Add aggregate verification key to certificate

* Compute aggregate verification key with multisignature
* Cleanup code before implementing real stores

Author: jpraynaud

mithril-aggregator/src/http_server.rs

@@ -1,5 +1,4 @@
-use hex::ToHex;
-use mithril_common::crypto_helper::{key_decode_hex, ProtocolPartyId};
+use mithril_common::crypto_helper::{key_decode_hex, ProtocolLotteryIndex, ProtocolPartyId};
 use mithril_common::entities;
 use mithril_common::fake_data;
 use serde_json::Value::Null;
@@ -200,9 +199,8 @@ mod handlers {
         let beacon_store = beacon_store.read().await;
         match beacon_store.get_current_beacon().await {
             Ok(Some(beacon)) => {
-                let message = fake_data::digest(&beacon);
                 let multi_signer = multi_signer.read().await;
-                match multi_signer.get_multi_signature(&message.encode_hex::<String>()) {
+                match multi_signer.get_multi_signature() {
                     Ok(None) => {
                         let mut certificate_pending = fake_data::certificate_pending();
                         certificate_pending.beacon = beacon.clone();
@@ -285,9 +283,8 @@ mod handlers {
         let beacon_store = beacon_store.read().await;
         match beacon_store.get_current_beacon().await {
             Ok(Some(beacon)) => {
-                let message = certificate_hash.clone();
                 let previous_hash = "".to_string();
-                match multi_signer.create_certificate(message, beacon, previous_hash) {
+                match multi_signer.create_certificate(beacon, previous_hash) {
                     Ok(Some(certificate)) => Ok(warp::reply::with_status(
                         warp::reply::json(&certificate),
                         StatusCode::OK,
@@ -475,9 +472,9 @@ mod handlers {
             match key_decode_hex(&signature.signature) {
                 Ok(single_signature) => {
                     match multi_signer.register_single_signature(
-                        signature.party_id as multi_signer::ProtocolPartyId,
+                        signature.party_id as ProtocolPartyId,
                         &single_signature,
-                        signature.index as multi_signer::ProtocolLotteryIndex,
+                        signature.index as ProtocolLotteryIndex,
                     ) {
                         Err(multi_signer::ProtocolError::ExistingSingleSignature(_)) => {
                             return Ok(warp::reply::with_status(
@@ -562,7 +559,7 @@ mod tests {
             .return_once(|| Ok(fake_signers_with_stakes));
         mock_multi_signer
             .expect_get_multi_signature()
-            .return_once(|_| Ok(None));
+            .return_once(|| Ok(None));
         let mut dependency_manager = setup_dependency_manager();
 
         dependency_manager
@@ -667,7 +664,7 @@ mod tests {
             .return_once(|| Err(ProtocolError::Codec("an error occurred".to_string())));
         mock_multi_signer
             .expect_get_multi_signature()
-            .return_once(|_| Ok(None));
+            .return_once(|| Ok(None));
         let mut dependency_manager = setup_dependency_manager();
         dependency_manager
             .with_multi_signer(Arc::new(RwLock::new(mock_multi_signer)))
@@ -703,7 +700,7 @@ mod tests {
             .return_once(|| None);
         mock_multi_signer
             .expect_get_multi_signature()
-            .return_once(|_| Ok(None));
+            .return_once(|| Ok(None));
         let mut dependency_manager = setup_dependency_manager();
         dependency_manager
             .with_multi_signer(Arc::new(RwLock::new(mock_multi_signer)))
@@ -735,9 +732,7 @@ mod tests {
         let mut mock_multi_signer = MockMultiSigner::new();
         mock_multi_signer
             .expect_create_certificate()
-            .return_once(move |_, _, _| {
-                Ok(Some(fake_data::certificate("cert-hash-123".to_string())))
-            });
+            .return_once(move |_, _| Ok(Some(fake_data::certificate("cert-hash-123".to_string()))));
         let mut dependency_manager = setup_dependency_manager();
         dependency_manager
             .with_multi_signer(Arc::new(RwLock::new(mock_multi_signer)))
@@ -770,7 +765,7 @@ mod tests {
         let mut mock_multi_signer = MockMultiSigner::new();
         mock_multi_signer
             .expect_create_certificate()
-            .return_once(move |_, _, _| Ok(None));
+            .return_once(move |_, _| Ok(None));
         let mut dependency_manager = setup_dependency_manager();
         dependency_manager
             .with_multi_signer(Arc::new(RwLock::new(mock_multi_signer)))
@@ -803,7 +798,7 @@ mod tests {
         let mut mock_multi_signer = MockMultiSigner::new();
         mock_multi_signer
             .expect_create_certificate()
-            .return_once(move |_, _, _| Err(ProtocolError::Codec("an error occurred".to_string())));
+            .return_once(move |_, _| Err(ProtocolError::Codec("an error occurred".to_string())));
         let mut dependency_manager = setup_dependency_manager();
         dependency_manager
             .with_multi_signer(Arc::new(RwLock::new(mock_multi_signer)))

mithril-aggregator/src/lib.rs

@@ -11,10 +11,7 @@ mod tools;
 
 pub use crate::entities::Config;
 pub use crate::http_server::Server;
-pub use crate::multi_signer::{
-    key_decode_hex, MultiSigner, MultiSignerImpl, ProtocolError, ProtocolParameters,
-    ProtocolPartyId, ProtocolSignerVerificationKey, ProtocolStake, ProtocolStakeDistribution,
-};
+pub use crate::multi_signer::{MultiSigner, MultiSignerImpl, ProtocolError};
 pub use crate::snapshot_stores::{RemoteSnapshotStore, SnapshotStore};
 pub use beacon_store::{BeaconStoreError, MemoryBeaconStore};
 pub use dependency::DependencyManager;

mithril-aggregator/src/main.rs

@@ -5,8 +5,9 @@ use clap::Parser;
 use config::{Map, Source, Value, ValueKind};
 use mithril_aggregator::{
     AggregatorRuntime, Config, DependencyManager, MemoryBeaconStore, MultiSigner, MultiSignerImpl,
-    ProtocolStakeDistribution, Server,
+    Server,
 };
+use mithril_common::crypto_helper::ProtocolStakeDistribution;
 use mithril_common::fake_data;
 use slog::{Drain, Level, Logger};
 use slog_scope::debug;

mithril-aggregator/src/multi_signer.rs

@@ -4,11 +4,10 @@ use slog_scope::{debug, warn};
 use std::collections::HashMap;
 use thiserror::Error;
 
-// TODO: remove pub
-pub use mithril_common::crypto_helper::{
-    key_decode_hex, key_encode_hex, Bytes, ProtocolClerk, ProtocolKeyRegistration,
-    ProtocolLotteryIndex, ProtocolMultiSignature, ProtocolParameters, ProtocolPartyId,
-    ProtocolSignerVerificationKey, ProtocolSingleSignature, ProtocolStake,
+use mithril_common::crypto_helper::{
+    key_encode_hex, Bytes, ProtocolAggregateVerificationKey, ProtocolClerk,
+    ProtocolKeyRegistration, ProtocolLotteryIndex, ProtocolMultiSignature, ProtocolParameters,
+    ProtocolPartyId, ProtocolSignerVerificationKey, ProtocolSingleSignature,
     ProtocolStakeDistribution,
 };
 use mithril_common::entities;
@@ -35,6 +34,9 @@ pub enum ProtocolError {
 
     #[error("no protocol parameters available")]
     UnavailableProtocolParameters(),
+
+    #[error("no clerk available")]
+    UnavailableClerk(),
 }
 
 /// MultiSigner is the cryptographic engine in charge of producing multi signatures from individual signatures
@@ -89,18 +91,14 @@ pub trait MultiSigner: Sync + Send {
     ) -> Result<(), ProtocolError>;
 
     /// Retrieves a multi signature from a message
-    fn get_multi_signature(
-        &self,
-        message: &str,
-    ) -> Result<Option<ProtocolMultiSignature>, ProtocolError>;
+    fn get_multi_signature(&self) -> Result<Option<ProtocolMultiSignature>, ProtocolError>;
 
     /// Creates a multi signature from single signatures
     fn create_multi_signature(&mut self) -> Result<Option<ProtocolMultiSignature>, ProtocolError>;
 
     /// Creates a certificate from a multi signatures
     fn create_certificate(
         &self,
-        message: String,
         beacon: entities::Beacon,
         previous_hash: String,
     ) -> Result<Option<entities::Certificate>, ProtocolError>;
@@ -124,8 +122,11 @@ pub struct MultiSignerImpl {
     single_signatures:
         HashMap<ProtocolPartyId, HashMap<ProtocolLotteryIndex, ProtocolSingleSignature>>,
 
-    /// Recorded multi signatures by message signed
-    multi_signatures: HashMap<String, String>,
+    /// Created multi signature for message signed
+    multi_signature: Option<ProtocolMultiSignature>,
+
+    /// Created aggregate verification key
+    avk: Option<ProtocolAggregateVerificationKey>,
 }
 
 impl Default for MultiSignerImpl {
@@ -144,24 +145,35 @@ impl MultiSignerImpl {
             stakes: Vec::new(),
             signers: HashMap::new(),
             single_signatures: HashMap::new(),
-            multi_signatures: HashMap::new(),
+            multi_signature: None,
+            avk: None,
         }
     }
 
     /// Creates a clerk
     // TODO: The clerk should be a field of the MultiSignerImpl struct, but this is not possible now as the Clerk uses an unsafe 'Rc'
-    pub fn clerk(&self) -> ProtocolClerk {
+    pub fn create_clerk(&self) -> Option<ProtocolClerk> {
         let stakes = self.get_stake_distribution();
         let mut key_registration = ProtocolKeyRegistration::init(&stakes);
+        let mut total_signers = 0;
         stakes.iter().for_each(|(party_id, _stake)| {
             if let Some(verification_key) = self.get_signer(*party_id).unwrap() {
                 key_registration
                     .register(*party_id, verification_key)
                     .unwrap();
+                total_signers += 1;
             }
         });
-        let closed_registration = key_registration.close();
-        ProtocolClerk::from_registration(self.protocol_parameters.unwrap(), closed_registration)
+        match total_signers {
+            0 => None,
+            _ => {
+                let closed_registration = key_registration.close();
+                Some(ProtocolClerk::from_registration(
+                    self.protocol_parameters?,
+                    closed_registration,
+                ))
+            }
+        }
     }
 }
 
@@ -174,6 +186,8 @@ impl MultiSigner for MultiSignerImpl {
     /// Update current message
     fn update_current_message(&mut self, message: Bytes) -> Result<(), ProtocolError> {
         self.current_message = Some(message);
+        self.multi_signature = None;
+        self.single_signatures.drain();
         Ok(())
     }
 
@@ -248,7 +262,6 @@ impl MultiSigner for MultiSignerImpl {
     }
 
     /// Registers a single signature
-    // TODO: Maybe the clerk can be replaced here by a verifier in the crypto library (cf https://github.com/input-output-hk/mithril/issues/162)
     fn register_single_signature(
         &mut self,
         party_id: ProtocolPartyId,
@@ -263,9 +276,17 @@ impl MultiSigner for MultiSignerImpl {
         let message = &self
             .get_current_message()
             .ok_or_else(ProtocolError::UnavailableMessage)?;
-        let clerk = self.clerk();
-        let avk = clerk.compute_avk();
-        match signature.verify(&self.protocol_parameters.unwrap(), &avk, message) {
+        match signature.verify(
+            &self
+                .protocol_parameters
+                .ok_or_else(ProtocolError::UnavailableProtocolParameters)?,
+            &self
+                .create_clerk()
+                .as_ref()
+                .ok_or_else(ProtocolError::UnavailableClerk)?
+                .compute_avk(),
+            message,
+        ) {
             Ok(_) => {
                 // Register single signature
                 self.single_signatures
@@ -292,19 +313,9 @@ impl MultiSigner for MultiSignerImpl {
     }
 
     /// Retrieves a multi signature from a message
-    fn get_multi_signature(
-        &self,
-        message: &str,
-    ) -> Result<Option<ProtocolMultiSignature>, ProtocolError> {
-        debug!("Get multi signature for message {}", message);
-        match self.multi_signatures.get(message) {
-            Some(multi_signature) => {
-                let multi_signature: ProtocolMultiSignature =
-                    key_decode_hex(multi_signature).map_err(ProtocolError::Codec)?;
-                Ok(Some(multi_signature))
-            }
-            None => Ok(None),
-        }
+    fn get_multi_signature(&self) -> Result<Option<ProtocolMultiSignature>, ProtocolError> {
+        debug!("Get multi signature");
+        Ok(self.multi_signature.to_owned())
     }
 
     /// Creates a multi signature from single signatures
@@ -329,12 +340,13 @@ impl MultiSigner for MultiSignerImpl {
             return Ok(None);
         }
 
-        match self.clerk().aggregate(&signatures, message) {
+        let clerk = self
+            .create_clerk()
+            .ok_or_else(ProtocolError::UnavailableClerk)?;
+        match clerk.aggregate(&signatures, message) {
             Ok(multi_signature) => {
-                self.multi_signatures.insert(
-                    message.encode_hex::<String>(),
-                    key_encode_hex(&multi_signature).map_err(ProtocolError::Codec)?,
-                );
+                self.avk = Some(clerk.compute_avk());
+                self.multi_signature = Some(multi_signature.clone());
                 self.single_signatures.drain();
                 Ok(Some(multi_signature))
             }
@@ -346,35 +358,38 @@ impl MultiSigner for MultiSignerImpl {
     // TODO: Clarify what started/completed date represents
     fn create_certificate(
         &self,
-        message: String,
         beacon: entities::Beacon,
         previous_hash: String,
     ) -> Result<Option<entities::Certificate>, ProtocolError> {
         debug!("Create certificate");
 
-        match self.get_multi_signature(&message)? {
+        match self.get_multi_signature()? {
             Some(multi_signature) => {
                 let protocol_parameters = self
                     .get_protocol_parameters()
                     .ok_or_else(ProtocolError::UnavailableProtocolParameters)?
                     .into();
-                let digest = message.clone();
-                let certificate_hash = message;
+                let digest = self
+                    .get_current_message()
+                    .ok_or_else(ProtocolError::UnavailableMessage)?
+                    .encode_hex::<String>();
                 let previous_hash = previous_hash;
                 let started_at = format!("{:?}", Utc::now());
                 let completed_at = started_at.clone();
                 let signers = self.get_signers()?;
+                let aggregate_verification_key =
+                    key_encode_hex(&self.avk.as_ref().unwrap()).map_err(ProtocolError::Codec)?;
                 let multi_signature =
                     key_encode_hex(&multi_signature).map_err(ProtocolError::Codec)?;
                 Ok(Some(entities::Certificate::new(
-                    certificate_hash,
                     previous_hash,
                     beacon,
                     protocol_parameters,
                     digest,
                     started_at,
                     completed_at,
                     signers,
+                    aggregate_verification_key,
                     multi_signature,
                 )))
             }
@@ -488,7 +503,6 @@ mod tests {
         let mut multi_signer = MultiSignerImpl::new();
 
         let message = setup_message();
-        let message_hex = message.clone().encode_hex::<String>();
         multi_signer
             .update_current_message(message.clone())
             .expect("update current message failed");
@@ -531,11 +545,11 @@ mod tests {
             .create_multi_signature()
             .expect("create multi sgnature should not fail");
         assert!(multi_signer
-            .get_multi_signature(&message_hex)
+            .get_multi_signature()
             .expect("get multi signature should not fail")
             .is_none());
         assert!(multi_signer
-            .create_certificate(message_hex.clone(), beacon.clone(), previous_hash.clone())
+            .create_certificate(beacon.clone(), previous_hash.clone())
             .expect("create_certificate should not fail")
             .is_none());
         signatures[0..quorum_split]
@@ -549,11 +563,11 @@ mod tests {
             .create_multi_signature()
             .expect("create multi sgnature should not fail");
         assert!(multi_signer
-            .get_multi_signature(&message_hex)
+            .get_multi_signature()
             .expect("get multi signature should not fail")
             .is_none());
         assert!(multi_signer
-            .create_certificate(message_hex.clone(), beacon.clone(), previous_hash.clone())
+            .create_certificate(beacon.clone(), previous_hash.clone())
             .expect("create_certificate should not fail")
             .is_none());
         signatures[quorum_split..]
@@ -567,11 +581,11 @@ mod tests {
             .create_multi_signature()
             .expect("create multi sgnature should not fail");
         assert!(multi_signer
-            .get_multi_signature(&message_hex)
+            .get_multi_signature()
             .expect("get multi signature should not fail")
             .is_some());
         assert!(multi_signer
-            .create_certificate(message_hex.clone(), beacon.clone(), previous_hash.clone())
+            .create_certificate(beacon.clone(), previous_hash.clone())
             .expect("create_certificate should not fail")
             .is_some());
     }