github.com/koko1123/flow-go-1@v0.29.6/consensus/hotstuff/verifier.go

github.com/koko1123/flow-go-1@v0.29.6/consensus/hotstuff/verifier.go (about)

     1  package hotstuff
     2  
     3  import (
     4  	"github.com/koko1123/flow-go-1/consensus/hotstuff/model"
     5  	"github.com/koko1123/flow-go-1/model/flow"
     6  )
     7  
     8  // Verifier is the component responsible for the cryptographic integrity of
     9  // votes, proposals and QC's against the block they are signing.
    10  // Overall, there are two criteria for the validity of a vote and QC:
    11  //
    12  // (1) the signer ID(s) must correspond to authorized consensus participants
    13  // (2) the signature must be cryptographically valid.
    14  //
    15  // Note that Verifier only implements (2). This API design allows to decouple
    16  // (i) the common logic for checking that a super-majority of the consensus
    17  // committee voted
    18  // (ii) the handling of combined staking+RandomBeacon votes (consensus nodes)
    19  // vs only staking votes (collector nodes)
    20  //
    21  // On the one hand, this API design makes code less concise, as the two checks
    22  // are now distributed over API boundaries. On the other hand, we can avoid
    23  // repeated Identity lookups in the implementation, which increases performance.
    24  type Verifier interface {
    25  
    26  	// VerifyVote checks the cryptographic validity of a vote's `SigData` w.r.t.
    27  	// the given block. It is the responsibility of the calling code to ensure
    28  	// that `voter` is authorized to vote.
    29  	// Return values:
    30  	//  * nil if `sigData` is cryptographically valid
    31  	//  * model.InvalidFormatError if the signature has an incompatible format.
    32  	//  * model.ErrInvalidSignature is the signature is invalid
    33  	//  * model.InvalidSignerError is only relevant for extended signature schemes,
    34  	//    where special signing authority is only given to a _subset_ of consensus
    35  	//    participants (e.g. random beacon). In case a participant signed despite not
    36  	//    being authorized, an InvalidSignerError is returned.
    37  	//  * unexpected errors should be treated as symptoms of bugs or uncovered
    38  	//    edge cases in the logic (i.e. as fatal)
    39  	VerifyVote(voter *flow.Identity, sigData []byte, block *model.Block) error
    40  
    41  	// VerifyQC checks the cryptographic validity of a QC's `SigData` w.r.t. the
    42  	// given block. It is the responsibility of the calling code to ensure that
    43  	// all `signers` are authorized, without duplicates.
    44  	// Return values:
    45  	//  * nil if `sigData` is cryptographically valid
    46  	//  * model.InvalidFormatError if `sigData` has an incompatible format
    47  	//  * model.InsufficientSignaturesError if `signers` is empty.
    48  	//    Depending on the order of checks in the higher-level logic this error might
    49  	//    be an indicator of a external byzantine input or an internal bug.
    50  	//  * model.ErrInvalidSignature if a signature is invalid
    51  	//  * model.InvalidSignerError is only relevant for extended signature schemes,
    52  	//    where special signing authority is only given to a _subset_ of consensus
    53  	//    participants (e.g. random beacon). In case a participant signed despite not
    54  	//    being authorized, an InvalidSignerError is returned.
    55  	//  * unexpected errors should be treated as symptoms of bugs or uncovered
    56  	//	  edge cases in the logic (i.e. as fatal)
    57  	VerifyQC(signers flow.IdentityList, sigData []byte, block *model.Block) error
    58  }