Skip to content

Commit

Permalink
feat: add new eigenda-cert-verification-enabled flag
Browse files Browse the repository at this point in the history
  • Loading branch information
@samlaf
samlaf committed Sep 20, 2024
1 parent 9a6d0ad commit 6befa7c
Show file tree
Hide file tree
Showing 5 changed files with 74 additions and 57 deletions.
94 changes: 54 additions & 40 deletions server/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,6 @@ import (
const (
// eigenda client flags
EigenDADisperserRPCFlagName = "eigenda-disperser-rpc"
EthRPCFlagName = "eigenda-eth-rpc"
SvcManagerAddrFlagName = "eigenda-svc-manager-addr"
EthConfirmationDepthFlagName = "eigenda-eth-confirmation-depth"
StatusQueryRetryIntervalFlagName = "eigenda-status-query-retry-interval"
StatusQueryTimeoutFlagName = "eigenda-status-query-timeout"
DisableTLSFlagName = "eigenda-disable-tls"
Expand All @@ -29,6 +26,11 @@ const (
PutBlobEncodingVersionFlagName = "eigenda-put-blob-encoding-version"
DisablePointVerificationModeFlagName = "eigenda-disable-point-verification-mode"

CertVerificationEnabledFlagName = "eigenda-cert-verification-enabled"
EthRPCFlagName = "eigenda-eth-rpc"
SvcManagerAddrFlagName = "eigenda-svc-manager-addr"
EthConfirmationDepthFlagName = "eigenda-eth-confirmation-depth"

// kzg flags
G1PathFlagName = "eigenda-g1-path"
G2TauFlagName = "eigenda-g2-tau-path"
Expand Down Expand Up @@ -79,10 +81,13 @@ type Config struct {
// the blob encoding version to use when writing blobs from the high level interface.
PutBlobEncodingVersion codecs.BlobEncodingVersion

// eth vars
EthRPC string
SvcManagerAddr string
EthConfirmationDepth int64
// eth verification vars
// TODO: right now verification and confirmation depth are tightly coupled
// we should decouple them
CertVerificationEnabled bool
EthRPC string
SvcManagerAddr string
EthConfirmationDepth int64

// kzg vars
CacheDir string
Expand Down Expand Up @@ -143,18 +148,11 @@ func (cfg *Config) VerificationCfg() *verify.Config {
NumWorker: uint64(runtime.GOMAXPROCS(0)), // #nosec G115
}

if cfg.EthRPC == "" || cfg.SvcManagerAddr == "" {
return &verify.Config{
Verify: false,
KzgConfig: kzgCfg,
}
}

return &verify.Config{
Verify: true,
KzgConfig: kzgCfg,
VerifyCerts: cfg.CertVerificationEnabled,
RPCURL: cfg.EthRPC,
SvcManagerAddr: cfg.SvcManagerAddr,
KzgConfig: kzgCfg,
EthConfirmationDepth: uint64(cfg.EthConfirmationDepth), // #nosec G115
}
}
Expand Down Expand Up @@ -189,19 +187,20 @@ func ReadConfig(ctx *cli.Context) Config {
PutBlobEncodingVersion: codecs.BlobEncodingVersion(ctx.Uint(PutBlobEncodingVersionFlagName)),
DisablePointVerificationMode: ctx.Bool(DisablePointVerificationModeFlagName),
},
G1Path: ctx.String(G1PathFlagName),
G2PowerOfTauPath: ctx.String(G2TauFlagName),
CacheDir: ctx.String(CachePathFlagName),
MaxBlobLength: ctx.String(MaxBlobLengthFlagName),
SvcManagerAddr: ctx.String(SvcManagerAddrFlagName),
EthRPC: ctx.String(EthRPCFlagName),
EthConfirmationDepth: ctx.Int64(EthConfirmationDepthFlagName),
MemstoreEnabled: ctx.Bool(MemstoreFlagName),
MemstoreBlobExpiration: ctx.Duration(MemstoreExpirationFlagName),
MemstoreGetLatency: ctx.Duration(MemstoreGetLatencyFlagName),
MemstorePutLatency: ctx.Duration(MemstorePutLatencyFlagName),
FallbackTargets: ctx.StringSlice(FallbackTargets),
CacheTargets: ctx.StringSlice(CacheTargets),
G1Path: ctx.String(G1PathFlagName),
G2PowerOfTauPath: ctx.String(G2TauFlagName),
CacheDir: ctx.String(CachePathFlagName),
CertVerificationEnabled: ctx.Bool(CertVerificationEnabledFlagName),
MaxBlobLength: ctx.String(MaxBlobLengthFlagName),
SvcManagerAddr: ctx.String(SvcManagerAddrFlagName),
EthRPC: ctx.String(EthRPCFlagName),
EthConfirmationDepth: ctx.Int64(EthConfirmationDepthFlagName),
MemstoreEnabled: ctx.Bool(MemstoreFlagName),
MemstoreBlobExpiration: ctx.Duration(MemstoreExpirationFlagName),
MemstoreGetLatency: ctx.Duration(MemstoreGetLatencyFlagName),
MemstorePutLatency: ctx.Duration(MemstorePutLatencyFlagName),
FallbackTargets: ctx.StringSlice(FallbackTargets),
CacheTargets: ctx.StringSlice(CacheTargets),
}
// the eigenda client can only wait for 0 confirmations or finality
// the da-proxy has a more fine-grained notion of confirmation depth
Expand Down Expand Up @@ -246,18 +245,21 @@ func (cfg *Config) Check() error {
return fmt.Errorf("max blob length is 0")
}

// memstore not enabled means we use eigenda as a backend, which requires these fields to be set
if !cfg.MemstoreEnabled {
if cfg.ClientConfig.RPC == "" {
return fmt.Errorf("eigenda disperser rpc url is not set")
return fmt.Errorf("using eigenda backend (memstore.enabled=false) but eigenda disperser rpc url is not set")
}
}

if cfg.CertVerificationEnabled {
if cfg.MemstoreEnabled {
return fmt.Errorf("cannot enable cert verification when memstore is enabled")
}
if cfg.EthRPC == "" {
return fmt.Errorf("eth rpc is not set")
return fmt.Errorf("cert verification enabled but eth rpc is not set")
}

if cfg.SvcManagerAddr == "" {
return fmt.Errorf("svc manager address is not set")
return fmt.Errorf("cert verification enabled but svc manager address is not set")
}
}

Expand Down Expand Up @@ -452,19 +454,31 @@ func CLIFlags() []cli.Flag {
EnvVars: prefixEnvVars("TARGET_CACHE_PATH"),
Value: "resources/SRSTables/",
},
&cli.BoolFlag{
Name: CertVerificationEnabledFlagName,
Usage: "Whether to verify certificates from EigenDA. If false, the DA-proxy will not verify certificates and will not require an Ethereum RPC endpoint.",
EnvVars: prefixEnvVars("CERT_VERIFICATION_ENABLED"),
// TODO: ideally we'd want this to be turned on by default when eigenda backend is used (memstore.enabled=false)
Value: false,
},
&cli.StringFlag{
Name: EthRPCFlagName,
Usage: "JSON RPC node endpoint for the Ethereum network used for finalizing DA blobs. See available list here: https://docs.eigenlayer.xyz/eigenda/networks/",
Name: EthRPCFlagName,
Usage: "JSON RPC node endpoint for the Ethereum network used for finalizing DA blobs.\n" +
"See available list here: https://docs.eigenlayer.xyz/eigenda/networks/\n" +
fmt.Sprintf("Mandatory when %s is true.", CertVerificationEnabledFlagName),
EnvVars: prefixEnvVars("ETH_RPC"),
},
&cli.StringFlag{
Name: SvcManagerAddrFlagName,
Usage: "The deployed EigenDA service manager address. The list can be found here: https://github.com/Layr-Labs/eigenlayer-middleware/?tab=readme-ov-file#current-mainnet-deployment",
Name: SvcManagerAddrFlagName,
Usage: "The deployed EigenDA service manager address.\n" +
"The list can be found here: https://github.com/Layr-Labs/eigenlayer-middleware/?tab=readme-ov-file#current-mainnet-deployment\n" +
fmt.Sprintf("Mandatory when %s is true.", CertVerificationEnabledFlagName),
EnvVars: prefixEnvVars("SERVICE_MANAGER_ADDR"),
},
&cli.Int64Flag{
Name: EthConfirmationDepthFlagName,
Usage: "The number of Ethereum blocks to wait before considering a submitted blob's DA batch submission confirmed. `0` means wait for inclusion only. `-1` means wait for finality.",
Name: EthConfirmationDepthFlagName,
Usage: "The number of Ethereum blocks to wait before considering a submitted blob's DA batch submission confirmed.\n" +
"`0` means wait for inclusion only. `-1` means wait for finality.",
EnvVars: prefixEnvVars("ETH_CONFIRMATION_DEPTH"),
Value: -1,
},
Expand Down
8 changes: 4 additions & 4 deletions server/load_store.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func LoadStoreRouter(ctx context.Context, cfg CLIConfig, log log.Logger) (store.
log.Info("Using S3 backend")
s3, err = store.NewS3(cfg.S3Config)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to create S3 store: %w", err)
}
}

Expand All @@ -58,7 +58,7 @@ func LoadStoreRouter(ctx context.Context, cfg CLIConfig, log log.Logger) (store.
// create Redis backend store
redis, err = store.NewRedisStore(&cfg.RedisCfg)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to create Redis store: %w", err)
}
}

Expand All @@ -68,10 +68,10 @@ func LoadStoreRouter(ctx context.Context, cfg CLIConfig, log log.Logger) (store.

verifier, err := verify.NewVerifier(vCfg, log)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to create verifier: %w", err)
}

if vCfg.Verify {
if vCfg.VerifyCerts {
log.Info("Certificate verification with Ethereum enabled")
} else {
log.Warn("Verification disabled")
Expand Down
2 changes: 1 addition & 1 deletion store/memory_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func getDefaultMemStoreTestConfig() MemStoreConfig {

func getDefaultVerifierTestConfig() *verify.Config {
return &verify.Config{
Verify: false,
VerifyCerts: false,
KzgConfig: &kzg.KzgConfig{
G1Path: "../resources/g1.point",
G2PowerOf2Path: "../resources/g2.point.powerOf2",
Expand Down
19 changes: 11 additions & 8 deletions verify/verifier.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,45 +17,48 @@ import (
)

type Config struct {
Verify bool
KzgConfig *kzg.KzgConfig
VerifyCerts bool
// below 3 fields are only required if VerifyCerts is true
RPCURL string
SvcManagerAddr string
KzgConfig *kzg.KzgConfig
EthConfirmationDepth uint64
}

type Verifier struct {
verifyCert bool
// kzgVerifier is needed to commit blobs to the memstore
kzgVerifier *kzgverifier.Verifier
// cert verification is optional, and verifies certs retrieved from eigenDA when turned on
verifyCerts bool
cv *CertVerifier
}

func NewVerifier(cfg *Config, l log.Logger) (*Verifier, error) {
var cv *CertVerifier
var err error

if cfg.Verify {
if cfg.VerifyCerts {
cv, err = NewCertVerifier(cfg, l)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to create cert verifier: %w", err)
}
}

kzgVerifier, err := kzgverifier.NewVerifier(cfg.KzgConfig, false)
if err != nil {
return nil, err
return nil, fmt.Errorf("failed to create kzg verifier: %w", err)
}

return &Verifier{
verifyCert: cfg.Verify,
kzgVerifier: kzgVerifier,
verifyCerts: cfg.VerifyCerts,
cv: cv,
}, nil
}

// verifies V0 eigenda certificate type
func (v *Verifier) VerifyCert(cert *Certificate) error {
if !v.verifyCert {
if !v.verifyCerts {
return nil
}

Expand Down
8 changes: 4 additions & 4 deletions verify/verify_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@ func TestCommitmentVerification(t *testing.T) {
}

cfg := &Config{
Verify: false,
KzgConfig: kzgConfig,
VerifyCerts: false,
KzgConfig: kzgConfig,
}

v, err := NewVerifier(cfg, nil)
Expand Down Expand Up @@ -78,8 +78,8 @@ func TestCommitmentWithTooLargeBlob(t *testing.T) {
}

cfg := &Config{
Verify: false,
KzgConfig: kzgConfig,
VerifyCerts: false,
KzgConfig: kzgConfig,
}

v, err := NewVerifier(cfg, nil)
Expand Down

0 comments on commit 6befa7c

Please sign in to comment.