Use deterministic randomness for boostrapping

Author: tim-barry

cmd/bootstrap/cmd/block.go

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/onflow/crypto/random"
+
 	"github.com/onflow/flow-go/cmd/bootstrap/run"
 	"github.com/onflow/flow-go/model/dkg"
 	"github.com/onflow/flow-go/model/flow"
@@ -56,7 +58,10 @@ func constructRootEpochEvents(
 	clusterQCs []*flow.QuorumCertificate,
 	dkgData dkg.ThresholdKeySet,
 	dkgIndexMap flow.DKGIndexMap,
+	csprg random.Rand,
 ) (*flow.EpochSetup, *flow.EpochCommit, error) {
+	randomSource := make([]byte, flow.EpochSetupRandomSourceLength)
+	csprg.Read(randomSource)
 	epochSetup, err := flow.NewEpochSetup(
 		flow.UntrustedEpochSetup{
 			Counter:            flagEpochCounter,
@@ -67,7 +72,7 @@ func constructRootEpochEvents(
 			FinalView:          firstView + flagNumViewsInEpoch - 1,
 			Participants:       participants.Sort(flow.Canonical[flow.Identity]).ToSkeleton(),
 			Assignments:        assignments,
-			RandomSource:       GenerateRandomSeed(flow.EpochSetupRandomSourceLength),
+			RandomSource:       randomSource,
 			TargetDuration:     flagEpochTimingDuration,
 			TargetEndTime:      rootEpochTargetEndTime(),
 		},

cmd/bootstrap/cmd/finalize_test.go

@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	cryptoRand "crypto/rand"
 	"encoding/hex"
 	"math/rand"
 	"path/filepath"
@@ -16,6 +17,7 @@ import (
 	"github.com/onflow/flow-go/cmd/util/cmd/common"
 	model "github.com/onflow/flow-go/model/bootstrap"
 	"github.com/onflow/flow-go/model/flow"
+	"github.com/onflow/flow-go/state/protocol/prg"
 	"github.com/onflow/flow-go/utils/unittest"
 )
 
@@ -116,16 +118,23 @@ func TestClusterAssignment(t *testing.T) {
 	partners := unittest.NodeInfosFixture(partnersLen, unittest.WithRole(flow.RoleCollection))
 	internals := unittest.NodeInfosFixture(internalLen, unittest.WithRole(flow.RoleCollection))
 
+	// use a random seed
+	seed := make([]byte, 32)
+	_, err := cryptoRand.Read(seed)
+	require.NoError(t, err)
+	prng, err := prg.New(seed, nil, nil)
+	require.NoError(t, err)
+
 	log := zerolog.Nop()
 	// should not error
-	_, clusters, err := common.ConstructClusterAssignment(log, model.ToIdentityList(partners), model.ToIdentityList(internals), int(flagCollectionClusters))
+	_, clusters, err := common.ConstructClusterAssignment(log, model.ToIdentityList(partners), model.ToIdentityList(internals), int(flagCollectionClusters), prng)
 	require.NoError(t, err)
 	require.True(t, checkClusterConstraint(clusters, partners, internals))
 
 	// unhappy Path
 	internals = internals[:21] // reduce one internal node
 	// should error
-	_, _, err = common.ConstructClusterAssignment(log, model.ToIdentityList(partners), model.ToIdentityList(internals), int(flagCollectionClusters))
+	_, _, err = common.ConstructClusterAssignment(log, model.ToIdentityList(partners), model.ToIdentityList(internals), int(flagCollectionClusters), prng)
 	require.Error(t, err)
 	// revert the flag value
 	flagCollectionClusters = tmp

cmd/bootstrap/cmd/rootblock.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/onflow/flow-go/cmd"
 	"github.com/onflow/flow-go/cmd/bootstrap/run"
+	"github.com/onflow/flow-go/cmd/bootstrap/utils"
 	"github.com/onflow/flow-go/cmd/util/cmd/common"
 	model "github.com/onflow/flow-go/model/bootstrap"
 	"github.com/onflow/flow-go/model/dkg"
@@ -20,6 +21,7 @@ import (
 	"github.com/onflow/flow-go/module/epochs"
 	"github.com/onflow/flow-go/state/protocol"
 	"github.com/onflow/flow-go/state/protocol/inmem"
+	"github.com/onflow/flow-go/state/protocol/prg"
 	"github.com/onflow/flow-go/state/protocol/protocol_state"
 	"github.com/onflow/flow-go/state/protocol/protocol_state/kvstore"
 )
@@ -241,8 +243,19 @@ func rootBlock(cmd *cobra.Command, args []string) {
 	// create flow.IdentityList representation of the participant set
 	participants := model.ToIdentityList(stakingNodes).Sort(flow.Canonical[flow.Identity])
 
+	// use system randomness to create cluster assignment
+	// TODO(7848): use randomness provided from the command line
+	var randomSeed [32]byte
+	_, err = rand.Read(randomSeed[:])
+	if err != nil {
+		log.Fatal().Err(err).Msg("unable to generate random seed")
+	}
+	csprg, err := prg.New(randomSeed[:], nil, nil)
+	if err != nil {
+		log.Fatal().Err(err).Msg("unable to initialize pseudorandom generator")
+	}
 	log.Info().Msg("computing collection node clusters")
-	assignments, clusters, err := common.ConstructClusterAssignment(log, model.ToIdentityList(partnerNodes), model.ToIdentityList(internalNodes), int(flagCollectionClusters))
+	assignments, clusters, err := common.ConstructClusterAssignment(log, model.ToIdentityList(partnerNodes), model.ToIdentityList(internalNodes), int(flagCollectionClusters), csprg)
 	if err != nil {
 		log.Fatal().Err(err).Msg("unable to generate cluster assignment")
 	}
@@ -263,8 +276,9 @@ func rootBlock(cmd *cobra.Command, args []string) {
 	}
 	log.Info().Msg("")
 
+	// use the same randomness for the RandomSource of the new epoch
 	log.Info().Msg("constructing intermediary bootstrapping data")
-	epochSetup, epochCommit, err := constructRootEpochEvents(headerBody.View, participants, assignments, clusterQCs, randomBeaconData, dkgIndexMap)
+	epochSetup, epochCommit, err := constructRootEpochEvents(headerBody.View, participants, assignments, clusterQCs, randomBeaconData, dkgIndexMap, csprg)
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to construct root epoch events")
 	}

cmd/bootstrap/run/epochs.go

@@ -9,6 +9,8 @@ import (
 	"github.com/rs/zerolog"
 	"golang.org/x/exp/slices"
 
+	"github.com/onflow/flow-go/state/protocol/prg"
+
 	"github.com/onflow/flow-go/cmd/util/cmd/common"
 	"github.com/onflow/flow-go/fvm/systemcontracts"
 	"github.com/onflow/flow-go/model/bootstrap"
@@ -174,8 +176,12 @@ func GenerateRecoverTxArgsWithDKG(
 		}
 	}
 
+	csprg, err := prg.New(epoch.RandomSource(), nil, nil)
+	if err != nil {
+		return nil, fmt.Errorf("could not initialize PRNG: %w", err)
+	}
 	log.Info().Msgf("partitioning %d partners + %d internal nodes into %d collector clusters", len(partnerCollectors), len(internalCollectors), collectionClusters)
-	assignments, clusters, err := common.ConstructClusterAssignment(log, partnerCollectors, internalCollectors, collectionClusters)
+	assignments, clusters, err := common.ConstructClusterAssignment(log, partnerCollectors, internalCollectors, collectionClusters, csprg)
 	if err != nil {
 		return nil, fmt.Errorf("unable to generate cluster assignment: %w", err)
 	}

cmd/util/cmd/common/clusters.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/onflow/crypto/random"
 	"github.com/rs/zerolog"
 
 	"github.com/onflow/cadence"
@@ -21,8 +22,9 @@ import (
 // The number of nodes in each cluster is deterministic and only depends on the number of clusters
 // and the number of nodes. The repartition of internal and partner nodes is also deterministic
 // and only depends on the number of clusters and nodes.
-// The identity of internal and partner nodes in each cluster is the non-deterministic and is randomized
-// using the system entropy.
+// The identity of internal and partner nodes in each cluster is deterministically randomized
+// using the provided entropy `randomSource`. Ideally this entropy should be derived from the random beacon of the
+// previous epoch, or some other verifiable random source.
 // The function guarantees a specific constraint when partitioning the nodes into clusters:
 // Each cluster must contain strictly more than 2/3 of internal nodes. If the constraint can't be
 // satisfied, an exception is returned.
@@ -33,11 +35,12 @@ import (
 // - partnerNodes: identity list of partner nodes.
 // - internalNodes: identity list of internal nodes.
 // - numCollectionClusters: the number of clusters to generate
+// - randomSource: entropy used to randomize the assignment.
 // Returns:
 // - flow.AssignmentList: the generated assignment list.
 // - flow.ClusterList: the generate collection cluster list.
 // - error: if any error occurs. Any error returned from this function is irrecoverable.
-func ConstructClusterAssignment(log zerolog.Logger, partnerNodes, internalNodes flow.IdentityList, numCollectionClusters int) (flow.AssignmentList, flow.ClusterList, error) {
+func ConstructClusterAssignment(log zerolog.Logger, partnerNodes, internalNodes flow.IdentityList, numCollectionClusters int, randomSource random.Rand) (flow.AssignmentList, flow.ClusterList, error) {
 
 	partnerCollectors := partnerNodes.Filter(filter.HasRole[flow.Identity](flow.RoleCollection))
 	internalCollectors := internalNodes.Filter(filter.HasRole[flow.Identity](flow.RoleCollection))
@@ -49,15 +52,15 @@ func ConstructClusterAssignment(log zerolog.Logger, partnerNodes, internalNodes
 			nCollectors, numCollectionClusters)
 	}
 
-	// shuffle both collector lists based on a non-deterministic algorithm
-	partnerCollectors, err := partnerCollectors.Shuffle()
-	if err != nil {
-		log.Fatal().Err(err).Msg("could not shuffle partners")
-	}
-	internalCollectors, err = internalCollectors.Shuffle()
-	if err != nil {
-		log.Fatal().Err(err).Msg("could not shuffle internals")
-	}
+	//random := rand.New(randomSource)
+	// shuffle partner nodes in-place using the provided randomness
+	_ = randomSource.Shuffle(len(partnerCollectors), func(i, j int) {
+		partnerCollectors[i], partnerCollectors[j] = partnerCollectors[j], partnerCollectors[i]
+	})
+	// shuffle internal nodes in-place using the provided randomness
+	_ = randomSource.Shuffle(len(internalCollectors), func(i, j int) {
+		internalCollectors[i], internalCollectors[j] = internalCollectors[j], internalCollectors[i]
+	})
 
 	// capture first reference weight to validate that all collectors have equal weight
 	refWeight := internalCollectors[0].InitialWeight