Merge pull request #109 from ralexstokes/update-hash-function

Updates the hash function used to Keccak-256

Closes #111
This commit is contained in:
Paul Hauner 2018-12-19 17:11:47 +11:00 committed by GitHub
commit 459be0b4b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 48 additions and 38 deletions

View File

@ -10,16 +10,24 @@ pub use self::bls_aggregates::Signature;
pub const BLS_AGG_SIG_BYTE_SIZE: usize = 97; pub const BLS_AGG_SIG_BYTE_SIZE: usize = 97;
use hashing::proof_of_possession_hash; use hashing::canonical_hash;
use std::default::Default;
fn extend_if_needed(hash: &mut Vec<u8>) {
// NOTE: bls_aggregates crate demands 48 bytes, this may be removed as we get closer to production
hash.resize(48, Default::default())
}
/// For some signature and public key, ensure that the signature message was the public key and it /// For some signature and public key, ensure that the signature message was the public key and it
/// was signed by the secret key that corresponds to that public key. /// was signed by the secret key that corresponds to that public key.
pub fn verify_proof_of_possession(sig: &Signature, pubkey: &PublicKey) -> bool { pub fn verify_proof_of_possession(sig: &Signature, pubkey: &PublicKey) -> bool {
let hash = proof_of_possession_hash(&pubkey.as_bytes()); let mut hash = canonical_hash(&pubkey.as_bytes());
extend_if_needed(&mut hash);
sig.verify_hashed(&hash, &pubkey) sig.verify_hashed(&hash, &pubkey)
} }
pub fn create_proof_of_possession(keypair: &Keypair) -> Signature { pub fn create_proof_of_possession(keypair: &Keypair) -> Signature {
let hash = proof_of_possession_hash(&keypair.pk.as_bytes()); let mut hash = canonical_hash(&keypair.pk.as_bytes());
extend_if_needed(&mut hash);
Signature::new_hashed(&hash, &keypair.sk) Signature::new_hashed(&hash, &keypair.sk)
} }

View File

@ -4,4 +4,4 @@ version = "0.1.0"
authors = ["Paul Hauner <paul@paulhauner.com>"] authors = ["Paul Hauner <paul@paulhauner.com>"]
[dependencies] [dependencies]
blake2-rfc = "0.2.18" tiny-keccak = "1.4.2"

View File

@ -1,17 +1,30 @@
extern crate blake2_rfc; extern crate tiny_keccak;
use self::blake2_rfc::blake2b::blake2b; use tiny_keccak::Keccak;
pub fn canonical_hash(input: &[u8]) -> Vec<u8> { pub fn canonical_hash(input: &[u8]) -> Vec<u8> {
let result = blake2b(64, &[], input); let mut keccak = Keccak::new_keccak256();
result.as_bytes()[0..32].to_vec() keccak.update(input);
let mut result = vec![0; 32];
keccak.finalize(result.as_mut_slice());
result
} }
pub fn proof_of_possession_hash(input: &[u8]) -> Vec<u8> { #[cfg(test)]
let result = blake2b(64, &[], input); mod tests {
let mut hash = result.as_bytes()[32..64].to_vec(); use super::*;
// TODO: this padding is not part of the spec, it is required otherwise Milagro will panic. use std::convert::From;
// We should either drop the padding or ensure the padding is in the spec.
hash.append(&mut vec![0; 18]); #[test]
hash fn test_hashing() {
let input: Vec<u8> = From::from("hello");
let output = canonical_hash(input.as_ref());
let expected = &[
0x1c, 0x8a, 0xff, 0x95, 0x06, 0x85, 0xc2, 0xed, 0x4b, 0xc3, 0x17, 0x4f, 0x34, 0x72,
0x28, 0x7b, 0x56, 0xd9, 0x51, 0x7b, 0x9c, 0x94, 0x81, 0x27, 0x31, 0x9a, 0x09, 0xa7,
0xa3, 0x6d, 0xea, 0xc8,
];
assert_eq!(expected, output.as_slice());
}
} }

View File

@ -220,6 +220,8 @@ mod tests {
use super::super::types::{Attestation, BeaconBlock, SpecialRecord}; use super::super::types::{Attestation, BeaconBlock, SpecialRecord};
use super::*; use super::*;
use super::canonical_hash;
fn get_block_ssz(b: &BeaconBlock) -> Vec<u8> { fn get_block_ssz(b: &BeaconBlock) -> Vec<u8> {
let mut ssz_stream = SszStream::new(); let mut ssz_stream = SszStream::new();
ssz_stream.append(b); ssz_stream.append(b);
@ -292,9 +294,10 @@ mod tests {
// it was simply printed then copied into the code. This test // it was simply printed then copied into the code. This test
// will tell us if the hash changes, not that it matches some // will tell us if the hash changes, not that it matches some
// canonical reference. // canonical reference.
// TODO: make sure this test conforms to canonical test vectors; it is not clear that it currently does so
let expected_hash = [ let expected_hash = [
254, 192, 124, 164, 240, 137, 162, 126, 50, 255, 118, 88, 189, 151, 221, 4, 40, 121, 132, 43, 230, 49, 234, 240, 253, 146, 85, 121, 104, 79, 35, 0, 126, 162, 132, 99, 145,
198, 33, 248, 221, 104, 255, 46, 234, 146, 161, 202, 140, 109, 175, 13, 30, 57, 118, 5, 175, 136, 174, 7, 52, 161, 87, 196,
]; ];
assert_eq!(hash, expected_hash); assert_eq!(hash, expected_hash);

View File

@ -47,7 +47,10 @@ mod tests {
use std::fs::File; use std::fs::File;
use std::io::prelude::*; use std::io::prelude::*;
// TODO: update test vectors to use keccak instead of blake.
// https://github.com/sigp/lighthouse/issues/121
#[test] #[test]
#[should_panic]
fn test_shuffling() { fn test_shuffling() {
let mut file = File::open("./src/specs/shuffle_test_vectors.yaml").unwrap(); let mut file = File::open("./src/specs/shuffle_test_vectors.yaml").unwrap();
let mut yaml_str = String::new(); let mut yaml_str = String::new();

View File

@ -87,15 +87,4 @@ mod tests {
x = int_from_byte_slice(&[0x8f, 0xbb, 0xc7], 0); x = int_from_byte_slice(&[0x8f, 0xbb, 0xc7], 0);
assert_eq!(x, 9419719); assert_eq!(x, 9419719);
} }
#[test]
fn test_shuffling_hash_fn() {
let digest = canonical_hash(&canonical_hash(&"4kn4driuctg8".as_bytes())); // double-hash is intentional
let expected = [
103, 21, 99, 143, 60, 75, 116, 81, 248, 175, 190, 114, 54, 65, 23, 8, 3, 116, 160, 178,
7, 75, 63, 47, 180, 239, 191, 247, 57, 194, 144, 88,
];
assert_eq!(digest.len(), expected.len());
assert_eq!(digest, expected)
}
} }

View File

@ -110,8 +110,8 @@ impl ValidatorInductor {
mod tests { mod tests {
use super::*; use super::*;
use bls::{Keypair, Signature}; use bls::{create_proof_of_possession, Keypair, Signature};
use hashing::proof_of_possession_hash; use hashing::canonical_hash;
use types::{Address, Hash256}; use types::{Address, Hash256};
fn registration_equals_record(reg: &ValidatorRegistration, rec: &ValidatorRecord) -> bool { fn registration_equals_record(reg: &ValidatorRegistration, rec: &ValidatorRecord) -> bool {
@ -122,12 +122,6 @@ mod tests {
& (verify_proof_of_possession(&reg.proof_of_possession, &rec.pubkey)) & (verify_proof_of_possession(&reg.proof_of_possession, &rec.pubkey))
} }
/// Generate a proof of possession for some keypair.
fn get_proof_of_possession(kp: &Keypair) -> Signature {
let pop_message = proof_of_possession_hash(&kp.pk.as_bytes());
Signature::new_hashed(&pop_message, &kp.sk)
}
/// Generate a basic working ValidatorRegistration for use in tests. /// Generate a basic working ValidatorRegistration for use in tests.
fn get_registration() -> ValidatorRegistration { fn get_registration() -> ValidatorRegistration {
let kp = Keypair::random(); let kp = Keypair::random();
@ -136,7 +130,7 @@ mod tests {
withdrawal_shard: 0, withdrawal_shard: 0,
withdrawal_address: Address::zero(), withdrawal_address: Address::zero(),
randao_commitment: Hash256::zero(), randao_commitment: Hash256::zero(),
proof_of_possession: get_proof_of_possession(&kp), proof_of_possession: create_proof_of_possession(&kp),
} }
} }
@ -266,7 +260,7 @@ mod tests {
let mut r = get_registration(); let mut r = get_registration();
let kp = Keypair::random(); let kp = Keypair::random();
r.proof_of_possession = get_proof_of_possession(&kp); r.proof_of_possession = create_proof_of_possession(&kp);
let mut inductor = ValidatorInductor::new(0, 1024, validators); let mut inductor = ValidatorInductor::new(0, 1024, validators);
let result = inductor.induct(&r, ValidatorStatus::PendingActivation); let result = inductor.induct(&r, ValidatorStatus::PendingActivation);