Merge pull request #7978 from onflow/tim/7838-bootstrapping-randomness

Update randomness used during bootstrapping

Author: tim-barry

cmd/bootstrap/cmd/block.go

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/onflow/crypto/random"
+
 	"github.com/onflow/flow-go/cmd/bootstrap/run"
 	"github.com/onflow/flow-go/model/dkg"
 	"github.com/onflow/flow-go/model/flow"
@@ -56,7 +58,10 @@ func constructRootEpochEvents(
 	clusterQCs []*flow.QuorumCertificate,
 	dkgData dkg.ThresholdKeySet,
 	dkgIndexMap flow.DKGIndexMap,
+	csprg random.Rand,
 ) (*flow.EpochSetup, *flow.EpochCommit, error) {
+	randomSource := make([]byte, flow.EpochSetupRandomSourceLength)
+	csprg.Read(randomSource)
 	epochSetup, err := flow.NewEpochSetup(
 		flow.UntrustedEpochSetup{
 			Counter:            flagEpochCounter,
@@ -67,7 +72,7 @@ func constructRootEpochEvents(
 			FinalView:          firstView + flagNumViewsInEpoch - 1,
 			Participants:       participants.Sort(flow.Canonical[flow.Identity]).ToSkeleton(),
 			Assignments:        assignments,
-			RandomSource:       GenerateRandomSeed(flow.EpochSetupRandomSourceLength),
+			RandomSource:       randomSource,
 			TargetDuration:     flagEpochTimingDuration,
 			TargetEndTime:      rootEpochTargetEndTime(),
 		},

cmd/bootstrap/cmd/finalize_test.go

@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	cryptoRand "crypto/rand"
 	"encoding/hex"
 	"math/rand"
 	"path/filepath"
@@ -16,6 +17,7 @@ import (
 	"github.com/onflow/flow-go/cmd/util/cmd/common"
 	model "github.com/onflow/flow-go/model/bootstrap"
 	"github.com/onflow/flow-go/model/flow"
+	"github.com/onflow/flow-go/state/protocol/prg"
 	"github.com/onflow/flow-go/utils/unittest"
 )
 
@@ -116,16 +118,23 @@ func TestClusterAssignment(t *testing.T) {
 	partners := unittest.NodeInfosFixture(partnersLen, unittest.WithRole(flow.RoleCollection))
 	internals := unittest.NodeInfosFixture(internalLen, unittest.WithRole(flow.RoleCollection))
 
+	// use a random seed
+	seed := make([]byte, 32)
+	_, err := cryptoRand.Read(seed)
+	require.NoError(t, err)
+	prng, err := prg.New(seed, prg.BootstrapClusterAssignment, nil)
+	require.NoError(t, err)
+
 	log := zerolog.Nop()
 	// should not error
-	_, clusters, err := common.ConstructClusterAssignment(log, model.ToIdentityList(partners), model.ToIdentityList(internals), int(flagCollectionClusters))
+	_, clusters, err := common.ConstructClusterAssignment(log, model.ToIdentityList(partners), model.ToIdentityList(internals), int(flagCollectionClusters), prng)
 	require.NoError(t, err)
 	require.True(t, checkClusterConstraint(clusters, partners, internals))
 
 	// unhappy Path
 	internals = internals[:21] // reduce one internal node
 	// should error
-	_, _, err = common.ConstructClusterAssignment(log, model.ToIdentityList(partners), model.ToIdentityList(internals), int(flagCollectionClusters))
+	_, _, err = common.ConstructClusterAssignment(log, model.ToIdentityList(partners), model.ToIdentityList(internals), int(flagCollectionClusters), prng)
 	require.Error(t, err)
 	// revert the flag value
 	flagCollectionClusters = tmp

cmd/bootstrap/cmd/rootblock.go

@@ -20,6 +20,7 @@ import (
 	"github.com/onflow/flow-go/module/epochs"
 	"github.com/onflow/flow-go/state/protocol"
 	"github.com/onflow/flow-go/state/protocol/inmem"
+	"github.com/onflow/flow-go/state/protocol/prg"
 	"github.com/onflow/flow-go/state/protocol/protocol_state"
 	"github.com/onflow/flow-go/state/protocol/protocol_state/kvstore"
 )
@@ -241,8 +242,19 @@ func rootBlock(cmd *cobra.Command, args []string) {
 	// create flow.IdentityList representation of the participant set
 	participants := model.ToIdentityList(stakingNodes).Sort(flow.Canonical[flow.Identity])
 
+	// use system randomness to create cluster assignment
+	// TODO(7848): use randomness provided from the command line
+	var randomSeed [32]byte
+	_, err = rand.Read(randomSeed[:])
+	if err != nil {
+		log.Fatal().Err(err).Msg("unable to generate random seed")
+	}
+	clusteringPrg, err := prg.New(randomSeed[:], prg.BootstrapClusterAssignment, nil)
+	if err != nil {
+		log.Fatal().Err(err).Msg("unable to initialize pseudorandom generator")
+	}
 	log.Info().Msg("computing collection node clusters")
-	assignments, clusters, err := common.ConstructClusterAssignment(log, model.ToIdentityList(partnerNodes), model.ToIdentityList(internalNodes), int(flagCollectionClusters))
+	assignments, clusters, err := common.ConstructClusterAssignment(log, model.ToIdentityList(partnerNodes), model.ToIdentityList(internalNodes), int(flagCollectionClusters), clusteringPrg)
 	if err != nil {
 		log.Fatal().Err(err).Msg("unable to generate cluster assignment")
 	}
@@ -263,8 +275,13 @@ func rootBlock(cmd *cobra.Command, args []string) {
 	}
 	log.Info().Msg("")
 
+	// use the same randomness for the RandomSource of the new epoch
+	randomSourcePrg, err := prg.New(randomSeed[:], prg.BootstrapEpochRandomSource, nil)
+	if err != nil {
+		log.Fatal().Err(err).Msg("failed to initialize pseudorandom generator")
+	}
 	log.Info().Msg("constructing intermediary bootstrapping data")
-	epochSetup, epochCommit, err := constructRootEpochEvents(headerBody.View, participants, assignments, clusterQCs, randomBeaconData, dkgIndexMap)
+	epochSetup, epochCommit, err := constructRootEpochEvents(headerBody.View, participants, assignments, clusterQCs, randomBeaconData, dkgIndexMap, randomSourcePrg)
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to construct root epoch events")
 	}

cmd/bootstrap/run/epochs.go

@@ -9,6 +9,8 @@ import (
 	"github.com/rs/zerolog"
 	"golang.org/x/exp/slices"
 
+	"github.com/onflow/flow-go/state/protocol/prg"
+
 	"github.com/onflow/flow-go/cmd/util/cmd/common"
 	"github.com/onflow/flow-go/fvm/systemcontracts"
 	"github.com/onflow/flow-go/model/bootstrap"
@@ -174,8 +176,12 @@ func GenerateRecoverTxArgsWithDKG(
 		}
 	}
 
+	rng, err := prg.New(epoch.RandomSource(), prg.BootstrapClusterAssignment, nil)
+	if err != nil {
+		return nil, fmt.Errorf("could not initialize PRNG: %w", err)
+	}
 	log.Info().Msgf("partitioning %d partners + %d internal nodes into %d collector clusters", len(partnerCollectors), len(internalCollectors), collectionClusters)
-	assignments, clusters, err := common.ConstructClusterAssignment(log, partnerCollectors, internalCollectors, collectionClusters)
+	assignments, clusters, err := common.ConstructClusterAssignment(log, partnerCollectors, internalCollectors, collectionClusters, rng)
 	if err != nil {
 		return nil, fmt.Errorf("unable to generate cluster assignment: %w", err)
 	}

cmd/util/cmd/common/clusters.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/onflow/crypto/random"
 	"github.com/rs/zerolog"
 
 	"github.com/onflow/cadence"
@@ -21,8 +22,9 @@ import (
 // The number of nodes in each cluster is deterministic and only depends on the number of clusters
 // and the number of nodes. The repartition of internal and partner nodes is also deterministic
 // and only depends on the number of clusters and nodes.
-// The identity of internal and partner nodes in each cluster is the non-deterministic and is randomized
-// using the system entropy.
+// The identity of internal and partner nodes in each cluster is deterministically randomized
+// using the provided entropy `randomSource`. Ideally this entropy should be derived from the random beacon of the
+// previous epoch, or some other verifiable random source.
 // The function guarantees a specific constraint when partitioning the nodes into clusters:
 // Each cluster must contain strictly more than 2/3 of internal nodes. If the constraint can't be
 // satisfied, an exception is returned.
@@ -33,11 +35,12 @@ import (
 // - partnerNodes: identity list of partner nodes.
 // - internalNodes: identity list of internal nodes.
 // - numCollectionClusters: the number of clusters to generate
+// - randomSource: entropy used to randomize the assignment.
 // Returns:
 // - flow.AssignmentList: the generated assignment list.
 // - flow.ClusterList: the generate collection cluster list.
 // - error: if any error occurs. Any error returned from this function is irrecoverable.
-func ConstructClusterAssignment(log zerolog.Logger, partnerNodes, internalNodes flow.IdentityList, numCollectionClusters int) (flow.AssignmentList, flow.ClusterList, error) {
+func ConstructClusterAssignment(log zerolog.Logger, partnerNodes, internalNodes flow.IdentityList, numCollectionClusters int, randomSource random.Rand) (flow.AssignmentList, flow.ClusterList, error) {
 
 	partnerCollectors := partnerNodes.Filter(filter.HasRole[flow.Identity](flow.RoleCollection))
 	internalCollectors := internalNodes.Filter(filter.HasRole[flow.Identity](flow.RoleCollection))
@@ -49,12 +52,17 @@ func ConstructClusterAssignment(log zerolog.Logger, partnerNodes, internalNodes
 			nCollectors, numCollectionClusters)
 	}
 
-	// shuffle both collector lists based on a non-deterministic algorithm
-	partnerCollectors, err := partnerCollectors.Shuffle()
+	// shuffle partner nodes in-place using the provided randomness
+	err := randomSource.Shuffle(len(partnerCollectors), func(i, j int) {
+		partnerCollectors[i], partnerCollectors[j] = partnerCollectors[j], partnerCollectors[i]
+	})
 	if err != nil {
 		log.Fatal().Err(err).Msg("could not shuffle partners")
 	}
-	internalCollectors, err = internalCollectors.Shuffle()
+	// shuffle internal nodes in-place using the provided randomness
+	err = randomSource.Shuffle(len(internalCollectors), func(i, j int) {
+		internalCollectors[i], internalCollectors[j] = internalCollectors[j], internalCollectors[i]
+	})
 	if err != nil {
 		log.Fatal().Err(err).Msg("could not shuffle internals")
 	}

integration/localnet/Makefile

@@ -94,7 +94,7 @@ bootstrap-ci:
 # Creates a version of localnet configured with short epochs
 .PHONY: bootstrap-short-epochs
 bootstrap-short-epochs:
-	$(MAKE) -e EPOCHLEN=200 STAKINGLEN=5 DKGLEN=50 FINALIZATIONSAFETYTHRESHOLD=20 bootstrap
+	$(MAKE) -e EPOCHLEN=200 STAKINGLEN=5 DKGLEN=50 FINALIZATION_SAFETY_THRESHOLD=20 bootstrap
 
 # Starts the network - must have been bootstrapped first. Builds fresh images.
 .PHONY: start

state/protocol/prg/customizers.go

@@ -25,6 +25,10 @@ var (
 	// ExecutionRandomSourceHistory is the customizer for Flow's transaction execution environment
 	// (used for the source of randomness history core-contract)
 	ExecutionRandomSourceHistory = customizerFromIndices(1, 1)
+	// BootstrapClusterAssignment is the customizer for assignment of collectors to clusters during bootstrapping
+	BootstrapClusterAssignment = customizerFromIndices(4, 0)
+	// BootstrapEpochRandomSource is the customizer for the RandomSource of the new epoch during bootstrapping
+	BootstrapEpochRandomSource = customizerFromIndices(4, 1)
 	//
 	// clusterLeaderSelectionPrefix is the prefix used for CollectorClusterLeaderSelection
 	clusterLeaderSelectionPrefix = []uint16{3}