dependencies,
             self.root_logger(),

docs/website/root/mithril/advanced/mithril-protocol/images/certificate-chain.jpg

@@ -717,7 +717,8 @@ mod tests {
         let network = fake_data::network();
         let beacon = CardanoDbBeacon::new(3, 1);
         let signed_entity_type = SignedEntityType::CardanoImmutableFilesFull(beacon.clone());
-        let protocol_message = ProtocolMessage::new();
+        let mut protocol_message = ProtocolMessage::new();
+        protocol_message.set_message_part(ProtocolMessagePartKey::CurrentEpoch, "3".to_string());
         let epochs_with_signers = (1..=3).map(Epoch).collect::<Vec<_>>();
         let fixture = MithrilFixtureBuilder::default().with_signers(3).build();
         let certifier_service = setup_certifier_service_with_network(

mithril-aggregator/src/dependency_injection/builder.rs

@@ -1056,7 +1056,7 @@ mod tests {
             },
             allowed_discriminants: SignedEntityConfig::dummy().allowed_discriminants,
             cardano_era: "CardanoEra".to_string(),
-            mithril_era: SupportedEra::eras()[1],
+            mithril_era: SupportedEra::eras()[0],
             total_spo: 10,
             total_stake: 20_000_000,
             ..EpochServiceBuilder::new(epoch, current_epoch_fixture.clone())
@@ -1077,7 +1077,7 @@ mod tests {
             data.clone(),
             ExpectedEpochData {
                 cardano_era: "CardanoEra".to_string(),
-                mithril_era: SupportedEra::eras()[1],
+                mithril_era: SupportedEra::eras()[0],
                 epoch,
                 protocol_parameters: current_epoch_fixture.protocol_parameters(),
                 next_protocol_parameters: next_epoch_fixture.protocol_parameters(),