Simplex QuorumCertificate and BLS aggregator#4091
Merged
StephenButtolph merged 27 commits intomasterfrom Jul 24, 2025
Merged
Conversation
yacovm
reviewed
Jul 16, 2025
samliok
commented
Jul 16, 2025
yacovm
previously approved these changes
Jul 16, 2025
Contributor
StephenButtolph
left a comment
StephenButtolph
left a comment
There was a problem hiding this comment.
I didn't review the tests yet, will look though the tests after these are addressed.
Comment on lines
+45
to
+51
| // Verify checks if the quorum certificate is valid by verifying the aggregated signature against the signers' public keys. | ||
| func (qc *QC) Verify(msg []byte) error { | ||
| pks := make([]*bls.PublicKey, 0, len(qc.signers)) | ||
| quorum := simplex.Quorum(len(qc.verifier.nodeID2PK)) | ||
| if len(qc.signers) != quorum { | ||
| return fmt.Errorf("%w: expected %d signers but got %d", errUnexpectedSigners, quorum, len(qc.signers)) | ||
| } |
Contributor
There was a problem hiding this comment.
Are there checks somewhere else that verify that the same signer isn't included multiple times?
If so we should document that assumption here. If not we need to add that.
Contributor
There was a problem hiding this comment.
Simplex checks for:
During the regular Simplex admission path.
Though now when I quickly skimmed through the code, I think we can process an un-verified notarization through the replication path, oops... @samliok can you confirm?
I think we should be prudent and double check this here in the avalanchego side as well.
Contributor
Author
There was a problem hiding this comment.
So a couple notes after looking a bit deeper.
- We do check if multiple nodes have signed twice in simplex see here. Although it's probably a better idea to do it here in Verify(and potentially remove the check in simplex)?
- We don't verify notarizations through the replication path. Created an issue
- Noticed we don't add re-add replication task if block verification fails. Issue
- We may possible add a signature for the wrong digest when creating a notarization. Issue
I'll tackle these issues on this simplex side, plus added checking for double signers in avalanchego.
Contributor
There was a problem hiding this comment.
But it seems to me that we call verifyQuorumRound whenever we process a replication response, which calls IsFinalizationValid and it performs the duplicity checks.
yacovm
dismissed
their stale review
Let's double check the QC is valid (no double signing, enough signers) here as well.
yacovm
reviewed
Jul 24, 2025
yacovm
approved these changes
Jul 24, 2025
StephenButtolph
approved these changes
Jul 24, 2025
Contributor
StephenButtolph
left a comment
StephenButtolph
left a comment
There was a problem hiding this comment.
trivial nit and lgtm
joshua-kim
added a commit
that referenced
this pull request
Jul 30, 2025
commit 45df9e6 Author: Jonathan Oppenheimer <[email protected]> Date: Tue Jul 29 15:44:08 2025 -0400 chore: Update header year to 2025 (#4140) commit dca17fd Author: Stephen Buttolph <[email protected]> Date: Tue Jul 29 15:41:14 2025 -0400 Remove gitignore line that ignores the `database/dbtest` package (#4142) commit 6e56650 Author: aaronbuchwald <[email protected]> Date: Tue Jul 29 14:29:42 2025 -0400 Remove flaky dial throttler tests (#4139) commit 577820e Author: aaronbuchwald <[email protected]> Date: Tue Jul 29 13:25:27 2025 -0400 Add runner input to run c-chain reexecution benchmark on arbitrary target (#4121) Signed-off-by: aaronbuchwald <[email protected]> Co-authored-by: Copilot <[email protected]> commit d5cdc50 Author: Stephen Buttolph <[email protected]> Date: Tue Jul 29 13:24:13 2025 -0400 With golangci-lint v2.2.2 using http.NewRequest is discouraged (#4136) commit d9d6f59 Author: aaronbuchwald <[email protected]> Date: Tue Jul 29 11:49:26 2025 -0400 Remove external-data-json-path from benchmark push step (#4134) commit 0c62370 Author: aaronbuchwald <[email protected]> Date: Mon Jul 28 14:12:02 2025 -0400 Split action benchmark comparison and push to gh-pages (#4130) commit b1433fd Author: Geoff Stuart <[email protected]> Date: Fri Jul 25 14:50:16 2025 -0400 Enable Cubist Signer integration (#3965) Signed-off-by: Geoff Stuart <[email protected]> Signed-off-by: Joshua Kim <[email protected]> Co-authored-by: Richard Pringle <[email protected]> Co-authored-by: Joshua Kim <[email protected]> Co-authored-by: Stephen Buttolph <[email protected]> commit 44c79a8 Author: rodrigo <[email protected]> Date: Fri Jul 25 10:52:17 2025 -0400 refactor: remove load 1.0 (#4112) commit e658cf4 Author: jishudashu <[email protected]> Date: Fri Jul 25 22:50:43 2025 +0800 refactor: use maps.Copy for cleaner map handling (#4119) Signed-off-by: jishudashu <[email protected]> commit 0980edf Author: aaronbuchwald <[email protected]> Date: Thu Jul 24 16:13:30 2025 -0400 Update codeowners of reexecution changes (#4116) commit 44b1e6c Author: Sam Liokumovich <[email protected]> Date: Thu Jul 24 16:00:45 2025 -0400 Simplex QuorumCertificate and BLS aggregator (#4091) commit 5af69e6 Author: rodrigo <[email protected]> Date: Thu Jul 24 13:17:48 2025 -0400 ci: remove load 1.0 (#4106) commit 12b75d4 Author: aaronbuchwald <[email protected]> Date: Wed Jul 23 13:01:42 2025 -0400 Add step to push benchmark results to gh-pages (#4103) Signed-off-by: aaronbuchwald <[email protected]> commit c712437 Author: Sam Liokumovich <[email protected]> Date: Wed Jul 23 11:33:29 2025 -0400 Remove Stale References of the toEngine Channel (#4101) Signed-off-by: Joshua Kim <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why this should be merged
Implements the simplex
QuorumCertificate,QCDeserializerandSignatureAggregatorinterfaces. This allows simplex to parse, aggregate and verify quorum certificates(ex. finalizations and notarizations) during execution.How this works
CodecHow this was tested
Added unit tests to
qc_test.go.Need to be documented in RELEASES.md?
no