Support of state proofs in client (#394)

* bls signatures charm-based implementation

* bls infrustructure and hierarchy

* sign one msg

* implement bls_key_registry; support seed for BLS keys

* fix tests

* expect all data in str

* bls-bft implementation

* bls-bft implementation

* fix tests

* call BLS validate COMMIT in replica

* add BLS_KEY to Node txn

* add init_bls_keys script

* fix init script

* support calculation of multi-sig; add gc

* rename test_send_txns_no_bls to test_send_txns_partial_bls to make it match file name and purpose

* fix conditions and getting of public key by node name in BlsBftPlenum

* modify tests to avoid 3pc batching

* make replica add bls signature to COMMIT message

* change signature of calculate_multi_sig to let it return optional str

* add test_send_txns_full_bls test

* make replica register own commit in bls registry

* move docstrings from BlsBftPlenum to BlsBft

* add base class for BLS validation errors

* raise exception if validation of bls signature for commit failed

* add validate_multi_sig method to BlsBft

* make BlsBftPlenum raise exceptions in validation methods and do not store commits

* comment raising of exception if there is no signature since it is allowed as of now

* update test_validate_pre_prepare_incorrect_multi_sig

* in replica handle exceptions from bls

* update tests in test_bls_bft.py to make them test multisig using prepares instead of commits

* move signatures from commit to prepares as it is described in design doc

* remove debug logging and unused import

* make replica add latest multi-sig to preprepare

* create BlsMultiSignatureField validator and test for it

* remove redundant test case for BlsMultiSignature message

* update test of validation of commit and prepare preprepare messages

* use BlsMultiSignatureField instead of BlsMultiSignature in preprepare

* use multi-sig as a tuple instead of a dict

* propagate primaries multisig to other nodes

* return bls signature back to commit

* add log for saving multi sig

* use multisig for domain ledger only

* fix tests in test_primary_selector

* fix test for commit message

* fix name of test_send_txns_full_bls test

* add signarue for current batch to preprepare

* refactor verification methods of BlsBftPlenum

* update test of PrePrepare message

* Add key value bls store

* Save on master instance only

* check if multisig is none before handling it

* add missing empty line

* pass bls store to domain request handler

* add bls_Store to TestNode

* fix broken import of PREPARE

* add constants for state proof fields

* exclude state proof from checking of rreply equality

* Integrate indy_crypto lib

* fix excluding of state_proof fromr replies

* Add indy-crypto factory

* New indy-crypto api

* Final indy_crypto doc

* add correct root hash to multi singature in preprepare

* create class for multi signature

* use MultiSignature in bls_bft

* add todo about updating BlsMultiSignature message

* add checks of multi sig fields

* init bls keys in tests

* send BLS sigs in COMMITs only

* use MultiSignature in BlsStore

* add as_dict and define __eq__ in MultiSignature

* use MultiSignature in BlsBftPlenum

* Add new dep python3-indy-crypto to install req

* blskey support

* remove redundant args

* update signatures, remove validation of prepare, use MultiSignature

* Make generator type str

* remove sig from (pre)prepare, add state to commit

* Add blsfactoryindycrypto; add dedicated seed for bls

* support 48-bit seed

* disable charm-based tests

* re-factored bls_bft

 move all bls-related logic from replica to bls_bft

* re-factored bls_bft

 move all bls-related logic from replica to bls_bft

* use pool_state for multi-sig

* fixes

* fixed tests

* Edit docker file to install indy-crypto (#384)

* Edit docker file to install indy-crypto (#384)

* pass pool_state to bls_bft

* fix static validation errors

* fix static validation errors

* fix static validation errors

* fix static validation errors

* fix static validation errors

* add txn time to nym

* Bls storage (#387)

* Edit docker file to install indy-crypto

* Change libindy-crypto source to sovrin repo instead of wget it

* remove bls multisig message test

* use pool_state_root; get rid of charm-code

* use correct pool_state_root for multi-sig

* update tests

* fix tests

* support getting a value for a specified root

* create bls keys in initLocalKeys

* return bls key in initLocalKeys

* update usages of initLocalKeys

* generate bls keys not only for local nodes

* fix static code validation errors

* get BLS keys for the given pool root state

* extend tests

* add checking of proof in hasConsensus

* add base implementation of take_one_proved

* add use_bls param to initNodeKeysForBothStacks

* continue implementation of state proof in cli

* use bls_bft for checking multi sig in client

* add tests for BLS sig consensus

* enable BLS for domain ledger only

* fix tests to include BLS keys into NODE txn for new nodes

* rename request param to reply

* use one method for making both key and value

* use list instead of tuple when creating PrePrepare to have correct equal

* more bls_bft tests; improve logging

* change arg list of BlsFactoryIndyCrypto in create_bls_bft

* fix usage of initLocalKeys gen_steward_key

* fix code review findings

* refactor hasConsensus

* add docs

* use bls crypto for checking multisignature

* fix signature of getReply

* exclude state proof from quorum check

* build and install python3-indy-crypto with libindy-crypto dependency (needs to be re-factored)

* load bls keys in Client

* move here make_proof from indy-node

* fix quorum condition

* comment out early init of bls_node_public_keys

* create special class for multi sig verification

* fix json serializer

* fix verification of state proof in client

* make test node and client add proof for some reqs

* add test for state proofs on client

* use 'buy' instead of 'hello' for state proof checks

* remove unused imports

* fix indentation

* remove unused method

* fcreate base64 serializer

* user serializers instead of direct usage of base*

* remove unused exit line

* check that number of participants in multisig >= f

* fix quorumed; check number of participants

* create mostCommonElementWithFreq

* update logic of take_one_quorumed

* merge mostCommonElementWithFreq nad mostCommonElement

* update signature of mostCommonElement

* fix formatting if objSearchReplace signature

* use None instead of set() as  default arg val

* use bls quorum instead of reply quorum for participants

* change log level to warning for replies

* use named serializers in make_proof

* fix formatting

* introduce lazy_field decorator

* create bls_key_register_pool_manager_ledger

* rake ledger instead of pool_manager in BlsKeyRegisterPoolManagerLedger

* rename BlsKeyRegisterPoolmanagerLedger to BlsKeyRegisterPoolLedger

* use  BlsKeyRegisterPoolLedgerin client

* fix proof validation on client

* make IndyCryptoMultiSigVerifier get GroupParams instead of Generator

* create MultiSignatureVerifier abstract class

* support MultiSignatureVerifier in crypto factory

* create verifier using factory in client

* create utility method for creation of full root hash

* use utility method create_full_root_hash

* fix active waiting when there is no messages

* add check_sufficient_replies_received util method

it uses client's hasConsensus

* fix logging of request id in client

* make client check if multi signature empty

* use check_sufficient_replies_received in tests

* use check_sufficient_replies_received in waitForSufficientRepliesForRequests

* remove fVal param from sendReqsToNodesAndVerifySuffReplies

* tmp warkaround: remove state proof from catchup reply

* update buy in sendRepliesToClients

* remove debug loop

* transform generator to list

* make take_one_proved return result instead of reply

* in client use create_default_bls_crypto_factory

* change instId to 0 to fix test

Author: mzk-vct

common/serializers/base64_serializer.py

@@ -0,0 +1,10 @@
+import base64
+from common.serializers.mapping_serializer import MappingSerializer
+
+
+class Base64Serializer(MappingSerializer):
+    def serialize(self, data, fields=None, toBytes=False):
+        return base64.b64encode(data)
+
+    def deserialize(self, data, fields=None):
+        return base64.b64decode(data)

common/serializers/serialization.py

@@ -1,6 +1,7 @@
 from typing import Mapping
 
 from common.serializers.base58_serializer import Base58Serializer
+from common.serializers.base64_serializer import Base64Serializer
 from common.serializers.json_serializer import JsonSerializer
 from common.serializers.msgpack_serializer import MsgPackSerializer
 from common.serializers.signing_serializer import SigningSerializer
@@ -13,6 +14,7 @@
 client_req_rep_store_serializer = JsonSerializer()
 multi_sig_store_serializer = JsonSerializer()
 state_roots_serializer = Base58Serializer()
+proof_nodes_serializer = Base64Serializer()
 
 
 def serialize_msg_for_signing(msg: Mapping, topLevelKeysToIgnore=None):

crypto/bls/bls_factory.py

@@ -4,18 +4,19 @@
 from crypto.bls.bls_crypto import BlsCrypto, BlsGroupParamsLoader
 from crypto.bls.bls_key_manager import BlsKeyManager
 from crypto.bls.bls_key_register import BlsKeyRegister
+from crypto.bls.bls_multi_signature_verifier import MultiSignatureVerifier
 from plenum.bls.bls_store import BlsStore
 
 
 class BlsFactoryCrypto(metaclass=ABCMeta):
+
     def generate_bls_keys(self, seed=None) -> str:
         return self._get_bls_crypto_class().generate_keys(
             self._load_group_params(),
             seed)
 
     def generate_and_store_bls_keys(self, seed=None) -> str:
-        bls_key_manager = self._create_key_manager(
-            self._load_group_params())
+        bls_key_manager = self._create_key_manager(self._load_group_params())
 
         sk, pk = self.generate_bls_keys(seed)
         stored_sk, stored_pk = bls_key_manager.save_keys(sk, pk)
@@ -28,6 +29,14 @@ def create_bls_crypto_from_saved_keys(self) -> BlsCrypto:
         sk, pk = bls_key_manager.load_keys()
         return self._create_bls_crypto(sk, pk, group_params)
 
+    def create_multi_signature_verifier(self) -> MultiSignatureVerifier:
+        group_params = self._load_group_params()
+        return self._create_multi_signature_verifier(group_params)
+
+    @abstractmethod
+    def _create_multi_signature_verifier(self, group_params) -> MultiSignatureVerifier:
+        pass
+
     def _load_group_params(self):
         return self._create_group_params_loader().load_group_params()
 
@@ -58,6 +67,9 @@ def create_bls_bft(self, is_master) -> BlsBft:
         bls_key_register = self._create_bls_key_register()
         return self._create_bls_bft(bls_crypto, bls_key_register, is_master)
 
+    def create_multi_signature_verifier(self) -> MultiSignatureVerifier:
+        return self._bls_factory_crypto.create_multi_signature_verifier()
+
     @abstractmethod
     def create_bls_store(self) -> BlsStore:
         pass

crypto/bls/bls_multi_signature_verifier.py

@@ -0,0 +1,15 @@
+from abc import ABCMeta
+from typing import Sequence
+
+
+class MultiSignatureVerifier(metaclass=ABCMeta):
+    """
+    Abstract multi signature verifier, to be used in
+    places where full bls support is not required.
+    """
+
+    def verify(self, signature: str, message: str, pks: Sequence[str]) -> bool:
+        """
+        Verify multi signature
+        """
+        pass

crypto/bls/indy_crypto/bls_crypto_indy_crypto.py

@@ -4,6 +4,8 @@
 from crypto.bls.bls_crypto import BlsCrypto, GroupParams, BlsGroupParamsLoader
 from indy_crypto.bls import BlsEntity, Generator, VerKey, SignKey, Bls, Signature, MultiSignature
 
+from crypto.bls.bls_multi_signature_verifier import MultiSignatureVerifier
+
 
 class BlsGroupParamsLoaderIndyCrypto(BlsGroupParamsLoader):
     def load_group_params(self) -> GroupParams:
@@ -12,40 +14,22 @@ def load_group_params(self) -> GroupParams:
         return GroupParams(group_name, g)
 
 
-class BlsCryptoIndyCrypto(BlsCrypto):
-    SEED_LEN = 48
-
-    def __init__(self, sk: str, pk: str, params: GroupParams):
-        super().__init__(sk, pk, params)
-        self._generator = BlsCryptoIndyCrypto._bls_from_str(params.g, Generator)
-        self._sk_bls = BlsCryptoIndyCrypto._bls_from_str(sk, SignKey)
-        self._pk_bls = BlsCryptoIndyCrypto._bls_from_str(pk, VerKey)
-
+class IndyCryptoBlsUtils:
     @staticmethod
-    def _bls_to_str(v: BlsEntity) -> str:
+    def bls_to_str(v: BlsEntity) -> str:
         return base58.b58encode(v.as_bytes())
 
     @staticmethod
-    def _bls_from_str(v: str, cls) -> BlsEntity:
+    def bls_from_str(v: str, cls) -> BlsEntity:
         bts = base58.b58decode(v)
         return cls.from_bytes(bts)
 
     @staticmethod
-    def _msg_to_bls_bytes(msg: str) -> bytes:
+    def msg_to_bls_bytes(msg: str) -> bytes:
         return msg.encode()
 
     @staticmethod
-    def generate_keys(params: GroupParams, seed=None) -> (str, str):
-        seed = BlsCryptoIndyCrypto._prepare_seed(seed)
-        gen = BlsCryptoIndyCrypto._bls_from_str(params.g, Generator)
-        sk = SignKey.new(seed)
-        vk = VerKey.new(gen, sk)
-        sk_str = BlsCryptoIndyCrypto._bls_to_str(sk)
-        vk_str = BlsCryptoIndyCrypto._bls_to_str(vk)
-        return sk_str, vk_str
-
-    @staticmethod
-    def _prepare_seed(seed):
+    def prepare_seed(seed):
         seed_bytes = None
         if isinstance(seed, str):
             seed_bytes = seed.encode()
@@ -60,25 +44,63 @@ def _prepare_seed(seed):
 
         return seed_bytes
 
+
+class IndyCryptoMultiSigVerifier(MultiSignatureVerifier):
+
+    def __init__(self, params: GroupParams):
+        self._generator = \
+            IndyCryptoBlsUtils\
+            .bls_from_str(params.g, Generator)  # type: Generator
+
+    def verify(self, signature: str, message: str, pks: Sequence[str]) -> bool:
+        epks = [IndyCryptoBlsUtils.bls_from_str(p, VerKey) for p in pks]
+        multi_signature = \
+            IndyCryptoBlsUtils\
+            .bls_from_str(signature, MultiSignature)  # type: MultiSignature
+        message_bytes = IndyCryptoBlsUtils.msg_to_bls_bytes(message)
+        return Bls.verify_multi_sig(multi_sig=multi_signature,
+                                    message=message_bytes,
+                                    ver_keys=epks,
+                                    gen=self._generator)
+
+
+class BlsCryptoIndyCrypto(BlsCrypto):
+    SEED_LEN = 48
+
+    def __init__(self, sk: str, pk: str, params: GroupParams):
+        super().__init__(sk, pk, params)
+        self._sk_bls = IndyCryptoBlsUtils.bls_from_str(sk, SignKey)
+        self._pk_bls = IndyCryptoBlsUtils.bls_from_str(pk, VerKey)
+        self._generator = \
+            IndyCryptoBlsUtils\
+            .bls_from_str(params.g, Generator)  # type: Generator
+        self._multi_sig_verifier = IndyCryptoMultiSigVerifier(params)
+
+    @staticmethod
+    def generate_keys(params: GroupParams, seed=None) -> (str, str):
+        seed = IndyCryptoBlsUtils.prepare_seed(seed)
+        gen = IndyCryptoBlsUtils.bls_from_str(params.g, Generator)
+        sk = SignKey.new(seed)
+        vk = VerKey.new(gen, sk)
+        sk_str = IndyCryptoBlsUtils.bls_to_str(sk)
+        vk_str = IndyCryptoBlsUtils.bls_to_str(vk)
+        return sk_str, vk_str
+
     def sign(self, message: str) -> str:
-        bts = BlsCryptoIndyCrypto._msg_to_bls_bytes(message)
+        bts = IndyCryptoBlsUtils.msg_to_bls_bytes(message)
         sign = Bls.sign(bts, self._sk_bls)
-        return BlsCryptoIndyCrypto._bls_to_str(sign)
+        return IndyCryptoBlsUtils.bls_to_str(sign)
 
     def create_multi_sig(self, signatures: Sequence[str]) -> str:
-        sigs = [BlsCryptoIndyCrypto._bls_from_str(s, Signature) for s in signatures]
+        sigs = [IndyCryptoBlsUtils.bls_from_str(s, Signature) for s in signatures]
         bts = MultiSignature.new(sigs)
-        return BlsCryptoIndyCrypto._bls_to_str(bts)
+        return IndyCryptoBlsUtils.bls_to_str(bts)
 
     def verify_sig(self, signature: str, message: str, pk: str) -> bool:
-        return Bls.verify(BlsCryptoIndyCrypto._bls_from_str(signature, Signature),
-                          BlsCryptoIndyCrypto._msg_to_bls_bytes(message),
-                          BlsCryptoIndyCrypto._bls_from_str(pk, VerKey),
+        return Bls.verify(IndyCryptoBlsUtils.bls_from_str(signature, Signature),
+                          IndyCryptoBlsUtils.msg_to_bls_bytes(message),
+                          IndyCryptoBlsUtils.bls_from_str(pk, VerKey),
                           self._generator)
 
-    def verify_multi_sig(self, signature: str, message: str, pks: Sequence[str]) -> bool:
-        epks = [BlsCryptoIndyCrypto._bls_from_str(p, VerKey) for p in pks]
-        return Bls.verify_multi_sig(BlsCryptoIndyCrypto._bls_from_str(signature, MultiSignature),
-                                    BlsCryptoIndyCrypto._msg_to_bls_bytes(message),
-                                    epks,
-                                    self._generator)
+    def verify_multi_sig(self, signature: str, message: str, pks: Sequence[str]):
+        return self._multi_sig_verifier.verify(signature, message, pks)

plenum/bls/bls_bft_factory.py

@@ -2,6 +2,7 @@
 from crypto.bls.bls_bft import BlsBft
 from crypto.bls.bls_factory import BlsFactoryBft, BlsFactoryCrypto
 from crypto.bls.bls_key_register import BlsKeyRegister
+from crypto.bls.bls_multi_signature_verifier import MultiSignatureVerifier
 from plenum.bls.bls_bft_plenum import BlsBftPlenum
 from plenum.bls.bls_crypto_factory import create_default_bls_crypto_factory
 from plenum.bls.bls_key_register_pool_manager import BlsKeyRegisterPoolManager

plenum/bls/bls_bft_plenum.py

@@ -4,6 +4,7 @@
 from crypto.bls.bls_crypto import BlsCrypto
 from crypto.bls.bls_key_register import BlsKeyRegister
 from crypto.bls.bls_multi_signature import MultiSignature
+from plenum.bls.bls_bft_utils import create_full_root_hash
 from plenum.bls.bls_store import BlsStore
 from plenum.common.constants import DOMAIN_LEDGER_ID, BLS_PREFIX
 from plenum.common.exceptions import SuspiciousNode
@@ -155,7 +156,7 @@ def gc(self, key_3PC):
     # ----MULT_SIG----
 
     def _create_multi_sig_value(self, state_root_hash, pool_state_root_hash):
-        return state_root_hash + pool_state_root_hash
+        return create_full_root_hash(state_root_hash, pool_state_root_hash)
 
     def _validate_signature(self, sender, bls_sig, state_root_hash):
         sender_node = self.get_node_name(sender)

plenum/bls/bls_bft_utils.py

@@ -0,0 +1,8 @@
+
+
+def create_full_root_hash(root_hash, pool_root_hash):
+    """
+    Utility method for creating full root hash that then can be signed
+    by multi signature
+    """
+    return root_hash + pool_root_hash

plenum/bls/bls_crypto_factory.py

@@ -1,7 +1,8 @@
 from crypto.bls.bls_crypto import BlsGroupParamsLoader
 from crypto.bls.bls_factory import BlsFactoryCrypto
 from crypto.bls.bls_key_manager import BlsKeyManager
-from crypto.bls.indy_crypto.bls_crypto_indy_crypto import BlsCryptoIndyCrypto, BlsGroupParamsLoaderIndyCrypto
+from crypto.bls.indy_crypto.bls_crypto_indy_crypto import BlsCryptoIndyCrypto, \
+    BlsGroupParamsLoaderIndyCrypto, IndyCryptoMultiSigVerifier
 from plenum.bls.bls_key_manager_file import BlsKeyManagerFile
 
 
@@ -30,6 +31,9 @@ def __init__(self, basedir=None, node_name=None):
         self._basedir = basedir
         self._node_name = node_name
 
+    def _create_multi_signature_verifier(self, group_params):
+        return IndyCryptoMultiSigVerifier(group_params)
+
     def _create_group_params_loader(self) -> BlsGroupParamsLoader:
         return BlsGroupParamsLoaderIndyCrypto()
 

plenum/bls/bls_key_register_pool_ledger.py

@@ -0,0 +1,31 @@
+from crypto.bls.bls_key_register import BlsKeyRegister
+from plenum.common.constants import BLS_KEY, TXN_TYPE, NODE, ALIAS, DATA
+
+
+class BlsKeyRegisterPoolLedger(BlsKeyRegister):
+    """
+    Ledger-based implementation of  BlsKeyRegister
+    """
+
+    def __init__(self, ledger):
+        self._ledger = ledger
+        self._current_bls_keys = None  # {node_name : BLS key}
+        # Not supported methods
+
+    def get_pool_root_hash_committed(self):
+        raise NotImplementedError()
+
+    def get_key_by_name(self, node_name, pool_state_root_hash=None):
+        if self._current_bls_keys is None:
+            self._current_bls_keys = self._load_keys_for_root()
+        return self._current_bls_keys.get(node_name)
+
+    def _load_keys_for_root(self):
+        keys = {}
+        for _, txn in self._ledger.getAllTxn():
+            if txn[TXN_TYPE] == NODE:
+                data = txn[DATA]
+                alias = data[ALIAS]
+                blskey = data.get(BLS_KEY)
+                keys[alias] = blskey
+        return keys