INDY-670, INDY-790: multi-signature and state proofs (#385)

* bls signatures charm-based implementation

* bls infrustructure and hierarchy

* sign one msg

* implement bls_key_registry; support seed for BLS keys

* fix tests

* expect all data in str

* bls-bft implementation

* bls-bft implementation

* fix tests

* call BLS validate COMMIT in replica

* add BLS_KEY to Node txn

* add init_bls_keys script

* fix init script

* support calculation of multi-sig; add gc

* rename test_send_txns_no_bls to test_send_txns_partial_bls to make it match file name and purpose

* fix conditions and getting of public key by node name in BlsBftPlenum

* modify tests to avoid 3pc batching

* make replica add bls signature to COMMIT message

* change signature of calculate_multi_sig to let it return optional str

* add test_send_txns_full_bls test

* make replica register own commit in bls registry

* move docstrings from BlsBftPlenum to BlsBft

* add base class for BLS validation errors

* raise exception if validation of bls signature for commit failed

* add validate_multi_sig method to BlsBft

* make BlsBftPlenum raise exceptions in validation methods and do not store commits

* comment raising of exception if there is no signature since it is allowed as of now

* update test_validate_pre_prepare_incorrect_multi_sig

* in replica handle exceptions from bls

* update tests in test_bls_bft.py to make them test multisig using prepares instead of commits

* move signatures from commit to prepares as it is described in design doc

* remove debug logging and unused import

* make replica add latest multi-sig to preprepare

* create BlsMultiSignatureField validator and test for it

* remove redundant test case for BlsMultiSignature message

* update test of validation of commit and prepare preprepare messages

* use BlsMultiSignatureField instead of BlsMultiSignature in preprepare

* use multi-sig as a tuple instead of a dict

* propagate primaries multisig to other nodes

* return bls signature back to commit

* add log for saving multi sig

* use multisig for domain ledger only

* fix tests in test_primary_selector

* fix test for commit message

* fix name of test_send_txns_full_bls test

* add signarue for current batch to preprepare

* refactor verification methods of BlsBftPlenum

* update test of PrePrepare message

* Add key value bls store

* Save on master instance only

* check if multisig is none before handling it

* add missing empty line

* pass bls store to domain request handler

* add bls_Store to TestNode

* fix broken import of PREPARE

* add constants for state proof fields

* exclude state proof from checking of rreply equality

* Integrate indy_crypto lib

* fix excluding of state_proof fromr replies

* Add indy-crypto factory

* New indy-crypto api

* Final indy_crypto doc

* add correct root hash to multi singature in preprepare

* create class for multi signature

* use MultiSignature in bls_bft

* add todo about updating BlsMultiSignature message

* add checks of multi sig fields

* init bls keys in tests

* send BLS sigs in COMMITs only

* use MultiSignature in BlsStore

* add as_dict and define __eq__ in MultiSignature

* use MultiSignature in BlsBftPlenum

* Add new dep python3-indy-crypto to install req

* blskey support

* remove redundant args

* update signatures, remove validation of prepare, use MultiSignature

* Make generator type str

* remove sig from (pre)prepare, add state to commit

* Add blsfactoryindycrypto; add dedicated seed for bls

* support 48-bit seed

* disable charm-based tests

* re-factored bls_bft

 move all bls-related logic from replica to bls_bft

* re-factored bls_bft

 move all bls-related logic from replica to bls_bft

* use pool_state for multi-sig

* fixes

* fixed tests

* Edit docker file to install indy-crypto (#384)

* Edit docker file to install indy-crypto (#384)

* pass pool_state to bls_bft

* fix static validation errors

* fix static validation errors

* fix static validation errors

* fix static validation errors

* fix static validation errors

* add txn time to nym

* Bls storage (#387)

* Edit docker file to install indy-crypto

* Change libindy-crypto source to sovrin repo instead of wget it

* remove bls multisig message test

* use pool_state_root; get rid of charm-code

* use correct pool_state_root for multi-sig

* update tests

* fix tests

* support getting a value for a specified root

* create bls keys in initLocalKeys

* return bls key in initLocalKeys

* update usages of initLocalKeys

* generate bls keys not only for local nodes

* fix static code validation errors

* get BLS keys for the given pool root state

* extend tests

* add tests for BLS sig consensus

* enable BLS for domain ledger only

* fix tests to include BLS keys into NODE txn for new nodes

* use list instead of tuple when creating PrePrepare to have correct equal

* more bls_bft tests; improve logging

* fix usage of initLocalKeys gen_steward_key

* fix code review findings

* add docs

* build and install python3-indy-crypto with libindy-crypto dependency (needs to be re-factored)

Author: ashcherbakov

build-scripts/ubuntu-1604/build-3rd-parties.sh

@@ -38,6 +38,39 @@ function build_from_pypi {
     rm ${PREREM_TMP}
 }
 
+function build_indy_crypto {
+    PACKAGE_NAME=$1
+
+    if [ -z $2 ]; then
+        PACKAGE_VERSION=""
+    else
+        PACKAGE_VERSION="==$2"
+    fi
+    POSTINST_TMP=postinst-${PACKAGE_NAME}
+    PREREM_TMP=prerm-${PACKAGE_NAME}
+    cp postinst ${POSTINST_TMP}
+    cp prerm ${PREREM_TMP}
+    sed -i 's/{package_name}/'${PACKAGE_NAME}'/' ${POSTINST_TMP}
+    sed -i 's/{package_name}/'${PACKAGE_NAME}'/' ${PREREM_TMP}
+
+    fpm --input-type "python" \
+        --output-type "deb" \
+        --architecture "amd64" \
+        --verbose \
+        --python-bin "/usr/bin/python3" \
+        --exclude "*.pyc" \
+        --exclude "*.pyo" \
+        --maintainer "Hyperledger <[email protected]>" \
+        --after-install ${POSTINST_TMP} \
+        --before-remove ${PREREM_TMP} \
+        --package ${OUTPUT_PATH} \
+        --depends libindy-crypto \
+        --name ${PACKAGE_NAME} \
+        ${PACKAGE_NAME}${PACKAGE_VERSION}
+
+    rm ${POSTINST_TMP}
+    rm ${PREREM_TMP}
+}
 
 build_from_pypi ioflo 1.5.4
 build_from_pypi orderedset 2.0
@@ -50,3 +83,4 @@ build_from_pypi pyzmq 16.0.2
 build_from_pypi intervaltree 2.1.0
 build_from_pypi portalocker 0.5.7
 build_from_pypi sortedcontainers 1.5.7
+build_indy_crypto python3-indy-crypto 0.1.2

ci/ubuntu.dockerfile

@@ -11,17 +11,24 @@ RUN apt-get update -y && apt-get install -y \
 	python3.5 \
 	python3-pip \
 	python-setuptools \
+	apt-transport-https \
+	ca-certificates \
 	python3-nacl
 RUN pip3 install -U \ 
 	pip \ 
 	setuptools \
 	virtualenv
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 68DB5E88
+RUN echo "deb https://repo.sovrin.org/deb xenial master" >> /etc/apt/sources.list
+RUN apt-get update -y && apt-get install -y libindy-crypto
 RUN useradd -ms /bin/bash -u $uid $user
 USER $user
 RUN virtualenv -p python3.5 /home/$user/test
 USER root
 RUN ln -sf /home/$user/test/bin/python /usr/local/bin/python
 RUN ln -sf /home/$user/test/bin/pip /usr/local/bin/pip
+RUN wget https://repo.evernym.com/libindy_crypto/ubuntu/stable/0.1.2/libindy-crypto_0.1.2_amd64.deb
+RUN dpkg -i ./libindy-crypto_0.1.2_amd64.deb
 USER $user
 # TODO: Automate dependency collection
 RUN pip install jsonpickle \
@@ -45,5 +52,6 @@ RUN pip install jsonpickle \
 	ioflo==1.5.4 \
 	psutil \
 	intervaltree \
-	pytest-xdist
+	pytest-xdist \
+	python3-indy-crypto==0.1.2
 WORKDIR /home/$user

common/serializers/base58_serializer.py

@@ -0,0 +1,10 @@
+import base58
+from common.serializers.mapping_serializer import MappingSerializer
+
+
+class Base58Serializer(MappingSerializer):
+    def serialize(self, data, fields=None, toBytes=False):
+        return base58.b58encode(data)
+
+    def deserialize(self, data, fields=None):
+        return base58.b58decode(data)

common/serializers/serialization.py

@@ -1,5 +1,6 @@
 from typing import Mapping
 
+from common.serializers.base58_serializer import Base58Serializer
 from common.serializers.json_serializer import JsonSerializer
 from common.serializers.msgpack_serializer import MsgPackSerializer
 from common.serializers.signing_serializer import SigningSerializer
@@ -10,6 +11,8 @@
 domain_state_serializer = JsonSerializer()
 pool_state_serializer = JsonSerializer()
 client_req_rep_store_serializer = JsonSerializer()
+multi_sig_store_serializer = JsonSerializer()
+state_roots_serializer = Base58Serializer()
 
 
 def serialize_msg_for_signing(msg: Mapping, topLevelKeysToIgnore=None):

crypto/__init__.py

@@ -0,0 +1,145 @@
+from abc import ABCMeta, abstractmethod
+
+from common.serializers.serialization import state_roots_serializer
+from crypto.bls.bls_crypto import BlsCrypto
+from crypto.bls.bls_key_register import BlsKeyRegister
+from plenum.common.messages.node_messages import PrePrepare, Prepare, Commit
+
+
+class BlsBft(metaclass=ABCMeta):
+    def __init__(self,
+                 bls_crypto: BlsCrypto,
+                 bls_key_register: BlsKeyRegister,
+                 node_id,
+                 is_master,
+                 bls_store):
+        self.bls_key_register = bls_key_register
+        self.node_id = node_id
+
+        self._bls_crypto = bls_crypto
+        self._is_master = is_master
+        self._bls_store = bls_store
+        self._state_root_serializer = state_roots_serializer
+
+    @abstractmethod
+    def validate_pre_prepare(self, pre_prepare: PrePrepare, sender):
+        '''
+        Validates PrePrepare for correct BLS signatures.
+        Raises SuspiciousNode exception if there are errors
+        :param pre_prepare: pre-prepare to be validated
+        :param sender: sender's Node name
+        :return:
+        '''
+        pass
+
+    @abstractmethod
+    def validate_prepare(self, prepare: Prepare, sender):
+        '''
+        Validates Prepare for correct BLS signatures.
+        Raises SuspiciousNode exception if there are errors
+        :param prepare: prepare to be validated
+        :param sender: sender's Node name
+        :return:
+        '''
+        pass
+
+    @abstractmethod
+    def validate_commit(self, commit: Commit, sender, state_root_hash):
+        '''
+        Validates Commit for correct BLS signatures.
+        Raises SuspiciousNode exception if there are errors
+        :param commit: commit to be validated
+        :param sender: sender's Node name
+        :param state_root_hash: domain state root hash to validate BLS against
+        :return:
+        '''
+        pass
+
+    @abstractmethod
+    def process_pre_prepare(self, pre_prepare: PrePrepare, sender):
+        '''
+        Performs BLS-related logic for a given PrePrepare (for example,
+         saving multi-signature calculated by Pre-Prepare for last batches).
+        :param pre_prepare: pre-prepare to be processed
+        :param sender: sender's Node name
+        :return:
+        '''
+        pass
+
+    @abstractmethod
+    def process_prepare(self, prepare: Prepare, sender):
+        '''
+        Performs BLS-related logic for a given Prepare
+        :param prepare: prepare to be processed
+        :param sender: sender's Node name
+        :return:
+        '''
+        pass
+
+    @abstractmethod
+    def process_commit(self, commit: Commit, sender):
+        '''
+        Performs BLS-related logic for a given Commit (for example, saving BLS signatures from this Commit)
+        :param commit: commit to be processed
+        :param sender: sender's Node name
+        :return:
+        '''
+        pass
+
+    @abstractmethod
+    def process_order(self, key, state_root_hash, quorums, ledger_id):
+        '''
+        Performs BLS-related logic when Ordering (for example, calculate a temporarily multi-sig by a current Node
+          which will be replaced by Primary's multi-sig in  process_prepare).
+        :param key: 3PC-key re;ated to the Ordered message
+        :param state_root: domain state root hash to validate BLS against
+        :param quorums: quorums
+        :param ledger_id: ledger's ID
+        :return:
+        '''
+        pass
+
+    @abstractmethod
+    def update_pre_prepare(self, pre_prepare_params, ledger_id):
+        '''
+        Adds BLS-related parameters to be used for creation of a new PrePrepare
+        :param pre_prepare_params: a list of existing parameters
+        :param ledger_id: ledger's ID
+        :return: pre_prepare_params updated with BLS ones
+        '''
+        pass
+
+    @abstractmethod
+    def update_prepare(self, prepare_params, ledger_id):
+        '''
+        Adds BLS-related parameters to be used for creation of a new Prepare
+        :param prepare_params: a list of existing parameters
+        :param ledger_id: ledger's ID
+        :return: pre_prepare_params updated with BLS ones
+        '''
+        pass
+
+    @abstractmethod
+    def update_commit(self, commit_params, state_root_hash, ledger_id):
+        '''
+        Adds BLS-related parameters to be used for creation of a new Commit
+        :param commit_params: a list of existing parameters
+        :param ledger_id: ledger's ID
+        :return: pre_prepare_params updated with BLS ones
+        '''
+        pass
+
+    @abstractmethod
+    def gc(self, key_3PC):
+        """
+        Do some cleaning if needed
+
+        :param key_3PC: 3PC-key
+        """
+        pass
+
+
+class BlsValidationError(Exception):
+    """
+    BLS signature validation error
+    """

crypto/bls/__init__.py

@@ -0,0 +1,42 @@
+from abc import ABCMeta, abstractmethod
+from collections import namedtuple
+from typing import Sequence
+
+GroupParams = namedtuple('GroupParams',
+                         'group_name, g')
+
+
+class BlsGroupParamsLoader(metaclass=ABCMeta):
+    @abstractmethod
+    def load_group_params(self) -> GroupParams:
+        pass
+
+
+class BlsCrypto(metaclass=ABCMeta):
+    def __init__(self, sk: str, pk: str, params: GroupParams):
+        assert sk
+        assert pk
+        self._sk = sk
+        self.pk = pk
+        self._group_params = params
+
+    @staticmethod
+    @abstractmethod
+    def generate_keys(params: GroupParams, seed=None) -> (str, str):
+        pass
+
+    @abstractmethod
+    def sign(self, message: str) -> str:
+        pass
+
+    @abstractmethod
+    def create_multi_sig(self, signatures: Sequence[str]) -> str:
+        pass
+
+    @abstractmethod
+    def verify_sig(self, signature: str, message: str, pk: str) -> bool:
+        pass
+
+    @abstractmethod
+    def verify_multi_sig(self, signature: str, message: str, pks: Sequence[str]) -> bool:
+        pass

crypto/bls/bls_bft.py

@@ -0,0 +1,71 @@
+from abc import ABCMeta, abstractmethod
+
+from crypto.bls.bls_bft import BlsBft
+from crypto.bls.bls_crypto import BlsCrypto, BlsGroupParamsLoader
+from crypto.bls.bls_key_manager import BlsKeyManager
+from crypto.bls.bls_key_register import BlsKeyRegister
+from plenum.bls.bls_store import BlsStore
+
+
+class BlsFactoryCrypto(metaclass=ABCMeta):
+    def generate_bls_keys(self, seed=None) -> str:
+        return self._get_bls_crypto_class().generate_keys(
+            self._load_group_params(),
+            seed)
+
+    def generate_and_store_bls_keys(self, seed=None) -> str:
+        bls_key_manager = self._create_key_manager(
+            self._load_group_params())
+
+        sk, pk = self.generate_bls_keys(seed)
+        stored_sk, stored_pk = bls_key_manager.save_keys(sk, pk)
+
+        return stored_pk
+
+    def create_bls_crypto_from_saved_keys(self) -> BlsCrypto:
+        group_params = self._load_group_params()
+        bls_key_manager = self._create_key_manager(group_params)
+        sk, pk = bls_key_manager.load_keys()
+        return self._create_bls_crypto(sk, pk, group_params)
+
+    def _load_group_params(self):
+        return self._create_group_params_loader().load_group_params()
+
+    @abstractmethod
+    def _create_group_params_loader(self) -> BlsGroupParamsLoader:
+        pass
+
+    @abstractmethod
+    def _create_key_manager(self, group_params) -> BlsKeyManager:
+        pass
+
+    @abstractmethod
+    def _get_bls_crypto_class(self):
+        pass
+
+    @abstractmethod
+    def _create_bls_crypto(self, sk, pk, group_params):
+        pass
+
+
+class BlsFactoryBft(metaclass=ABCMeta):
+
+    def __init__(self, bls_factory_crypto: BlsFactoryCrypto):
+        self._bls_factory_crypto = bls_factory_crypto
+
+    def create_bls_bft(self, is_master) -> BlsBft:
+        bls_crypto = self._bls_factory_crypto.create_bls_crypto_from_saved_keys()
+        bls_key_register = self._create_bls_key_register()
+        return self._create_bls_bft(bls_crypto, bls_key_register, is_master)
+
+    @abstractmethod
+    def create_bls_store(self) -> BlsStore:
+        pass
+
+    @abstractmethod
+    def _create_bls_key_register(self) -> BlsKeyRegister:
+        pass
+
+    @abstractmethod
+    def _create_bls_bft(self, bls_crypto, bls_key_register, is_master) -> BlsBft:
+        pass