Quick way to apply Chia BLS

.circleci/config.yml

@@ -27,6 +27,9 @@ common: &common
     - run:
         name: install libsnappy-dev
         command: sudo apt install -y libsnappy-dev
+    - run:
+        name: install cmake
+        command: sudo apt install -y gcc g++ cmake
     - run:
         name: install dependencies
         command: pip install --user tox
@@ -52,6 +55,9 @@ geth_steps: &geth_steps
     - run:
         name: install libsnappy-dev
         command: sudo apt install -y libsnappy-dev
+    - run:
+        name: install cmake
+        command: sudo apt install -y gcc g++ cmake
     - run:
         name: install dependencies
         command: pip install --user tox
@@ -124,48 +130,6 @@ p2pd_steps: &p2pd_steps
           - ~/.local
         key: cache-v1-{{ arch }}-{{ .Environment.CIRCLE_JOB }}-{{ checksum "setup.py" }}-{{ checksum "tox.ini" }}
 
-cmake: &cmake
-  working_directory: ~/repo
-  steps:
-    - checkout
-    - run:
-        name: checkout fixtures submodule
-        command: git submodule update --init --recursive
-    - run:
-        name: merge pull request base
-        command: ./.circleci/merge_pr.sh
-    - run:
-        name: merge pull request base (2nd try)
-        command: ./.circleci/merge_pr.sh
-        when: on_fail
-    - run:
-        name: merge pull request base (3nd try)
-        command: ./.circleci/merge_pr.sh
-        when: on_fail
-    - restore_cache:
-        keys:
-          - cache-v1-{{ arch }}-{{ .Environment.CIRCLE_JOB }}-{{ checksum "setup.py" }}-{{ checksum "tox.ini" }}
-    - run:
-        name: install libsnappy-dev
-        command: sudo apt install -y libsnappy-dev
-    - run:
-        name: install cmake
-        command: sudo apt-get update && sudo apt-get install -y gcc g++ cmake
-    - run:
-        name: install dependencies
-        command: pip install --user tox
-    - run:
-        name: run tox
-        command: ~/.local/bin/tox
-    - save_cache:
-        paths:
-          - .hypothesis
-          - .tox
-          - ~/.cache/pip
-          - ~/.local
-          - ./eggs
-        key: cache-v1-{{ arch }}-{{ .Environment.CIRCLE_JOB }}-{{ checksum "setup.py" }}-{{ checksum "tox.ini" }}
-
 jobs:
   py36-lint:
     <<: *common
@@ -293,7 +257,7 @@ jobs:
           TOXENV: py36-libp2p
     <<: *p2pd_steps
   py36-bls-bindings:
-    <<: *cmake
+    <<: *common
     docker:
       - image: circleci/python:3.6
         environment:
@@ -373,7 +337,7 @@ jobs:
           TOXENV: py37-libp2p
     <<: *p2pd_steps
   py37-bls-bindings:
-    <<: *cmake
+    <<: *common
     docker:
       - image: circleci/python:3.7
         environment:

Dockerfile

@@ -7,7 +7,7 @@ COPY . /usr/src/app
 
 # Install deps
 RUN apt-get update
-RUN apt-get -y install libsnappy-dev
+RUN apt-get -y install libsnappy-dev gcc g++ cmake
 
 RUN pip install -e .[dev]  --no-cache-dir
 RUN pip install -U trinity --no-cache-dir

eth2/_utils/bls.py

@@ -0,0 +1,127 @@
+
+from .bls_bindings.chia_network import (
+    api as chia_api,
+)
+from abc import (
+    ABC,
+    abstractmethod,
+)
+from typing import (
+    Sequence,
+)
+from eth_typing import (
+    BLSPubkey,
+    BLSSignature,
+    Hash32,
+)
+from eth_utils import (
+    ValidationError,
+)
+
+
+class BaseBLSBackend(ABC):
+
+    @staticmethod
+    @abstractmethod
+    def privtopub(k: int) -> BLSPubkey:
+        pass
+
+    @staticmethod
+    @abstractmethod
+    def sign(message_hash: Hash32,
+             privkey: int,
+             domain: int) -> BLSSignature:
+        pass
+
+    @staticmethod
+    @abstractmethod
+    def _verify(message_hash: Hash32,
+                pubkey: BLSPubkey,
+                signature: BLSSignature,
+                domain: int) -> bool:
+        pass
+
+    @classmethod
+    def verify(cls,
+               message_hash: Hash32,
+               pubkey: BLSPubkey,
+               signature: BLSSignature,
+               domain: int) -> None:
+        if not cls._verify(message_hash, pubkey, signature, domain):
+            raise ValidationError((
+                "Verification failed:\n"
+                f"message_hash {message_hash}\n"
+                f"pubkey {pubkey}\n"
+                f"signature {signature}\n"
+                f"domain {domain}"
+            ))
+
+    @staticmethod
+    @abstractmethod
+    def aggregate_signatures(signatures: Sequence[BLSSignature]) -> BLSSignature:
+        pass
+
+    @staticmethod
+    @abstractmethod
+    def aggregate_pubkeys(pubkeys: Sequence[BLSPubkey]) -> BLSPubkey:
+        pass
+
+    @staticmethod
+    @abstractmethod
+    def _verify_multiple(pubkeys: Sequence[BLSPubkey],
+                         message_hashes: Sequence[Hash32],
+                         signature: BLSSignature,
+                         domain: int) -> bool:
+        pass
+
+    @classmethod
+    def verify_multiple(cls,
+                        pubkeys: Sequence[BLSPubkey],
+                        message_hashes: Sequence[Hash32],
+                        signature: BLSSignature,
+                        domain: int) -> None:
+        if not cls._verify_multiple(pubkeys, message_hashes, signature, domain):
+            raise ValidationError((
+                "Verification failed:\n"
+                f"pubkeys {pubkeys}\n"
+                f"message_hashes {message_hashes}\n"
+                f"signature {signature}\n"
+                f"domain {domain}"
+            ))
+
+
+class ChiaBackend(BaseBLSBackend):
+    @staticmethod
+    def privtopub(k: int) -> BLSPubkey:
+        return chia_api.privtopub(k)
+
+    @staticmethod
+    def sign(message_hash: Hash32,
+             privkey: int,
+             domain: int) -> BLSSignature:
+        return chia_api.sign(message_hash, privkey, domain)
+
+    @staticmethod
+    def _verify(message_hash: Hash32,
+                pubkey: BLSPubkey,
+                signature: BLSSignature,
+                domain: int) -> bool:
+        return chia_api.verify(message_hash, pubkey, signature, domain)
+
+    @staticmethod
+    def aggregate_signatures(signatures: Sequence[BLSSignature]) -> BLSSignature:
+        return chia_api.aggregate_signatures(signatures)
+
+    @staticmethod
+    def aggregate_pubkeys(pubkeys: Sequence[BLSPubkey]) -> BLSPubkey:
+        return chia_api.aggregate_pubkeys(pubkeys)
+
+    @staticmethod
+    def _verify_multiple(pubkeys: Sequence[BLSPubkey],
+                         message_hashes: Sequence[Hash32],
+                         signature: BLSSignature,
+                         domain: int) -> bool:
+        return chia_api.verify_multiple(pubkeys, message_hashes, signature, domain)
+
+
+eth2_bls = ChiaBackend()

eth2/_utils/bls_bindings/chia_network/api.py

@@ -14,9 +14,46 @@
     ValidationError,
 )
 
+from py_ecc.optimized_bls12_381 import (
+    curve_order,
+)
+
+from eth2.beacon.constants import (
+    EMPTY_PUBKEY,
+    EMPTY_SIGNATURE,
+)
+
+
+def _privkey_from_int(privkey: int) -> bls_chia.PrivateKey:
+    if privkey <= 0 or privkey >= curve_order:
+        raise ValidationError(
+            f"Invalid private key: Expect integer between 0 and {curve_order}, got {privkey}"
+        )
+    privkey_bytes = privkey.to_bytes(bls_chia.PrivateKey.PRIVATE_KEY_SIZE, "big")
+    try:
+        return bls_chia.PrivateKey.from_bytes(privkey_bytes)
+    except RuntimeError as error:
+        raise ValidationError(f"Bad private key: {privkey}, {error}")
 
-def _privkey_int_to_bytes(privkey: int) -> bytes:
-    return privkey.to_bytes(bls_chia.PrivateKey.PRIVATE_KEY_SIZE, "big")
+
+def _pubkey_from_bytes(pubkey: BLSPubkey) -> bls_chia.PublicKey:
+    try:
+        return bls_chia.PublicKey.from_bytes(pubkey)
+    except (RuntimeError, ValueError) as error:
+        raise ValidationError(f"Bad public key: {pubkey}, {error}")
+
+
+def _signature_from_bytes(signature: BLSSignature) -> bls_chia.Signature:
+    if signature == EMPTY_SIGNATURE:
+        raise ValidationError(f"Invalid signature (EMPTY_SIGNATURE): {signature}")
+    elif len(signature) != bls_chia.Signature.SIGNATURE_SIZE:
+        raise ValidationError(
+            f"Invalid signaute length, expect 96 got {len(signature)}. Signature: {signature}"
+        )
+    try:
+        return bls_chia.Signature.from_bytes(signature)
+    except (RuntimeError, ValueError) as error:
+        raise ValidationError(f"Bad signature: {signature}, {error}")
 
 
 def combine_domain(message_hash: Hash32, domain: int) -> bytes:
@@ -26,7 +63,7 @@ def combine_domain(message_hash: Hash32, domain: int) -> bytes:
 def sign(message_hash: Hash32,
          privkey: int,
          domain: int) -> BLSSignature:
-    privkey_chia = bls_chia.PrivateKey.from_bytes(_privkey_int_to_bytes(privkey))
+    privkey_chia = _privkey_from_int(privkey)
     sig_chia = privkey_chia.sign_insecure(
         combine_domain(message_hash, domain)
     )
@@ -35,13 +72,13 @@ def sign(message_hash: Hash32,
 
 
 def privtopub(k: int) -> BLSPubkey:
-    privkey_chia = bls_chia.PrivateKey.from_bytes(_privkey_int_to_bytes(k))
+    privkey_chia = _privkey_from_int(k)
     return cast(BLSPubkey, privkey_chia.get_public_key().serialize())
 
 
 def verify(message_hash: Hash32, pubkey: BLSPubkey, signature: BLSSignature, domain: int) -> bool:
-    pubkey_chia = bls_chia.PublicKey.from_bytes(pubkey)
-    signature_chia = bls_chia.Signature.from_bytes(signature)
+    pubkey_chia = _pubkey_from_bytes(pubkey)
+    signature_chia = _signature_from_bytes(signature)
     signature_chia.set_aggregation_info(
         bls_chia.AggregationInfo.from_msg(
             pubkey_chia,
@@ -52,6 +89,9 @@ def verify(message_hash: Hash32, pubkey: BLSPubkey, signature: BLSSignature, dom
 
 
 def aggregate_signatures(signatures: Sequence[BLSSignature]) -> BLSSignature:
+    if len(signatures) == 0:
+        return EMPTY_SIGNATURE
+
     signatures_chia = [
         bls_chia.InsecureSignature.from_bytes(signature)
         for signature in signatures
@@ -62,8 +102,10 @@ def aggregate_signatures(signatures: Sequence[BLSSignature]) -> BLSSignature:
 
 
 def aggregate_pubkeys(pubkeys: Sequence[BLSPubkey]) -> BLSPubkey:
+    if len(pubkeys) == 0:
+        return EMPTY_PUBKEY
     pubkeys_chia = [
-        bls_chia.PublicKey.from_bytes(pubkey)
+        _pubkey_from_bytes(pubkey)
         for pubkey in pubkeys
     ]
     aggregated_pubkey_chia = bls_chia.PublicKey.aggregate_insecure(pubkeys_chia)
@@ -74,27 +116,27 @@ def verify_multiple(pubkeys: Sequence[BLSPubkey],
                     message_hashes: Sequence[Hash32],
                     signature: BLSSignature,
                     domain: int) -> bool:
-
     len_msgs = len(message_hashes)
+    len_pubkeys = len(pubkeys)
 
-    if len(pubkeys) != len_msgs:
+    if len_pubkeys != len_msgs:
         raise ValidationError(
             "len(pubkeys) (%s) should be equal to len(message_hashes) (%s)" % (
-                len(pubkeys), len_msgs
+                len_pubkeys, len_msgs
             )
         )
 
     message_hashes_with_domain = [
         combine_domain(message_hash, domain)
         for message_hash in message_hashes
     ]
-    pubkeys_chia = map(bls_chia.PublicKey.from_bytes, pubkeys)
+    pubkeys_chia = map(_pubkey_from_bytes, pubkeys)
     aggregate_infos = [
         bls_chia.AggregationInfo.from_msg(pubkey_chia, message_hash)
         for pubkey_chia, message_hash in zip(pubkeys_chia, message_hashes_with_domain)
     ]
     merged_info = bls_chia.AggregationInfo.merge_infos(aggregate_infos)
 
-    signature_chia = bls_chia.Signature.from_bytes(signature)
+    signature_chia = _signature_from_bytes(signature)
     signature_chia.set_aggregation_info(merged_info)
     return cast(bool, signature_chia.verify())

eth2/beacon/constants.py

@@ -3,6 +3,7 @@
 )
 from eth_typing import (
     BLSSignature,
+    BLSPubkey,
 )
 from eth2.beacon.typing import (
     Epoch,
@@ -11,6 +12,7 @@
 
 
 EMPTY_SIGNATURE = BLSSignature(b'\x00' * 96)
+EMPTY_PUBKEY = BLSPubkey(b'\x00' * 48)
 GWEI_PER_ETH = 10**9
 FAR_FUTURE_EPOCH = Epoch(2**64 - 1)
 

eth2/beacon/deposit_helpers.py

@@ -1,7 +1,7 @@
 from eth_utils import (
     ValidationError,
 )
-from py_ecc import bls
+from eth2._utils.bls import eth2_bls as bls
 import ssz
 
 from eth2._utils.hash import (

eth2/beacon/state_machines/forks/serenity/block_validation.py

@@ -21,7 +21,7 @@
     ZERO_HASH32,
 )
 
-from py_ecc import bls
+from eth2._utils.bls import eth2_bls as bls
 from eth2._utils import (
     bitfield,
 )

eth2/beacon/tools/builder/validator.py

@@ -24,7 +24,7 @@
 from eth.constants import (
     ZERO_HASH32,
 )
-from py_ecc import bls
+from eth2._utils.bls import eth2_bls as bls
 
 from eth2._utils.bitfield import (
     get_empty_bitfield,