multisig: add type and bitarray

CHANGELOG.md

@@ -114,6 +114,7 @@ information on how to implement the new `Keyring` interface.
   * (x/capability) [\#5828](https://github.com/cosmos/cosmos-sdk/pull/5828) Capability module integration as outlined in [ADR 3 - Dynamic Capability Store](https://github.com/cosmos/tree/master/docs/architecture/adr-003-dynamic-capability-store.md).
   * (x/params) [\#6005](https://github.com/cosmos/cosmos-sdk/pull/6005) Add new CLI command for querying raw x/params parameters by subspace and key.
   * (x/ibc) [\#5769](https://github.com/cosmos/cosmos-sdk/pull/5769) [ICS 009 - Loopback Client](https://github.com/cosmos/ics/tree/master/spec/ics-009-loopback-client) subpackage
+  * (crypto/multisig) [\#6241](https://github.com/cosmos/cosmos-sdk/pull/6241) Add Multisig type directly to the repo. Previously this was in tendermint.
 
 ### Bug Fixes
 

crypto/multisig/codec.go

@@ -0,0 +1,30 @@
+package multisig
+
+import (
+	amino "github.com/tendermint/go-amino"
+
+	"github.com/tendermint/tendermint/crypto"
+	"github.com/tendermint/tendermint/crypto/ed25519"
+	"github.com/tendermint/tendermint/crypto/secp256k1"
+	"github.com/tendermint/tendermint/crypto/sr25519"
+)
+
+// TODO: Figure out API for others to either add their own pubkey types, or
+// to make verify / marshal accept a cdc.
+const (
+	PubKeyAminoRoute = "tendermint/PubKeyMultisigThreshold"
+)
+
+var cdc = amino.NewCodec()
+
+func init() {
+	cdc.RegisterInterface((*crypto.PubKey)(nil), nil)
+	cdc.RegisterConcrete(PubKey{},
+		PubKeyAminoRoute, nil)
+	cdc.RegisterConcrete(ed25519.PubKeyEd25519{},
+		ed25519.PubKeyAminoName, nil)
+	cdc.RegisterConcrete(sr25519.PubKeySr25519{},
+		sr25519.PubKeyAminoName, nil)
+	cdc.RegisterConcrete(secp256k1.PubKeySecp256k1{},
+		secp256k1.PubKeyAminoName, nil)
+}

crypto/multisig/multisignature.go

@@ -0,0 +1,65 @@
+package multisig
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/cosmos/cosmos-sdk/types"
+	"github.com/tendermint/tendermint/crypto"
+)
+
+// NewMultisig returns a new Multisignature of size n.
+func NewMultisig(n int) *Multisignature {
+	// Default the signature list to have a capacity of two, since we can
+	// expect that most multisigs will require multiple signers.
+	return &Multisignature{types.NewCompactBitArray(n), make([][]byte, 0, 2)}
+}
+
+// GetIndex returns the index of pk in keys. Returns -1 if not found
+func getIndex(pk crypto.PubKey, keys []crypto.PubKey) int {
+	for i := 0; i < len(keys); i++ {
+		if pk.Equals(keys[i]) {
+			return i
+		}
+	}
+	return -1
+}
+
+// AddSignature adds a signature to the multisig, at the corresponding index.
+// If the signature already exists, replace it.
+func (mSig *Multisignature) AddSignature(sig []byte, index int) {
+	newSigIndex := mSig.BitArray.NumTrueBitsBefore(index)
+	// Signature already exists, just replace the value there
+	if mSig.BitArray.GetIndex(index) {
+		mSig.Sigs[newSigIndex] = sig
+		return
+	}
+	mSig.BitArray.SetIndex(index, true)
+	// Optimization if the index is the greatest index
+	if newSigIndex == len(mSig.Sigs) {
+		mSig.Sigs = append(mSig.Sigs, sig)
+		return
+	}
+	// Expand slice by one with a dummy element, move all elements after i
+	// over by one, then place the new signature in that gap.
+	mSig.Sigs = append(mSig.Sigs, make([]byte, 0))
+	copy(mSig.Sigs[newSigIndex+1:], mSig.Sigs[newSigIndex:])
+	mSig.Sigs[newSigIndex] = sig
+}
+
+// AddSignatureFromPubKey adds a signature to the multisig, at the index in
+// keys corresponding to the provided pubkey.
+func (mSig *Multisignature) AddSignatureFromPubKey(sig []byte, pubkey crypto.PubKey, keys []crypto.PubKey) error {
+	index := getIndex(pubkey, keys)
+	if index == -1 {
+		keysStr := make([]string, len(keys))
+		for i, k := range keys {
+			keysStr[i] = fmt.Sprintf("%X", k.Bytes())
+		}
+
+		return fmt.Errorf("provided key %X doesn't exist in pubkeys: \n%s", pubkey.Bytes(), strings.Join(keysStr, "\n"))
+	}
+
+	mSig.AddSignature(sig, index)
+	return nil
+}

crypto/multisig/threshold_pubkey.go

@@ -0,0 +1,96 @@
+package multisig
+
+import (
+	"github.com/tendermint/tendermint/crypto"
+)
+
+// PubKey implements a K of N threshold multisig.
+type PubKey struct {
+	K       uint            `json:"threshold"`
+	PubKeys []crypto.PubKey `json:"pubkeys"`
+}
+
+var _ crypto.PubKey = PubKey{}
+
+// NewPubKeyMultisigThreshold returns a new PubKeyMultisigThreshold.
+// Panics if len(pubkeys) < k or 0 >= k.
+func NewPubKeyMultisigThreshold(k int, pubkeys []crypto.PubKey) crypto.PubKey {
+	if k <= 0 {
+		panic("threshold k of n multisignature: k <= 0")
+	}
+	if len(pubkeys) < k {
+		panic("threshold k of n multisignature: len(pubkeys) < k")
+	}
+	for _, pubkey := range pubkeys {
+		if pubkey == nil {
+			panic("nil pubkey")
+		}
+	}
+	return PubKey{uint(k), pubkeys}
+}
+
+// VerifyBytes expects sig to be an amino encoded version of a MultiSignature.
+// Returns true iff the multisignature contains k or more signatures
+// for the correct corresponding keys,
+// and all signatures are valid. (Not just k of the signatures)
+// The multisig uses a bitarray, so multiple signatures for the same key is not
+// a concern.
+func (pk PubKey) VerifyBytes(msg []byte, marshalledSig []byte) bool {
+	var sig Multisignature
+	err := cdc.UnmarshalBinaryBare(marshalledSig, &sig)
+	if err != nil {
+		return false
+	}
+	size := sig.BitArray.Size()
+	// ensure bit array is the correct size
+	if len(pk.PubKeys) != size {
+		return false
+	}
+	// ensure size of signature list
+	if len(sig.Sigs) < int(pk.K) || len(sig.Sigs) > size {
+		return false
+	}
+	// ensure at least k signatures are set
+	if sig.BitArray.NumTrueBitsBefore(size) < int(pk.K) {
+		return false
+	}
+	// index in the list of signatures which we are concerned with.
+	sigIndex := 0
+	for i := 0; i < size; i++ {
+		if sig.BitArray.GetIndex(i) {
+			if !pk.PubKeys[i].VerifyBytes(msg, sig.Sigs[sigIndex]) {
+				return false
+			}
+			sigIndex++
+		}
+	}
+	return true
+}
+
+// Bytes returns the amino encoded version of the PubKey
+func (pk PubKey) Bytes() []byte {
+	return cdc.MustMarshalBinaryBare(pk)
+}
+
+// Address returns tmhash(PubKey.Bytes())
+func (pk PubKey) Address() crypto.Address {
+	return crypto.AddressHash(pk.Bytes())
+}
+
+// Equals returns true iff pk and other both have the same number of keys, and
+// all constituent keys are the same, and in the same order.
+func (pk PubKey) Equals(other crypto.PubKey) bool {
+	otherKey, sameType := other.(PubKey)
+	if !sameType {
+		return false
+	}
+	if pk.K != otherKey.K || len(pk.PubKeys) != len(otherKey.PubKeys) {
+		return false
+	}
+	for i := 0; i < len(pk.PubKeys); i++ {
+		if !pk.PubKeys[i].Equals(otherKey.PubKeys[i]) {
+			return false
+		}
+	}
+	return true
+}

crypto/multisig/threshold_pubkey_test.go

@@ -0,0 +1,190 @@
+package multisig
+
+import (
+	"math/rand"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/tendermint/tendermint/crypto"
+	"github.com/tendermint/tendermint/crypto/ed25519"
+	"github.com/tendermint/tendermint/crypto/secp256k1"
+	"github.com/tendermint/tendermint/crypto/sr25519"
+)
+
+// This tests multisig functionality, but it expects the first k signatures to be valid
+// TODO: Adapt it to give more flexibility about first k signatures being valid
+func TestThresholdMultisigValidCases(t *testing.T) {
+	pkSet1, sigSet1 := generatePubKeysAndSignatures(5, []byte{1, 2, 3, 4})
+	cases := []struct {
+		msg            []byte
+		k              int
+		pubkeys        []crypto.PubKey
+		signingIndices []int
+		// signatures should be the same size as signingIndices.
+		signatures           [][]byte
+		passAfterKSignatures []bool
+	}{
+		{
+			msg:                  []byte{1, 2, 3, 4},
+			k:                    2,
+			pubkeys:              pkSet1,
+			signingIndices:       []int{0, 3, 1},
+			signatures:           sigSet1,
+			passAfterKSignatures: []bool{false},
+		},
+	}
+	for tcIndex, tc := range cases {
+		multisigKey := NewPubKeyMultisigThreshold(tc.k, tc.pubkeys)
+		multisignature := NewMultisig(len(tc.pubkeys))
+
+		for i := 0; i < tc.k-1; i++ {
+			signingIndex := tc.signingIndices[i]
+			require.NoError(
+				t,
+				multisignature.AddSignatureFromPubKey(tc.signatures[signingIndex], tc.pubkeys[signingIndex], tc.pubkeys),
+			)
+			bz, err := multisignature.Marshal()
+			require.NoError(t, err)
+			require.False(
+				t,
+				multisigKey.VerifyBytes(tc.msg, bz),
+				"multisig passed when i < k, tc %d, i %d", tcIndex, i,
+			)
+			require.NoError(
+				t,
+				multisignature.AddSignatureFromPubKey(tc.signatures[signingIndex], tc.pubkeys[signingIndex], tc.pubkeys),
+			)
+			require.Equal(
+				t,
+				i+1,
+				len(multisignature.Sigs),
+				"adding a signature for the same pubkey twice increased signature count by 2, tc %d", tcIndex,
+			)
+		}
+		bz, err := multisignature.Marshal()
+		require.NoError(t, err)
+		require.False(
+			t,
+			multisigKey.VerifyBytes(tc.msg, bz),
+			"multisig passed with k - 1 sigs, tc %d", tcIndex,
+		)
+		require.NoError(
+			t,
+			multisignature.AddSignatureFromPubKey(
+				tc.signatures[tc.signingIndices[tc.k]],
+				tc.pubkeys[tc.signingIndices[tc.k]],
+				tc.pubkeys,
+			),
+		)
+		bz, err = multisignature.Marshal()
+		require.NoError(t, err)
+		require.True(
+			t,
+			multisigKey.VerifyBytes(tc.msg, bz),
+			"multisig failed after k good signatures, tc %d", tcIndex,
+		)
+
+		for i := tc.k + 1; i < len(tc.signingIndices); i++ {
+			signingIndex := tc.signingIndices[i]
+
+			require.NoError(
+				t,
+				multisignature.AddSignatureFromPubKey(tc.signatures[signingIndex], tc.pubkeys[signingIndex], tc.pubkeys),
+			)
+			bz, err := multisignature.Marshal()
+			require.NoError(t, err)
+			require.Equal(
+				t,
+				tc.passAfterKSignatures[i-tc.k-1],
+				multisigKey.VerifyBytes(tc.msg, bz),
+				"multisig didn't verify as expected after k sigs, tc %d, i %d", tcIndex, i,
+			)
+			require.NoError(
+				t,
+				multisignature.AddSignatureFromPubKey(tc.signatures[signingIndex], tc.pubkeys[signingIndex], tc.pubkeys),
+			)
+			require.Equal(
+				t,
+				i+1,
+				len(multisignature.Sigs),
+				"adding a signature for the same pubkey twice increased signature count by 2, tc %d", tcIndex,
+			)
+		}
+	}
+}
+
+// TODO: Fully replace this test with table driven tests
+func TestThresholdMultisigDuplicateSignatures(t *testing.T) {
+	msg := []byte{1, 2, 3, 4, 5}
+	pubkeys, sigs := generatePubKeysAndSignatures(5, msg)
+	multisigKey := NewPubKeyMultisigThreshold(2, pubkeys)
+	multisignature := NewMultisig(5)
+	bz, err := multisignature.Marshal()
+	require.NoError(t, err)
+	require.False(t, multisigKey.VerifyBytes(msg, bz))
+	multisignature.AddSignatureFromPubKey(sigs[0], pubkeys[0], pubkeys)
+	// Add second signature manually
+	multisignature.Sigs = append(multisignature.Sigs, sigs[0])
+	require.False(t, multisigKey.VerifyBytes(msg, bz))
+}
+
+// TODO: Fully replace this test with table driven tests
+func TestMultiSigPubKeyEquality(t *testing.T) {
+	msg := []byte{1, 2, 3, 4}
+	pubkeys, _ := generatePubKeysAndSignatures(5, msg)
+	multisigKey := NewPubKeyMultisigThreshold(2, pubkeys)
+	var unmarshalledMultisig PubKey
+	cdc.MustUnmarshalBinaryBare(multisigKey.Bytes(), &unmarshalledMultisig)
+	require.True(t, multisigKey.Equals(unmarshalledMultisig))
+
+	// Ensure that reordering pubkeys is treated as a different pubkey
+	pubkeysCpy := make([]crypto.PubKey, 5)
+	copy(pubkeysCpy, pubkeys)
+	pubkeysCpy[4] = pubkeys[3]
+	pubkeysCpy[3] = pubkeys[4]
+	multisigKey2 := NewPubKeyMultisigThreshold(2, pubkeysCpy)
+	require.False(t, multisigKey.Equals(multisigKey2))
+}
+
+func TestAddress(t *testing.T) {
+	msg := []byte{1, 2, 3, 4}
+	pubkeys, _ := generatePubKeysAndSignatures(5, msg)
+	multisigKey := NewPubKeyMultisigThreshold(2, pubkeys)
+	require.Len(t, multisigKey.Address().Bytes(), 20)
+}
+
+func TestPubKeyMultisigThresholdAminoToIface(t *testing.T) {
+	msg := []byte{1, 2, 3, 4}
+	pubkeys, _ := generatePubKeysAndSignatures(5, msg)
+	multisigKey := NewPubKeyMultisigThreshold(2, pubkeys)
+
+	ab, err := cdc.MarshalBinaryLengthPrefixed(multisigKey)
+	require.NoError(t, err)
+	// like other crypto.Pubkey implementations (e.g. ed25519.PubKey),
+	// PubKey should be deserializable into a crypto.PubKey:
+	var pubKey crypto.PubKey
+	err = cdc.UnmarshalBinaryLengthPrefixed(ab, &pubKey)
+	require.NoError(t, err)
+
+	require.Equal(t, multisigKey, pubKey)
+}
+
+func generatePubKeysAndSignatures(n int, msg []byte) (pubkeys []crypto.PubKey, signatures [][]byte) {
+	pubkeys = make([]crypto.PubKey, n)
+	signatures = make([][]byte, n)
+	for i := 0; i < n; i++ {
+		var privkey crypto.PrivKey
+		switch rand.Int63() % 3 {
+		case 0:
+			privkey = ed25519.GenPrivKey()
+		case 1:
+			privkey = secp256k1.GenPrivKey()
+		case 2:
+			privkey = sr25519.GenPrivKey()
+		}
+		pubkeys[i] = privkey.PubKey()
+		signatures[i], _ = privkey.Sign(msg)
+	}
+	return
+}