Line data Source code
1 : // Copyright (c) 2018-2025 The Dash Core developers
2 : // Distributed under the MIT/X11 software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #include <llmq/dkgsession.h>
6 :
7 : #include <batchedlogger.h>
8 : #include <bls/bls_worker.h>
9 : #include <evo/deterministicmns.h>
10 : #include <llmq/commitment.h>
11 : #include <llmq/debug.h>
12 : #include <llmq/dkgsessionmgr.h>
13 : #include <llmq/options.h>
14 : #include <llmq/utils.h>
15 : #include <masternode/meta.h>
16 : #include <util/helpers.h>
17 : #include <util/std23.h>
18 :
19 : #include <chainparams.h>
20 : #include <deploymentstatus.h>
21 : #include <logging.h>
22 : #include <validation.h>
23 :
24 : #include <cxxtimer.hpp>
25 :
26 : #include <algorithm>
27 : #include <array>
28 : #include <atomic>
29 : #include <memory>
30 : #include <ranges>
31 : #include <type_traits>
32 :
33 : namespace llmq {
34 0 : CDKGLogger::CDKGLogger(const CDKGSession& _quorumDkg, std::string_view _func, int source_line) :
35 0 : CBatchedLogger(BCLog::LLMQ_DKG, BCLog::Level::Debug,
36 0 : strprintf("QuorumDKG(type=%s, qIndex=%d, h=%d, member=%d)", _quorumDkg.params.name, _quorumDkg.quorumIndex,
37 0 : _quorumDkg.m_quorum_base_block_index->nHeight, _quorumDkg.AreWeMember()),
38 0 : __FILE__, source_line)
39 0 : {
40 0 : }
41 :
42 : static std::array<std::atomic<double>, std23::to_underlying(DKGError::type::_COUNT)> simDkgErrorMap{};
43 :
44 8 : void SetSimulatedDKGErrorRate(DKGError::type type, double rate)
45 : {
46 8 : if (type >= DKGError::type::_COUNT) return;
47 7 : simDkgErrorMap[std23::to_underlying(type)] = rate;
48 8 : }
49 :
50 16 : double GetSimulatedErrorRate(DKGError::type type)
51 : {
52 16 : if (type >= DKGError::type::_COUNT) return 0;
53 14 : return simDkgErrorMap[std23::to_underlying(type)];
54 16 : }
55 :
56 0 : bool CDKGSession::ShouldSimulateError(DKGError::type type) const
57 : {
58 0 : if (params.type != Consensus::LLMQType::LLMQ_TEST) {
59 0 : return false;
60 : }
61 0 : double rate = GetSimulatedErrorRate(type);
62 0 : return GetRandBool(rate);
63 0 : }
64 :
65 0 : CDKGMember::CDKGMember(const CDeterministicMNCPtr& _dmn, size_t _idx) :
66 0 : dmn(_dmn),
67 0 : idx(_idx),
68 0 : id(_dmn->proTxHash)
69 0 : {
70 0 : }
71 :
72 0 : uint256 CDKGPrematureCommitment::GetSignHash() const
73 : {
74 0 : return BuildCommitmentHash(llmqType, quorumHash, validMembers, quorumPublicKey, quorumVvecHash);
75 : }
76 :
77 0 : CDKGSession::CDKGSession(CBLSWorker& _blsWorker, CDeterministicMNManager& dmnman, CDKGDebugManager& _dkgDebugManager,
78 : CDKGSessionManager& _dkgManager, CQuorumSnapshotManager& qsnapman,
79 : const ChainstateManager& chainman, const CBlockIndex* pQuorumBaseBlockIndex,
80 : const Consensus::LLMQParams& _params) :
81 0 : blsWorker{_blsWorker},
82 0 : cache{_blsWorker},
83 0 : m_dmnman{dmnman},
84 0 : dkgDebugManager{_dkgDebugManager},
85 0 : dkgManager{_dkgManager},
86 0 : m_qsnapman{qsnapman},
87 0 : m_chainman{chainman},
88 0 : params{_params},
89 0 : m_quorum_base_block_index{pQuorumBaseBlockIndex}
90 0 : {
91 0 : }
92 :
93 0 : CDKGSession::~CDKGSession() = default;
94 :
95 0 : bool CDKGSession::Init(const uint256& _myProTxHash, int _quorumIndex)
96 : {
97 0 : const auto mns = utils::GetAllQuorumMembers(params.type, {m_dmnman, m_qsnapman, m_chainman, m_quorum_base_block_index});
98 0 : quorumIndex = _quorumIndex;
99 0 : members.resize(mns.size());
100 0 : memberIds.resize(members.size());
101 0 : receivedVvecs.resize(members.size());
102 0 : receivedSkContributions.resize(members.size());
103 0 : vecEncryptedContributions.resize(members.size());
104 :
105 0 : for (const auto i : util::irange(mns.size())) {
106 0 : members[i] = std::make_unique<CDKGMember>(mns[i], i);
107 0 : membersMap.emplace(members[i]->dmn->proTxHash, i);
108 0 : memberIds[i] = members[i]->id;
109 : }
110 :
111 0 : if (!_myProTxHash.IsNull()) {
112 0 : for (const auto i : util::irange(members.size())) {
113 0 : const auto& m = members[i];
114 0 : if (m->dmn->proTxHash == _myProTxHash) {
115 0 : myIdx = i;
116 0 : myProTxHash = _myProTxHash;
117 0 : myId = m->id;
118 0 : break;
119 : }
120 : }
121 0 : }
122 :
123 0 : CDKGLogger logger(*this, __func__, __LINE__);
124 :
125 0 : if (LogAcceptDebug(BCLog::LLMQ) && IsQuorumRotationEnabled(params, m_quorum_base_block_index)) {
126 0 : int cycleQuorumBaseHeight = m_quorum_base_block_index->nHeight - quorumIndex;
127 0 : const CBlockIndex* pCycleQuorumBaseBlockIndex = m_quorum_base_block_index->GetAncestor(cycleQuorumBaseHeight);
128 0 : std::stringstream ss;
129 0 : for (const auto& mn : members) {
130 0 : ss << mn->dmn->proTxHash.ToString().substr(0, 4) << " | ";
131 : }
132 0 : logger.Batch("DKGComposition h[%d] i[%d] DKG:[%s]", pCycleQuorumBaseBlockIndex->nHeight, quorumIndex, ss.str());
133 0 : }
134 :
135 0 : if (mns.size() < size_t(params.minSize)) {
136 0 : logger.Batch("not enough members (%d < %d), aborting init", mns.size(), params.minSize);
137 0 : return false;
138 : }
139 :
140 0 : if (!myProTxHash.IsNull()) {
141 0 : dkgDebugManager.InitLocalSessionStatus(params, quorumIndex, m_quorum_base_block_index->GetBlockHash(), m_quorum_base_block_index->nHeight);
142 0 : relayMembers = utils::GetQuorumRelayMembers(params, {m_dmnman, m_qsnapman, m_chainman, m_quorum_base_block_index}, myProTxHash,
143 : /*onlyOutbound=*/true);
144 0 : if (LogAcceptDebug(BCLog::LLMQ)) {
145 0 : std::stringstream ss;
146 0 : for (const auto& r : relayMembers) {
147 0 : ss << r.ToString().substr(0, 4) << " | ";
148 : }
149 0 : logger.Batch("forMember[%s] relayMembers[%s]", myProTxHash.ToString().substr(0, 4), ss.str());
150 0 : }
151 0 : }
152 :
153 0 : if (myProTxHash.IsNull()) {
154 0 : logger.Batch("initialized as observer. mns=%d", mns.size());
155 0 : } else {
156 0 : logger.Batch("initialized as member. mns=%d", mns.size());
157 : }
158 :
159 0 : return true;
160 0 : }
161 :
162 : // only performs cheap verifications, but not the signature of the message. this is checked with batched verification
163 0 : bool CDKGSession::PreVerifyMessage(const CDKGContribution& qc, bool& retBan) const
164 : {
165 0 : CDKGLogger logger(*this, __func__, __LINE__);
166 :
167 0 : retBan = false;
168 :
169 0 : if (qc.quorumHash != m_quorum_base_block_index->GetBlockHash()) {
170 0 : logger.Batch("contribution for wrong quorum, rejecting");
171 0 : return false;
172 : }
173 :
174 0 : auto* member = GetMember(qc.proTxHash);
175 0 : if (member == nullptr) {
176 0 : logger.Batch("contributor not a member of this quorum, rejecting contribution");
177 0 : retBan = true;
178 0 : return false;
179 : }
180 :
181 0 : if (qc.contributions->blobs.size() != members.size()) {
182 0 : logger.Batch("invalid contributions count");
183 0 : retBan = true;
184 0 : return false;
185 : }
186 0 : if (qc.vvec->size() != size_t(params.threshold)) {
187 0 : logger.Batch("invalid verification vector length");
188 0 : retBan = true;
189 0 : return false;
190 : }
191 :
192 0 : if (!CBLSWorker::VerifyVerificationVector(*qc.vvec)) {
193 0 : logger.Batch("invalid verification vector");
194 0 : retBan = true;
195 0 : return false;
196 : }
197 :
198 0 : if (member->contributions.size() >= 2) {
199 : // don't do any further processing if we got more than 1 valid contributions already
200 : // this is a DoS protection against members sending multiple contributions with valid signatures to us
201 : // we must bail out before any expensive BLS verification happens
202 0 : logger.Batch("dropping contribution from %s as we already got %d contributions", member->dmn->proTxHash.ToString(), member->contributions.size());
203 0 : return false;
204 : }
205 :
206 0 : return true;
207 0 : }
208 :
209 0 : std::optional<CInv> CDKGSession::ReceiveMessage(const CDKGContribution& qc)
210 : {
211 0 : CDKGLogger logger(*this, __func__, __LINE__);
212 0 : cxxtimer::Timer t1(true);
213 :
214 0 : auto state = WITH_LOCK(invCs, return ReceiveMessagePreamble(qc, MsgPhase::Contribution, logger));
215 0 : if (!state) return std::nullopt;
216 0 : auto& [member, hash, inv, should_process] = *state;
217 0 : if (!should_process) return inv;
218 :
219 0 : receivedVvecs[member->idx] = qc.vvec;
220 :
221 0 : int receivedCount = std::ranges::count_if(members, [](const auto& m) { return !m->contributions.empty(); });
222 :
223 0 : logger.Batch("received and relayed contribution. received=%d/%d, time=%d", receivedCount, members.size(), t1.count());
224 :
225 0 : if (!AreWeMember()) {
226 0 : return inv;
227 : }
228 :
229 0 : cxxtimer::Timer t2(true);
230 0 : dkgManager.WriteVerifiedVvecContribution(params.type, m_quorum_base_block_index, qc.proTxHash, qc.vvec);
231 :
232 0 : bool complain = false;
233 0 : CBLSSecretKey skContribution;
234 0 : if (!MaybeDecrypt(*qc.contributions, *myIdx, skContribution, PROTOCOL_VERSION)) {
235 0 : logger.Batch("contribution from %s could not be decrypted", member->dmn->proTxHash.ToString());
236 0 : complain = true;
237 0 : } else if (member->idx != myIdx && ShouldSimulateError(DKGError::type::COMPLAIN_LIE)) {
238 0 : logger.Batch("lying/complaining for %s", member->dmn->proTxHash.ToString());
239 0 : complain = true;
240 0 : }
241 :
242 0 : if (complain) {
243 0 : member->weComplain = true;
244 0 : dkgDebugManager.UpdateLocalMemberStatus(params.type, quorumIndex, member->idx, [&](CDKGDebugMemberStatus& status) {
245 0 : status.statusBits.weComplain = true;
246 0 : return true;
247 : });
248 0 : return inv;
249 : }
250 :
251 0 : logger.Batch("decrypted our contribution share. time=%d", t2.count());
252 :
253 0 : receivedSkContributions[member->idx] = skContribution;
254 0 : vecEncryptedContributions[member->idx] = qc.contributions;
255 0 : LOCK(cs_pending);
256 0 : pendingContributionVerifications.emplace_back(member->idx);
257 0 : if (pendingContributionVerifications.size() >= 32) {
258 0 : VerifyPendingContributions();
259 0 : }
260 0 : return inv;
261 0 : }
262 :
263 : // only performs cheap verifications, but not the signature of the message. this is checked with batched verification
264 0 : bool CDKGSession::PreVerifyMessage(const CDKGComplaint& qc, bool& retBan) const
265 : {
266 0 : CDKGLogger logger(*this, __func__, __LINE__);
267 :
268 0 : retBan = false;
269 :
270 0 : if (qc.quorumHash != m_quorum_base_block_index->GetBlockHash()) {
271 0 : logger.Batch("complaint for wrong quorum, rejecting");
272 0 : return false;
273 : }
274 :
275 0 : auto* member = GetMember(qc.proTxHash);
276 0 : if (member == nullptr) {
277 0 : logger.Batch("complainer not a member of this quorum, rejecting complaint");
278 0 : retBan = true;
279 0 : return false;
280 : }
281 :
282 0 : if (qc.badMembers.size() != (size_t)params.size) {
283 0 : logger.Batch("invalid badMembers bitset size");
284 0 : retBan = true;
285 0 : return false;
286 : }
287 :
288 0 : if (qc.complainForMembers.size() != (size_t)params.size) {
289 0 : logger.Batch("invalid complainForMembers bitset size");
290 0 : retBan = true;
291 0 : return false;
292 : }
293 :
294 0 : if (member->complaints.size() >= 2) {
295 : // don't do any further processing if we got more than 1 valid complaints already
296 : // this is a DoS protection against members sending multiple complaints with valid signatures to us
297 : // we must bail out before any expensive BLS verification happens
298 0 : logger.Batch("dropping complaint from %s as we already got %d complaints",
299 0 : member->dmn->proTxHash.ToString(), member->complaints.size());
300 0 : return false;
301 : }
302 :
303 0 : return true;
304 0 : }
305 :
306 0 : std::optional<CInv> CDKGSession::ReceiveMessage(const CDKGComplaint& qc)
307 : {
308 0 : CDKGLogger logger(*this, __func__, __LINE__);
309 :
310 0 : auto state = WITH_LOCK(invCs, return ReceiveMessagePreamble(qc, MsgPhase::Complaint, logger));
311 0 : if (!state) return std::nullopt;
312 0 : auto& [member, hash, inv, should_process] = *state;
313 0 : if (!should_process) return inv;
314 :
315 0 : int receivedCount = 0;
316 0 : for (const auto i : util::irange(members.size())) {
317 0 : const auto& m = members[i];
318 0 : if (qc.badMembers[i]) {
319 0 : logger.Batch("%s voted for %s to be bad", member->dmn->proTxHash.ToString(), m->dmn->proTxHash.ToString());
320 0 : m->badMemberVotes.emplace(qc.proTxHash);
321 0 : if (AreWeMember() && i == myIdx) {
322 0 : logger.Batch("%s voted for us to be bad", member->dmn->proTxHash.ToString());
323 0 : }
324 0 : }
325 0 : if (qc.complainForMembers[i]) {
326 0 : m->complaintsFromOthers.emplace(qc.proTxHash);
327 0 : m->someoneComplain = true;
328 0 : dkgDebugManager.UpdateLocalMemberStatus(params.type, quorumIndex, m->idx, [&](CDKGDebugMemberStatus& status) {
329 0 : return status.complaintsFromMembers.emplace(member->idx).second;
330 : });
331 0 : if (AreWeMember() && i == myIdx) {
332 0 : logger.Batch("%s complained about us", member->dmn->proTxHash.ToString());
333 0 : }
334 0 : }
335 0 : if (!m->complaints.empty()) {
336 0 : receivedCount++;
337 0 : }
338 : }
339 :
340 0 : logger.Batch("received and relayed complaint. received=%d", receivedCount);
341 0 : return inv;
342 0 : }
343 :
344 : // only performs cheap verifications, but not the signature of the message. this is checked with batched verification
345 0 : bool CDKGSession::PreVerifyMessage(const CDKGJustification& qj, bool& retBan) const
346 : {
347 0 : CDKGLogger logger(*this, __func__, __LINE__);
348 :
349 0 : retBan = false;
350 :
351 0 : if (qj.quorumHash != m_quorum_base_block_index->GetBlockHash()) {
352 0 : logger.Batch("justification for wrong quorum, rejecting");
353 0 : return false;
354 : }
355 :
356 0 : auto* member = GetMember(qj.proTxHash);
357 0 : if (member == nullptr) {
358 0 : logger.Batch("justifier not a member of this quorum, rejecting justification");
359 0 : retBan = true;
360 0 : return false;
361 : }
362 :
363 0 : if (qj.contributions.empty()) {
364 0 : logger.Batch("justification with no contributions");
365 0 : retBan = true;
366 0 : return false;
367 : }
368 :
369 0 : std::unordered_set<size_t> contributionsSet;
370 0 : for (const auto& [index, skContribution] : qj.contributions) {
371 0 : if (GetMemberAtIndex(index) == nullptr) {
372 0 : logger.Batch("invalid contribution index");
373 0 : retBan = true;
374 0 : return false;
375 : }
376 :
377 0 : if (!contributionsSet.emplace(index).second) {
378 0 : logger.Batch("duplicate contribution index");
379 0 : retBan = true;
380 0 : return false;
381 : }
382 :
383 0 : if (!skContribution.IsValid()) {
384 0 : logger.Batch("invalid contribution");
385 0 : retBan = true;
386 0 : return false;
387 : }
388 : }
389 :
390 0 : if (member->justifications.size() >= 2) {
391 : // don't do any further processing if we got more than 1 valid justification already
392 : // this is a DoS protection against members sending multiple justifications with valid signatures to us
393 : // we must bail out before any expensive BLS verification happens
394 0 : logger.Batch("dropping justification from %s as we already got %d justifications",
395 0 : member->dmn->proTxHash.ToString(), member->justifications.size());
396 0 : return false;
397 : }
398 :
399 0 : return true;
400 0 : }
401 :
402 0 : std::optional<CInv> CDKGSession::ReceiveMessage(const CDKGJustification& qj)
403 : {
404 0 : CDKGLogger logger(*this, __func__, __LINE__);
405 :
406 0 : auto state = WITH_LOCK(invCs, return ReceiveMessagePreamble(qj, MsgPhase::Justification, logger));
407 0 : if (!state) return std::nullopt;
408 0 : auto& [member, hash, inv, should_process] = *state;
409 0 : if (!should_process) return inv;
410 :
411 0 : if (member->bad) {
412 : // we locally determined him to be bad (sent none or more then one contributions)
413 : // don't give him a second chance (but we relay the justification in case other members disagree)
414 0 : return inv;
415 : }
416 :
417 0 : for (const auto& [index, skContribution] : qj.contributions) {
418 0 : const auto* member2 = GetMemberAtIndex(index);
419 0 : assert(member2);
420 :
421 0 : if (member->complaintsFromOthers.count(member2->dmn->proTxHash) == 0) {
422 0 : logger.Batch("got justification from %s for %s even though he didn't complain",
423 0 : member->dmn->proTxHash.ToString(), member2->dmn->proTxHash.ToString());
424 0 : MarkBadMember(member->idx);
425 0 : }
426 : }
427 0 : if (member->bad) {
428 0 : return inv;
429 : }
430 :
431 0 : cxxtimer::Timer t1(true);
432 :
433 0 : std::list<std::future<bool>> futures;
434 0 : for (const auto& [index, skContribution] : qj.contributions) {
435 0 : const auto* member2 = GetMemberAtIndex(index);
436 0 : assert(member2);
437 :
438 : // watch out to not bail out before these async calls finish (they rely on valid references)
439 0 : futures.emplace_back(blsWorker.AsyncVerifyContributionShare(member2->id, receivedVvecs[member->idx], skContribution));
440 : }
441 0 : auto resultIt = futures.begin();
442 0 : for (const auto& [index, skContribution] : qj.contributions) {
443 0 : const auto* member2 = GetMemberAtIndex(index);
444 0 : assert(member2);
445 :
446 0 : bool result = (resultIt++)->get();
447 0 : if (!result) {
448 0 : logger.Batch(" %s did send an invalid justification for %s", member->dmn->proTxHash.ToString(), member2->dmn->proTxHash.ToString());
449 0 : MarkBadMember(member->idx);
450 0 : } else {
451 0 : logger.Batch(" %s justified for %s", member->dmn->proTxHash.ToString(), member2->dmn->proTxHash.ToString());
452 0 : if (AreWeMember() && member2->id == myId) {
453 0 : receivedSkContributions[member->idx] = skContribution;
454 0 : member->weComplain = false;
455 :
456 0 : dkgManager.WriteVerifiedSkContribution(params.type, m_quorum_base_block_index, member->dmn->proTxHash, skContribution);
457 0 : }
458 0 : member->complaintsFromOthers.erase(member2->dmn->proTxHash);
459 : }
460 : }
461 :
462 0 : auto receivedCount = std::count_if(members.cbegin(), members.cend(), [](const auto& m){
463 0 : return !m->justifications.empty();
464 : });
465 0 : auto expectedCount = std::count_if(members.cbegin(), members.cend(), [](const auto& m){
466 0 : return m->someoneComplain;
467 : });
468 :
469 0 : logger.Batch("verified justification: received=%d/%d time=%d", receivedCount, expectedCount, t1.count());
470 0 : return inv;
471 0 : }
472 :
473 : // only performs cheap verifications, but not the signature of the message. this is checked with batched verification
474 0 : bool CDKGSession::PreVerifyMessage(const CDKGPrematureCommitment& qc, bool& retBan) const
475 : {
476 0 : CDKGLogger logger(*this, __func__, __LINE__);
477 :
478 0 : retBan = false;
479 :
480 0 : if (qc.quorumHash != m_quorum_base_block_index->GetBlockHash()) {
481 0 : logger.Batch("commitment for wrong quorum, rejecting");
482 0 : return false;
483 : }
484 :
485 0 : auto* member = GetMember(qc.proTxHash);
486 0 : if (member == nullptr) {
487 0 : logger.Batch("committer not a member of this quorum, rejecting premature commitment");
488 0 : retBan = true;
489 0 : return false;
490 : }
491 :
492 0 : if (qc.validMembers.size() != (size_t)params.size) {
493 0 : logger.Batch("invalid validMembers bitset size");
494 0 : retBan = true;
495 0 : return false;
496 : }
497 :
498 0 : if (qc.CountValidMembers() < params.minSize) {
499 0 : logger.Batch("invalid validMembers count. validMembersCount=%d", qc.CountValidMembers());
500 0 : retBan = true;
501 0 : return false;
502 : }
503 0 : if (!qc.sig.IsValid()) {
504 0 : logger.Batch("invalid membersSig");
505 0 : retBan = true;
506 0 : return false;
507 : }
508 0 : if (!qc.quorumSig.IsValid()) {
509 0 : logger.Batch("invalid quorumSig");
510 0 : retBan = true;
511 0 : return false;
512 : }
513 :
514 0 : for (const auto i : std::views::iota(members.size(), size_t(params.size))) {
515 : // cppcheck-suppress useStlAlgorithm
516 0 : if (qc.validMembers[i]) {
517 0 : retBan = true;
518 0 : logger.Batch("invalid validMembers bitset. bit %d should not be set", i);
519 0 : return false;
520 : }
521 : }
522 :
523 0 : if (member->prematureCommitments.size() >= 2) {
524 : // don't do any further processing if we got more than 1 valid commitment already
525 : // this is a DoS protection against members sending multiple commitments with valid signatures to us
526 : // we must bail out before any expensive BLS verification happens
527 0 : logger.Batch("dropping commitment from %s as we already got %d commitments",
528 0 : member->dmn->proTxHash.ToString(), member->prematureCommitments.size());
529 0 : return false;
530 : }
531 :
532 0 : return true;
533 0 : }
534 :
535 0 : std::optional<CInv> CDKGSession::ReceiveMessage(const CDKGPrematureCommitment& qc)
536 : {
537 0 : CDKGLogger logger(*this, __func__, __LINE__);
538 :
539 0 : cxxtimer::Timer t1(true);
540 :
541 0 : logger.Batch("received premature commitment from %s. validMembers=%d", qc.proTxHash.ToString(), qc.CountValidMembers());
542 :
543 0 : auto* member = GetMember(qc.proTxHash);
544 0 : const uint256 hash = ::SerializeHash(qc);
545 :
546 : {
547 0 : LOCK(invCs);
548 :
549 : // keep track of ALL commitments but only relay valid ones (or if we couldn't build the vvec)
550 : // relaying is done further down
551 0 : prematureCommitments.emplace(hash, qc);
552 0 : member->prematureCommitments.emplace(hash);
553 0 : }
554 :
555 0 : std::vector<uint16_t> memberIndexes;
556 0 : std::vector<BLSVerificationVectorPtr> vvecs;
557 0 : std::vector<CBLSSecretKey> skContributions;
558 0 : BLSVerificationVectorPtr quorumVvec;
559 0 : if (dkgManager.GetVerifiedContributions(params.type, m_quorum_base_block_index, qc.validMembers, memberIndexes, vvecs, skContributions)) {
560 0 : quorumVvec = cache.BuildQuorumVerificationVector(::SerializeHash(memberIndexes), vvecs);
561 0 : }
562 :
563 0 : if (quorumVvec == nullptr) {
564 0 : logger.Batch("failed to build quorum verification vector. skipping full verification");
565 : // we might be the unlucky one who didn't receive all contributions, but we still have to relay
566 : // the premature commitment as others might be luckier
567 0 : } else {
568 : // we got all information that is needed to verify everything (even though we might not be a member of the quorum)
569 : // if any of this verification fails, we won't relay this message. This ensures that invalid messages are lost
570 : // in the network. Nodes relaying such invalid messages to us are not punished as they might have not known
571 : // all contributions. We only handle up to 2 commitments per member, so a DoS shouldn't be possible
572 :
573 0 : if ((*quorumVvec)[0] != qc.quorumPublicKey) {
574 0 : logger.Batch("calculated quorum public key does not match");
575 0 : return std::nullopt;
576 : }
577 0 : uint256 vvecHash = ::SerializeHash(*quorumVvec);
578 0 : if (qc.quorumVvecHash != vvecHash) {
579 0 : logger.Batch("calculated quorum vvec hash does not match");
580 0 : return std::nullopt;
581 : }
582 :
583 0 : CBLSPublicKey pubKeyShare = cache.BuildPubKeyShare(::SerializeHash(std::make_pair(memberIndexes, member->id)), quorumVvec, member->id);
584 0 : if (!pubKeyShare.IsValid()) {
585 0 : logger.Batch("failed to calculate public key share");
586 0 : return std::nullopt;
587 : }
588 :
589 0 : if (!qc.quorumSig.VerifyInsecure(pubKeyShare, qc.GetSignHash())) {
590 0 : logger.Batch("failed to verify quorumSig");
591 0 : return std::nullopt;
592 : }
593 : }
594 :
595 0 : WITH_LOCK(invCs, validCommitments.emplace(hash));
596 :
597 0 : CInv inv(MSG_QUORUM_PREMATURE_COMMITMENT, hash);
598 :
599 0 : dkgDebugManager.UpdateLocalMemberStatus(params.type, quorumIndex, member->idx, [&](CDKGDebugMemberStatus& status) {
600 0 : status.statusBits.receivedPrematureCommitment = true;
601 0 : return true;
602 : });
603 :
604 0 : int receivedCount = std::ranges::count_if(members, [](const auto& m) { return !m->prematureCommitments.empty(); });
605 :
606 0 : t1.stop();
607 :
608 0 : logger.Batch("verified premature commitment. received=%d/%d, time=%d", receivedCount, members.size(), t1.count());
609 0 : return inv;
610 0 : }
611 :
612 0 : CDKGMember* CDKGSession::GetMember(const uint256& proTxHash) const
613 : {
614 0 : auto it = membersMap.find(proTxHash);
615 0 : if (it == membersMap.end()) {
616 0 : return nullptr;
617 : }
618 0 : return members[it->second].get();
619 0 : }
620 :
621 0 : CDKGMember* CDKGSession::GetMemberAtIndex(size_t index) const
622 : {
623 0 : if (index >= members.size()) return nullptr;
624 0 : return members[index].get();
625 0 : }
626 :
627 0 : std::vector<CFinalCommitment> CDKGSession::FinalizeCommitments() { return {}; }
628 :
629 0 : CFinalCommitment CDKGSession::FinalizeSingleCommitment() { return {}; }
630 :
631 0 : bool CDKGSession::GetContribution(const uint256& hash, CDKGContribution& ret) const
632 : {
633 0 : LOCK(invCs);
634 0 : auto it = contributions.find(hash);
635 0 : if (it == contributions.end()) return false;
636 0 : ret = it->second;
637 0 : return true;
638 0 : }
639 :
640 0 : bool CDKGSession::GetComplaint(const uint256& hash, CDKGComplaint& ret) const
641 : {
642 0 : LOCK(invCs);
643 0 : auto it = complaints.find(hash);
644 0 : if (it == complaints.end()) return false;
645 0 : ret = it->second;
646 0 : return true;
647 0 : }
648 :
649 0 : bool CDKGSession::GetJustification(const uint256& hash, CDKGJustification& ret) const
650 : {
651 0 : LOCK(invCs);
652 0 : auto it = justifications.find(hash);
653 0 : if (it == justifications.end()) return false;
654 0 : ret = it->second;
655 0 : return true;
656 0 : }
657 :
658 0 : bool CDKGSession::GetPrematureCommitment(const uint256& hash, CDKGPrematureCommitment& ret) const
659 : {
660 0 : LOCK(invCs);
661 0 : auto it = prematureCommitments.find(hash);
662 0 : if (it == prematureCommitments.end() || !validCommitments.count(hash)) return false;
663 0 : ret = it->second;
664 0 : return true;
665 0 : }
666 :
667 : template <typename MsgType>
668 0 : std::optional<CDKGSession::ReceiveMessageState> CDKGSession::ReceiveMessagePreamble(const MsgType& msg, MsgPhase phase, CDKGLogger& logger)
669 : {
670 0 : auto* member = GetMember(msg.proTxHash);
671 0 : if (member == nullptr) {
672 0 : logger.Batch("message from non-member %s", msg.proTxHash.ToString());
673 0 : return std::nullopt;
674 : }
675 :
676 0 : GetDataMsg inv_type{0};
677 0 : std::string msg_name;
678 :
679 : // Select member set, inv type, and name based on phase
680 0 : auto& member_set = [&]() -> Uint256HashSet& {
681 0 : switch (phase) {
682 : case MsgPhase::Contribution:
683 0 : inv_type = MSG_QUORUM_CONTRIB;
684 0 : msg_name = "contribution";
685 0 : return member->contributions;
686 : case MsgPhase::Complaint:
687 0 : inv_type = MSG_QUORUM_COMPLAINT;
688 0 : msg_name = "complaint";
689 0 : return member->complaints;
690 : case MsgPhase::Justification:
691 0 : inv_type = MSG_QUORUM_JUSTIFICATION;
692 0 : msg_name = "justification";
693 0 : return member->justifications;
694 : }
695 0 : assert(false);
696 0 : }();
697 :
698 0 : logger.Batch("received %s from %s", msg_name, msg.proTxHash.ToString());
699 :
700 0 : if (member_set.size() >= 2) {
701 : // only relay up to 2 messages, that's enough to let the other members know about his bad behavior
702 0 : return std::nullopt;
703 : }
704 :
705 0 : const uint256 hash = ::SerializeHash(msg);
706 0 : member_set.emplace(hash);
707 : if constexpr (std::is_same_v<MsgType, CDKGContribution>) {
708 0 : contributions.emplace(hash, msg);
709 : } else if constexpr (std::is_same_v<MsgType, CDKGComplaint>) {
710 0 : complaints.emplace(hash, msg);
711 : } else if constexpr (std::is_same_v<MsgType, CDKGJustification>) {
712 0 : justifications.emplace(hash, msg);
713 : }
714 :
715 0 : dkgDebugManager.UpdateLocalMemberStatus(params.type, quorumIndex, member->idx, [phase](CDKGDebugMemberStatus& status) {
716 0 : switch (phase) {
717 0 : case MsgPhase::Contribution: status.statusBits.receivedContribution = true; break;
718 0 : case MsgPhase::Complaint: status.statusBits.receivedComplaint = true; break;
719 0 : case MsgPhase::Justification: status.statusBits.receivedJustification = true; break;
720 : }
721 0 : return true;
722 : });
723 :
724 0 : bool should_process{true};
725 0 : if (member_set.size() > 1) {
726 : // don't do any further processing if we got more than 1 justification. we already relayed it,
727 : // so others know about his bad behavior
728 0 : MarkBadMember(member->idx);
729 0 : logger.Batch("%s did send multiple %ss", member->dmn->proTxHash.ToString(), msg_name);
730 0 : should_process = false;
731 0 : }
732 :
733 : // we always relay, even if further verification fails
734 0 : return ReceiveMessageState{member, hash, CInv{inv_type, hash}, should_process};
735 0 : }
736 :
737 : template std::optional<CDKGSession::ReceiveMessageState> CDKGSession::ReceiveMessagePreamble<CDKGContribution>(const CDKGContribution&, MsgPhase, CDKGLogger&);
738 : template std::optional<CDKGSession::ReceiveMessageState> CDKGSession::ReceiveMessagePreamble<CDKGComplaint>(const CDKGComplaint&, MsgPhase, CDKGLogger&);
739 : template std::optional<CDKGSession::ReceiveMessageState> CDKGSession::ReceiveMessagePreamble<CDKGJustification>(const CDKGJustification&, MsgPhase, CDKGLogger&);
740 :
741 0 : void CDKGSession::MarkBadMember(size_t idx)
742 : {
743 0 : auto* member = members.at(idx).get();
744 0 : if (member->bad) {
745 0 : return;
746 : }
747 0 : dkgDebugManager.UpdateLocalMemberStatus(params.type, quorumIndex, idx, [&](CDKGDebugMemberStatus& status) {
748 0 : status.statusBits.bad = true;
749 0 : return true;
750 : });
751 0 : member->bad = true;
752 0 : }
753 : } // namespace llmq
|
