Attestation and Sync Committee aggregation selection #224
Conversation
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
dab9720
to
bfec031
Compare
| items: | ||
| type: object | ||
| properties: | ||
| is_aggregator: |
There was a problem hiding this comment.
Could we maybe add validator_index here so it is explicit which validator is the aggregator? The implicit mapping using request array indexes feels brittle.
There was a problem hiding this comment.
I agree. So, the response would instead look like:
[
{ "validator_index": 7, "is_aggregator": false},
{ "validator_index": 1, "is_aggregator": false},
{ "validator_index": 13, "is_aggregator": true}
]
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
bfec031
to
e56903b
Compare
| summary: Signal beacon node to prepare for a committee subnet | ||
| description: | | ||
| After beacon node receives this request: | ||
| - Search using discv5 for peers related to this subnet and replace current peers with those ones if necessary. | ||
| - Check each provided `slot_signature`, to determine whether any validator has been [assigned the duty of aggregation](https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/validator.md#aggregation-selection) |
There was a problem hiding this comment.
The summary and description probably need to be updated to reflect the new flow. VCs do not "signal" the BN anymore, but rather "VC provides data to maybe signal and BN responds with wether it was signalled".
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
e56903b
to
bb4e279
Compare
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
bb4e279
to
84f54d6
Compare
|
I'm curious why the validator isn't passing is_aggregator, but rather the signature? If the validator passes is_aggregator for the indices that are aggregating, then the middleware could read the post body... Is there another need for the signature to be passed? If you have is_aggregator in the request, then the request body would have all the details that the middleware might need... Not sure if this is covered elsewhere, but this is basically a sticky session kind of deal - if the request goes to 1 BN, the aggregate request would need to go to that same BN, otherwise likely wouldn't get a usable aggregate... or send the request to all (or subset and track) BN... |
The actual validator key is an aggregate of multiple different keys, each running in its own validator client. The middleware needs to capture the actual signature from each vc and aggregate them to get the signature for the validator that's actually on chain, then use that signature to determine if aggregation should be performed or not. |
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
c6c1000
to
a51663c
Compare
|
Hi @rolfyone :) As mentioned by Adrian, we can't have a VC send a boolean of whether it should aggregate because right now each validator is hashing the wrong signature to correctly determine whether it should aggregate. For us to correctly figure out if a validator should aggregate, we need to combine a threshold of these signatures together to get the real In practice, this endpoint is designed to be intercepted, and might not need to ever be implemented on the beacon node side if the client teams don't want to. A middleware client intercepting these V2 requests and calculating the aggregation selection could subsequently call the CL's /V1/ endpoint with
Correct it is important that all CLs get notified to prepare for an aggregate once it has been determined. The distributed validator clients come to consensus on what aggregate to present to the connected VCs for signing, so they should be tolerant to a subset of CLs not returning a meaningful aggregation to sign. |
To date the V2 of an endpoint causes the deprecation of the V1 endpoint. If these endpoints are meant to co-exist (even if one is only used by the beacon node and the other by the middleware) then this should be a separate endpoint, not V2 of the existing endpoint. |
Hi @mcdee good to hear from you. We chatted as a team today and agree. We think this endpoint as proposed is arguably doing two jobs (telling the VC if it should aggregate, and telling the upstream BN to announce and listen on the topic, and begin preparing an aggregate), we think maybe we can make things more simple. We are thinking we might re-work this PR, and change it to an independent v1 endpoint used only for returning an aggregate slot signature, to allow the VC to determine if they are an aggregator. (we will have a second almost identical endpoint for the sync committee aggregate). Then the flow would be:
So basically if the VC enables this mode they are taking the hit of making a blocking network call to know whether it should aggregate, but this is needed to allow DVs to aggregate such that we don't negatively impact attestation density network wide if DVT sees adoption. P.S. We just added tentative support for vouch :) |
OisinKyne
changed the title
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
a51663c
to
3ef0df3
Compare
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
e6970fe
to
ad2f47a
Compare
OisinKyne
changed the title
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
b754d3c
to
b212d7d
Compare
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
b212d7d
to
7f2979e
Compare
OisinKyne
force-pushed
the
oisin/is_aggregator
branch
from
7f2979e
to
8ba56d5
Compare
|
Hey @michaelsproul, was there a reason to dismiss the previous approval on this PR? :) It showed as stale as I keep rebasing this PR as more commits go onto main. @rkapka 's request changes is from a much older version of this PR, so that one can probably be also marked resolved if he doesn't get a chance to look at it, had been planning to give him a week before chasing, though opting to tag now while I'm posting this. Cheers. |
|
Hey @OisinKyne not sure what happened there sorry, I didn't mean to do that. I think sometimes reviews get marked stale when a conflict happens, I'm not sure why my name was associated with it. Maybe because I merged this unrelated PR? #285. |
| to correctly determine if one of its validators has been selected to perform an aggregation duty in this slot. | ||
| Consensus clients need not support this endpoint and may return a 501. | ||
| tags: | ||
| - Validator |
There was a problem hiding this comment.
I wonder if we should have a new tag, either Distributed Validator or something, to allow people to easily see what distributed validators are implementing...
|
This looks pretty good, have a stab at adding to the top level |
|
Is there any implementation of this PR? Any test cases? |
Problem this PR intends to address
Distributed Validator Technology is the idea that a number of independent validator clients can operate together as one or more logical 32 ether validators using BLS signature aggregation. The proof of stake spec has been designed with the intention of being MPC friendly.
There is however an issue with the assignment of aggregation duties. These duties are determined by the hash of a
slot_signature. In a distributed validator, each individual validator has a different BLS private key, so they all individually produce differentslot_signatures that hash differently, so all attempt to aggregate at different incorrect occasions.What does this PR do?
This PR adds two new endpoints:
These endpoints are optional for a consensus client, and are designed to be opt-in for validator clients (when something like a
--distributedmode is enabled). These endpoints are implemented by the distributed validator middleware that intercepts this API.When a validator is configured to run as part of a distributed validator cluster, at the start of an epoch (slot for sync committee) the validator client will determine its attestation duties then calculate a slot signature for that slot to determine whether it must also aggregate. In the distributed flow, it will send this slot_signature to the beacon client, and take the signature returned as a response as the one to use to calculate
is_aggregator(). If this test returns true, and the validator must produce an aggregate attestation (or sync contribution), the combined signature (not the partial) must also be included in the AggregateAndProof object.This extra step can be visualised in the aggregation flow like so:
Things to note
--distributedturned on for a non DV use case, or they have a distributed validator private key wired directly to a consensus client without any middleware in between.