Merge pull request #1603 from keep-network/minimal-number-of-supporting-signatures

Adding signature safety margin on DKG result

We are increasing the DKG nofail signature threshold to 75%. It 
gives us a 25% safety margin for relay entry signing.

Author: pdyraga

pkg/beacon/relay/dkg/result/integration_test.go

@@ -14,7 +14,7 @@ import (
 func TestExecute_IA_members24_phase13(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -39,5 +39,5 @@ func TestExecute_IA_members24_phase13(t *testing.T) {
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertNoMisbehavingMembers(t, result)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{1, 3, 5}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{1, 3, 5, 6}...)
 }

pkg/beacon/relay/dkg/result/submission.go

@@ -61,11 +61,15 @@ func (sm *SubmittingMember) SubmitDKGResult(
 		)
 	}
 
-	if len(signatures) < config.HonestThreshold {
+	// Chain rejects the result if it has less than 25% safety margin.
+	// If there are not enough signatures to preserve the margin, it does not
+	// make sense to submit the result.
+	signatureThreshold := config.HonestThreshold + (config.GroupSize-config.HonestThreshold)/2
+	if len(signatures) < signatureThreshold {
 		return fmt.Errorf(
-			"could not submit result with [%v] signatures for honest threshold [%v]",
+			"could not submit result with [%v] signatures for signature threshold [%v]",
 			len(signatures),
-			config.HonestThreshold,
+			signatureThreshold,
 		)
 	}
 

pkg/beacon/relay/dkg/result/submission_test.go

@@ -32,6 +32,7 @@ func TestSubmitDKGResult(t *testing.T) {
 		1: []byte{101},
 		2: []byte{102},
 		3: []byte{103},
+		4: []byte{104},
 	}
 
 	tStep := config.ResultPublicationBlockStep
@@ -130,6 +131,7 @@ func TestConcurrentPublishResult(t *testing.T) {
 		1: []byte{101},
 		2: []byte{102},
 		3: []byte{103},
+		4: []byte{104},
 	}
 
 	var tests = map[string]struct {

pkg/beacon/relay/gjkr/integration_test.go

@@ -205,7 +205,7 @@ func TestExecute_IA_member1_phase8(t *testing.T) {
 func TestExecute_IA_members35_phase10(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -226,12 +226,12 @@ func TestExecute_IA_members35_phase10(t *testing.T) {
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{1, 2, 4}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{1, 2, 4, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, group.MemberIndex(3), group.MemberIndex(5))
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{1, 2, 4}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{1, 2, 4, 6}...)
 }
 
 // Phase 2 test case - a member sends an invalid ephemeral public key message.
@@ -523,7 +523,7 @@ func TestExecute_DQ_member4_falseAccusation_phase5(t *testing.T) {
 func TestExecute_DQ_member2_accusesInactiveMember_phase5(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -569,12 +569,12 @@ func TestExecute_DQ_member2_accusesInactiveMember_phase5(t *testing.T) {
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, []group.MemberIndex{1, 2}...)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 }
 
 // Phase 8 test case - a member sends an invalid member public key share points
@@ -672,7 +672,7 @@ func TestExecute_DQ_members25_revealWrongPrivateKey_phase9(t *testing.T) {
 func TestExecute_DQ_members14_invalidPublicKeyShare_phase9(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -704,12 +704,12 @@ func TestExecute_DQ_members14_invalidPublicKeyShare_phase9(t *testing.T) {
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{2, 3, 5}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{2, 3, 5, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, []group.MemberIndex{1, 4}...)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{2, 3, 5}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{2, 3, 5, 6}...)
 }
 
 // Phase 9 test case - a member misbehaved by performing a false accusation
@@ -771,7 +771,7 @@ func TestExecute_DQ_member4_falseAccusation_phase9(t *testing.T) {
 func TestExecute_DQ_member2_accusesInactiveMember_phase9(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -816,12 +816,12 @@ func TestExecute_DQ_member2_accusesInactiveMember_phase9(t *testing.T) {
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, []group.MemberIndex{1, 2}...)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 }
 
 // Phase 9 test case - a member misbehaved by sending shares which
@@ -832,7 +832,7 @@ func TestExecute_DQ_member2_accusesInactiveMember_phase9(t *testing.T) {
 func TestExecute_DQ_members12_cannotDecryptTheirShares_phase9(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -883,12 +883,12 @@ func TestExecute_DQ_members12_cannotDecryptTheirShares_phase9(t *testing.T) {
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, []group.MemberIndex{1, 2}...)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 }
 
 // Phase 11 test case - a member misbehaved by not revealing its private key
@@ -899,7 +899,7 @@ func TestExecute_DQ_members12_cannotDecryptTheirShares_phase9(t *testing.T) {
 func TestExecute_DQ_member2_notRevealsDisqualifiedQualMemberKey_phase11(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -936,12 +936,12 @@ func TestExecute_DQ_member2_notRevealsDisqualifiedQualMemberKey_phase11(t *testi
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, []group.MemberIndex{1, 2}...)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 }
 
 // Phase 11 test case - a member misbehaved by revealing key of an operating
@@ -993,7 +993,7 @@ func TestExecute_DQ_member2_revealedKeyOfOperatingMember_phase11(t *testing.T) {
 func TestExecute_DQ_member5_revealsWrongPrivateKey_phase11(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -1034,12 +1034,12 @@ func TestExecute_DQ_member5_revealsWrongPrivateKey_phase11(t *testing.T) {
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{1, 2, 3}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{1, 2, 3, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, []group.MemberIndex{4, 5}...)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{1, 2, 3}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{1, 2, 3, 6}...)
 }
 
 // Phase 11 test case - a member misbehaved by revealing private key generated for
@@ -1049,7 +1049,7 @@ func TestExecute_DQ_member5_revealsWrongPrivateKey_phase11(t *testing.T) {
 func TestExecute_DQ_member2_revealsInactiveNonQualMemberKey_phase11(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -1094,12 +1094,12 @@ func TestExecute_DQ_member2_revealsInactiveNonQualMemberKey_phase11(t *testing.T
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, []group.MemberIndex{1, 2}...)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{3, 4, 5, 6}...)
 }
 
 // Phase 11 test case - a member misbehaved by sending shares which
@@ -1113,7 +1113,7 @@ func TestExecute_DQ_member2_revealsInactiveNonQualMemberKey_phase11(t *testing.T
 func TestExecute_DQ_member3_revealsDisqualifiedNonQualMemberKey_phase11(t *testing.T) {
 	t.Parallel()
 
-	groupSize := 5
+	groupSize := 6
 	honestThreshold := 3
 	seed := dkgtest.RandomSeed(t)
 
@@ -1174,12 +1174,12 @@ func TestExecute_DQ_member3_revealsDisqualifiedNonQualMemberKey_phase11(t *testi
 
 	dkgtest.AssertDkgResultPublished(t, result)
 	dkgtest.AssertSuccessfulSignersCount(t, result, groupSize-2)
-	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{1, 2, 5}...)
+	dkgtest.AssertSuccessfulSigners(t, result, []group.MemberIndex{1, 2, 5, 6}...)
 	dkgtest.AssertMemberFailuresCount(t, result, 2)
 	dkgtest.AssertSamePublicKey(t, result)
 	dkgtest.AssertMisbehavingMembers(t, result, []group.MemberIndex{3, 4}...)
 	dkgtest.AssertValidGroupPublicKey(t, result)
-	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{1, 2, 5}...)
+	dkgtest.AssertResultSupportingMembers(t, result, []group.MemberIndex{1, 2, 5, 6}...)
 }
 
 func TestExecute_InvalidMemberIndex(t *testing.T) {

solidity/contracts/KeepRandomBeaconOperator.sol

@@ -198,10 +198,7 @@ contract KeepRandomBeaconOperator is ReentrancyGuard {
         dkgResultVerification.timeDKG = 5*(1+5) + 2*(1+10) + 20;
         dkgResultVerification.resultPublicationBlockStep = resultPublicationBlockStep;
         dkgResultVerification.groupSize = groupSize;
-        // TODO: For now, the required number of signatures is equal to group
-        // threshold. This should be updated to keep a safety margin for
-        // participants misbehaving during signing.
-        dkgResultVerification.signatureThreshold = groupThreshold;
+        dkgResultVerification.signatureThreshold = groupThreshold + (groupSize - groupThreshold) / 2;
     }
 
     /**

solidity/contracts/libraries/operator/DKGResultVerification.sol

@@ -45,9 +45,6 @@ library DKGResultVerification {
      * group selection protocol.
      * @param groupSelectionEndBlock Block height at which the group selection
      * protocol ended.
-     *
-     * @return true if submitter is eligible to submit and the result is valid;
-     * Otherwise, transaction is reverted.
      */
     function verify(
         Storage storage self,
@@ -58,7 +55,7 @@ library DKGResultVerification {
         uint256[] memory signingMemberIndices,
         address[] memory members,
         uint256 groupSelectionEndBlock
-    ) public view returns (bool) {
+    ) public view {
         require(submitterMemberIndex > 0, "Invalid submitter index");
         require(
             members[submitterMemberIndex - 1] == msg.sender,
@@ -97,7 +94,5 @@ library DKGResultVerification {
 
             require(members[signingMemberIndices[i] - 1] == recoveredAddress, "Invalid signature");
         }
-
-        return true;
     }
 }

solidity/contracts/stubs/KeepRandomBeaconOperatorDKGResultStub.sol

@@ -0,0 +1,52 @@
+pragma solidity 0.5.17;
+
+import "../KeepRandomBeaconOperator.sol";
+
+
+contract KeepRandomBeaconOperatorDKGResultStub is KeepRandomBeaconOperator {
+    constructor(address _serviceContract, address _stakingContract)
+        public
+        KeepRandomBeaconOperator(_serviceContract, _stakingContract)
+    {
+        groupSelection.ticketSubmissionTimeout = 100;
+    }
+
+    function setGroupSize(uint256 size) public {
+        groupSize = size;
+        groupSelection.groupSize = size;
+        dkgResultVerification.groupSize = size;
+    }
+
+    function setGroupThreshold(uint256 threshold) public {
+        groupThreshold = threshold;
+        dkgResultVerification.signatureThreshold = threshold;
+    }
+
+    function setDKGResultSignatureThreshold(uint256 threshold) public {
+        dkgResultVerification.signatureThreshold = threshold;
+    }
+
+    function setResultPublicationBlockStep(uint256 step) public {
+        resultPublicationBlockStep = step;
+    }
+
+    function getGroupSelectionRelayEntry() public view returns (uint256) {
+        return groupSelection.seed;
+    }
+
+    function getTicketSubmissionStartBlock() public view returns (uint256) {
+        return groupSelection.ticketSubmissionStartBlock;
+    }
+
+    function isGroupSelectionInProgress() public view returns (bool) {
+        return groupSelection.inProgress;
+    }
+
+    function setGasPriceCeiling(uint256 _gasPriceCeiling) public {
+        gasPriceCeiling = _gasPriceCeiling;
+    }
+
+    function timeDKG() public view returns (uint256) {
+        return dkgResultVerification.timeDKG;
+    }
+}