Merge pull request #620 from input-output-hk/simplify-signature

Simplify signature

Author: iquerejeta

Cargo.lock

@@ -36,6 +36,10 @@ pub enum ProtocolError {
     #[error("signer already registered")]
     ExistingSigner(),
 
+    /// Signer was not registered.
+    #[error("signer did not register")]
+    UnregisteredParty(),
+
     /// Signer registration failed.
     #[error("signer registration failed")]
     FailedSignerRegistration(#[from] ProtocolRegistrationError),
@@ -696,16 +700,31 @@ impl MultiSigner for MultiSignerImpl {
             .get_protocol_parameters()
             .await?
             .ok_or_else(ProtocolError::UnavailableProtocolParameters)?;
-        let avk = &self
+
+        let clerk = self
             .clerk
             .as_ref()
-            .ok_or_else(ProtocolError::UnavailableClerk)?
-            .compute_avk();
+            .ok_or_else(ProtocolError::UnavailableClerk)?;
 
-        signatures
+        let signature = signatures
             .to_protocol_signature()
-            .map_err(ProtocolError::Codec)?
-            .verify(&protocol_parameters, avk, message.compute_hash().as_bytes())
+            .map_err(ProtocolError::Codec)?;
+
+        let avk = clerk.compute_avk();
+
+        // If there is no reg_party, then we simply received a signature from a non-registered
+        // party, and we can ignore the request.
+        let (vk, stake) = clerk
+            .get_reg_party(&signature.signer_index)
+            .ok_or_else(ProtocolError::UnregisteredParty)?;
+        signature
+            .verify(
+                &protocol_parameters,
+                &vk,
+                &stake,
+                &avk,
+                message.compute_hash().as_bytes(),
+            )
             .map_err(|e| ProtocolError::Core(e.to_string()))?;
 
         // Register single signature
@@ -714,7 +733,7 @@ impl MultiSigner for MultiSignerImpl {
             .as_ref()
             .ok_or_else(ProtocolError::UnavailableBeacon)?;
 
-        match self
+        return match self
             .single_signature_store
             .save_single_signatures(beacon, signatures)
             .await?
@@ -723,7 +742,7 @@ impl MultiSigner for MultiSignerImpl {
                 signatures.party_id.clone(),
             )),
             None => Ok(()),
-        }
+        };
     }
 
     /// Retrieves a multi signature from a message

mithril-aggregator/src/multi_signer.rs

@@ -271,7 +271,13 @@ mod tests {
         let decoded_sig: ProtocolSingleSignature = key_decode_hex(&sign_result.signature).unwrap();
         assert!(
             decoded_sig
-                .verify(&protocol_parameters, &avk, &expected_message)
+                .verify(
+                    &protocol_parameters,
+                    &protocol_signer.verification_key(),
+                    &protocol_signer.get_stake(),
+                    &avk,
+                    &expected_message
+                )
                 .is_ok(),
             "produced single signature should be valid"
         );

mithril-signer/src/single_signer.rs

@@ -1,6 +1,6 @@
 [package]
 name    = "mithril-stm"
-version = "0.1.0"
+version = "0.2.0"
 edition = { workspace = true }
 authors = { workspace = true }
 documentation = { workspace = true }

mithril-stm/Cargo.toml

@@ -116,8 +116,8 @@ fn main() {
     let avk = clerk.compute_avk();
 
     // Check all parties can verify every sig
-    for s in sigs.iter() {
-        assert!(s.verify(&params, &avk, &msg).is_ok(), "Verification failed");
+    for (s, p) in sigs.iter().zip(ps.iter()) {
+        assert!(s.verify(&params, &p.verification_key(), &p.get_stake(), &avk, &msg).is_ok(), "Verification failed");
     }
 
     // Aggregate with random parties
@@ -143,7 +143,7 @@ fn main() {
 
 Here we give the benchmark results of STM for size and time. We run the benchmarks on macOS 12.6 on an Apple M1 Pro machine with 16 GB of RAM.
 
-Note that the size of an individual signature with one valid index is **176 bytes** and increases linearly in the length of valid indices (where an index is 8 bytes).
+Note that the size of an individual signature with one valid index is **72 bytes** (48 bytes from `sigma`, 8 bytes from `party_index`, 8 bytes for the `length` of winning indices and at least 8 bytes for a single winning `index`) and increases linearly in the length of valid indices (where an index is 8 bytes).
 
 ```shell
 +----------------------+

mithril-stm/README.md

@@ -1,8 +1,9 @@
 //! Creation and verification of Merkle Trees
 use crate::error::MerkleTreeError;
 use crate::multi_sig::VerificationKey;
-use crate::stm::Stake;
-use blake2::digest::{Digest, FixedOutput};
+use crate::stm::{Stake, StmVerificationKey};
+use blake2::digest::{consts::U32, Digest, FixedOutput};
+use blake2::Blake2b;
 use serde::{Deserialize, Serialize};
 use std::cmp::Ordering;
 use std::convert::TryFrom;
@@ -74,6 +75,14 @@ pub struct MerkleTree<D: Digest> {
 }
 
 impl MTLeaf {
+    pub(crate) fn from_bytes(bytes: &[u8]) -> Result<Self, MerkleTreeError<Blake2b<U32>>> {
+        let pk = StmVerificationKey::from_bytes(bytes)
+            .map_err(|_| MerkleTreeError::SerializationError)?;
+        let mut u64_bytes = [0u8; 8];
+        u64_bytes.copy_from_slice(&bytes[96..]);
+        let stake = Stake::from_be_bytes(u64_bytes);
+        Ok(MTLeaf(pk, stake))
+    }
     pub(crate) fn to_bytes(self) -> [u8; 104] {
         let mut result = [0u8; 104];
         result[..96].copy_from_slice(&self.0.to_bytes());
@@ -82,6 +91,12 @@ impl MTLeaf {
     }
 }
 
+impl From<MTLeaf> for (StmVerificationKey, Stake) {
+    fn from(leaf: MTLeaf) -> (StmVerificationKey, Stake) {
+        (leaf.0, leaf.1)
+    }
+}
+
 impl PartialOrd for MTLeaf {
     /// Ordering of MT Values.
     ///