[Spec] Add the initial specs for ed25519 and multi_ed25519

[junkil-park]

Description

• modeled the native functions with uninterpreted functions
• added functional specifications
• the axioms of the uninterpreted functions will be added when needed.

Test Plan

aptos move prove

[movekevin]

Can you remove output.bpl?

[junkil-park]

Can you remove output.bpl?

I just removed it. Good call!

[alinush]

How come you don't do the length / INDIVIDUAL_PUBLIC_KEY_NUM_BYTES > MAX_NUMBER_OF_PUBLIC_KEYS check here too?

[junkil-park]

@alinush , cond is here to model the condition in this line: https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/multi_ed25519.move#L123

Does the Move function new_validated_public_key_from_bytes actually need the additional check you're mentioning?

[alinush]

I see: That check is done in the public_key_validate_internal native, which new_validated_public_key_from_bytes calls. I guess that's why I didn't replicate it.

A bit confusing now reading my own code 🤦 ...

Would you mind adding a comment at line 123 (which you linked to) that says:

// Note that `public_key_validate_internal` will check that `vector::length(&bytes) / INDIVIDUAL_PUBLIC_KEY_NUM_BYTES <= MAX_NUMBER_OF_PUBLIC_KEYS`

[junkil-park]

Thanks! Added the comment.

[alinush]

Hey @junkil-park, I was taking another look, and now I noticed that you added the length / INDIVIDUAL_PUBLIC_KEY_NUM_BYTES > MAX_NUMBER_OF_PUBLIC_KEYS check here too.

But, as per my new comment below, this abort will never happen because the native called by new_validated_public_key_from_bytes would only returns false, not abort.

[github-actions]

✅ Forge suite land_blocking success on 594878f1b0f389b5cc981953149259fe212cf804

performance benchmark with full nodes : 6630 TPS, 5971 ms latency, 9600 ms p99 latency,(!) expired 440 out of 2831720 txns
Test Ok

• Grafana dashboard
• Humio Logs
• Test runner output
• Test run is land-blocking

[github-actions]

✅ Forge suite compat success on testnet_2d8b1b57553d869190f61df1aaf7f31a8fc19a7b ==> 594878f1b0f389b5cc981953149259fe212cf804

Compatibility test results for testnet_2d8b1b57553d869190f61df1aaf7f31a8fc19a7b ==> 594878f1b0f389b5cc981953149259fe212cf804 (PR)
1. Check liveness of validators at old version: testnet_2d8b1b57553d869190f61df1aaf7f31a8fc19a7b
compatibility::simple-validator-upgrade::liveness-check : 7628 TPS, 5203 ms latency, 7000 ms p99 latency,no expired txns
2. Upgrading first Validator to new version: 594878f1b0f389b5cc981953149259fe212cf804
compatibility::simple-validator-upgrade::single-validator-upgrade : 4789 TPS, 8217 ms latency, 11400 ms p99 latency,no expired txns
3. Upgrading rest of first batch to new version: 594878f1b0f389b5cc981953149259fe212cf804
compatibility::simple-validator-upgrade::half-validator-upgrade : 5102 TPS, 7977 ms latency, 10300 ms p99 latency,no expired txns
4. upgrading second batch to new version: 594878f1b0f389b5cc981953149259fe212cf804
compatibility::simple-validator-upgrade::rest-validator-upgrade : 6744 TPS, 5789 ms latency, 9500 ms p99 latency,no expired txns
5. check swarm health
Compatibility test for testnet_2d8b1b57553d869190f61df1aaf7f31a8fc19a7b ==> 594878f1b0f389b5cc981953149259fe212cf804 passed
Test Ok

• Grafana dashboard
• Humio Logs
• Test runner output
• Test run is land-blocking

[alinush]

Hey @junkil-park, I see this says that the native aborts upon this condition, but the native never aborts.
See

aptos-core/aptos-move/framework/src/natives/cryptography/multi_ed25519.rs

Line 31 in 8218008

fn native_public_key_validate(

[alinush]

I think my initial reply in the discussion above made it seem like the native aborts upon this condition, but it merely returns false.

[junkil-park]

Thank you letting me know! I put up the fix here: https://github.com/aptos-labs/aptos-core/pull/5832/files#diff-ed6845718b5d03098f058edfc43ace50fc05ff3d18bf729521701a36b0c19bc3R45