Merge pull request #116 from qubic/feature/decentralisation

Feature/decentralisation: Add score check for quorum vote verification

Author: LINCKODE

.github/workflows/custom-branch-deployment.yaml

@@ -12,7 +12,7 @@ jobs:
 
     strategy:
       matrix:
-        go-version: [ '1.22.x' ]
+        go-version: [ '1.24.x' ]
 
     steps:
       - name: "Git checkout"

.github/workflows/test.yaml

@@ -4,7 +4,7 @@ jobs:
   test-nocache:
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.24.x]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.22 AS builder
+FROM golang:1.24 AS builder
 ENV CGO_ENABLED=0
 
 WORKDIR /src

go.mod

@@ -1,21 +1,21 @@
 module github.com/qubic/go-archiver
 
-go 1.22.2
+go 1.24.0
 
 require (
 	github.com/ardanlabs/conf v1.5.0
-	github.com/cloudflare/circl v1.5.0
-	github.com/cockroachdb/pebble v1.1.2
-	github.com/google/go-cmp v0.6.0
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0
+	github.com/cloudflare/circl v1.6.1
+	github.com/cockroachdb/pebble v1.1.5
+	github.com/google/go-cmp v0.7.0
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3
 	github.com/pkg/errors v0.9.1
-	github.com/qubic/go-node-connector v0.11.0
+	github.com/qubic/go-node-connector v0.13.0
 	github.com/qubic/go-schnorrq v1.0.1
 	github.com/stretchr/testify v1.10.0
 	go.uber.org/zap v1.27.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9
-	google.golang.org/grpc v1.67.1
-	google.golang.org/protobuf v1.36.1
+	google.golang.org/genproto/googleapis/api v0.0.0-20250428153025-10db94c68c34
+	google.golang.org/grpc v1.72.0
+	google.golang.org/protobuf v1.36.6
 )
 
 require (
@@ -32,26 +32,27 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/getsentry/sentry-go v0.27.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/klauspost/compress v1.16.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/linckode/circl v1.3.71 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.0 // indirect
-	github.com/prometheus/client_model v0.2.1-0.20210607210712-147c58e9608a // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/client_golang v1.15.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/silenceper/pool v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 // indirect
-	golang.org/x/net v0.28.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect
+	golang.org/x/net v0.37.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250425173222-7b384671a197 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -21,6 +21,7 @@ const (
 	EmptyTicksPerEpoch                 = 0x13
 	LastTickQuorumDataPerEpochInterval = 0x14
 	EmptyTickListPerEpoch              = 0x15
+	TargetTickVoteSignature            = 0x16
 )
 
 func emptyTickListPerEpochKey(epoch uint32) []byte {
@@ -139,3 +140,10 @@ func tickTxStatusKey(tickNumber uint64) []byte {
 
 	return key
 }
+
+func targetTickVoteSignatureKey(epoch uint32) []byte {
+	key := []byte{TargetTickVoteSignature}
+	key = binary.BigEndian.AppendUint32(key, epoch)
+
+	return key
+}

store/keys.go

@@ -921,3 +921,31 @@ func (s *PebbleStore) DeleteEmptyTickListKeyForEpoch(epoch uint32) error {
 	}
 	return nil
 }
+
+func (s *PebbleStore) SetTargetTickVoteSignature(epoch, value uint32) error {
+	key := targetTickVoteSignatureKey(epoch)
+
+	data := make([]byte, 4)
+	binary.LittleEndian.PutUint32(data, value)
+
+	err := s.db.Set(key, data, pebble.Sync)
+	if err != nil {
+		return errors.Wrapf(err, "saving target tick vote signature for epoch %d", epoch)
+	}
+	return nil
+}
+
+func (s *PebbleStore) GetTargetTickVoteSignature(epoch uint32) (uint32, error) {
+	key := targetTickVoteSignatureKey(epoch)
+
+	value, closer, err := s.db.Get(key)
+	if err != nil {
+		if errors.Is(err, pebble.ErrNotFound) {
+			return 0, ErrNotFound
+		}
+		return 0, errors.Wrap(err, "getting target tick vote signature")
+	}
+	defer closer.Close()
+
+	return binary.LittleEndian.Uint32(value), nil
+}

store/store.go

@@ -2,15 +2,17 @@ package quorum
 
 import (
 	"context"
+	"encoding/binary"
 	"github.com/pkg/errors"
 	"github.com/qubic/go-archiver/store"
 	"github.com/qubic/go-archiver/utils"
 	"github.com/qubic/go-node-connector/types"
 	"log"
+	"slices"
 )
 
 // Validate validates the quorum votes and if success returns the aligned votes back
-func Validate(ctx context.Context, sigVerifierFunc utils.SigVerifierFunc, quorumVotes types.QuorumVotes, computors types.Computors) (types.QuorumVotes, error) {
+func Validate(ctx context.Context, sigVerifierFunc utils.SigVerifierFunc, quorumVotes types.QuorumVotes, computors types.Computors, targetTickVoteSignature uint32) (types.QuorumVotes, error) {
 	if len(quorumVotes) < types.MinimumQuorumVotes {
 		return nil, errors.New("not enough quorum votes")
 	}
@@ -26,7 +28,7 @@ func Validate(ctx context.Context, sigVerifierFunc utils.SigVerifierFunc, quorum
 	}
 
 	log.Printf("Proceed to validate total quorum sigs: %d\n", len(alignedVotes))
-	err = quorumTickSigVerify(ctx, sigVerifierFunc, alignedVotes, computors)
+	err = quorumTickSigVerify(ctx, sigVerifierFunc, alignedVotes, computors, targetTickVoteSignature)
 	if err != nil {
 		return nil, errors.Wrap(err, "quorum tick signature verification failed")
 	}
@@ -105,7 +107,7 @@ func getAlignedVotes(quorumVotes types.QuorumVotes) (types.QuorumVotes, error) {
 	return alignedVotes, nil
 }
 
-func quorumTickSigVerify(ctx context.Context, sigVerifierFunc utils.SigVerifierFunc, quorumVotes types.QuorumVotes, computors types.Computors) error {
+func quorumTickSigVerify(ctx context.Context, sigVerifierFunc utils.SigVerifierFunc, quorumVotes types.QuorumVotes, computors types.Computors, targetTickVoteSignature uint32) error {
 	var successVotes = 0
 	failedIndexes := make([]uint16, 0, 0)
 	failedIdentites := make([]string, 0, 0)
@@ -116,7 +118,7 @@ func quorumTickSigVerify(ctx context.Context, sigVerifierFunc utils.SigVerifierF
 			return errors.Wrap(err, "getting digest from tick data")
 		}
 		computorPubKey := computors.PubKeys[quorumTickData.ComputorIndex]
-		if err := sigVerifierFunc(ctx, computorPubKey, digest, quorumTickData.Signature); err != nil {
+		if err := verifyTickVoteSignature(ctx, sigVerifierFunc, computorPubKey, digest, quorumTickData.Signature, targetTickVoteSignature); err != nil {
 			//return errors.Wrapf(err, "quorum tick signature verification failed for computor index: %d", quorumTickData.ComputorIndex)
 			//log.Printf("Quorum tick signature verification failed for computor index: %d. Err: %s\n", quorumTickData.ComputorIndex, err.Error())
 			failedIndexes = append(failedIndexes, quorumTickData.ComputorIndex)
@@ -142,6 +144,25 @@ func quorumTickSigVerify(ctx context.Context, sigVerifierFunc utils.SigVerifierF
 	return nil
 }
 
+func verifyTickVoteSignature(ctx context.Context, sigVerifierFunc utils.SigVerifierFunc, computorPubKey, digest [32]byte, signature [64]byte, targetTickVoteSignature uint32) error {
+	invertedSignatureSection := swapBytes(signature[:4])
+	score := binary.LittleEndian.Uint32(invertedSignatureSection)
+
+	if score > targetTickVoteSignature {
+		return errors.New("vote signature score over target tick vote signature")
+	}
+
+	return sigVerifierFunc(ctx, computorPubKey, digest, signature)
+}
+
+func swapBytes(input []byte) []byte {
+	output := make([]byte, len(input))
+	copy(output, input)
+	slices.Reverse(output)
+
+	return output
+}
+
 func getDigestFromQuorumTickData(data types.QuorumTickVote) ([32]byte, error) {
 	// xor computor index with 8
 	data.ComputorIndex ^= 3

validator/quorum/validator.go

@@ -65,7 +65,7 @@ func TestValidateVotes(t *testing.T) {
 		},
 	}
 
-	_, err := Validate(context.Background(), mockSigVerifierFunc, originalData, types.Computors{})
+	_, err := Validate(context.Background(), mockSigVerifierFunc, originalData, types.Computors{}, 0)
 	require.ErrorContains(t, err, "not enough quorum votes")
 
 	cases := []struct {
@@ -258,3 +258,27 @@ func deepCopy(votes types.QuorumVotes) types.QuorumVotes {
 
 	return cp
 }
+
+func TestByteSwap(t *testing.T) {
+
+	testData := []struct {
+		name     string
+		data     []byte
+		expected []byte
+	}{
+		{
+			name:     "Test_ByteSwap1",
+			data:     []byte{0x01, 0x02, 0x03, 0x04, 0x05, 0x06},
+			expected: []byte{0x06, 0x05, 0x04, 0x03, 0x02, 0x01},
+		},
+	}
+
+	for _, testCase := range testData {
+		t.Run(testCase.name, func(t *testing.T) {
+
+			got := swapBytes(testCase.data)
+			require.Equal(t, testCase.expected, got)
+		})
+	}
+
+}

validator/quorum/validator_test.go

@@ -76,7 +76,24 @@ func (v *Validator) ValidateTick(ctx context.Context, initialEpochTick, tickNumb
 		return errors.Wrap(err, "storing computors")
 	}
 
-	alignedVotes, err := quorum.Validate(ctx, GoSchnorrqVerify, quorumVotes, comps)
+	targetTickVoteSignature, err := v.store.GetTargetTickVoteSignature(uint32(epoch))
+	if err != nil {
+		if !errors.Is(err, store.ErrNotFound) {
+			return errors.Wrap(err, "getting target tick vote signature")
+		}
+
+		systemInfo, err := v.qu.GetSystemInfo(ctx)
+		if err != nil {
+			return errors.Wrap(err, "fetching system info")
+		}
+		err = v.store.SetTargetTickVoteSignature(uint32(systemInfo.Epoch), systemInfo.TargetTickVoteSignature)
+		if err != nil {
+			return errors.Wrap(err, "storing target tick vote signature")
+		}
+		targetTickVoteSignature = systemInfo.TargetTickVoteSignature
+	}
+
+	alignedVotes, err := quorum.Validate(ctx, GoSchnorrqVerify, quorumVotes, comps, targetTickVoteSignature)
 	if err != nil {
 		return errors.Wrap(err, "validating quorum")
 	}