Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

BEEFY: Define a BeefyVerify trait for signatures #12299

Merged
merged 12 commits into from
Oct 7, 2022

Conversation

serban300
Copy link
Contributor

@serban300 serban300 commented Sep 19, 2022

Context:

Beefy introduces some cryptographic types here. The current underlying crypto scheme used is ECDSA, but the idea is to be able to use these types as beefy_primitives::crypto::Public, beefy_primitives::crypto::Signature, etc, without caring about the underlying crypto scheme ( ideally it should be possible for the underlying crypto scheme to be changed without impacting the code that uses these types).

The problem is that I couldn't find any generic way to check that a beefy authority signature is valid without calling sp_core::ecdsa::Pair::verify_prehashed() or sp_io::crypto::secp256k1_ecdsa_recover_compressed(), so we would need to use ECDSA specifically.

Description of changes:

This PR defines a BeefyVerify trait (for signatures) and implements it for beefy_primitives::crypto::AuthoritySignature.

This is a more customizable version of the Verify trait, that enables the caller to provide a msg hashing function and a conversion function for the signer.

With these new abstractions we can do something like:

	BeefyVerify::<Keccak256, _, Identity>::custom_verify(
		sig,
		message,
		public,
	)

instead of calling ECDSA logic specifically.

Related to: paritytech/parity-bridges-common#2469

@serban300 serban300 added A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. labels Sep 19, 2022
@serban300 serban300 requested a review from svyatonik September 19, 2022 14:53
@serban300 serban300 self-assigned this Sep 19, 2022
@serban300 serban300 added the D3-trivial 🧸 PR contains trivial changes in a runtime directory that do not require an audit label Sep 19, 2022
@serban300 serban300 added D1-audited 👍 PR contains changes to fund-managing logic that has been properly reviewed and externally audited D3-trivial 🧸 PR contains trivial changes in a runtime directory that do not require an audit and removed D3-trivial 🧸 PR contains trivial changes in a runtime directory that do not require an audit D1-audited 👍 PR contains changes to fund-managing logic that has been properly reviewed and externally audited labels Sep 23, 2022
Copy link
Contributor

@acatangiu acatangiu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@serban300 serban300 changed the title Define a CustomVerify trait for signatures BEEFY: Define a CustomVerify trait for signatures Sep 27, 2022
@serban300 serban300 changed the title BEEFY: Define a CustomVerify trait for signatures BEEFY: Define a BeefyVerify trait for signatures Sep 27, 2022
Copy link
Contributor

@Lederstrumpf Lederstrumpf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - only suggestion's extending tests.
other aspects of beefy are still coupled to keccak/ecdsa, but this is a good start.

primitives/beefy/src/lib.rs Outdated Show resolved Hide resolved
let public = public.as_ref();

sp_core::ecdsa::Pair::verify_prehashed(sig, &msg, public)
BeefyVerify::<Keccak256, _, Identity>::verify(sig, message, public)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is still firmly coupled to keccak. Is BeefyKeystore envisioned to become hasher generic too, or is scope only to decouple from ecdsa?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The scope was only to decouple the verification from ECDSA, in order to be able to verify beefy signatures without hadrcoding the underlying crypto scheme in bridges. Something like this. Also in bridges in the current PoC (the same branch linked above) now we define a BridgedBeefyCommitmentHasher associated type for each bridged chain with beefy finality, so for bridges in a way the hashing is generic as well.

But I wasn't sure if this is the right approach for bridges and it would be worth discussing this in more detail anyway in order to understand what would be the right approach for the Beefy keystore as well and adapt BeefyVerify accordingly. How is the hashing algorithm used for signing the commitment meant to be selected ? Will it be configurable for each chain (e.g. one chain may use ECDSA + Keccak256 while other may use ECDSA + Blake_2_256) ? Or will it be specific to the crypto scheme (e.g. ECDSA will use for example Keccak256 for any chain, always; BLS will use for example Blake_2_256 for any chain always). Or will it be configurable by each client ?

cc: @acatangiu

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pushed some commits. I removed SignerToAccountId since I don't think we're going to use it. I don't know if BLS will support recovering the signer from the signature. And we'll probably send the entire list of validators anyway.

Regarding the hash I still don't know what would be the best option. It really depends on how it's going to be used. The current version is more customizable. But if the hashing algorithm will be tied to the crypto scheme for example I would define it as an associated type for BeefyAuthorityId and it would be easier to use.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will it be configurable for each chain (e.g. one chain may use ECDSA + Keccak256 while other may use ECDSA + Blake_2_256) ? Or will it be specific to the crypto scheme (e.g. ECDSA will use for example Keccak256 for any chain, always; BLS will use for example Blake_2_256 for any chain always)

Signature scheme & hash function aren't firmly coupled. For instance, in Bitcoin you also use ECDSA, but with SHA-256 for hashing, instead of Keccak256. Similarly for BLS scheme, you can use a variety of hash-to-curves. So let's keep it decoupled here too. I'd also make BeefyKeystore hasher generic then, but we can cross that line later.

Co-authored-by: Robert Hambrock <[email protected]>
@paritytech-cicd-pr
Copy link

The CI pipeline was cancelled due to failure one of the required jobs.
The job name - cargo-check-benches
The job logs - https://gitlab.parity.io/parity/mirrors/substrate/-/jobs/1921662

@serban300
Copy link
Contributor Author

@acatangiu @Lederstrumpf could you PTAL on the latest changes here ? If there are no preferences related to #12299 (comment) I would merge the PR as it is for the moment.

@acatangiu
Copy link
Contributor

I'm happy with current PR, feel free to merge.

@Lederstrumpf
Copy link
Contributor

lgtm, given scope of PR.

@Lederstrumpf
Copy link
Contributor

bot merge

@paritytech-processbot paritytech-processbot bot merged commit 1a5cdc8 into paritytech:master Oct 7, 2022
serban300 added a commit that referenced this pull request Oct 7, 2022
* Define CustomVerify trait

Signed-off-by: Serban Iorga <[email protected]>

* Use ECDSA CustomVerify for MultiSignature

Signed-off-by: Serban Iorga <[email protected]>

* beefy: small simplifications

Signed-off-by: Serban Iorga <[email protected]>

* Revert "Use ECDSA CustomVerify for MultiSignature"

This reverts commit 136cff8.

* Revert "Define CustomVerify trait"

This reverts commit adf91e9.

* Define BeefyAuthorityId and BeefyVerify traits

* Improve BeefyVerify unit tests

Co-authored-by: Robert Hambrock <[email protected]>

* fmt & import sp_core::blake2_256

* Renamings

* remove SignerToAccountId

* fix

Signed-off-by: Serban Iorga <[email protected]>
Co-authored-by: Robert Hambrock <[email protected]>
ark0f pushed a commit to gear-tech/substrate that referenced this pull request Feb 27, 2023
* Define CustomVerify trait

Signed-off-by: Serban Iorga <[email protected]>

* Use ECDSA CustomVerify for MultiSignature

Signed-off-by: Serban Iorga <[email protected]>

* beefy: small simplifications

Signed-off-by: Serban Iorga <[email protected]>

* Revert "Use ECDSA CustomVerify for MultiSignature"

This reverts commit 136cff8.

* Revert "Define CustomVerify trait"

This reverts commit adf91e9.

* Define BeefyAuthorityId and BeefyVerify traits

* Improve BeefyVerify unit tests

Co-authored-by: Robert Hambrock <[email protected]>

* fmt & import sp_core::blake2_256

* Renamings

* remove SignerToAccountId

* fix

Signed-off-by: Serban Iorga <[email protected]>
Co-authored-by: Robert Hambrock <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. D3-trivial 🧸 PR contains trivial changes in a runtime directory that do not require an audit
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants