dkg: generate deposit data

[xenowits]

• Add types for DepositData and DepositMessage.
• Add HashTreeRoot methods on above types.
• Implement marshalling DepositData

category: feature
ticket: #481
feature_set: alpha

[leolara]

@xenowits why is this in testutil? isn't it used in the normal DKG process?

[corverroos]

I asked him to put it here for now, next to keystore, we need to move them both and some other "eth2" related utils somewhere else but I'm not sure where. Waiting for a pattern to emerge.

@xenowits please rename package to deposits

[leolara]

@corverroos don't you think we should avoid the eth2 term as it has become unofficial? Perhaps instead of using eth2 we could use ECL?

[corverroos]

as discussed, we are sticking with eth2 for now

[corverroos]

commented

[corverroos]

I asked him to put it here for now, next to keystore, we need to move them both and some other "eth2" related utils somewhere else but I'm not sure where. Waiting for a pattern to emerge.

@xenowits please rename package to deposits

[corverroos]

I would avoid importing prysm, it is a HUGE dependency. And we do not need it actually.

[corverroos]

we already have this logic, see validatorapi.GetDomain()

[corverroos]

you might beed to dig into how eth2client does it and copy inner logic since genesis and forkversion is nil in this case.

[OisinKyne]

Why is forkversion nil in this case?

Mainnet started with genesis_fork_version of 0x00000000, but I think some testnets started with a non-zero genesis fork version, if that's where the nil is coming from.

[corverroos]

this is how prysm does it, probably in die spec somewhere. Will confirm

[corverroos]

pass in only what you need. You only use withdrawal address and forkversion from the definition, rather just pass them in directly.

[corverroos]

not sure defaulting to mainnet is correct. Rather default to "unknown"

[xenowits]

i'm not sure either but sure will default to unknown

[OisinKyne]

No no! Jim McDonald and others pushed to change defaults to mainnet instead of testnet, to reduce the chance of an invalid deposit on mainnet. An unknown/non-mainnet default could blow up lots of money. Sending a mainnet deposit data to testnet blows up monopoly money. (I once blew up 120 testnet ether when Jim made this change. Before then ethdo pulled fork_version from connected beacon node, now it defaults to mainnet and you have to explicitly tell it to do something else.

[corverroos]

ok sure, mainnet default

[corverroos]

we also alreadyhave this, see validatorapi.prepSigningData. You can just copy it.

[leolara]

please, don't copy/paste code if it is possible

[corverroos]

suggest making DepositMessage unexported, and adding a HashTreeRoot() function to it. See prysm, cluster.Lock and cluster.Defintion how to implement HashTreeRoot

[corverroos]

same here depositDataRoot needs to be calcualted by a method you need to add to DepositData called HashTreeRoot, see prsym which fields and what order to hash them.

[corverroos]

always use proper types, use eth2p0.PublicKey not string

[corverroos]

note that withdrawal credentials isn't an address, is looks different to me

[OisinKyne]

Correct, they need to be slightly converted

See the spec here https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/validator.md#eth1_address_withdrawal_prefix

And an example here https://discord.com/channels/930779837218562078/932001790763864094/970934579563204688

We should only support type 0x01 for creation, because they are the only type that exits will be supported for (split-keys shouldn't care/know what the withdrawal creds are)

[corverroos]

signing in a distributed validator is not trivial, so we need to restructure this logic, you cannot sign "inside a function".

Suggest splitting into two functions:

• deposits.GetMessageRoot(ctx, eth2Cl, pubkey, withdrawalPubKey) eth2p0.Root, error
• We will then threshold sign this sig root, and aggregate it to get a the signature, and only then make deposit data.
• deposits.GetDepositData(pubkey, withdrawalPubKey, forkversion, messageRoot, messageSig) DepositData, error

[corverroos]

this is going to fail, since the type of pubkey is a string, so it is really unclear what format should be. Rather make it []byte then we know it is a standard public key bytes format

[corverroos]

please add tests for this, try to find reference data in prysm. Ie. given a message with values X,Y,Z, we know the hash should be something

[corverroos]

same here, this should be bytes, also please reference the format spec.

[corverroos]

do not export types/interfaces/variables/constants by default, always start unexported

[corverroos]

rather make the constant a []byte, then no need to convert

[xenowits]

ok. made it a single byte: byte(1)

[corverroos]

introduces variables just before they are used

canonical slice instantiation: var creds []byte

[corverroos]

avoid micro optimisations (adding length to slice). It draws attention ... to nothing in this case.

Only do micro optimisations if really required, like in some hot path.

[corverroos]

same here, make this a global var elevenZeros = []byte{0x00,0x00, ...}

[corverroos]

you are appending a hex string to a byte slice...

[codecov]

Codecov Report

Merging #491 (f74eedd) into main (419dbe5) will increase coverage by 0.57%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #491      +/-   ##
==========================================
+ Coverage   55.87%   56.44%   +0.57%     
==========================================
  Files          84       87       +3     
  Lines        7578     7979     +401     
==========================================
+ Hits         4234     4504     +270     
- Misses       2770     2874     +104     
- Partials      574      601      +27     

Impacted Files	Coverage Δ
app/app.go	63.31% <0.00%> (-2.08%)	⬇️
core/qbft/uponrule_string.go	40.00% <0.00%> (ø)
core/qbft/qbft.go	69.74% <0.00%> (ø)
core/qbft/msgtype_string.go	50.00% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 419dbe5...f74eedd. Read the comment docs.

[corverroos]

inline this: return DepositData{...}, nil

[corverroos]

nit: NewDepositData

Also add signature as parameter

[corverroos]

Another idea is to skip the DepositData struct and go stright to raw json bytes:

// MarshalDepositData returns the serialised json deposit data bytes to be written to disk.
func MarshalDepositData(pubkey eth2p0.BLSPubKey, withdrawalAddr string, forkVersion string, signature []byte) []byte, error

[xenowits]

the idea to skip the structs obviously seems very simple. But, i think that'd be oversimplifying it. We're not doing anything complex here so we can keep the types for the time being. (Pro tip: makes tree hashing easier)

[xenowits]

we can get rid of the unmarshal functions though since we only need to marshal and save to disk

[corverroos]

type not required, can just use [32]byte directly

[OisinKyne]

I wouldn't oppose a type, and maybe an assertion that the first byte is 01, along with maybe some 0x prepend handling.

Overkill though?

[corverroos]

might have "0x" prefix, trim it first: addr = strings.TrimPrefix(addr, "0x")

[OisinKyne]

Is this appending or prepending the zeros? Because it should be at the start of the string.

E.g. 0x01 + 00000000000 + %s

[corverroos]

colocate type and its methods

[corverroos]

nit: ddJSON

[corverroos]

[]byte is encoded as base64, so this needs to be string

[corverroos]

all hex fields should be string

[corverroos]

Other option is to create your own wrapper type called type hex []byte

Then implement json.Marshaller and json.Unmarshaller to does hex conversion.

Then just wrap the byte:

json.Marshal(ddJson{
  Pubkey: hex(pkBytes),
  Signature: hex(sig), 
})

[corverroos]

TODO(): verify the signature

[corverroos]

verify sig using: pubkey == crypto.SigToPub(depositMessageRoot[:], sig)

[corverroos]

maybe rather remove msgRoot, since you can calculate it

[xenowits]

i'm thinking along the lines of if we have a sig (that's calculated on msgRoot), we already have a msgRoot. So, we could have that as an input parameter.

[corverroos]

this should probably be credentials, not address

[xenowits]

correct, also changed the ordering of fields according to spec: https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/beacon-chain.md#depositdata

[corverroos]

forkVersion is hex string, you need to convert to bytes first

[corverroos]

unexport this