zoneconcierge/epoching: proof that a header is in an epoch

proto/babylon/epoching/v1/epoching.proto

@@ -16,9 +16,12 @@ message Epoch {
  // Babylon needs to remember the last header of each epoch to complete unbonding validators/delegations when a previous epoch's checkpoint is finalised.
  // The last_block_header field is nil in the epoch's beginning, and is set upon the end of this epoch.
  tendermint.types.Header last_block_header = 4;
+ // app_hash_root is the Merkle root of all AppHashs in this epoch
+ // It will be used for proving a block is in an epoch
+ bytes app_hash_root = 5;
  // sealer_header is the 2nd header of the next epoch
  // This validator set has generated a BLS multisig on `last_commit_hash` of the sealer header
- tendermint.types.Header sealer_header = 5;
+ tendermint.types.Header sealer_header = 6;
 }
 
 // QueuedMessage is a message that can change the validator set and is delayed to the epoch boundary

proto/babylon/zoneconcierge/query.proto

@@ -92,8 +92,8 @@ message QueryFinalizedChainInfoResponse {
  */
  // proof_tx_in_block is the proof that tx that carries the header is included in a certain Babylon block
  tendermint.types.TxProof proof_tx_in_block = 5;
- // proof_block_in_epoch is the proof that the Babylon block is in a certain epoch
- tendermint.crypto.ProofOps proof_block_in_epoch = 6;
+ // proof_header_in_epoch is the proof that the Babylon header is in a certain epoch
+ tendermint.crypto.Proof proof_header_in_epoch = 6;
  // proof_epoch_sealed is the proof that the epoch is sealed
  babylon.zoneconcierge.v1.ProofEpochSealed proof_epoch_sealed = 7;
  // proof_epoch_submitted is the proof that the epoch's checkpoint is included in BTC ledger

proto/babylon/zoneconcierge/zoneconcierge.proto

@@ -17,8 +17,8 @@ message IndexedHeader {
  // height is the height of this header on CZ ledger
  // (hash, height) jointly provides the position of the header on CZ ledger
  uint64 height = 3;
- // babylon_block_height is the height of the Babylon block that includes this header
- uint64 babylon_block_height = 4;
+ // babylon_header is the header of the babylon block that includes this CZ header
+ tendermint.types.Header babylon_header = 4;
  // epoch is the epoch number of this header on Babylon ledger
  uint64 babylon_epoch = 5;
  // babylon_tx_hash is the hash of the tx that includes this header

x/epoching/abci.go

@@ -14,6 +14,7 @@ import (
 
 // BeginBlocker is called at the beginning of every block.
 // Upon each BeginBlock,
+// - record the current AppHash
 // - if reaching the epoch beginning, then
 // - increment epoch number
 // - trigger AfterEpochBegins hook
@@ -24,6 +25,9 @@ import (
 func BeginBlocker(ctx sdk.Context, k keeper.Keeper, req abci.RequestBeginBlock) {
  defer telemetry.ModuleMeasureSince(types.ModuleName, time.Now(), telemetry.MetricKeyBeginBlocker)
 
+ // record the current AppHash
+ k.RecordAppHash(ctx)
+
  // if this block is the first block of the next epoch
  // note that we haven't incremented the epoch number yet
  epoch := k.GetEpoch(ctx)
@@ -69,7 +73,13 @@ func EndBlocker(ctx sdk.Context, k keeper.Keeper) []abci.ValidatorUpdate {
  epoch := k.GetEpoch(ctx)
  if epoch.IsLastBlock(ctx) {
  // finalise this epoch, i.e., record the current header
- k.RecordLastBlockHeader(ctx)
+ if err := k.RecordLastBlockHeader(ctx); err != nil {
+ panic(err)
+ }
+ // record the Merkle root of all AppHashs in this epoch
+ if err := k.RecordAppHashRoot(ctx); err != nil {
+ panic(err)
+ }
  // get all msgs in the msg queue
  queuedMsgs := k.GetCurrentEpochMsgs(ctx)
  // forward each msg in the msg queue to the right keeper

x/epoching/keeper/apphash_chain.go

@@ -0,0 +1,126 @@
+package keeper
+
+import (
+ "crypto/sha256"
+ "fmt"
+
+ "github.com/babylonchain/babylon/x/epoching/types"
+ "github.com/cosmos/cosmos-sdk/store/prefix"
+ sdk "github.com/cosmos/cosmos-sdk/types"
+ sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
+ "github.com/tendermint/tendermint/crypto/merkle"
+ tmcrypto "github.com/tendermint/tendermint/proto/tendermint/crypto"
+)
+
+func (k Keeper) setAppHash(ctx sdk.Context, height uint64, appHash []byte) {
+ store := k.appHashStore(ctx)
+ heightBytes := sdk.Uint64ToBigEndian(height)
+ store.Set(heightBytes, appHash)
+}
+
+// GetAppHash gets the AppHash of the header at the given height
+func (k Keeper) GetAppHash(ctx sdk.Context, height uint64) ([]byte, error) {
+ store := k.appHashStore(ctx)
+ heightBytes := sdk.Uint64ToBigEndian(height)
+ appHash := store.Get(heightBytes)
+ if appHash == nil {
+ return nil, sdkerrors.Wrapf(types.ErrInvalidHeight, "height %d is now known in DB yet", height)
+ }
+ return appHash, nil
+}
+
+// RecordAppHash stores the AppHash of the current header to KVStore
+func (k Keeper) RecordAppHash(ctx sdk.Context) {
+ header := ctx.BlockHeader()
+ height := uint64(header.Height)
+ k.setAppHash(ctx, height, header.AppHash)
+}
+
+// GetAllAppHashsForEpoch fetches all AppHashs in the given epoch
+func (k Keeper) GetAllAppHashsForEpoch(ctx sdk.Context, epochNumber uint64) ([][]byte, error) {
+ epoch, err := k.GetHistoricalEpoch(ctx, epochNumber)
+ if err != nil {
+ return nil, err
+ }
+ // if this epoch is the most recent AND has not ended, then we cannot get all AppHashs for this epoch
+ if k.GetEpoch(ctx).EpochNumber == epoch.EpochNumber && !epoch.IsLastBlock(ctx) {
+ return nil, sdkerrors.Wrapf(types.ErrInvalidHeight, "GetAllAppHashsForEpoch can only be invoked when this epoch has ended")
+ }
+
+ // fetch each AppHash in this epoch
+ appHashs := [][]byte{}
+ for i := epoch.FirstBlockHeight; i <= uint64(epoch.LastBlockHeader.Height); i++ {
+ appHash, err := k.GetAppHash(ctx, i)
+ if err != nil {
+ return nil, err
+ }
+ appHashs = append(appHashs, appHash)
+ }
+
+ return appHashs, nil
+}
+
+// RecordAppHashRoot calculates the Merkle root of all AppHashs in the current epoch, and stores it to epoch metadata
+func (k Keeper) RecordAppHashRoot(ctx sdk.Context) error {
+ epoch := k.GetEpoch(ctx)
+ appHashs, err := k.GetAllAppHashsForEpoch(ctx, epoch.EpochNumber)
+ if err != nil {
+ return err
+ }
+ appHashRoot := merkle.HashFromByteSlices(appHashs)
+ epoch.AppHashRoot = appHashRoot
+ k.setEpochInfo(ctx, epoch.EpochNumber, epoch)
+ return nil
+}
+
+// ProveAppHashInEpoch generates a proof that the given appHash is in a given epoch
+func (k Keeper) ProveAppHashInEpoch(ctx sdk.Context, height uint64, epochNumber uint64) (*tmcrypto.Proof, error) {
+ // ensure height is inside this epoch
+ epoch, err := k.GetHistoricalEpoch(ctx, epochNumber)
+ if err != nil {
+ return nil, err
+ }
+ if height < epoch.FirstBlockHeight || uint64(epoch.LastBlockHeader.Height) < height {
+ return nil, sdkerrors.Wrapf(types.ErrInvalidHeight, "the given height %d is not in epoch %d (interval [%d, %d])", height, epoch.EpochNumber, epoch.FirstBlockHeight, uint64(epoch.LastBlockHeader.Height))
+ }
+
+ // calculate index of this height in this epoch
+ idx := height - epoch.FirstBlockHeight
+
+ // fetch all AppHashs, calculate Merkle tree and proof
+ appHashs, err := k.GetAllAppHashsForEpoch(ctx, epochNumber)
+ if err != nil {
+ return nil, err
+ }
+ _, proofs := merkle.ProofsFromByteSlices(appHashs)
+
+ return proofs[idx].ToProto(), nil
+}
+
+// VerifyAppHashInclusion verifies whether the given appHash is in the Merkle tree w.r.t. the appHashRoot
+func VerifyAppHashInclusion(appHash []byte, appHashRoot []byte, proof *tmcrypto.Proof) error {
+ if len(appHash) != sha256.Size {
+ return fmt.Errorf("appHash with length %d is not a Sha256 hash", len(appHash))
+ }
+ if len(appHashRoot) != sha256.Size {
+ return fmt.Errorf("appHash with length %d is not a Sha256 hash", len(appHashRoot))
+ }
+ if proof == nil {
+ return fmt.Errorf("proof is nil")
+ }
+
+ unwrappedProof, err := merkle.ProofFromProto(proof)
+ if err != nil {
+ return err
+ }
+ return unwrappedProof.Verify(appHashRoot, appHash)
+}
+
+// appHashStore returns the KVStore for the AppHash of each header
+// prefix: AppHashKey
+// key: height
+// value: AppHash in bytes
+func (k Keeper) appHashStore(ctx sdk.Context) prefix.Store {
+ store := ctx.KVStore(k.storeKey)
+ return prefix.NewStore(store, types.AppHashKey)
+}

x/epoching/keeper/apphash_chain_test.go

@@ -0,0 +1,58 @@
+package keeper_test
+
+import (
+ "math/rand"
+ "testing"
+
+ "github.com/babylonchain/babylon/testutil/datagen"
+ "github.com/babylonchain/babylon/x/epoching/keeper"
+ "github.com/babylonchain/babylon/x/epoching/testepoching"
+ "github.com/babylonchain/babylon/x/epoching/types"
+ "github.com/stretchr/testify/require"
+)
+
+func FuzzAppHashChain(f *testing.F) {
+ datagen.AddRandomSeedsToFuzzer(f, 10)
+
+ f.Fuzz(func(t *testing.T, seed int64) {
+ rand.Seed(seed)
+
+ helper := testepoching.NewHelper(t)
+ ctx, k := helper.Ctx, helper.EpochingKeeper
+ // ensure that the epoch info is correct at the genesis
+ epoch := k.GetEpoch(ctx)
+ require.Equal(t, epoch.EpochNumber, uint64(0))
+ require.Equal(t, epoch.FirstBlockHeight, uint64(0))
+
+ // set a random epoch interval
+ epochInterval := rand.Uint64()%100 + 2 // the epoch interval should at at least 2
+ k.SetParams(ctx, types.Params{
+ EpochInterval: epochInterval,
+ })
+
+ // reach the end of the 1st epoch
+ expectedHeight := epochInterval
+ expectedAppHashs := [][]byte{}
+ for i := uint64(0); i < expectedHeight; i++ {
+ ctx = helper.GenAndApplyEmptyBlock()
+ expectedAppHashs = append(expectedAppHashs, ctx.BlockHeader().AppHash)
+ }
+ // ensure epoch number is 1
+ epoch = k.GetEpoch(ctx)
+ require.Equal(t, uint64(1), epoch.EpochNumber)
+
+ // ensure appHashs are same as expectedAppHashs
+ appHashs, err := k.GetAllAppHashsForEpoch(ctx, epoch.EpochNumber)
+ require.NoError(t, err)
+ require.Equal(t, expectedAppHashs, appHashs)
+
+ // ensure prover and verifier are correct
+ randomHeightInEpoch := uint64(rand.Intn(int(expectedHeight)) + 1)
+ randomAppHash, err := k.GetAppHash(ctx, randomHeightInEpoch)
+ require.NoError(t, err)
+ proof, err := k.ProveAppHashInEpoch(ctx, randomHeightInEpoch, epoch.EpochNumber)
+ require.NoError(t, err)
+ err = keeper.VerifyAppHashInclusion(randomAppHash, epoch.AppHashRoot, proof)
+ require.NoError(t, err)
+ })
+}

x/epoching/keeper/epochs.go

@@ -4,6 +4,7 @@ import (
  "github.com/babylonchain/babylon/x/epoching/types"
  "github.com/cosmos/cosmos-sdk/store/prefix"
  sdk "github.com/cosmos/cosmos-sdk/types"
+ sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 )
 
 const (
@@ -75,15 +76,15 @@ func (k Keeper) GetHistoricalEpoch(ctx sdk.Context, epochNumber uint64) (*types.
  return epoch, err
 }
 
-func (k Keeper) RecordLastBlockHeader(ctx sdk.Context) *types.Epoch {
+func (k Keeper) RecordLastBlockHeader(ctx sdk.Context) error {
  epoch := k.GetEpoch(ctx)
  if !epoch.IsLastBlock(ctx) {
- panic("RecordLastBlockHeader can only be invoked at the last block of an epoch")
+ return sdkerrors.Wrapf(types.ErrInvalidHeight, "RecordLastBlockHeader can only be invoked at the last block of an epoch")
  }
  header := ctx.BlockHeader()
  epoch.LastBlockHeader = &header
  k.setEpochInfo(ctx, epoch.EpochNumber, epoch)
- return epoch
+ return nil
 }
 
 // RecordSealerHeaderForPrevEpoch records the sealer header for the previous epoch,

x/epoching/testepoching/helper.go

@@ -1,9 +1,11 @@
 package testepoching
 
 import (
- "github.com/babylonchain/babylon/crypto/bls12381"
  "testing"
 
+ "github.com/babylonchain/babylon/crypto/bls12381"
+ "github.com/babylonchain/babylon/testutil/datagen"
+
  "cosmossdk.io/math"
  appparams "github.com/babylonchain/babylon/app/params"
 
@@ -110,7 +112,7 @@ func (h *Helper) GenAndApplyEmptyBlock() sdk.Context {
  valhash := CalculateValHash(valSet)
  newHeader := tmproto.Header{
  Height: newHeight,
- AppHash: h.App.LastCommitID().Hash,
+ AppHash: datagen.GenRandomByteArray(32),
  ValidatorsHash: valhash,
  NextValidatorsHash: valhash,
  }
@@ -129,7 +131,7 @@ func (h *Helper) BeginBlock() sdk.Context {
  valhash := CalculateValHash(valSet)
  newHeader := tmproto.Header{
  Height: newHeight,
- AppHash: h.App.LastCommitID().Hash,
+ AppHash: datagen.GenRandomByteArray(32),
  ValidatorsHash: valhash,
  NextValidatorsHash: valhash,
  }