Only sporadically verify self-recovered signatures

Author: codablock

src/llmq/quorums_signing_shares.cpp

@@ -765,13 +765,18 @@ void CSigSharesManager::TryRecoverSig(const CQuorumCPtr& quorum, const uint256&
     rs.sig.SetSig(recoveredSig);
     rs.UpdateHash();
 
-    auto signHash = CLLMQUtils::BuildSignHash(rs);
-    bool valid = recoveredSig.VerifyInsecure(quorum->qc.quorumPublicKey, signHash);
-    if (!valid) {
-        // this should really not happen as we have verified all signature shares before
-        LogPrintf("CSigSharesManager::%s -- own recovered signature is invalid. id=%s, msgHash=%s\n", __func__,
-                  id.ToString(), msgHash.ToString());
-        return;
+    // There should actually be no need to verify the self-recovered signatures are it should always succeed. Let's
+    // however still verify it from time to time, so that we have a chance to catch bugs. We do only this sporadic
+    // verification because this is unbatched and thus slow verification that happens here.
+    if (((recoveredSigsCounter++) % 100) == 0) {
+        auto signHash = CLLMQUtils::BuildSignHash(rs);
+        bool valid = recoveredSig.VerifyInsecure(quorum->qc.quorumPublicKey, signHash);
+        if (!valid) {
+            // this should really not happen as we have verified all signature shares before
+            LogPrintf("CSigSharesManager::%s -- own recovered signature is invalid. id=%s, msgHash=%s\n", __func__,
+                      id.ToString(), msgHash.ToString());
+            return;
+        }
     }
 
     quorumSigningManager->ProcessRecoveredSig(-1, rs, quorum, connman);

src/llmq/quorums_signing_shares.h

@@ -361,6 +361,7 @@ class CSigSharesManager : public CRecoveredSigsListener
     FastRandomContext rnd;
 
     int64_t lastCleanupTime{0};
+    std::atomic<uint32_t> recoveredSigsCounter{0};
 
 public:
     CSigSharesManager();