refactor!: split bls and secp256k1 private key (#1471)

* refactor: split bls and secp256k1 private key * revert some useless changes * fix unit test * cargo fmt * add some annotation
axonweb3 · Oct 12, 2023 · a6fffed · a6fffed
1 parent 28dbf37
commit a6fffed
Show file tree

Hide file tree

Showing 23 changed files with 66 additions and 46 deletions.
diff --git a/common/config-parser/src/types/config.rs b/common/config-parser/src/types/config.rs
@@ -23,8 +23,13 @@ pub const DEFAULT_CACHE_SIZE: usize = 100;
 #[derive(Clone, Debug, Deserialize)]
 pub struct Config {
     // crypto
+    /// `net_privkey` is used for network connection.
     #[serde(deserialize_with = "deserialize_256bits_key")]
-    pub privkey:   Key256Bits,
+    pub net_privkey: Key256Bits,
+    /// `bls_privkey` is used for signing consensus messages.
+    #[serde(deserialize_with = "deserialize_256bits_key")]
+    pub bls_privkey: Key256Bits,
+
     // db config
     pub data_path: PathBuf,
 

diff --git a/core/consensus/src/adapter.rs b/core/consensus/src/adapter.rs
@@ -502,6 +502,7 @@ where
             .into());
         }
 
+        // The address field of Node struct should use the node's secp256k1 public key
         let mut authority_list = metadata
             .verifier_list
             .iter()

diff --git a/core/consensus/src/consensus.rs b/core/consensus/src/consensus.rs
@@ -144,7 +144,7 @@ impl<Adapter: ConsensusAdapter + 'static> OverlordConsensus<Adapter> {
                         metadata.consensus_config.prevote_ratio,
                         metadata.consensus_config.precommit_ratio,
                         metadata.consensus_config.brake_ratio,
-                        metadata.verifier_list.into_iter().map(Into::into).collect(),
+                        metadata.verifier_list.iter().map(Into::into).collect(),
                     )),
                 )
                 .unwrap();
@@ -167,6 +167,7 @@ impl<Adapter: ConsensusAdapter + 'static> OverlordConsensus<Adapter> {
         validators: Vec<Validator>,
         timer_config: Option<DurationConfig>,
     ) -> ProtocolResult<()> {
+        // The address field of Node struct should use the node's secp256k1 public key
         let authority_list = validators
             .into_iter()
             .map(|v| Node {
@@ -194,6 +195,7 @@ pub fn gen_overlord_status(
     brake_ratio: u64,
     validators: Vec<Validator>,
 ) -> Status {
+    // The address field of Node struct should use the node's secp256k1 public key
     let mut authority_list = validators
         .into_iter()
         .map(|v| Node {

diff --git a/core/consensus/src/engine.rs b/core/consensus/src/engine.rs
@@ -449,6 +449,7 @@ impl<Adapter: ConsensusAdapter + 'static> Engine<Proposal> for ConsensusEngine<A
                 .await?
         };
 
+        // The address field of Node struct should use the node's secp256k1 public key
         let mut old_validators = old_metadata
             .verifier_list
             .into_iter()
@@ -775,15 +776,16 @@ pub fn generate_new_crypto_map(metadata: Metadata) -> ProtocolResult<HashMap<Byt
     let mut new_addr_pubkey_map = HashMap::new();
     for validator in metadata.verifier_list.into_iter() {
         let addr = validator.pub_key.as_bytes();
-        let hex_pubkey = validator.bls_pub_key.as_bytes();
-        let pubkey = BlsPublicKey::try_from(hex_pubkey.as_ref())
+        let bls_pubkey = validator.bls_pub_key.as_bytes();
+        let pubkey = BlsPublicKey::try_from(bls_pubkey.as_ref())
             .map_err(|err| ConsensusError::Other(format!("try from bls pubkey error {:?}", err)))?;
         new_addr_pubkey_map.insert(addr, pubkey);
     }
     Ok(new_addr_pubkey_map)
 }
 
 fn convert_to_overlord_authority(validators: &[ValidatorExtend]) -> Vec<Node> {
+    // The address field of Node struct should use the node's secp256k1 public key
     let mut authority = validators
         .iter()
         .map(|v| Node {

diff --git a/core/consensus/src/synchronization.rs b/core/consensus/src/synchronization.rs
@@ -518,7 +518,7 @@ impl<Adapter: SynchronizationAdapter> OverlordSynchronization<Adapter> {
             metadata.consensus_config.prevote_ratio,
             metadata.consensus_config.precommit_ratio,
             metadata.consensus_config.brake_ratio,
-            metadata.verifier_list.into_iter().map(Into::into).collect(),
+            metadata.verifier_list.iter().map(Into::into).collect(),
         )?;
 
         log::info!(

diff --git a/core/consensus/src/util.rs b/core/consensus/src/util.rs
@@ -31,6 +31,13 @@ pub fn time_now() -> u64 {
         .as_secs()
 }
 
+/// The `private_key` is the blst private key of the node. The `addr_pubkey` is
+/// a map to get the blst public key by the address. To be notice that the
+/// address uses secp256k1 **public key** which is same as the `address` field
+/// in `Node` struct. Use secp256k1 public key instead of address can reduce the
+/// `keccak256` hash calculation at the end of each height. The reason why not
+/// use address directly is that the `PeerId` is binding with public key not
+/// address.
 pub struct OverlordCrypto {
     private_key: BlsPrivateKey,
     addr_pubkey: RwLock<HashMap<Bytes, BlsPublicKey>>,

diff --git a/core/network/src/config.rs b/core/network/src/config.rs
@@ -114,7 +114,7 @@ impl NetworkConfig {
                     .collect(),
             )
             .listen_addr(config.network.listening_address.clone())
-            .secio_keypair(config.privkey.as_ref())?
+            .secio_keypair(config.net_privkey.as_ref())?
             .chain_id(chain_id)
             .max_connections(config.network.max_connected_peers)
     }

diff --git a/core/run/src/lib.rs b/core/run/src/lib.rs
@@ -197,15 +197,7 @@ async fn start<K: KeyProvider>(
     metadata_handle.init_hardfork(current_block.header.number)?;
 
     let metadata = metadata_handle.get_metadata_by_block_number(current_block.header.number)?;
-    let validators: Vec<Validator> = metadata
-        .verifier_list
-        .iter()
-        .map(|v| Validator {
-            pub_key:        v.pub_key.as_bytes(),
-            propose_weight: v.propose_weight,
-            vote_weight:    v.vote_weight,
-        })
-        .collect::<Vec<_>>();
+    let validators: Vec<Validator> = metadata.verifier_list.iter().map(Into::into).collect();
 
     // Set args in mempool
     mempool.set_args(
@@ -217,7 +209,7 @@ async fn start<K: KeyProvider>(
 
     // Init overlord consensus and synchronization
     let lock = Arc::new(AsyncMutex::new(()));
-    let crypto = init_crypto(config.privkey.as_ref(), &metadata.verifier_list)?;
+    let crypto = init_crypto(config.bls_privkey.as_ref(), &metadata.verifier_list)?;
     let consensus_adapter = OverlordConsensusAdapter::<_, _, _, _>::new(
         Arc::new(network_service.handle()),
         Arc::clone(&mempool),
@@ -231,7 +223,7 @@ async fn start<K: KeyProvider>(
     let hardfork_info = storage.hardfork_proposal(Default::default()).await?;
     let overlord_consensus = {
         let consensus_wal_path = config.data_path_for_consensus_wal();
-        let node_info = Secp256k1PrivateKey::try_from(config.privkey.as_ref())
+        let node_info = Secp256k1PrivateKey::try_from(config.net_privkey.as_ref())
             .map(|privkey| {
                 NodeInfo::new(
                     current_block.header.chain_id,

diff --git a/core/run/src/tests.rs b/core/run/src/tests.rs
@@ -45,22 +45,22 @@ const TESTCASES: &[TestCase] = &[
         chain_name:         "single_node",
         config_file:        "config.toml",
         chain_spec_file:    "specs/single_node/chain-spec.toml",
-        input_genesis_hash: "0xe3a40f0115fbf101520ceea1ce7103a73cb46554187ac7ed67f3522103e06d99",
-        genesis_state_root: "0x2f1e8e50d5ab97af96fdb5d6de8e691e5bb80f46f2c98c4133d265bd8b60de61",
+        input_genesis_hash: "0x274c0c52500c3978776d8836b8afe0999a946a010166c12a85a1c45b9cd2c5a2",
+        genesis_state_root: "0x940458498b6ac368ab17e9ede64d0cc1d321bc4ec835e09a333a4151c7785ea1",
     },
     TestCase {
         chain_name:         "multi_nodes",
         config_file:        "nodes/node_1.toml",
         chain_spec_file:    "specs/multi_nodes/chain-spec.toml",
-        input_genesis_hash: "0x1b4cf78373961dabcba5d4a9402c924fc4fecdd9ce367239f02c8971a052f3b5",
-        genesis_state_root: "0xf684cbec490eb5b8a07b80f369f3bf87f05ec73494b869111010a6ad6fa89894",
+        input_genesis_hash: "0x70cc025ae586f054157f6d8a6558c39c359cde0eb4b9acbdf3f31a8e14a6a6fc",
+        genesis_state_root: "0x9976026c069e8d931d55f93637663e494caae772c2c274ad636de9bc7baf5191",
     },
     TestCase {
         chain_name:         "multi_nodes_short_epoch_len",
         config_file:        "nodes/node_1.toml",
         chain_spec_file:    "specs/multi_nodes_short_epoch_len/chain-spec.toml",
-        input_genesis_hash: "0xd930632a7565acfc149c1d896d79910608768de5b936fdb34cc47c9b2296dd2a",
-        genesis_state_root: "0xa5e1e7ac3e03f7dc26cc93ab69c0ec49e591cbdaa7694c75682745c40bfca468",
+        input_genesis_hash: "0x4213963522f2d72fa8b33ab4a8b33d79f0d387999f97f38d5c93d9b047baa743",
+        genesis_state_root: "0x33a4f19a7d1bca010f6c3f17904e23f099dd2a022e1f1401fbffed27a1919370",
     },
 ];
 

diff --git a/devtools/chain/config.toml b/devtools/chain/config.toml
@@ -1,5 +1,8 @@
 # crypto
-privkey = "0x37aa0f893d05914a4def0460c0a984d3611546cfb26924d7a7ca6e0db9950a2d"
+# net_privkey is used for network, bls_privkey is use for sign consensus messages
+# DO NOT USE this private key in any production environment!
+net_privkey = "0x37aa0f893d05914a4def0460c0a984d3611546cfb26924d7a7ca6e0db9950a2d"
+bls_privkey = "0x4179b05f5ad5bdd46ca98a9e8b435b00a504562dfe02687895edf747ddf5de18"
 
 # db config
 data_path = "./devtools/chain/data"

diff --git a/devtools/chain/k8s/node_1.toml b/devtools/chain/k8s/node_1.toml
@@ -1,5 +1,6 @@
 # crypto
-privkey = "0x37aa0f893d05914a4def0460c0a984d3611546cfb26924d7a7ca6e0db9950a2d"
+net_privkey = "0x37aa0f893d05914a4def0460c0a984d3611546cfb26924d7a7ca6e0db9950a2d"
+bls_privkey = "0x4179b05f5ad5bdd46ca98a9e8b435b00a504562dfe02687895edf747ddf5de18"
 
 # db config
 data_path = "./devtools/chain/data1"

diff --git a/devtools/chain/k8s/node_2.toml b/devtools/chain/k8s/node_2.toml
@@ -1,5 +1,6 @@
 # crypto
-privkey = "0x383fcff8683b8115e31613949be24254b4204ffbe43c227408a76334a2e3fb32"
+net_privkey = "0x383fcff8683b8115e31613949be24254b4204ffbe43c227408a76334a2e3fb32"
+bls_privkey = "0x422951d5ac7ddbe86cae7d2d4c82af713785b3177043ac6feb50eda7e360b860"
 
 # db config
 data_path = "./devtools/chain/data2"

diff --git a/devtools/chain/k8s/node_3.toml b/devtools/chain/k8s/node_3.toml
@@ -1,5 +1,6 @@
 # crypto
-privkey = "0x51ce21643b911347c5d5c85c323d9d5421810dc89f46b688720b2715f5e8e936"
+net_privkey = "0x51ce21643b911347c5d5c85c323d9d5421810dc89f46b688720b2715f5e8e936"
+bls_privkey = "0x51a04542786ca3bae046d1c7451b6a0745efdcc66c39ede37827172f964d5fdf"
 
 # db config
 data_path = "./devtools/chain/data3"

diff --git a/devtools/chain/k8s/node_4.toml b/devtools/chain/k8s/node_4.toml
@@ -1,5 +1,6 @@
 # crypto
-privkey = "0x69ff51f4c22f30615f68b88efa740f8f1b9169e88842b83d189748d06f1a948e"
+net_privkey = "0x69ff51f4c22f30615f68b88efa740f8f1b9169e88842b83d189748d06f1a948e"
+bls_privkey = "0x67fc8772fdcff8140564e9c4ed693fffd0929c68f24529ee2fb2adfbe9c453fe"
 
 # db config
 data_path = "./devtools/chain/data4"

diff --git a/devtools/chain/nodes/node_1.toml b/devtools/chain/nodes/node_1.toml
@@ -1,5 +1,6 @@
 # crypto
-privkey = "0x37aa0f893d05914a4def0460c0a984d3611546cfb26924d7a7ca6e0db9950a2d"
+net_privkey = "0x37aa0f893d05914a4def0460c0a984d3611546cfb26924d7a7ca6e0db9950a2d"
+bls_privkey = "0x4179b05f5ad5bdd46ca98a9e8b435b00a504562dfe02687895edf747ddf5de18"
 
 # db config
 data_path = "./devtools/chain/data/node_1"

diff --git a/devtools/chain/nodes/node_2.toml b/devtools/chain/nodes/node_2.toml
@@ -1,5 +1,6 @@
 # crypto
-privkey = "0x383fcff8683b8115e31613949be24254b4204ffbe43c227408a76334a2e3fb32"
+net_privkey = "0x383fcff8683b8115e31613949be24254b4204ffbe43c227408a76334a2e3fb32"
+bls_privkey = "0x422951d5ac7ddbe86cae7d2d4c82af713785b3177043ac6feb50eda7e360b860"
 
 # db config
 data_path = "./devtools/chain/data/node_2"

diff --git a/devtools/chain/nodes/node_3.toml b/devtools/chain/nodes/node_3.toml
@@ -1,5 +1,6 @@
 # crypto
-privkey = "0x51ce21643b911347c5d5c85c323d9d5421810dc89f46b688720b2715f5e8e936"
+net_privkey = "0x51ce21643b911347c5d5c85c323d9d5421810dc89f46b688720b2715f5e8e936"
+bls_privkey = "0x51a04542786ca3bae046d1c7451b6a0745efdcc66c39ede37827172f964d5fdf"
 
 # db config
 data_path = "./devtools/chain/data/node_3"

diff --git a/devtools/chain/nodes/node_4.toml b/devtools/chain/nodes/node_4.toml
@@ -1,5 +1,6 @@
 # crypto
-privkey = "0x69ff51f4c22f30615f68b88efa740f8f1b9169e88842b83d189748d06f1a948e"
+net_privkey = "0x69ff51f4c22f30615f68b88efa740f8f1b9169e88842b83d189748d06f1a948e"
+bls_privkey = "0x67fc8772fdcff8140564e9c4ed693fffd0929c68f24529ee2fb2adfbe9c453fe"
 
 # db config
 data_path = "./devtools/chain/data/node_4"

diff --git a/devtools/chain/specs/multi_nodes/chain-spec.toml b/devtools/chain/specs/multi_nodes/chain-spec.toml
@@ -77,28 +77,28 @@ gas_limit = 4294967295000
 interval = 3000
 
 [[params.verifier_list]]
-bls_pub_key = "0xac85bbb40347b6e06ac2dc2da1f75eece029cdc0ed2d456c457d27e288bfbfbcd4c5c19716e9b250134a0e76ce50fa22"
+bls_pub_key = "0xa26e3fe1cf51bd4822072c61bdc315ac32e3d3c2e2484bb92942666399e863b4bf56cf2926383cc706ffc15dfebc85c6"
 pub_key = "0x031ddc35212b7fc7ff6685b17d91f77c972535aee5c7ae5684d3e72b986f08834b"
 address = "0x8ab0cf264df99d83525e9e11c7e4db01558ae1b1"
 propose_weight = 1
 vote_weight = 1
 
 [[params.verifier_list]]
-bls_pub_key = "0x91ed9f3c51c580e56948b1bda9d00c2159665f8a6e284191ab816ee64ef2487d78453a547a0f14efbf842bba5b5a3b4f"
+bls_pub_key = "0x80310fa9df724b5603d283b472ed3bf85254a8a4ceda8a274b421f6cf2be1d9184267cdfe9a199d36ff14e57668a55d0"
 pub_key = "0x02b77c74eb68af3d4d6cc7884ed6709f1a2a1af0f713382a4438ec2ea3a70d4d7f"
 address = "0xf386573563c3a75dbbd269fce9782620826ddac2"
 propose_weight = 1
 vote_weight = 1
 
 [[params.verifier_list]]
-bls_pub_key = "0x92e5d0856fb20ea9cb5ab5da2d3331c38d32cc96507f6ad902fa3da9400096a485fb4e09834bc93de55db224f26c229c"
+bls_pub_key = "0x897721e9016864141a8b982a48217f66ef318ce598aa31842cddaaebe3cd7feab17050022afa6c2123aba39938fe4142"
 pub_key = "0x027ffd6a6a231561f2afe5878b1c743323b34263d16787130b1815fe35649b0bf5"
 address = "0x8af204ac5d7cb8815a6c53a50b72d01e729d3b22"
 propose_weight = 1
 vote_weight = 1
 
 [[params.verifier_list]]
-bls_pub_key = "0xa694f4e48a5a173b61731998f8f1204342dc5c8eb1e32cdae37415c20d11ae035ddac4a39f105e9c2d4d3691024d385d"
+bls_pub_key = "0x98eef09a3927acb225191101a1d9aa85775fdcdc87b9ba36898f6c132b485d66aef91c0f51cda331be4f985c3be6761c"
 pub_key = "0x0232c489c23b1207107e9a24648c1e4754a8c1c0b38db96df57a526201035058cb"
 address = "0xf4cc1652dcec2e5de9ce6fb1b6f9fa9456e957f1"
 propose_weight = 1

diff --git a/devtools/chain/specs/multi_nodes_short_epoch_len/chain-spec.toml b/devtools/chain/specs/multi_nodes_short_epoch_len/chain-spec.toml
@@ -77,28 +77,28 @@ gas_limit = 4294967295000
 interval = 3000
 
 [[params.verifier_list]]
-bls_pub_key = "0xac85bbb40347b6e06ac2dc2da1f75eece029cdc0ed2d456c457d27e288bfbfbcd4c5c19716e9b250134a0e76ce50fa22"
+bls_pub_key = "0xa26e3fe1cf51bd4822072c61bdc315ac32e3d3c2e2484bb92942666399e863b4bf56cf2926383cc706ffc15dfebc85c6"
 pub_key = "0x031ddc35212b7fc7ff6685b17d91f77c972535aee5c7ae5684d3e72b986f08834b"
 address = "0x8ab0cf264df99d83525e9e11c7e4db01558ae1b1"
 propose_weight = 1
 vote_weight = 1
 
 [[params.verifier_list]]
-bls_pub_key = "0x91ed9f3c51c580e56948b1bda9d00c2159665f8a6e284191ab816ee64ef2487d78453a547a0f14efbf842bba5b5a3b4f"
+bls_pub_key = "0x80310fa9df724b5603d283b472ed3bf85254a8a4ceda8a274b421f6cf2be1d9184267cdfe9a199d36ff14e57668a55d0"
 pub_key = "0x02b77c74eb68af3d4d6cc7884ed6709f1a2a1af0f713382a4438ec2ea3a70d4d7f"
 address = "0xf386573563c3a75dbbd269fce9782620826ddac2"
 propose_weight = 1
 vote_weight = 1
 
 [[params.verifier_list]]
-bls_pub_key = "0x92e5d0856fb20ea9cb5ab5da2d3331c38d32cc96507f6ad902fa3da9400096a485fb4e09834bc93de55db224f26c229c"
+bls_pub_key = "0x897721e9016864141a8b982a48217f66ef318ce598aa31842cddaaebe3cd7feab17050022afa6c2123aba39938fe4142"
 pub_key = "0x027ffd6a6a231561f2afe5878b1c743323b34263d16787130b1815fe35649b0bf5"
 address = "0x8af204ac5d7cb8815a6c53a50b72d01e729d3b22"
 propose_weight = 1
 vote_weight = 1
 
 [[params.verifier_list]]
-bls_pub_key = "0xa694f4e48a5a173b61731998f8f1204342dc5c8eb1e32cdae37415c20d11ae035ddac4a39f105e9c2d4d3691024d385d"
+bls_pub_key = "0x98eef09a3927acb225191101a1d9aa85775fdcdc87b9ba36898f6c132b485d66aef91c0f51cda331be4f985c3be6761c"
 pub_key = "0x0232c489c23b1207107e9a24648c1e4754a8c1c0b38db96df57a526201035058cb"
 address = "0xf4cc1652dcec2e5de9ce6fb1b6f9fa9456e957f1"
 propose_weight = 1

diff --git a/devtools/chain/specs/single_node/chain-spec.toml b/devtools/chain/specs/single_node/chain-spec.toml
@@ -77,7 +77,7 @@ gas_limit = 4294967295000
 interval = 3000
 
 [[params.verifier_list]]
-bls_pub_key = "0xac85bbb40347b6e06ac2dc2da1f75eece029cdc0ed2d456c457d27e288bfbfbcd4c5c19716e9b250134a0e76ce50fa22"
+bls_pub_key = "0xa26e3fe1cf51bd4822072c61bdc315ac32e3d3c2e2484bb92942666399e863b4bf56cf2926383cc706ffc15dfebc85c6"
 pub_key = "0x031ddc35212b7fc7ff6685b17d91f77c972535aee5c7ae5684d3e72b986f08834b"
 address = "0x8ab0cf264df99d83525e9e11c7e4db01558ae1b1"
 propose_weight = 1

diff --git a/protocol/src/traits/consensus.rs b/protocol/src/traits/consensus.rs
@@ -28,13 +28,13 @@ pub struct NodeInfo {
 impl NodeInfo {
     pub fn new(
         chain_id: u64,
-        pubkey: Secp256k1PublicKey,
+        pub_key: Secp256k1PublicKey,
         hardfork_info: Option<HardforkInfoInner>,
     ) -> Self {
-        let address = Address::from_pubkey(&pubkey);
+        let address = Address::from_pubkey(&pub_key);
         Self {
             chain_id,
-            self_pub_key: pubkey,
+            self_pub_key: pub_key,
             self_address: address,
             hardfork_proposals: Arc::new(RwLock::new(hardfork_info)),
         }

diff --git a/protocol/src/types/primitive.rs b/protocol/src/types/primitive.rs
@@ -391,8 +391,8 @@ impl Ord for ValidatorExtend {
     }
 }
 
-impl From<ValidatorExtend> for Validator {
-    fn from(ve: ValidatorExtend) -> Self {
+impl From<&ValidatorExtend> for Validator {
+    fn from(ve: &ValidatorExtend) -> Self {
         Validator {
             pub_key:        ve.pub_key.as_bytes(),
             propose_weight: ve.propose_weight,