Milagro BLS update (#985)

* Start updating types

* WIP

* Signature hacking

* Existing EF tests passing with fake_crypto

* Updates

* Delete outdated API spec

* The refactor continues

* It compiles

* WIP test fixes

* All release tests passing bar genesis state parsing

* Update and test YamlConfig

* Update to spec v0.10 compatible BLS

* Updates to BLS EF tests

* Add EF test for AggregateVerify

And delete unused hash2curve tests for uncompressed points

* Update EF tests to v0.10.1

* Use optional block root correctly in block proc

* Use genesis fork in deposit domain. All tests pass

* Cargo fmt

* Fast aggregate verify test

* Update REST API docs

* Cargo fmt

* Fix unused import

* Bump spec tags to v0.10.1

* Add `seconds_per_eth1_block` to chainspec

* Update to timestamp based eth1 voting scheme

* Return None from `get_votes_to_consider` if block cache is empty

* Handle overflows in `is_candidate_block`

* Revert to failing tests

* Fix eth1 data sets test

* Choose default vote according to spec

* Fix collect_valid_votes tests

* Fix `get_votes_to_consider` to choose all eligible blocks

* Uncomment winning_vote tests

* Add comments; remove unused code

* Reduce seconds_per_eth1_block for simulation

* Addressed review comments

* Add test for default vote case

* Fix logs

* Remove unused functions

* Meter default eth1 votes

* Fix comments

* Address review comments; remove unused dependency

* Add first attempt at attestation proc. re-write

* Add version 2 of attestation processing

* Minor fixes

* Add validator pubkey cache

* Make get_indexed_attestation take a committee

* Link signature processing into new attn verification

* First working version

* Ensure pubkey cache is updated

* Add more metrics, slight optimizations

* Clone committee cache during attestation processing

* Update shuffling cache during block processing

* Remove old commented-out code

* Fix shuffling cache insert bug

* Used indexed attestation in fork choice

* Restructure attn processing, add metrics

* Add more detailed metrics

* Tidy, fix failing tests

* Fix failing tests, tidy

* Disable/delete two outdated tests

* Add new Pubkeys struct to signature_sets

* Refactor with functional approach

* Update beacon chain

* Remove decompressed member from pubkey bytes

* Add hashmap for indices lookup

* Change `get_attesting_indices` to use Vec

* Fix failing test

* Tidy

* Add pubkey cache persistence file

* Add more comments

* Integrate persistence file into builder

* Add pubkey cache tests

* Add data_dir to beacon chain builder

* Remove Option in pubkey cache persistence file

* Ensure consistency between datadir/data_dir

* Fix failing network test

* Tidy

* Fix todos

* Improve tests

* Split up block processing metrics

* Tidy

* Refactor get_pubkey_from_state

* Remove commented-out code

* Add BeaconChain::validator_pubkey

* Update milagro_bls

Signed-off-by: Kirk Baird <baird.k@outlook.com>

* Cargo fmt

Signed-off-by: Kirk Baird <baird.k@outlook.com>

* Use Option::filter

* Remove Box

* Comment out tests that fail due to hard-coded

* Fix fake crypto

Signed-off-by: Kirk Baird <baird.k@outlook.com>

* Fix Cow::Borrowed

Signed-off-by: Kirk Baird <baird.k@outlook.com>

* Cargo fmt

Signed-off-by: Kirk Baird <baird.k@outlook.com>

Co-authored-by: Michael Sproul <michael@sigmaprime.io>
Co-authored-by: Michael Sproul <micsproul@gmail.com>
Co-authored-by: pawan <pawandhananjay@gmail.com>
Co-authored-by: Paul Hauner <paul@paulhauner.com>

Cargo.lock

@@ -82,7 +82,7 @@ dependencies = [
 [[package]]
 name = "amcl"
 version = "0.2.0"
-source = "git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10#38c6c33925b24c9319a1febfb621ff9bbf6d49f7"
+source = "git+https://github.com/sigp/milagro_bls?tag=v1.0.0#ac3e5c3a48aed7ea810ac411655963f5177430b7"
 dependencies = [
  "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -370,7 +370,7 @@ dependencies = [
  "eth2_ssz 0.1.2",
  "eth2_ssz_types 0.2.0",
  "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
- "milagro_bls 1.0.1 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)",
+ "milagro_bls 1.0.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)",
  "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde_derive 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1185,7 +1185,7 @@ dependencies = [
  "eth2_hashing 0.1.1",
  "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "milagro_bls 1.0.1 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)",
+ "milagro_bls 1.0.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)",
  "num-bigint 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde_derive 1.0.106 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2524,10 +2524,10 @@ dependencies = [
 
 [[package]]
 name = "milagro_bls"
-version = "1.0.1"
+version = "1.0.0"
-source = "git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10#38c6c33925b24c9319a1febfb621ff9bbf6d49f7"
+source = "git+https://github.com/sigp/milagro_bls?tag=v1.0.0#ac3e5c3a48aed7ea810ac411655963f5177430b7"
 dependencies = [
- "amcl 0.2.0 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)",
+ "amcl 0.2.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)",
  "hex 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -5186,7 +5186,7 @@ dependencies = [
 "checksum aesni 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2f70a6b5f971e473091ab7cfb5ffac6cde81666c4556751d8d5620ead8abf100"
 "checksum ahash 0.2.18 (registry+https://github.com/rust-lang/crates.io-index)" = "6f33b5018f120946c1dcf279194f238a9f146725593ead1c08fa47ff22b0b5d3"
 "checksum aho-corasick 0.7.10 (registry+https://github.com/rust-lang/crates.io-index)" = "8716408b8bc624ed7f65d223ddb9ac2d044c0547b6fa4b0d554f3a9540496ada"
-"checksum amcl 0.2.0 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)" = "<none>"
+"checksum amcl 0.2.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)" = "<none>"
 "checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b"
 "checksum arc-swap 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)" = "d663a8e9a99154b5fb793032533f6328da35e23aac63d5c152279aa8ba356825"
 "checksum arrayref 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
@@ -5381,7 +5381,7 @@ dependencies = [
 "checksum maybe-uninit 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "60302e4db3a61da70c0cb7991976248362f30319e88850c487b9b95bbf059e00"
 "checksum memchr 2.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400"
 "checksum memoffset 0.5.4 (registry+https://github.com/rust-lang/crates.io-index)" = "b4fc2c02a7e374099d4ee95a193111f72d2110197fe200272371758f6c3643d8"
-"checksum milagro_bls 1.0.1 (git+https://github.com/sigp/milagro_bls?branch=eth2.0-v0.10)" = "<none>"
+"checksum milagro_bls 1.0.0 (git+https://github.com/sigp/milagro_bls?tag=v1.0.0)" = "<none>"
 "checksum mime 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "ba626b8a6de5da682e1caa06bdb42a335aee5a84db8e5046a3e8ab17ba0a3ae0"
 "checksum mime 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)" = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d"
 "checksum mime_guess 2.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2684d4c2e97d99848d30b324b00c8fcc7e5c897b7cbb5819b09e7c90e8baf212"

beacon_node/beacon_chain/src/beacon_chain.rs

@@ -1124,11 +1124,7 @@ impl<T: BeaconChainTypes> BeaconChain<T> {
             })?;
 
         let signature_set = indexed_attestation_signature_set_from_pubkeys(
-            |validator_index| {
+            |validator_index| pubkey_cache.get(validator_index).map(Cow::Borrowed),
-                pubkey_cache
-                    .get(validator_index)
-                    .map(|pk| Cow::Borrowed(pk.as_point()))
-            },
             &attestation.signature,
             &indexed_attestation,
             &fork,

beacon_node/beacon_chain/src/block_verification.rs

@@ -53,9 +53,7 @@ use slog::{error, Logger};
 use slot_clock::SlotClock;
 use ssz::Encode;
 use state_processing::{
-    block_signature_verifier::{
+    block_signature_verifier::{BlockSignatureVerifier, Error as BlockSignatureVerifierError},
-        BlockSignatureVerifier, Error as BlockSignatureVerifierError, G1Point,
-    },
     per_block_processing, per_slot_processing, BlockProcessingError, BlockSignatureStrategy,
     SlotProcessingError,
 };
@@ -66,7 +64,7 @@ use store::{Error as DBError, StateBatch};
 use tree_hash::TreeHash;
 use types::{
     BeaconBlock, BeaconState, BeaconStateError, ChainSpec, CloneConfig, EthSpec, Hash256,
-    RelativeEpoch, SignedBeaconBlock, Slot,
+    PublicKey, RelativeEpoch, SignedBeaconBlock, Slot,
 };
 
 mod block_processing_outcome;
@@ -813,7 +811,7 @@ fn get_signature_verifier<'a, E: EthSpec>(
     state: &'a BeaconState<E>,
     validator_pubkey_cache: &'a ValidatorPubkeyCache,
     spec: &'a ChainSpec,
-) -> BlockSignatureVerifier<'a, E, impl Fn(usize) -> Option<Cow<'a, G1Point>> + Clone> {
+) -> BlockSignatureVerifier<'a, E, impl Fn(usize) -> Option<Cow<'a, PublicKey>> + Clone> {
     BlockSignatureVerifier::new(
         state,
         move |validator_index| {
@@ -822,7 +820,7 @@ fn get_signature_verifier<'a, E: EthSpec>(
             if validator_index < state.validators.len() {
                 validator_pubkey_cache
                     .get(validator_index)
-                    .map(|pk| Cow::Borrowed(pk.as_point()))
+                    .map(|pk| Cow::Borrowed(pk))
             } else {
                 None
             }

eth2/state_processing/src/per_block_processing/block_signature_verifier.rs

@@ -3,7 +3,7 @@
 use super::signature_sets::{Error as SignatureSetError, Result as SignatureSetResult, *};
 use crate::common::get_indexed_attestation;
 use crate::per_block_processing::errors::{AttestationInvalid, BlockOperationError};
-use bls::{verify_signature_sets, SignatureSet};
+use bls::{verify_signature_sets, PublicKey, SignatureSet};
 use rayon::prelude::*;
 use std::borrow::Cow;
 use types::{
@@ -11,8 +11,6 @@ use types::{
     SignedBeaconBlock,
 };
 
-pub use bls::G1Point;
-
 pub type Result<T> = std::result::Result<T, Error>;
 
 #[derive(Debug, PartialEq)]
@@ -53,18 +51,18 @@ impl From<BlockOperationError<AttestationInvalid>> for Error {
 pub struct BlockSignatureVerifier<'a, T, F>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>> + Clone,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>> + Clone,
 {
     get_pubkey: F,
     state: &'a BeaconState<T>,
     spec: &'a ChainSpec,
-    sets: Vec<SignatureSet<'a>>,
+    sets: Vec<SignatureSet>,
 }
 
 impl<'a, T, F> BlockSignatureVerifier<'a, T, F>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>> + Clone,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>> + Clone,
 {
     /// Create a new verifier without any included signatures. See the `include...` functions to
     /// add signatures, and the `verify`
@@ -116,7 +114,7 @@ where
             .sets
             .into_par_iter()
             .chunks(num_chunks)
-            .map(|chunk| verify_signature_sets(chunk.into_iter()))
+            .map(|chunk| verify_signature_sets(chunk))
             .reduce(|| true, |current, this| current && this);
 
         if result {

eth2/state_processing/src/per_block_processing/signature_sets.rs

@@ -2,7 +2,7 @@
 //! validated individually, or alongside in others in a potentially cheaper bulk operation.
 //!
 //! This module exposes one function to extract each type of `SignatureSet` from a `BeaconBlock`.
-use bls::{G1Point, G1Ref, SignatureSet, SignedMessage};
+use bls::SignatureSet;
 use ssz::DecodeError;
 use std::borrow::Cow;
 use std::convert::TryInto;
@@ -44,7 +44,7 @@ impl From<BeaconStateError> for Error {
 pub fn get_pubkey_from_state<'a, T>(
     state: &'a BeaconState<T>,
     validator_index: usize,
-) -> Option<Cow<'a, G1Point>>
+) -> Option<Cow<'a, PublicKey>>
 where
     T: EthSpec,
 {
@@ -55,7 +55,7 @@ where
             let pk: Option<PublicKey> = (&v.pubkey).try_into().ok();
             pk
         })
-        .map(|pk| Cow::Owned(pk.into_point()))
+        .map(Cow::Owned)
 }
 
 /// A signature set that is valid if a block was signed by the expected block producer.
@@ -65,10 +65,10 @@ pub fn block_proposal_signature_set<'a, T, F>(
     signed_block: &'a SignedBeaconBlock<T>,
     block_root: Option<Hash256>,
     spec: &'a ChainSpec,
-) -> Result<SignatureSet<'a>>
+) -> Result<SignatureSet>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>>,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>>,
 {
     let block = &signed_block.message;
     let proposer_index = state.get_beacon_proposer_index(block.slot, spec)?;
@@ -103,10 +103,10 @@ pub fn randao_signature_set<'a, T, F>(
     get_pubkey: F,
     block: &'a BeaconBlock<T>,
     spec: &'a ChainSpec,
-) -> Result<SignatureSet<'a>>
+) -> Result<SignatureSet>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>>,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>>,
 {
     let proposer_index = state.get_beacon_proposer_index(block.slot, spec)?;
 
@@ -132,10 +132,10 @@ pub fn proposer_slashing_signature_set<'a, T, F>(
     get_pubkey: F,
     proposer_slashing: &'a ProposerSlashing,
     spec: &'a ChainSpec,
-) -> Result<(SignatureSet<'a>, SignatureSet<'a>)>
+) -> Result<(SignatureSet, SignatureSet)>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>>,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>>,
 {
     let proposer_index = proposer_slashing.signed_header_1.message.proposer_index as usize;
 
@@ -161,9 +161,9 @@ where
 fn block_header_signature_set<'a, T: EthSpec>(
     state: &'a BeaconState<T>,
     signed_header: &'a SignedBeaconBlockHeader,
-    pubkey: Cow<'a, G1Point>,
+    pubkey: Cow<'a, PublicKey>,
     spec: &'a ChainSpec,
-) -> Result<SignatureSet<'a>> {
+) -> Result<SignatureSet> {
     let domain = spec.get_domain(
         signed_header.message.slot.epoch(T::slots_per_epoch()),
         Domain::BeaconProposer,
@@ -191,10 +191,10 @@ pub fn indexed_attestation_signature_set<'a, 'b, T, F>(
     signature: &'a AggregateSignature,
     indexed_attestation: &'b IndexedAttestation<T>,
     spec: &'a ChainSpec,
-) -> Result<SignatureSet<'a>>
+) -> Result<SignatureSet>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>>,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>>,
 {
     let pubkeys = indexed_attestation
         .attesting_indices
@@ -213,9 +213,9 @@ where
     );
 
     let message = indexed_attestation.data.signing_root(domain);
-    let signed_message = SignedMessage::new(pubkeys, message.as_bytes().to_vec());
+    let message = message.as_bytes().to_vec();
 
-    Ok(SignatureSet::new(signature, vec![signed_message]))
+    Ok(SignatureSet::new(signature, pubkeys, message))
 }
 
 /// Returns the signature set for the given `indexed_attestation` but pubkeys are supplied directly
@@ -227,10 +227,10 @@ pub fn indexed_attestation_signature_set_from_pubkeys<'a, 'b, T, F>(
     fork: &Fork,
     genesis_validators_root: Hash256,
     spec: &'a ChainSpec,
-) -> Result<SignatureSet<'a>>
+) -> Result<SignatureSet>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>>,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>>,
 {
     let pubkeys = indexed_attestation
         .attesting_indices
@@ -249,9 +249,9 @@ where
     );
 
     let message = indexed_attestation.data.signing_root(domain);
-    let signed_message = SignedMessage::new(pubkeys, message.as_bytes().to_vec());
+    let message = message.as_bytes().to_vec();
 
-    Ok(SignatureSet::new(signature, vec![signed_message]))
+    Ok(SignatureSet::new(signature, pubkeys, message))
 }
 
 /// Returns the signature set for the given `attester_slashing` and corresponding `pubkeys`.
@@ -260,10 +260,10 @@ pub fn attester_slashing_signature_sets<'a, T, F>(
     get_pubkey: F,
     attester_slashing: &'a AttesterSlashing<T>,
     spec: &'a ChainSpec,
-) -> Result<(SignatureSet<'a>, SignatureSet<'a>)>
+) -> Result<(SignatureSet, SignatureSet)>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>> + Clone,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>> + Clone,
 {
     Ok((
         indexed_attestation_signature_set(
@@ -305,12 +305,12 @@ pub fn deposit_pubkey_signature_message(
 /// `deposit_pubkey_signature_message`.
 pub fn deposit_signature_set<'a>(
     pubkey_signature_message: &'a (PublicKey, Signature, Vec<u8>),
-) -> SignatureSet<'a> {
+) -> SignatureSet {
     let (pubkey, signature, message) = pubkey_signature_message;
 
     // Note: Deposits are valid across forks, thus the deposit domain is computed
-    // with the fork zeroed.
+    // with the fok zeroed.
-    SignatureSet::single(signature, pubkey.g1_ref(), message.clone())
+    SignatureSet::single(&signature, Cow::Borrowed(pubkey), message.clone())
 }
 
 /// Returns a signature set that is valid if the `SignedVoluntaryExit` was signed by the indicated
@@ -320,10 +320,10 @@ pub fn exit_signature_set<'a, T, F>(
     get_pubkey: F,
     signed_exit: &'a SignedVoluntaryExit,
     spec: &'a ChainSpec,
-) -> Result<SignatureSet<'a>>
+) -> Result<SignatureSet>
 where
     T: EthSpec,
-    F: Fn(usize) -> Option<Cow<'a, G1Point>>,
+    F: Fn(usize) -> Option<Cow<'a, PublicKey>>,
 {
     let exit = &signed_exit.message;
     let proposer_index = exit.validator_index as usize;

eth2/utils/bls/Cargo.toml

@@ -5,7 +5,7 @@ authors = ["Paul Hauner <paul@paulhauner.com>"]
 edition = "2018"
 
 [dependencies]
-milagro_bls = { git = "https://github.com/sigp/milagro_bls", branch = "eth2.0-v0.10" }
+milagro_bls = { git = "https://github.com/sigp/milagro_bls", tag = "v1.0.0" }
 eth2_hashing = "0.1.0"
 hex = "0.3"
 rand = "0.7.2"

eth2/utils/bls/src/aggregate_public_key.rs

@@ -1,5 +1,5 @@
 use super::{PublicKey, BLS_PUBLIC_KEY_BYTE_SIZE};
-use milagro_bls::{AggregatePublicKey as RawAggregatePublicKey, G1Point};
+use milagro_bls::AggregatePublicKey as RawAggregatePublicKey;
 use serde::de::{Deserialize, Deserializer};
 use serde::ser::{Serialize, Serializer};
 use serde_hex::{encode as hex_encode, PrefixedHexVisitor};
@@ -37,10 +37,6 @@ impl AggregatePublicKey {
         self.0.add(public_key.as_raw())
     }
 
-    pub fn add_point(&mut self, point: &G1Point) {
-        self.0.point.add(point)
-    }
-
     /// Returns the underlying public key.
     pub fn as_raw(&self) -> &RawAggregatePublicKey {
         &self.0

eth2/utils/bls/src/aggregate_signature.rs

@@ -1,8 +1,5 @@
 use super::*;
-use milagro_bls::{
+use milagro_bls::{AggregateSignature as RawAggregateSignature, G2Point};
-    AggregatePublicKey as RawAggregatePublicKey, AggregateSignature as RawAggregateSignature,
-    G2Point,
-};
 use serde::de::{Deserialize, Deserializer};
 use serde::ser::{Serialize, Serializer};
 use serde_hex::{encode as hex_encode, PrefixedHexVisitor};
@@ -32,16 +29,19 @@ impl AggregateSignature {
 
     /// Add (aggregate) a signature to the `AggregateSignature`.
     pub fn add(&mut self, signature: &Signature) {
-        if self.is_empty {
+        // Only empty if both are empty
-            self.aggregate_signature = RawAggregateSignature::new();
+        self.is_empty = self.is_empty && signature.is_empty();
-            self.is_empty = false;
-        }
 
+        // Note: empty signatures will have point at infinity which is equivalent of adding 0.
         self.aggregate_signature.add(signature.as_raw())
     }
 
     /// Add (aggregate) another `AggregateSignature`.
     pub fn add_aggregate(&mut self, agg_signature: &AggregateSignature) {
+        // Only empty if both are empty
+        self.is_empty = self.is_empty && agg_signature.is_empty();
+
+        // Note: empty signatures will have point at infinity which is equivalent of adding 0.
         self.aggregate_signature
             .add_aggregate(&agg_signature.aggregate_signature)
     }
@@ -55,32 +55,32 @@ impl AggregateSignature {
             return false;
         }
         self.aggregate_signature
-            .verify(msg, aggregate_public_key.as_raw())
+            .fast_aggregate_verify_pre_aggregated(msg, aggregate_public_key.as_raw())
     }
 
-    /// Verify this AggregateSignature against multiple AggregatePublickeys with multiple Messages.
+    /// Verify the `AggregateSignature` against an `AggregatePublicKey`.
     ///
-    ///  All PublicKeys related to a Message should be aggregated into one AggregatePublicKey.
+    /// Only returns `true` if the set of keys in the `AggregatePublicKey` match the set of keys
-    ///  Each AggregatePublicKey has a 1:1 ratio with a 32 byte Message.
+    /// that signed the `AggregateSignature`.
-    pub fn verify_multiple(
+    pub fn verify_unaggregated(&self, msg: &[u8], public_keys: &[&PublicKey]) -> bool {
-        &self,
-        messages: &[&[u8]],
-        aggregate_public_keys: &[&AggregatePublicKey],
-    ) -> bool {
         if self.is_empty {
             return false;
         }
-        let aggregate_public_keys: Vec<&RawAggregatePublicKey> =
+        let public_key_refs: Vec<_> = public_keys.iter().map(|pk| pk.as_raw()).collect();
-            aggregate_public_keys.iter().map(|pk| pk.as_raw()).collect();
+        self.aggregate_signature
-
+            .fast_aggregate_verify(msg, &public_key_refs)
-        // Messages are concatenated into one long message.
-        let mut msgs: Vec<Vec<u8>> = vec![];
-        for message in messages {
-            msgs.push(message.to_vec());
     }
 
+    /// Verify this AggregateSignature against multiple AggregatePublickeys and Messages.
+    ///
+    /// Each AggregatePublicKey has a 1:1 ratio with a 32 byte Message.
+    pub fn verify_multiple(&self, messages: &[&[u8]], public_keys: &[&PublicKey]) -> bool {
+        if self.is_empty {
+            return false;
+        }
+        let public_keys_refs: Vec<_> = public_keys.iter().map(|pk| pk.as_raw()).collect();
         self.aggregate_signature
-            .verify_multiple(&msgs, &aggregate_public_keys[..])
+            .aggregate_verify(&messages, &public_keys_refs)
     }
 
     /// Return AggregateSignature as bytes

eth2/utils/bls/src/fake_aggregate_public_key.rs

@@ -67,6 +67,17 @@ impl FakeAggregatePublicKey {
         // No nothing.
     }
 
+    pub fn aggregate(_pks: &[&PublicKey]) -> Self {
+        Self::new()
+    }
+
+    pub fn from_public_key(public_key: &PublicKey) -> Self {
+        Self {
+            bytes: public_key.as_bytes(),
+            point: public_key.point.clone(),
+        }
+    }
+
     pub fn as_raw(&self) -> &Self {
         &self
     }

eth2/utils/bls/src/fake_aggregate_signature.rs

@@ -1,6 +1,6 @@
 use super::{
-    fake_aggregate_public_key::FakeAggregatePublicKey, fake_signature::FakeSignature,
+    fake_aggregate_public_key::FakeAggregatePublicKey, fake_public_key::FakePublicKey,
-    BLS_AGG_SIG_BYTE_SIZE,
+    fake_signature::FakeSignature, BLS_AGG_SIG_BYTE_SIZE,
 };
 use milagro_bls::G2Point;
 use serde::de::{Deserialize, Deserializer};
@@ -47,6 +47,11 @@ impl FakeAggregateSignature {
         // Do nothing.
     }
 
+    /// Does glorious nothing.
+    pub fn aggregate(&mut self, _agg_sig: &FakeAggregateSignature) {
+        // Do nothing.
+    }
+
     /// _Always_ returns `true`.
     pub fn verify(&self, _msg: &[u8], _aggregate_public_key: &FakeAggregatePublicKey) -> bool {
         true
@@ -56,11 +61,28 @@ impl FakeAggregateSignature {
     pub fn verify_multiple(
         &self,
         _messages: &[&[u8]],
-        _aggregate_public_keys: &[&FakeAggregatePublicKey],
+        _aggregate_public_keys: &[&FakePublicKey],
     ) -> bool {
         true
     }
 
+    /// _Always_ returns `true`.
+    pub fn fast_aggregate_verify_pre_aggregated(
+        &self,
+        _messages: &[u8],
+        _aggregate_public_keys: &FakeAggregatePublicKey,
+    ) -> bool {
+        true
+    }
+
+    /// _Always_ returns `true`.
+    pub fn from_signature(signature: &FakeSignature) -> Self {
+        Self {
+            bytes: signature.as_bytes(),
+            point: signature.point.clone(),
+        }
+    }
+
     /// Convert bytes to fake BLS aggregate signature
     pub fn from_bytes(bytes: &[u8]) -> Result<Self, DecodeError> {
         if bytes.len() != BLS_AGG_SIG_BYTE_SIZE {

eth2/utils/bls/src/lib.rs

@@ -13,8 +13,8 @@ pub use crate::keypair::Keypair;
 pub use crate::public_key_bytes::PublicKeyBytes;
 pub use crate::secret_key::SecretKey;
 pub use crate::signature_bytes::SignatureBytes;
-pub use milagro_bls::{compress_g2, hash_on_g2, G1Point};
+pub use milagro_bls::{compress_g2, hash_to_curve_g2};
-pub use signature_set::{verify_signature_sets, G1Ref, SignatureSet, SignedMessage};
+pub use signature_set::{verify_signature_sets, SignatureSet};
 
 #[cfg(feature = "fake_crypto")]
 mod fake_aggregate_public_key;

eth2/utils/bls/src/signature_set.rs

@@ -1,179 +1,74 @@
-use crate::{AggregatePublicKey, AggregateSignature, PublicKey, Signature};
+use crate::{AggregateSignature, PublicKey, Signature};
-use milagro_bls::{G1Point, G2Point};
 use std::borrow::Cow;
 
 #[cfg(not(feature = "fake_crypto"))]
-use milagro_bls::AggregateSignature as RawAggregateSignature;
+use milagro_bls::{
+    AggregatePublicKey as RawAggregatePublicKey, AggregateSignature as RawAggregateSignature,
+    PublicKey as RawPublicKey,
+};
+
+#[cfg(feature = "fake_crypto")]
+use crate::fakes::{
+    AggregatePublicKey as RawAggregatePublicKey, AggregateSignature as RawAggregateSignature,
+    PublicKey as RawPublicKey,
+};
 
 type Message = Vec<u8>;
 
 #[derive(Clone, Debug)]
-pub struct SignedMessage<'a> {
+pub struct SignatureSet {
-    signing_keys: Vec<Cow<'a, G1Point>>,
+    pub signature: RawAggregateSignature,
+    signing_keys: RawAggregatePublicKey,
     message: Message,
 }
 
-impl<'a> SignedMessage<'a> {
+impl SignatureSet {
-    pub fn new(signing_keys: Vec<Cow<'a, G1Point>>, message: Message) -> Self {
+    pub fn single(signature: &Signature, signing_key: Cow<PublicKey>, message: Message) -> Self {
         Self {
-            signing_keys,
+            signature: RawAggregateSignature::from_signature(signature.as_raw()),
+            signing_keys: RawAggregatePublicKey::from_public_key(signing_key.as_raw()),
             message,
         }
     }
-}
 
-#[derive(Clone, Debug)]
+    pub fn new(
-pub struct SignatureSet<'a> {
+        signature: &AggregateSignature,
-    pub signature: &'a G2Point,
+        signing_keys: Vec<Cow<PublicKey>>,
-    signed_messages: Vec<SignedMessage<'a>>,
+        message: Message,
-}
-
-impl<'a> SignatureSet<'a> {
-    pub fn single<S>(signature: &'a S, signing_key: Cow<'a, G1Point>, message: Message) -> Self
-    where
-        S: G2Ref,
-    {
-        Self {
-            signature: signature.g2_ref(),
-            signed_messages: vec![SignedMessage::new(vec![signing_key], message)],
-        }
-    }
-
-    pub fn dual<S, T>(
-        signature: &'a S,
-        message_0: Message,
-        message_0_signing_keys: Vec<Cow<'a, G1Point>>,
-        message_1: Message,
-        message_1_signing_keys: Vec<Cow<'a, G1Point>>,
     ) -> Self
-    where
+where {
-        T: G1Ref + Clone,
+        let signing_keys_refs: Vec<&RawPublicKey> =
-        S: G2Ref,
+            signing_keys.iter().map(|pk| pk.as_raw()).collect();
-    {
         Self {
-            signature: signature.g2_ref(),
+            signature: signature.as_raw().clone(),
-            signed_messages: vec![
+            signing_keys: RawAggregatePublicKey::aggregate(&signing_keys_refs),
-                SignedMessage::new(message_0_signing_keys, message_0),
+            message,
-                SignedMessage::new(message_1_signing_keys, message_1),
-            ],
-        }
-    }
-
-    pub fn new<S>(signature: &'a S, signed_messages: Vec<SignedMessage<'a>>) -> Self
-    where
-        S: G2Ref,
-    {
-        Self {
-            signature: signature.g2_ref(),
-            signed_messages,
         }
     }
 
     pub fn is_valid(&self) -> bool {
-        let sig = milagro_bls::AggregateSignature {
+        self.signature
-            point: self.signature.clone(),
+            .fast_aggregate_verify_pre_aggregated(&self.message, &self.signing_keys)
-        };
-
-        let mut messages: Vec<Vec<u8>> = vec![];
-        let mut pubkeys = vec![];
-
-        self.signed_messages.iter().for_each(|signed_message| {
-            messages.push(signed_message.message.clone());
-
-            let point = if signed_message.signing_keys.len() == 1 {
-                signed_message.signing_keys[0].clone().into_owned()
-            } else {
-                aggregate_public_keys(&signed_message.signing_keys)
-            };
-
-            pubkeys.push(milagro_bls::AggregatePublicKey { point });
-        });
-
-        let pubkey_refs: Vec<&milagro_bls::AggregatePublicKey> =
-            pubkeys.iter().map(std::borrow::Borrow::borrow).collect();
-
-        sig.verify_multiple(&messages, &pubkey_refs)
     }
 }
 
+type VerifySet<'a> = (
+    &'a RawAggregateSignature,
+    &'a RawAggregatePublicKey,
+    &'a [u8],
+);
+
 #[cfg(not(feature = "fake_crypto"))]
-pub fn verify_signature_sets<'a>(iter: impl Iterator<Item = SignatureSet<'a>>) -> bool {
+pub fn verify_signature_sets<'a>(sets: Vec<SignatureSet>) -> bool {
     let rng = &mut rand::thread_rng();
-    RawAggregateSignature::verify_multiple_signatures(rng, iter.map(Into::into))
+    let verify_set: Vec<VerifySet> = sets
+        .iter()
+        .map(|ss| (&ss.signature, &ss.signing_keys, ss.message.as_slice()))
+        .collect();
+    RawAggregateSignature::verify_multiple_aggregate_signatures(rng, verify_set.into_iter())
 }
 
 #[cfg(feature = "fake_crypto")]
-pub fn verify_signature_sets<'a>(_iter: impl Iterator<Item = SignatureSet<'a>>) -> bool {
+pub fn verify_signature_sets<'a>(sets: Vec<SignatureSet>) -> bool {
     true
 }
-
-type VerifySet<'a> = (G2Point, Vec<G1Point>, Vec<Vec<u8>>);
-
-impl<'a> Into<VerifySet<'a>> for SignatureSet<'a> {
-    fn into(self) -> VerifySet<'a> {
-        let signature = self.signature.clone();
-
-        let (pubkeys, messages): (Vec<G1Point>, Vec<Message>) = self
-            .signed_messages
-            .into_iter()
-            .map(|signed_message| {
-                let key = if signed_message.signing_keys.len() == 1 {
-                    signed_message.signing_keys[0].clone().into_owned()
-                } else {
-                    aggregate_public_keys(&signed_message.signing_keys)
-                };
-
-                (key, signed_message.message)
-            })
-            .unzip();
-
-        (signature, pubkeys, messages)
-    }
-}
-
-/// Create an aggregate public key for a list of validators, failing if any key can't be found.
-fn aggregate_public_keys<'a>(public_keys: &'a [Cow<'a, G1Point>]) -> G1Point {
-    let mut aggregate =
-        public_keys
-            .iter()
-            .fold(AggregatePublicKey::new(), |mut aggregate, pubkey| {
-                aggregate.add_point(&pubkey);
-                aggregate
-            });
-
-    aggregate.affine();
-
-    aggregate.into_raw().point
-}
-
-pub trait G1Ref {
-    fn g1_ref(&self) -> Cow<'_, G1Point>;
-}
-
-impl G1Ref for AggregatePublicKey {
-    fn g1_ref(&self) -> Cow<'_, G1Point> {
-        Cow::Borrowed(&self.as_raw().point)
-    }
-}
-
-impl G1Ref for PublicKey {
-    fn g1_ref(&self) -> Cow<'_, G1Point> {
-        Cow::Borrowed(&self.as_raw().point)
-    }
-}
-
-pub trait G2Ref {
-    fn g2_ref(&self) -> &G2Point;
-}
-
-impl G2Ref for AggregateSignature {
-    fn g2_ref(&self) -> &G2Point {
-        &self.as_raw().point
-    }
-}
-
-impl G2Ref for Signature {
-    fn g2_ref(&self) -> &G2Point {
-        &self.as_raw().point
-    }
-}

eth2/utils/eth2_interop_keypairs/Cargo.toml

@@ -11,7 +11,7 @@ lazy_static = "1.4.0"
 num-bigint = "0.2.3"
 eth2_hashing = "0.1.0"
 hex = "0.3"
-milagro_bls = { git = "https://github.com/sigp/milagro_bls", branch = "eth2.0-v0.10" }
+milagro_bls = { git = "https://github.com/sigp/milagro_bls", tag = "v1.0.0" }
 serde_yaml = "0.8.11"
 serde = "1.0.102"
 serde_derive = "1.0.102"

tests/ef_tests/src/cases/bls_aggregate_verify.rs

@@ -1,12 +1,12 @@
 use super::*;
 use crate::case_result::compare_result;
 use crate::cases::common::BlsCase;
-use bls::{AggregatePublicKey, AggregateSignature};
+use bls::{AggregateSignature, PublicKey};
 use serde_derive::Deserialize;
 
 #[derive(Debug, Clone, Deserialize)]
 pub struct BlsAggregatePair {
-    pub pubkey: AggregatePublicKey,
+    pub pubkey: PublicKey,
     pub message: String,
 }