Simplex QuorumCertificate and BLS aggregator #4091
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
yacovm
reviewed
Jul 16, 2025
samliok
commented
Jul 16, 2025
yacovm
previously approved these changes
Jul 16, 2025
Comment on lines
45
to
51
| // Verify checks if the quorum certificate is valid by verifying the aggregated signature against the signers' public keys. | ||
| func (qc *QC) Verify(msg []byte) error { | ||
| pks := make([]*bls.PublicKey, 0, len(qc.signers)) | ||
| quorum := simplex.Quorum(len(qc.verifier.nodeID2PK)) | ||
| if len(qc.signers) != quorum { | ||
| return fmt.Errorf("%w: expected %d signers but got %d", errUnexpectedSigners, quorum, len(qc.signers)) | ||
| } |
There was a problem hiding this comment.
Are there checks somewhere else that verify that the same signer isn't included multiple times?
If so we should document that assumption here. If not we need to add that.
There was a problem hiding this comment.
Simplex checks for:
During the regular Simplex admission path.
Though now when I quickly skimmed through the code, I think we can process an un-verified notarization through the replication path, oops... @samliok can you confirm?
I think we should be prudent and double check this here in the avalanchego side as well.
There was a problem hiding this comment.
So a couple notes after looking a bit deeper.
- We do check if multiple nodes have signed twice in simplex see here. Although it's probably a better idea to do it here in Verify(and potentially remove the check in simplex)?
- We don't verify notarizations through the replication path. Created an issue
- Noticed we don't add re-add replication task if block verification fails. Issue
- We may possible add a signature for the wrong digest when creating a notarization. Issue
I'll tackle these issues on this simplex side, plus added checking for double signers in avalanchego.
There was a problem hiding this comment.
But it seems to me that we call verifyQuorumRound whenever we process a replication response, which calls IsFinalizationValid and it performs the duplicity checks.
yacovm
dismissed
their stale review
Let's double check the QC is valid (no double signing, enough signers) here as well.
yacovm
reviewed
Jul 24, 2025
yacovm
approved these changes
Jul 24, 2025
StephenButtolph
approved these changes
Jul 24, 2025
joshua-kim
added a commit
that referenced
this pull request
Jul 30, 2025
commit 45df9e6 Author: Jonathan Oppenheimer <jonathan.oppenheimer@avalabs.org> Date: Tue Jul 29 15:44:08 2025 -0400 chore: Update header year to 2025 (#4140) commit dca17fd Author: Stephen Buttolph <stephen@avalabs.org> Date: Tue Jul 29 15:41:14 2025 -0400 Remove gitignore line that ignores the `database/dbtest` package (#4142) commit 6e56650 Author: aaronbuchwald <aaron.buchwald56@gmail.com> Date: Tue Jul 29 14:29:42 2025 -0400 Remove flaky dial throttler tests (#4139) commit 577820e Author: aaronbuchwald <aaron.buchwald56@gmail.com> Date: Tue Jul 29 13:25:27 2025 -0400 Add runner input to run c-chain reexecution benchmark on arbitrary target (#4121) Signed-off-by: aaronbuchwald <aaron.buchwald56@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> commit d5cdc50 Author: Stephen Buttolph <stephen@avalabs.org> Date: Tue Jul 29 13:24:13 2025 -0400 With golangci-lint v2.2.2 using http.NewRequest is discouraged (#4136) commit d9d6f59 Author: aaronbuchwald <aaron.buchwald56@gmail.com> Date: Tue Jul 29 11:49:26 2025 -0400 Remove external-data-json-path from benchmark push step (#4134) commit 0c62370 Author: aaronbuchwald <aaron.buchwald56@gmail.com> Date: Mon Jul 28 14:12:02 2025 -0400 Split action benchmark comparison and push to gh-pages (#4130) commit b1433fd Author: Geoff Stuart <geoff.vball@gmail.com> Date: Fri Jul 25 14:50:16 2025 -0400 Enable Cubist Signer integration (#3965) Signed-off-by: Geoff Stuart <geoff.vball@gmail.com> Signed-off-by: Joshua Kim <20001595+joshua-kim@users.noreply.github.com> Co-authored-by: Richard Pringle <richard.pringle@avalabs.org> Co-authored-by: Joshua Kim <20001595+joshua-kim@users.noreply.github.com> Co-authored-by: Stephen Buttolph <stephen@avalabs.org> commit 44c79a8 Author: rodrigo <77309055+RodrigoVillar@users.noreply.github.com> Date: Fri Jul 25 10:52:17 2025 -0400 refactor: remove load 1.0 (#4112) commit e658cf4 Author: jishudashu <979260390@qq.com> Date: Fri Jul 25 22:50:43 2025 +0800 refactor: use maps.Copy for cleaner map handling (#4119) Signed-off-by: jishudashu <979260390@qq.com> commit 0980edf Author: aaronbuchwald <aaron.buchwald56@gmail.com> Date: Thu Jul 24 16:13:30 2025 -0400 Update codeowners of reexecution changes (#4116) commit 44b1e6c Author: Sam Liokumovich <65994425+samliok@users.noreply.github.com> Date: Thu Jul 24 16:00:45 2025 -0400 Simplex QuorumCertificate and BLS aggregator (#4091) commit 5af69e6 Author: rodrigo <77309055+RodrigoVillar@users.noreply.github.com> Date: Thu Jul 24 13:17:48 2025 -0400 ci: remove load 1.0 (#4106) commit 12b75d4 Author: aaronbuchwald <aaron.buchwald56@gmail.com> Date: Wed Jul 23 13:01:42 2025 -0400 Add step to push benchmark results to gh-pages (#4103) Signed-off-by: aaronbuchwald <aaron.buchwald56@gmail.com> commit c712437 Author: Sam Liokumovich <65994425+samliok@users.noreply.github.com> Date: Wed Jul 23 11:33:29 2025 -0400 Remove Stale References of the toEngine Channel (#4101) Signed-off-by: Joshua Kim <20001595+joshua-kim@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why this should be merged
Implements the simplex
QuorumCertificate,QCDeserializerandSignatureAggregatorinterfaces. This allows simplex to parse, aggregate and verify quorum certificates(ex. finalizations and notarizations) during execution.How this works
CodecHow this was tested
Added unit tests to
qc_test.go.Need to be documented in RELEASES.md?
no