Add BLS Pubkey managerment to vote program.

[wen-coding]

Per SIMD 387, add the following:

• Add new init method using VoteInitV2
• Add VoteAuthority::VoterWithBLS
• Make them controlled by the new feature flag

[mergify]

If this PR represents a change to the public RPC API:

1. Make sure it includes a complementary update to rpc-client/ (example)
2. Open a follow-up PR to update the JavaScript client @solana/kit (example)

Thank you for keeping the RPC clients in sync with the server API @wen-coding.

[mergify]

The Firedancer team maintains a line-for-line reimplementation of the
native programs, and until native programs are moved to BPF, those
implementations must exactly match their Agave counterparts.
If this PR represents a change to a native program implementation (not
tests), please include a reviewer from the Firedancer team. And please
keep refactors to a minimum.

[buffalojoec]

Nice! This is getting really close.

[samkim-crypto]

Left some small comments, but looking good overall.

[samkim-crypto]

The new v2.0.0 interface, I'll make the function signature to also accept byte arrays directly, but we should technically still be able to call verify directly on compressed form, so we don't need extra conversion here and for proof of possession.

bls_proof_of_possession.verify(&bls_pubkey_compressed, Some(&message))

[buffalojoec]

Looking great! Test coverage looks good, but I left some suggestions on factoring the tests so we get even more coverage and we can also more clearly see what's going on.

The program side looks good from my end. Next we have to get the vote-interface release out and get this branch updated.

[mergify]

If this PR represents a change to the public RPC API:

1. Make sure it includes a complementary update to rpc-client/ (example)
2. Open a follow-up PR to update the JavaScript client @solana/kit (example)

Thank you for keeping the RPC clients in sync with the server API @wen-coding.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 99.31707% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.6%. Comparing base (bcaeadd) to head (ed37139).

Additional details and impacted files

@@           Coverage Diff            @@
##           master    #9310    +/-   ##
========================================
  Coverage    82.6%    82.6%            
========================================
  Files         902      902            
  Lines      323512   324444   +932     
========================================
+ Hits       267318   268261   +943     
+ Misses      56194    56183    -11     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[alexpyattaev]

How did these changes end up here?

[wen-coding]

Because it's the only way to make tests pass once we upgrade flate2, please review #9557 and I can then rebase.

[alexpyattaev]

If we bump flate2 we need to check we are not breaking epochslots.

[wen-coding]

Yeah definitely, even without flate2 risk, this change itself is dangerous enough, I probably should start test validator after the review goes through

[wen-coding]

@samkim-crypto @zz-sol I'm a bit confused how to make things work here. I believe this one is for offline signing. In our case I'm doing BLS keypair derivation inside cli parser, so I always need the vote authority keypair passed in. How do we make offline signing work in this case? Is it:

1. do vote-authorize-voter-with-bls with sign-only to generate the whole message encrypted
2. So when this thing is called we should have BLS pubkey and PoP without the keypair online
   Does that mean I should somehow pass in the BLS pubkey and PoP?

[wen-coding]

@grod220 this is the part I'm not sure about. The ones with "--sign-only" should work, because I still have ed25519 vote authority keypair there, but how does this piece fit in the picture?

[grod220]

(paste from slack message)

I've done some offline signing CLI work in the past in the context of a multisig transaction. Step 1 was the offline --sign-only mode which output PUBKEY=SIGNATURE and Step 2 had the same parameters, but also with the multiple --signer PUBKEY=SIGNATURE args and broadcasted the tx.

If the tx message includes bls_pubkey and bls_proof_of_possession , but step 2 can't rebuild that same message---you need to pass those as optional args in step 2:

--bls-pubkey <base58>
--bls-proof-of-possession <base58>

And those computed values need to be an output of step 1.

[wen-coding]

Thanks a lot! I fixed the authorized_voter_with_bls, making the new_authorized either pubkey or keypair, depending on whether --bls-pubkey or --bls-proof-of-possession are given.

Somehow I don't think we need similar structure (writing to output and pass in bls-pubkey/bls-proof-of-possession) for create-vote-account-v2, is that expected?

[buffalojoec]

It looks like there are a few things in-flight still (BLS SDK bump, CLI steps), so I just reviewed the Vote program.

Looking good! I left a few minor test requests, but overall the program implementation looks solid to me.

[buffalojoec]

How come these three ABI digests changed?

[wen-coding]

I think this is due to us linking in new solana-bls-signatures package. These messages aren't used in production yet.

[alexpyattaev]

frozen-abi does not check for ABI, it checks for API compatibility in a very paranoid way. Wire format may not have changed at all here.
Our contributor @puhtaytow is working on getting these glitches separated from actual ABI changes. Stay tuned.

[buffalojoec]

Lgtm! The last piece is the BLS dependency and getting another sign-off from Sam about the PoP validation. Once that's all set, I'll approve.

[wen-coding]

Lgtm! The last piece is the BLS dependency and getting another sign-off from Sam about the PoP validation. Once that's all set, I'll approve.

@samkim-crypto is on vacation. I chatted with @zz-sol :

1. I don't believe there is any major work planned for 2.0.0, so this is just a release. Can this PR go in and in the follow up cli PR I change it to 2.0.0 after Sam releases that package?
2. Zhenfei will help double check the PoP part once gain

[zz-sol]

Oh, i just recalled this

https://github.com/anza-xyz/solana-sdk/pull/496/files/ca5219fa5f09b58a8faaa6cecb55ca9e0374b63c#r2616335767

iiuc this API change will be included in 2.0 @samkim-crypto

[samkim-crypto]

Yep this can be simplified with the official release of bls-signatures v2.0, but the current version should be fine for this PR!

[samkim-crypto]

Sorry for the delay on this. All the PoP and BLS parts look fine to me. When bls-signatures v2.0.0 is cut, I'll create a small PR to simplify some parts, but this shouldn't block this PR from merging (correctness will remain the same). Really great job @wen-coding!