Fix slot decryption signature computation

Now we use SSZ as required by the spec. Before we did an easier
encoding as a placeholder.

Author: jannikluhn

rolling-shutter/go.mod

@@ -10,6 +10,7 @@ require (
 	github.com/bitwurx/jrpc2 v0.0.0-20220302204700-52c6dbbeb536
 	github.com/deepmap/oapi-codegen v1.9.1
 	github.com/ethereum/go-ethereum v1.13.11
+	github.com/ferranbt/fastssz v0.1.3
 	github.com/getkin/kin-openapi v0.87.0
 	github.com/go-chi/chi/v5 v5.0.10
 	github.com/google/go-cmp v0.6.0

rolling-shutter/go.sum

@@ -210,6 +210,8 @@ github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojt
 github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
 github.com/facebookgo/subset v0.0.0-20200203212716-c811ad88dec4 h1:7HZCaLC5+BZpmbhCOZJ293Lz68O7PYrF2EzeiFMwCLk=
 github.com/facebookgo/subset v0.0.0-20200203212716-c811ad88dec4/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0=
+github.com/ferranbt/fastssz v0.1.3 h1:ZI+z3JH05h4kgmFXdHuR1aWYsgrg7o+Fw7/NCzM16Mo=
+github.com/ferranbt/fastssz v0.1.3/go.mod h1:0Y9TEd/9XuFlh7mskMPfXiI2Dkw4Ddg9EyXt1W7MRvE=
 github.com/fjl/memsize v0.0.1 h1:+zhkb+dhUgx0/e+M8sF0QqiouvMQUiKR+QYvdxIOKcQ=
 github.com/fjl/memsize v0.0.1/go.mod h1:VvhXpOYNQvB+uIk2RvXzuaQtkQJzzIx6lSBe1xv7hi0=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
@@ -917,6 +919,8 @@ github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLY
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
 github.com/ulope/jrpc2 v0.0.0-20230706135348-a95cf3d96bd2 h1:rk0z/6CEJbstiHqv8+4ZIMv4Sm2zBZ5v5C56P8JXd+I=
 github.com/ulope/jrpc2 v0.0.0-20230706135348-a95cf3d96bd2/go.mod h1:bzOCUO4YLqjPZbPM4jeZzu/WIEauP/ouNWLRysNQdc0=
+github.com/umbracle/gohashtree v0.0.2-alpha.0.20230207094856-5b775a815c10 h1:CQh33pStIp/E30b7TxDlXfM0145bn2e8boI30IxAhTg=
+github.com/umbracle/gohashtree v0.0.2-alpha.0.20230207094856-5b775a815c10/go.mod h1:x/Pa0FF5Te9kdrlZKJK82YmAkvL8+f989USgz6Jiw7M=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.10 h1:p8Fspmz3iTctJstry1PYS3HVdllxnEzTEsgIgtxTrCk=
 github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=

rolling-shutter/keyperimpl/gnosis/gnosisssztypes/slotdecryptionsignatures.go

@@ -0,0 +1,75 @@
+// This package contains SSZ-encodable types used by the Gnosis keyper.
+// The encodings are automatically generated using FastSSZ (https://github.com/ferranbt/fastssz).
+// Command: `$ go run sszgen/*.go --path <path to package>`
+package gnosisssztypes
+
+import (
+	"crypto/ecdsa"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/pkg/errors"
+
+	"github.com/shutter-network/rolling-shutter/rolling-shutter/medley/identitypreimage"
+)
+
+type IdentityPreimage struct {
+	Bytes []byte `ssz-size:"52"`
+}
+
+type SlotDecryptionSignatureData struct {
+	InstanceID        uint64
+	Eon               uint64
+	Slot              uint64
+	TxPointer         uint64
+	IdentityPreimages []IdentityPreimage `ssz-max:"1024"`
+}
+
+func NewSlotDecryptionSignatureData(
+	instanceID uint64,
+	eon uint64,
+	slot uint64,
+	txPointer uint64,
+	identityPreimages []identitypreimage.IdentityPreimage,
+) (*SlotDecryptionSignatureData, error) {
+	if len(identityPreimages) > 1024 {
+		return nil, errors.New("too many identity preimages")
+	}
+
+	wrappedPreimages := []IdentityPreimage{}
+	for _, preimage := range identityPreimages {
+		wrappedPreimage := IdentityPreimage{
+			Bytes: preimage.Bytes(),
+		}
+		wrappedPreimages = append(wrappedPreimages, wrappedPreimage)
+	}
+
+	return &SlotDecryptionSignatureData{
+		InstanceID:        instanceID,
+		Eon:               eon,
+		Slot:              slot,
+		TxPointer:         txPointer,
+		IdentityPreimages: wrappedPreimages,
+	}, nil
+}
+
+func (d *SlotDecryptionSignatureData) ComputeSignature(key *ecdsa.PrivateKey) ([]byte, error) {
+	h, err := d.HashTreeRoot()
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to compute hash tree root of slot decryption signature data")
+	}
+	return crypto.Sign(h[:], key)
+}
+
+func (d *SlotDecryptionSignatureData) CheckSignature(signature []byte, address common.Address) (bool, error) {
+	h, err := d.HashTreeRoot()
+	if err != nil {
+		return false, errors.Wrap(err, "failed to compute hash tree root of slot decryption signature data")
+	}
+	signerPubkey, err := crypto.SigToPub(h[:], signature)
+	if err != nil {
+		return false, errors.Wrap(err, "failed to recover public key from slot decryption signature")
+	}
+	signerAddress := crypto.PubkeyToAddress(*signerPubkey)
+	return signerAddress == address, nil
+}

rolling-shutter/keyperimpl/gnosis/gnosisssztypes/slotdecryptionsignatures_encoding.go

@@ -13,6 +13,7 @@ import (
 	obskeyperdatabase "github.com/shutter-network/rolling-shutter/rolling-shutter/chainobserver/db/keyper"
 	corekeyperdatabase "github.com/shutter-network/rolling-shutter/rolling-shutter/keyper/database"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/keyperimpl/gnosis/database"
+	"github.com/shutter-network/rolling-shutter/rolling-shutter/keyperimpl/gnosis/gnosisssztypes"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/medley/identitypreimage"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/p2pmsg"
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/shdb"
@@ -76,14 +77,17 @@ func (h *DecryptionKeySharesHandler) ValidateMessage(ctx context.Context, msg p2
 		identityPreimage := identitypreimage.IdentityPreimage(share.EpochID)
 		identityPreimages = append(identityPreimages, identityPreimage)
 	}
-	slotDecryptionSignatureData := SlotDecryptionSignatureData{
-		InstanceID:        keyShares.InstanceID,
-		Eon:               keyShares.Eon,
-		Slot:              extra.Gnosis.Slot,
-		TxPointer:         extra.Gnosis.TxPointer,
-		IdentityPreimages: identityPreimages,
+	slotDecryptionSignatureData, err := gnosisssztypes.NewSlotDecryptionSignatureData(
+		keyShares.InstanceID,
+		keyShares.Eon,
+		extra.Gnosis.Slot,
+		extra.Gnosis.TxPointer,
+		identityPreimages,
+	)
+	if err != nil {
+		return pubsub.ValidationReject, errors.Wrap(err, "failed to create slot decryption signature data object")
 	}
-	signatureValid, err := CheckSlotDecryptionSignature(&slotDecryptionSignatureData, extra.Gnosis.Signature, keyperAddress)
+	signatureValid, err := slotDecryptionSignatureData.CheckSignature(extra.Gnosis.Signature, keyperAddress)
 	if err != nil {
 		return pubsub.ValidationReject, errors.Wrap(err, "failed to check slot decryption signature")
 	}
@@ -247,17 +251,20 @@ func (h *DecryptionKeysHandler) ValidateMessage(ctx context.Context, msg p2pmsg.
 		identityPreimage := identitypreimage.IdentityPreimage(key.Identity)
 		identityPreimages = append(identityPreimages, identityPreimage)
 	}
-	slotDecryptionSignatureData := SlotDecryptionSignatureData{
-		InstanceID:        keys.InstanceID,
-		Eon:               keys.Eon,
-		Slot:              extra.Gnosis.Slot,
-		TxPointer:         extra.Gnosis.TxPointer,
-		IdentityPreimages: identityPreimages,
+	slotDecryptionSignatureData, err := gnosisssztypes.NewSlotDecryptionSignatureData(
+		keys.InstanceID,
+		keys.Eon,
+		extra.Gnosis.Slot,
+		extra.Gnosis.TxPointer,
+		identityPreimages,
+	)
+	if err != nil {
+		return pubsub.ValidationReject, errors.Wrap(err, "failed to create slot decryption signature data object")
 	}
 	for signatureIndex := 0; signatureIndex < len(extra.Gnosis.Signatures); signatureIndex++ {
 		signature := extra.Gnosis.Signatures[signatureIndex]
 		signer := signers[signatureIndex]
-		signatureValid, err := CheckSlotDecryptionSignature(&slotDecryptionSignatureData, signature, signer)
+		signatureValid, err := slotDecryptionSignatureData.CheckSignature(signature, signer)
 		if err != nil {
 			return pubsub.ValidationReject, errors.Wrap(err, "failed to check slot decryption signature")
 		}