-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce a ZeroSig constant for the zero_signature #1396
Comments
Would it be fair to say that |
When serializing/deserializing, BLS Signatures have a specific conversion step that is handled by the BLS library. BLS libraries refuse to de/serialize invalid signatures. This means that before serialization and/or deserialization we need a additional layer that handles this specific zero signature case. Furthermore, it impacts the hash_tree_root serialization, meaning I expect all clients to have some kind of Option type to indicate zero-signature or not. I feel like it is overhead that we can avoid, and it simplifies the logic by removing the special case of zero signatures, i.e. signatures are then fully handled by hardened BLS libraries from serialization to deserialization. We already have the special case of invalid test signatures (which I hope we can remove at one point) but I hope to not have special cases just for serialization/deserialization of zero signatures in production implementations as well. |
Why do BLS libraries ever have to de/serialize the "zero" |
I'd favour a solution which removes We can achieve this in a very simple way: use a different type in From an implementation point of view, we deserialize BLS into its point representation before doing processing, along with other kinds of trivial validations on the data (like length checks, buffer overflow protection etc - basic data vailidity checks). Similarly, when calculating the tree hash, we serialize a an abstract point representation into its octet representation before passing it to the hash function (for reasons of efficiency, so that we only have to store the point version which more readily is useful) In the draft BLS spec, one can see that there's a method called
this is exactly what we mean - the same SSZ bytes are also used on the wire on incoming blocks etc.. |
This would happen in the context of serializing or deserializing a beacon state that has this signature. And I expect this is particularly an issue in a strongly typed language that is putting tight constraints on the incoming and outgoing data.
You certainly can make a different ssz type that doesn't have the signature but then you have I'm not terribly opposed to |
the idea is that you keep the relevant fields in |
Closed via #1491. The removal of |
This is the same suggestion as ethereum/eth2.0-tests#27
The serialized BLS signature:
0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
is not a valid compressed BLS signature on the curve. A valid one instead would be0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
While we all have some machinery to disable valid signature checks during testing, due to that invalid zero signature we also need to add specific test versus zero buffer before serialization/deserialization of every BLS signature instead of just handing it to the BLS library.
This is especially important for
process_block_header
which requires a zero-signaturehttps://github.com/ethereum/eth2.0-specs/blob/dev/specs/core/0_beacon-chain.md#block-header
The text was updated successfully, but these errors were encountered: