StateProof: State Proof Verification additions

crypto/crypto.go

@@ -3,6 +3,7 @@ package crypto
 import (
 	"bytes"
 	"crypto/rand"
+	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/base32"
 	"encoding/base64"
@@ -36,6 +37,9 @@ var programDataPrefix = []byte("ProgData")
 // appIDPrefix is prepended to application IDs in order to compute addresses
 var appIDPrefix = []byte("appID")
 
+// StateProofMessagePrefix is prepended to the state proof message when computing its hash
+var StateProofMessagePrefix = []byte("spm")
+
 // RandomBytes fills the passed slice with randomness, and panics if it is
 // unable to do so
 func RandomBytes(s []byte) {
@@ -756,3 +760,12 @@ func GetApplicationAddress(appID uint64) types.Address {
 	hash := sha512.Sum512_256(toBeHashed)
 	return types.Address(hash)
 }
+
+func HashStateProofMessage(stateProofMessage *types.Message) types.MessageHash {
+	var stateProofMessageData []byte
+
+	stateProofMessageData = append(stateProofMessageData, StateProofMessagePrefix...)
+	stateProofMessageData = append(stateProofMessageData, msgpack.Encode(stateProofMessage)...)
+
+	return sha256.Sum256(stateProofMessageData)
+}

go.mod

@@ -5,17 +5,18 @@ go 1.17
 require (
 	github.com/algorand/avm-abi v0.1.0
 	github.com/algorand/go-codec/codec v1.1.8
+	github.com/algorand/go-stateproof-verification v0.1.0
 	github.com/cucumber/godog v0.8.1
 	github.com/google/go-querystring v1.0.0
 	github.com/stretchr/testify v1.7.1
 	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
 )
 
 require (
+	github.com/algorand/falcon v0.0.0-20220727072124-02a2a64c4414 // indirect
+	github.com/algorand/go-sumhash v1.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 // indirect
-	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
 )

go.sum

@@ -1,9 +1,15 @@
 github.com/algorand/avm-abi v0.1.0 h1:znZFQXpSUVYz37vXbaH5OZG2VK4snTyXwnc/tV9CVr4=
 github.com/algorand/avm-abi v0.1.0/go.mod h1:+CgwM46dithy850bpTeHh9MC99zpn2Snirb3QTl2O/g=
+github.com/algorand/falcon v0.0.0-20220727072124-02a2a64c4414 h1:nwYN+GQ7Z5OOfZwqBO1ma7DSlP7S1YrKWICOyjkwqrc=
+github.com/algorand/falcon v0.0.0-20220727072124-02a2a64c4414/go.mod h1:OkQyHlGvS0kLNcIWbC21/uQcnbfwSOQm+wiqWwBG9pQ=
 github.com/algorand/go-codec v1.1.8 h1:XDSreeeZY8gMst6Edz4RBkl08/DGMJOeHYkoXL2B7wI=
 github.com/algorand/go-codec v1.1.8/go.mod h1:XhzVs6VVyWMLu6cApb9/192gBjGRVGm5cX5j203Heg4=
 github.com/algorand/go-codec/codec v1.1.8 h1:lsFuhcOH2LiEhpBH3BVUUkdevVmwCRyvb7FCAAPeY6U=
 github.com/algorand/go-codec/codec v1.1.8/go.mod h1:tQ3zAJ6ijTps6V+wp8KsGDnPC2uhHVC7ANyrtkIY0bA=
+github.com/algorand/go-stateproof-verification v0.1.0 h1:mWCXcWl3BTaoI4mNTpZQDaBokiFEDORaZynxV40bQKA=
+github.com/algorand/go-stateproof-verification v0.1.0/go.mod h1:l8ak3NIB27LdtzFfZ1rxQHBUWF1OoRnXUdWfCNe+Mrg=
+github.com/algorand/go-sumhash v1.0.0 h1:00PkvdWAvPGxjd51eF84gZV81hlx3Yt/5sGeHzmcY0U=
+github.com/algorand/go-sumhash v1.0.0/go.mod h1:OOe7jdDWUhLkuP1XytkK5gnLu9entAviN5DfDZh6XAc=
 github.com/chrismcguire/gobberish v0.0.0-20150821175641-1d8adb509a0e h1:CHPYEbz71w8DqJ7DRIq+MXyCQsdibK08vdcQTY4ufas=
 github.com/chrismcguire/gobberish v0.0.0-20150821175641-1d8adb509a0e/go.mod h1:6Xhs0ZlsRjXLIiSMLKafbZxML/j30pg9Z1priLuha5s=
 github.com/cucumber/godog v0.8.1 h1:lVb+X41I4YDreE+ibZ50bdXmySxgRviYFgKY6Aw4XE8=
@@ -13,11 +19,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -50,9 +51,7 @@ golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

stateproofs/stateProofVerifier.go

@@ -0,0 +1,33 @@
+package stateproofverification
+
+import (
+	"github.com/algorand/go-stateproof-verification/stateproof"
+	"github.com/algorand/go-stateproof-verification/stateproofcrypto"
+
+	"github.com/algorand/go-algorand-sdk/crypto"
+	"github.com/algorand/go-algorand-sdk/encoding/msgpack"
+	"github.com/algorand/go-algorand-sdk/types"
+)
+
+const strengthTarget = uint64(256)
+
+type StateProofVerifier struct {
+	stateProofVerifier *stateproof.Verifier
+}
+
+func InitializeVerifier(votersCommitment types.GenericDigest, lnProvenWeight uint64) *StateProofVerifier {
+	return &StateProofVerifier{stateProofVerifier: stateproof.MkVerifierWithLnProvenWeight(stateproofcrypto.GenericDigest(votersCommitment),
+		lnProvenWeight, strengthTarget)}
+}
+
+func (v *StateProofVerifier) Verify(stateProof *types.EncodedStateProof, message *types.Message) error {
+	messageHash := crypto.HashStateProofMessage(message)
+
+	var decodedStateProof stateproof.StateProof
+	err := msgpack.Decode(*stateProof, &decodedStateProof)
+	if err != nil {
+		return err
+	}
+
+	return v.stateProofVerifier.Verify(message.LastAttestedRound, stateproofcrypto.MessageHash(messageHash), &decodedStateProof)
+}

stateproofs/stateProofVerifier_test.go

@@ -0,0 +1,46 @@
+package stateproofverification
+
+import (
+	"io/ioutil"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/algorand/go-algorand-sdk/client/v2/common/models"
+	"github.com/algorand/go-algorand-sdk/encoding/json"
+	"github.com/algorand/go-algorand-sdk/types"
+)
+
+func readJsonFile(filePath string, target interface{}, assertions *require.Assertions) {
+	contents, err := ioutil.ReadFile(filePath)
+	assertions.NoError(err)
+
+	err = json.Decode(contents, &target)
+	assertions.NoError(err)
+}
+
+func TestStateProofVerification(t *testing.T) {
+	a := require.New(t)
+
+	prevStateProofFileName := "prevStateProof.json"
+	newStateProofFileName := "newStateProof.json"
+
+	var prevStateProof models.StateProof
+	var newStateProof models.StateProof
+
+	readJsonFile(prevStateProofFileName, &prevStateProof, a)
+	readJsonFile(newStateProofFileName, &newStateProof, a)
+
+	message := types.Message{
+		BlockHeadersCommitment: newStateProof.Message.Blockheaderscommitment,
+		VotersCommitment:       newStateProof.Message.Voterscommitment,
+		LnProvenWeight:         newStateProof.Message.Lnprovenweight,
+		FirstAttestedRound:     newStateProof.Message.Firstattestedround,
+		LastAttestedRound:      newStateProof.Message.Lastattestedround,
+	}
+	encodedStateProof := types.EncodedStateProof(newStateProof.Stateproof)
+
+	verifier := InitializeVerifier(prevStateProof.Message.Voterscommitment, prevStateProof.Message.Lnprovenweight)
+	err := verifier.Verify(&encodedStateProof, &message)
+	a.NoError(err)
+}

types/lightBlockHeader.go

@@ -0,0 +1,17 @@
+package types
+
+// A Seed contains cryptographic entropy which can be used to determine a
+// committee.
+type Seed [32]byte
+
+// LightBlockHeader represents a minimal block header. It contains all the necessary fields
+// for verifying proofs on transactions.
+// In addition, this struct is designed to be used on environments where only SHA256 function exists
+type LightBlockHeader struct {
+	_struct struct{} `codec:",omitempty,omitemptyarray"`
+
+	Seed                Seed   `codec:"0"`
+	RoundNumber         Round  `codec:"r"`
+	GenesisHash         Digest `codec:"gh"`
+	Sha256TxnCommitment Digest `codec:"tc,allocbound=Sha256Size"`
+}

types/stateproof.go

@@ -1,8 +1,22 @@
 package types
 
+import "github.com/algorand/go-sumhash"
+
+// EncodedStateProof represents the msgpack encoded state proof.
+type EncodedStateProof []byte
+
+// MessageHash represents the message that a state proof will attest to.
+type MessageHash [32]byte
+
 // StateProofType identifies a particular configuration of state proofs.
 type StateProofType uint64
 
+const MaxHashDigestSize = sumhash.Sumhash512DigestSize
+
+// GenericDigest is a digest that implements CustomSizeDigest, and can be used as hash output.
+//msgp:allocbound GenericDigest MaxHashDigestSize
+type GenericDigest []byte
+
 // Message represents the message that the state proofs are attesting to. This message can be
 // used by lightweight client and gives it the ability to verify proofs on the Algorand's state.
 // In addition to that proof, this message also contains fields that