test: add VerifyProofsTest fixture and basic test vectors to sanity check proof verification#786
Merged
Merged
Conversation
unnawut
force-pushed
the
verify-proofs-vectors
branch
from
4291677 to
f61c0ed
Compare
Introduces a new consensus fixture format that emits self-contained multi-signature verification vectors so cross-client implementations can run their own Type-1 verifier and compare outcomes. Three positive vectors land alongside the fixture: a single-validator baseline, a four-validator all-participating case, and a four-validator non-contiguous bitfield case ([1, 0, 1, 1]). The fixture also surfaces the spec-layer binding between attestation data and proof: clients recompute hash_tree_root(attestation_data) and must match the emitted message field before running the verifier.
Adds four negative vectors exercising spec-layer bindings between inputs and the multi-signature proof. Each vector uses a tamper operation on the fixture to produce a structurally valid bundle that must be rejected by a conformant verifier: - wrong_message: proof bound to an alternate head root inside the attestation data - wrong_slot: emitted slot field shifted while the proof binding stays on the original slot - wrong_public_keys: one emitted pubkey replaced with another validator's - aggregation_bits_length_mismatch: emitted bits truncated while the pubkey count stays unchanged Vectors covering malformed or truncated proof bytes are intentionally out of scope: leanSpec consumes the multi-signature primitive as a black box and primitive integrity belongs to its own conformance suite. Pubkey ordering is also not a binding to test: the aggregator sorts participants internally, so the verifier is order-insensitive.
Brings the new fixture in line with the patterns the other consensus test fixtures follow: - Drop ``from __future__ import annotations`` (PR leanEthereum#759 removed it from Pydantic-defining files); quote the one self-reference instead. - Replace the bespoke ``expect_valid: bool`` field with the inherited ``expect_exception`` field already used by SSZTest, NetworkingCodec, and VerifySignaturesTest. Rejection vectors now pin ``AggregationError`` and the framework serializes the class name to JSON. - Switch the tamper dispatch in ``_apply_tamper`` from ``if/elif`` to ``match/case`` to follow the pattern in slot_clock and networking_codec. - Expand the module-level docstring from one line to a short paragraph describing what the fixture covers. - Normalize the ``public_keys`` default from ``[]`` to ``| None = None`` to match every other output field on the model.
The check that fires here is the early-reject in the spec wrapper's verify method (len(public_keys) != participants.count(True)), not a consensus-critical binding. In real consensus the inconsistency cannot arise because clients resolve public keys from the bitfield plus the validator registry as one operation. A client that did pass a wrong pubkey count would also be rejected by the underlying recursive verifier on its internal pubkey-set commitment, so the wrapper check is at best an early exit with a nicer error message. The remaining three rejection vectors still exercise the meaningful spec-layer bindings: message hash, slot, and pubkey set.
…renames Rebase onto main and apply the renames/cleanups landed since the branch was opened: - PR leanEthereum#799: TypeOneMultiSignature → SingleMessageAggregate, proof_type literal "type_1" → "single_message", file renames test_type_1_{valid,invalid}.py → test_single_message_{valid,invalid}.py. - PR leanEthereum#800: validator_ids → validator_indices, with_validator_id → with_validator_index, vid/pubkey expansions. - post-leanEthereum#788/leanEthereum#790/leanEthereum#796 imports: lean_spec.spec.forks / .spec.ssz / .spec.crypto.*. Replace the stringly-typed tamper dict with a Pydantic discriminated union (RebindToAlternateHeadRoot, IncrementEmittedSlot, SwapParticipantPublicKey). The match dispatch on the typed variants drops the two type: ignore[index] casts and lets the test sites read tamper=SwapParticipantPublicKey(index=0, with_validator_index=1) instead of a magic-string dict. Inline the four single-call helpers (_apply_tamper plus three _tamper_*) and the verification helper into make_fixture so the four phases — generate / tamper / verify / publish — are visible in one method. Drop both model_copy(update=...) calls per leanEthereum#789: direct field construction for the frozen AttestationData rebuild, direct field assignment for the mutable fixture self-update. Replace the internal dict[str, Any] bundle with named locals; the bundle never escapes make_fixture, so the dict adds nothing. Guard SwapParticipantPublicKey against silent no-op swaps where the replacement key happens to equal the original. Broaden the verifier exception catch to surface unexpected exception types as "expected X got Y" instead of crashing the filler. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
tcoratger
force-pushed
the
verify-proofs-vectors
branch
from
f61c0ed to
414c812
Compare
tcoratger
approved these changes
May 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🗒️ Description
Add a new
VerifyProofsTestfixture for verifying type-1 proofs along with some basic, consensus-related tests to begin with. Will follow with more complex ones in separate PRs3 positive tests: single, 4-validator all participating, 4-validator some participating, and 3 rejection tests: wrong message, wrong slot and wrong public keys.
These vectors target devnet-5 since devnet-5 PR already landed in leanSpec.