add vrf

Author: lowesyang

README.md

@@ -1,7 +1,5 @@
 # Algorand
 Go implementation of Algorand algorithm. It's just a POC demo and cannot be used in PROD ENV.
 
-This demo has not implemented Verifiable Random Function(VRF), and all vrfs generation and verification success forever. 
-
 ## Docs
 - [Algorand Analysis](docs/剖析Algorand.md)

algorand.go

@@ -2,47 +2,52 @@ package main
 
 import (
 	"bytes"
-	"fmt"
-	"github.com/pkg/errors"
+	"errors"
 	"github.com/tinychain/algorand/common"
 	"gonum.org/v1/gonum/stat/distuv"
 	"math/big"
-	"sync/atomic"
 	"time"
 )
 
 var (
+	log = common.GetLogger("algorand")
+
 	errCountVotesTimeout = errors.New("count votes timeout")
 )
 
 type PID int
 
 type Algorand struct {
 	id      PID
-	pubkey  atomic.Value
 	privkey *PrivateKey
+	pubkey  *PublicKey
 
 	chain  *Blockchain
 	peer   *Peer
 	quitCh chan struct{}
 }
 
 func NewAlgorand(id PID) *Algorand {
+	pub, priv, _ := NewKeyPair()
 	alg := &Algorand{
-		id:    id,
-		chain: newBlockchain(),
+		id:      id,
+		privkey: priv,
+		pubkey:  pub,
+		chain:   newBlockchain(),
 	}
 	alg.peer = newPeer(alg)
 	return alg
 }
 
 func (alg *Algorand) start() {
 	alg.quitCh = make(chan struct{})
+	GetPeerPool().add(alg.peer)
 	go alg.run()
 }
 
 func (alg *Algorand) stop() {
 	close(alg.quitCh)
+	GetPeerPool().remove(alg.peer)
 }
 
 // round returns the latest round number.
@@ -65,21 +70,20 @@ func (alg *Algorand) tokenOwn() uint64 {
 }
 
 // seed returns the vrf-based seed of block r.
-func (alg *Algorand) vrfSeed(round uint64) (seed, proof []byte) {
+func (alg *Algorand) vrfSeed(round uint64) (seed, proof []byte, err error) {
 	if round == 0 {
-		return alg.chain.genesis.Seed, nil
+		return alg.chain.genesis.Seed, nil, nil
 	}
 	lastBlock := alg.chain.getByRound(round - 1)
 	// last block is not genesis, verify the seed r-1.
 	if round != 1 {
-		var err error
 		lastParentBlock := alg.chain.get(lastBlock.ParentHash, lastBlock.Round-1)
 		if lastBlock.Proof != nil {
 			// vrf-based seed
 			pubkey := recoverPubkey(lastBlock.Signature)
 			m := bytes.Join([][]byte{lastParentBlock.Seed, common.Uint2Bytes(lastBlock.Round)}, nil)
 
-			err = pubkey.VerifyVRF(lastBlock.Seed, lastBlock.Proof, m)
+			err = pubkey.VerifyVRF(lastBlock.Proof, m)
 		} else if bytes.Compare(lastBlock.Seed, common.Sha256(
 			bytes.Join([][]byte{
 				lastParentBlock.Seed,
@@ -90,11 +94,11 @@ func (alg *Algorand) vrfSeed(round uint64) (seed, proof []byte) {
 		}
 		if err != nil {
 			// seed r-1 invalid
-			return common.Sha256(bytes.Join([][]byte{lastBlock.Seed, common.Uint2Bytes(lastBlock.Round + 1)}, nil)).Bytes(), nil
+			return common.Sha256(bytes.Join([][]byte{lastBlock.Seed, common.Uint2Bytes(lastBlock.Round + 1)}, nil)).Bytes(), nil, nil
 		}
 	}
 
-	seed, proof = alg.privkey.Evaluate(bytes.Join([][]byte{lastBlock.Seed, common.Uint2Bytes(lastBlock.Round + 1)}, nil))
+	seed, proof, err = alg.privkey.Evaluate(bytes.Join([][]byte{lastBlock.Seed, common.Uint2Bytes(lastBlock.Round + 1)}, nil))
 	return
 }
 
@@ -111,17 +115,8 @@ func (alg *Algorand) sortitionSeed(round uint64) []byte {
 	return alg.chain.getByRound(realR).Seed
 }
 
-func (alg *Algorand) publicKey() *PublicKey {
-	if pub := alg.pubkey.Load(); pub != nil {
-		return pub.(*PublicKey)
-	}
-	pubkey := alg.privkey.PublicKey()
-	alg.pubkey.Store(pubkey)
-	return pubkey
-}
-
 func (alg *Algorand) Address() common.Address {
-	return common.BytesToAddress(alg.publicKey().Bytes())
+	return common.BytesToAddress(alg.pubkey.Bytes())
 }
 
 // run performs the all procedures of Algorand algorithm in infinite loop.
@@ -146,14 +141,16 @@ func (alg *Algorand) run() {
 // processMain performs the main processing of algorand algorithm.
 func (alg *Algorand) processMain() {
 	currRound := alg.round() + 1
+	log.Infof("node %d begin to perform consensus at round %d", alg.id, currRound)
 	// 1. block proposal
 	block := alg.blockProposal(false)
+	log.Debugf("node %d init BA with block #%d %s", alg.id, block.Round, block.Hash())
 
 	// 2. init BA with block with the highest priority.
 	consensusType, block := alg.BA(currRound, block)
 
 	// 3. reach consensus on a FINAL or TENTATIVE new block.
-	fmt.Printf("reach consensus %d at round %d, block hash %s", consensusType, currRound, block.Hash())
+	log.Infof("node %d reach consensus %d at round %d, block hash %s", alg.id, consensusType, currRound, block.Hash())
 
 	// 4. append to the chain.
 	alg.chain.add(block)
@@ -175,12 +172,15 @@ func (alg *Algorand) processForkResolve() {
 func (alg *Algorand) proposeBlock() *Block {
 	currRound := alg.round() + 1
 
-	seed, proof := alg.vrfSeed(currRound)
+	seed, proof, err := alg.vrfSeed(currRound)
+	if err != nil {
+		return nil
+	}
 	blk := &Block{
 		Round:      currRound,
 		Seed:       seed,
 		ParentHash: alg.lastBlock().Hash(),
-		Author:     alg.publicKey().Address(),
+		Author:     alg.pubkey.Address(),
 		Time:       time.Now().Unix(),
 		Proof:      proof,
 	}
@@ -211,6 +211,7 @@ func (alg *Algorand) blockProposal(resolveFork bool) *Block {
 	vrf, proof, subusers := alg.sortition(alg.sortitionSeed(round), role(iden, round, PROPOSE), expectedBlockProposers, alg.tokenOwn())
 	// have been selected.
 	if subusers > 0 {
+		log.Debugf("node %d has %d sub-users selected as block proposer", alg.id, subusers)
 		var (
 			newBlk       *Block
 			proposalType int
@@ -222,13 +223,19 @@ func (alg *Algorand) blockProposal(resolveFork bool) *Block {
 			newBlk = alg.proposeFork()
 			proposalType = FORK_PROPOSAL
 		}
+		if newBlk == nil {
+			return &Block{
+				Round:      round,
+				ParentHash: alg.lastBlock().Hash(),
+			}
+		}
 		proposal := &Proposal{
 			Round:  newBlk.Round,
 			Hash:   newBlk.Hash(),
 			Prior:  maxPriority(vrf, subusers),
 			VRF:    vrf,
 			Proof:  proof,
-			Pubkey: alg.publicKey().Bytes(),
+			Pubkey: alg.pubkey.Bytes(),
 		}
 		alg.peer.setMaxProposal(round, proposal)
 		blkMsg, _ := newBlk.Serialize()
@@ -264,14 +271,14 @@ func (alg *Algorand) blockProposal(resolveFork bool) *Block {
 
 // sortition runs cryptographic selection procedure and returns vrf,proof and amount of selected sub-users.
 func (alg *Algorand) sortition(seed, role []byte, expectedNum int, weight uint64) (vrf, proof []byte, selected int) {
-	vrf, proof = alg.privkey.Evaluate(constructSeed(seed, role))
+	vrf, proof, _ = alg.privkey.Evaluate(constructSeed(seed, role))
 	selected = subUsers(expectedNum, weight, vrf)
 	return
 }
 
 // verifySort verifies the vrf and returns the amount of selected sub-users.
 func (alg *Algorand) verifySort(vrf, proof, seed, role []byte, expectedNum int) int {
-	if err := alg.publicKey().VerifyVRF(vrf, proof, constructSeed(seed, role)); err != nil {
+	if err := alg.pubkey.VerifyVRF(proof, constructSeed(seed, role)); err != nil {
 		return 0
 	}
 
@@ -411,7 +418,7 @@ func (alg *Algorand) binaryBA(round uint64, hash common.Hash) common.Hash {
 func (alg *Algorand) countVotes(round uint64, step int, threshold float64, expectedNum int, timeout time.Duration) (common.Hash, error) {
 	expired := time.NewTimer(timeout)
 	counts := make(map[common.Hash]int)
-	voters := make(map[PublicKey]struct{})
+	voters := make(map[string]struct{})
 	it := alg.peer.voteIterator(round, step)
 	for {
 		msg := it.next()
@@ -426,10 +433,10 @@ func (alg *Algorand) countVotes(round uint64, step int, threshold float64, expec
 			voteMsg := msg.(*VoteMessage)
 			votes, hash, _ := alg.processMsg(msg.(*VoteMessage), expectedNum)
 			pubkey := voteMsg.RecoverPubkey()
-			if _, exist := voters[*pubkey]; exist || votes == 0 {
+			if _, exist := voters[string(pubkey.pk)]; exist || votes == 0 {
 				continue
 			}
-			voters[*pubkey] = struct{}{}
+			voters[string(pubkey.pk)] = struct{}{}
 			counts[hash] += votes
 			// if we got enough votes, then output the target hash
 			if uint64(counts[hash]) >= uint64(float64(expectedNum)*threshold) {

blockchain.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"github.com/tinychain/algorand/common"
+	"math/rand"
 	"sync"
 	"time"
 )
@@ -24,14 +25,32 @@ type Block struct {
 }
 
 func (blk *Block) Hash() common.Hash {
-	return common.Sha256(bytes.Join([][]byte{
+	data := bytes.Join([][]byte{
 		common.Uint2Bytes(blk.Round),
 		blk.ParentHash.Bytes(),
-		blk.Author.Bytes(),
-		common.Uint2Bytes(uint64(blk.Time)),
-		blk.Seed,
-		blk.Proof,
-	}, nil))
+	}, nil)
+
+	if !blk.Author.Nil() {
+		data = append(data, bytes.Join([][]byte{
+			blk.Author.Bytes(),
+			blk.AuthorVRF,
+			blk.AuthorProof,
+		}, nil)...)
+	}
+
+	if blk.Time != 0 {
+		data = append(data, common.Uint2Bytes(uint64(blk.Time))...)
+	}
+
+	if blk.Seed != nil {
+		data = append(data, blk.Seed...)
+	}
+
+	if blk.Proof != nil {
+		data = append(data, blk.Proof...)
+	}
+
+	return common.Sha256(data)
 }
 
 func (blk *Block) RecoverPubkey() *PublicKey {
@@ -62,14 +81,17 @@ func newBlockchain() *Blockchain {
 }
 
 func (bc *Blockchain) init() {
+	rand.Seed(time.Now().Unix())
 	emptyHash := common.Sha256([]byte{})
 	// create genesis
 	bc.genesis = &Block{
 		Round:      0,
+		Seed:       common.Uint2Bytes(rand.Uint64()),
 		ParentHash: emptyHash,
 		Author:     common.HashToAddr(emptyHash),
 		Time:       time.Now().Unix(),
 	}
+	bc.last = bc.genesis
 }
 
 func (bc *Blockchain) get(hash common.Hash, round uint64) *Block {
@@ -86,14 +108,14 @@ func (bc *Blockchain) getByRound(round uint64) *Block {
 	bc.mu.RLock()
 	defer bc.mu.RUnlock()
 	last := bc.last
-	for round != 0 {
+	for round > 0 {
 		if last.Round == round {
 			return last
 		}
 		last = bc.blocks[round-1][last.ParentHash]
 		round--
 	}
-	return nil
+	return last
 }
 
 func (bc *Blockchain) add(blk *Block) {

common/config.go

@@ -7,12 +7,6 @@ import (
 	"time"
 )
 
-const (
-	MAX_GAS_LIMIT    = "max_gas_limit"
-	MAX_EXTRA_LENGTH = "max_extra_length"
-	MAX_BLOCK_NUM    = "max_block_num"
-)
-
 type Config struct {
 	conf *viper.Viper
 	mu   sync.RWMutex

common/types.go

@@ -5,8 +5,6 @@ import (
 	"crypto/sha256"
 	"encoding/binary"
 	"encoding/hex"
-	"github.com/libp2p/go-libp2p-peer"
-	"github.com/tinychain/tinychain/p2p/pb"
 	"math/big"
 )
 
@@ -123,18 +121,6 @@ func HexToAddress(d string) Address {
 	return BytesToAddress(dec)
 }
 
-// Protocol represents the callback handler
-type Protocol interface {
-	// Typ should match the message type
-	Type() string
-
-	// Run func handles the message from the stream
-	Run(pid peer.ID, message *pb.Message) error
-
-	// Error func handles the error returned from the stream
-	Error(error)
-}
-
 func Uint2Bytes(v uint64) []byte {
 	b := make([]byte, 8)
 	binary.BigEndian.PutUint64(b, v)

crypto.go

@@ -5,9 +5,8 @@ import (
 	"crypto/rand"
 	"fmt"
 	"github.com/tinychain/algorand/common"
+	"github.com/tinychain/algorand/vrf"
 	"golang.org/x/crypto/ed25519"
-	rander "math/rand"
-	"time"
 )
 
 type PublicKey struct {
@@ -30,7 +29,8 @@ func (pub *PublicKey) VerifySign(m, sign []byte) error {
 	return nil
 }
 
-func (pub *PublicKey) VerifyVRF(vrf, proof, m []byte) error {
+func (pub *PublicKey) VerifyVRF(proof, m []byte) error {
+	vrf.ECVRF_verify(pub.pk, proof, m)
 	return nil
 }
 
@@ -51,10 +51,12 @@ func (priv *PrivateKey) Sign(m []byte) ([]byte, error) {
 	return append(pubkey, sign...), nil
 }
 
-func (priv *PrivateKey) Evaluate(m []byte) (value, proof []byte) {
-	rander.Seed(time.Now().UnixNano())
-	value, proof = common.Sha256(common.Uint2Bytes(rander.Uint64())).Bytes(),
-		common.Sha256(common.Uint2Bytes(rander.Uint64())).Bytes()
+func (priv *PrivateKey) Evaluate(m []byte) (value, proof []byte, err error) {
+	proof, err = vrf.ECVRF_prove(priv.PublicKey().pk, priv.sk, m)
+	if err != nil {
+		return
+	}
+	value = vrf.ECVRF_proof2hash(proof)
 	return
 }