Add F3 light client functionality

.config/rust-f3.dic

@@ -33,3 +33,12 @@ calibnet
 Filecoin
 merkle
 Keccak256
+RPC
+BDN
+F3
+BLS12_381
+G1
+G2
+JSON
+CBOR
+TODO

Cargo.toml

@@ -1,6 +1,6 @@
 [workspace]
 resolver = "2"
-members = ["blssig", "certs", "gpbft"]
+members = ["blssig", "certs", "gpbft", "lightclient", "merkle", "rpc"]
 
 [workspace.package]
 authors = ["ChainSafe Systems <forest@chainsafe.io>"]
@@ -12,6 +12,26 @@ rust-version = "1.85.0"
 [workspace.dependencies]
 ahash = "0.8"
 anyhow = "1"
+base32 = "0.5.1"
+base64 = "0.22"
+bls-signatures = { version = "0.15" }
+bls12_381 = "0.8"
+cid = { version = "0.10.1", features = ["std"] }
+fvm_ipld_bitfield = "0.7.1"
 fvm_ipld_encoding = "0.5"
+hashlink = "0.10.0"
+hex = "0.4"
+jsonrpsee = { version = "0.24", features = ["ws-client", "http-client"] }
 keccak-hash = "0.11"
+num-bigint = { version = "0.4.6", features = ["serde"] }
+num-traits = "0.2.19"
+parking_lot = "0.12"
+rand = "0.8"
+serde = { version = "1", features = ["derive"] }
+serde_cbor = "0.11.2"
+serde_json = { version = "1", features = ["raw_value"] }
+sha3 = "0.10.8"
+strum = { version = "0.27.1", features = ["derive"] }
+strum_macros = "0.27.1"
 thiserror = "2"
+tokio = { version = "1", features = ["rt-multi-thread", "macros"] }

Makefile

@@ -1,8 +1,8 @@
 check:
 	cargo check --quiet --no-default-features 
 	cargo check --quiet --all-features
-	cargo check --quiet --no-default-features --target wasm32-unknown-unknown
-	cargo check --quiet --all-features --target wasm32-unknown-unknown
+	cargo check --quiet --no-default-features --target wasm32-unknown-unknown -p filecoin-f3-certs -p filecoin-f3-blssig -p filecoin-f3-merkle -p filecoin-f3-gpbft
+	cargo check --quiet --all-features --target wasm32-unknown-unknown -p filecoin-f3-certs -p filecoin-f3-blssig -p filecoin-f3-merkle -p filecoin-f3-gpbft
 
 test:
 	cargo test --all-features
@@ -36,7 +36,7 @@ fmt:
 
 clippy:
 	cargo clippy --all-targets --all-features --quiet --no-deps -- --deny=warnings
-	cargo clippy --all-features --target wasm32-unknown-unknown --quiet --no-deps -- --deny=warnings
+	cargo clippy --all-features --target wasm32-unknown-unknown --quiet --no-deps -p filecoin-f3-certs -p filecoin-f3-blssig -p filecoin-f3-merkle -p filecoin-f3-gpbft -- --deny=warnings
 
 # Checks if all headers are present and adds if not
 license:

blssig/Cargo.toml

@@ -9,5 +9,12 @@ edition.workspace = true
 rust-version.workspace = true
 
 [dependencies]
+bls-signatures.workspace = true
+bls12_381.workspace = true
+filecoin-f3-gpbft = { path = "../gpbft" }
+hashlink.workspace = true
+parking_lot.workspace = true
+thiserror.workspace = true
 
 [dev-dependencies]
+rand.workspace = true

blssig/src/bdn/mod.rs

@@ -0,0 +1,62 @@
+// Copyright 2019-2024 ChainSafe Systems
+// SPDX-License-Identifier: Apache-2.0, MIT
+
+//! BDN (Boneh-Drijvers-Neven) signature aggregation scheme, for preventing rogue public-key attacks.
+//!
+//! NOTE: currently uses standard BLS aggregation without coefficient weighting, hence returns incorrect values compared to go-f3.
+//!
+use crate::verifier::BLSError;
+use bls_signatures::{PublicKey, Signature};
+use bls12_381::{G1Projective, G2Affine, G2Projective};
+
+/// BDN aggregation context for managing signature and public key aggregation
+pub struct BDNAggregation {
+    pub_keys: Vec<PublicKey>,
+}
+
+impl BDNAggregation {
+    pub fn new(pub_keys: Vec<PublicKey>) -> Result<Self, BLSError> {
+        if pub_keys.is_empty() {
+            return Err(BLSError::EmptyPublicKeys);
+        }
+
+        Ok(Self { pub_keys })
+    }
+
+    /// Aggregates signatures using standard BLS aggregation
+    /// TODO: Implement BDN aggregation scheme: https://github.com/ChainSafe/rust-f3/issues/29
+    pub fn aggregate_sigs(&self, sigs: Vec<Signature>) -> Result<Signature, BLSError> {
+        if sigs.len() != self.pub_keys.len() {
+            return Err(BLSError::LengthMismatch {
+                pub_keys: self.pub_keys.len(),
+                sigs: sigs.len(),
+            });
+        }
+
+        // Standard BLS aggregation
+        let mut agg_point = G2Projective::identity();
+        for sig in sigs {
+            let sig: G2Affine = sig.into();
+            agg_point += sig;
+        }
+
+        // Convert back to Signature
+        let agg_sig: Signature = agg_point.into();
+        Ok(agg_sig)
+    }
+
+    /// Aggregates public keys using standard BLS aggregation
+    /// TODO: Implement BDN aggregation scheme: https://github.com/ChainSafe/rust-f3/issues/29
+    pub fn aggregate_pub_keys(&self) -> Result<PublicKey, BLSError> {
+        // Standard BLS aggregation
+        let mut agg_point = G1Projective::identity();
+        for pub_key in &self.pub_keys {
+            let pub_key_point: G1Projective = (*pub_key).into();
+            agg_point += pub_key_point;
+        }
+
+        // Convert back to PublicKey
+        let agg_pub_key: PublicKey = agg_point.into();
+        Ok(agg_pub_key)
+    }
+}

blssig/src/lib.rs

@@ -1,17 +1,14 @@
 // Copyright 2019-2024 ChainSafe Systems
 // SPDX-License-Identifier: Apache-2.0, MIT
 
-pub fn add(left: usize, right: usize) -> usize {
-    left + right
-}
+//! BLS signature implementation using BDN aggregation scheme.
+//!
+//! This module implements the BLS signature scheme used in the Filecoin F3 protocol.
+//! It uses the BLS12_381 curve with G1 for public keys and G2 for signatures.
+//! The BDN (Boneh-Drijvers-Neven) scheme is used for signature and public key aggregation
+//! to prevent rogue public-key attacks.
 
-#[cfg(test)]
-mod tests {
-    use super::*;
+mod bdn;
+mod verifier;
 
-    #[test]
-    fn it_works() {
-        let result = add(2, 2);
-        assert_eq!(result, 4);
-    }
-}
+pub use verifier::{BLSError, BLSVerifier};

blssig/src/verifier/mod.rs

@@ -0,0 +1,185 @@
+// Copyright 2019-2024 ChainSafe Systems
+// SPDX-License-Identifier: Apache-2.0, MIT
+
+use bls_signatures::{PublicKey, Serialize, Signature, verify_messages};
+use filecoin_f3_gpbft::PubKey;
+use filecoin_f3_gpbft::api::Verifier;
+use hashlink::LruCache;
+use parking_lot::RwLock;
+use thiserror::Error;
+
+use crate::bdn::BDNAggregation;
+
+#[cfg(test)]
+mod tests;
+
+#[derive(Error, Debug)]
+pub enum BLSError {
+    #[error("empty public keys provided")]
+    EmptyPublicKeys,
+    #[error("empty signatures provided")]
+    EmptySignatures,
+    #[error("invalid public key length: expected {BLS_PUBLIC_KEY_LENGTH} bytes, got {0}")]
+    InvalidPublicKeyLength(usize),
+    #[error("failed to deserialize public key: {0}")]
+    PublicKeyDeserialization(bls_signatures::Error),
+    #[error("invalid signature length: expected {BLS_SIGNATURE_LENGTH} bytes, got {0}")]
+    InvalidSignatureLength(usize),
+    #[error("failed to deserialize signature: {0}")]
+    SignatureDeserialization(bls_signatures::Error),
+    #[error("BLS signature verification failed")]
+    SignatureVerificationFailed,
+    #[error("mismatched number of public keys and signatures: {pub_keys} != {sigs}")]
+    LengthMismatch { pub_keys: usize, sigs: usize },
+}
+
+/// BLS signature verifier using BDN aggregation scheme
+///
+/// This verifier implements the same scheme used by `go-f3/blssig`, with:
+/// - BLS12_381 curve
+/// - G1 for public keys, G2 for signatures  
+/// - BDN aggregation for rogue-key attack prevention
+pub struct BLSVerifier {
+    /// Cache for deserialized public key points to avoid expensive repeated operations
+    point_cache: RwLock<LruCache<Vec<u8>, PublicKey>>,
+}
+
+impl Default for BLSVerifier {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+/// BLS12-381 public key length in bytes
+const BLS_PUBLIC_KEY_LENGTH: usize = 48;
+
+/// BLS12-381 signature length in bytes
+const BLS_SIGNATURE_LENGTH: usize = 96;
+
+/// Maximum number of cached public key points to prevent excessive memory usage
+const MAX_POINT_CACHE_SIZE: usize = 10_000;
+
+impl BLSVerifier {
+    pub fn new() -> Self {
+        Self {
+            // key size: 48, value size: 196, total estimated: 1.83 MiB
+            point_cache: RwLock::new(LruCache::new(MAX_POINT_CACHE_SIZE)),
+        }
+    }
+
+    /// Verifies a single BLS signature
+    fn verify_single(&self, pub_key: &PubKey, msg: &[u8], sig: &[u8]) -> Result<(), BLSError> {
+        // Validate input lengths
+        if pub_key.0.len() != BLS_PUBLIC_KEY_LENGTH {
+            return Err(BLSError::InvalidPublicKeyLength(pub_key.0.len()));
+        }
+        if sig.len() != BLS_SIGNATURE_LENGTH {
+            return Err(BLSError::InvalidSignatureLength(sig.len()));
+        }
+
+        // Get cached public key
+        let pub_key = self.get_or_cache_public_key(&pub_key.0)?;
+
+        // Deserialize signature
+        let signature = self.deserialize_signature(sig)?;
+
+        // Verify using bls-signatures
+        let msgs = [msg];
+        let pub_keys = [pub_key];
+        match verify_messages(&signature, &msgs, &pub_keys) {
+            true => Ok(()),
+            false => Err(BLSError::SignatureVerificationFailed),
+        }
+    }
+
+    /// Gets a cached public key or deserialize and caches it
+    fn get_or_cache_public_key(&self, pub_key: &[u8]) -> Result<PublicKey, BLSError> {
+        // Check cache first
+        if let Some(cached) = self.point_cache.write().get(pub_key) {
+            return Ok(*cached);
+        }
+
+        // Deserialize and cache
+        let typed_pub_key = self.deserialize_public_key(pub_key)?;
+        self.point_cache
+            .write()
+            .insert(pub_key.to_vec(), typed_pub_key);
+        Ok(typed_pub_key)
+    }
+
+    fn deserialize_public_key(&self, pub_key: &[u8]) -> Result<PublicKey, BLSError> {
+        PublicKey::from_bytes(pub_key).map_err(BLSError::PublicKeyDeserialization)
+    }
+
+    fn deserialize_signature(&self, sig: &[u8]) -> Result<Signature, BLSError> {
+        Signature::from_bytes(sig).map_err(BLSError::SignatureDeserialization)
+    }
+}
+
+impl Verifier for BLSVerifier {
+    type Error = BLSError;
+
+    fn verify(&self, pub_key: &PubKey, msg: &[u8], sig: &[u8]) -> Result<(), Self::Error> {
+        self.verify_single(pub_key, msg, sig)
+    }
+
+    fn aggregate(&self, pub_keys: &[PubKey], sigs: &[Vec<u8>]) -> Result<Vec<u8>, Self::Error> {
+        if pub_keys.is_empty() {
+            return Err(BLSError::EmptyPublicKeys);
+        }
+        if sigs.is_empty() {
+            return Err(BLSError::EmptySignatures);
+        }
+
+        if pub_keys.len() != sigs.len() {
+            return Err(BLSError::LengthMismatch {
+                pub_keys: pub_keys.len(),
+                sigs: sigs.len(),
+            });
+        }
+
+        // Validate all input lengths
+        let mut typed_pub_keys = vec![];
+        let mut typed_sigs = vec![];
+        for (i, pub_key) in pub_keys.iter().enumerate() {
+            if pub_key.0.len() != BLS_PUBLIC_KEY_LENGTH {
+                return Err(BLSError::InvalidPublicKeyLength(pub_key.0.len()));
+            }
+            if sigs[i].len() != BLS_SIGNATURE_LENGTH {
+                return Err(BLSError::InvalidSignatureLength(sigs[i].len()));
+            }
+
+            typed_pub_keys.push(self.get_or_cache_public_key(&pub_key.0)?);
+            typed_sigs.push(self.deserialize_signature(&sigs[i])?);
+        }
+
+        let bdn = BDNAggregation::new(typed_pub_keys)?;
+        let agg_sig = bdn.aggregate_sigs(typed_sigs)?;
+        Ok(agg_sig.as_bytes())
+    }
+
+    fn verify_aggregate(
+        &self,
+        payload: &[u8],
+        agg_sig: &[u8],
+        signers: &[PubKey],
+    ) -> Result<(), Self::Error> {
+        if signers.is_empty() {
+            return Err(BLSError::EmptyPublicKeys);
+        }
+
+        let mut typed_pub_keys = vec![];
+        for pub_key in signers {
+            if pub_key.0.len() != BLS_PUBLIC_KEY_LENGTH {
+                return Err(BLSError::InvalidPublicKeyLength(pub_key.0.len()));
+            }
+
+            typed_pub_keys.push(self.get_or_cache_public_key(&pub_key.0)?);
+        }
+
+        let bdn = BDNAggregation::new(typed_pub_keys)?;
+        let agg_pub_key = bdn.aggregate_pub_keys()?;
+        let agg_pub_key_bytes = PubKey(agg_pub_key.as_bytes().to_vec());
+        self.verify_single(&agg_pub_key_bytes, payload, agg_sig)
+    }
+}