feat: Validator blacklisting dispersers (#1588)

* initial implementation of the blacklist addition

* adding the blacklist struct and funcs

* checking if the blacklist was hit or not

* changing to use disperser id

* removing api

* add explicit flags

* fixing naming

* small changes

* adding basic unit tests

* interfaces and comments

* small changes, logs

* fixing mock calls

* linter fix

* adding more test

* naming fix

* testing validator e2e

* adding latest block

* unmerged

* getting test working

* final all parts tested

* Update golangci-lint.yml

* Update kms_fuzz_test.go

* Update config.go

* adding cleanup

* merge conflict fixes

* clean up, comments and old tests

* adding deletions after 2 weeks

* fixing share state problem in tests

* fixing test

* cleanup of test

---------

Co-authored-by: anupsv <[email protected]>
Co-authored-by: anupsv <[email protected]>

Author: anupsv

.github/workflows/buf-proto.yaml

@@ -29,7 +29,7 @@ jobs:
   buf:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2
       - uses: bufbuild/buf-action@v1
         with:
           token: ${{ secrets.BUF_TOKEN }}

.github/workflows/golangci-lint.yml

@@ -21,7 +21,5 @@ jobs:
           version: ${{ env.MISE_VERSION }}
           experimental: true
       - run: go version
-
       - run: make lint
-
       - run: make fmt-check

inabox/deploy/config.go

@@ -769,6 +769,7 @@ func (env *Config) GenerateAllVariables() {
 		if err != nil {
 			log.Panicf("Error: %s", err.Error())
 		}
+
 		writeFile(composeFile, composeYaml)
 	}
 }

inabox/tests/integration_suite_test.go

@@ -143,7 +143,6 @@ var _ = BeforeSuite(func() {
 
 		fmt.Println("Deploying experiment")
 		testConfig.DeployExperiment()
-
 		pk := testConfig.Pks.EcdsaMap[deployer.Name].PrivateKey
 		pk = strings.TrimPrefix(pk, "0x")
 		pk = strings.TrimPrefix(pk, "0X")

inabox/tests/integration_v2_test.go

@@ -5,16 +5,193 @@ import (
 	"crypto/rand"
 	"encoding/hex"
 	"fmt"
+	"math/big"
+	"time"
+
+	"github.com/Layr-Labs/eigenda/api"
+	"github.com/Layr-Labs/eigenda/encoding"
+	"github.com/docker/go-units"
+	"google.golang.org/grpc"
+
+	"github.com/Layr-Labs/eigenda/api/clients/v2"
+	commonpb "github.com/Layr-Labs/eigenda/api/grpc/common/v2"
+	nodegrpc "github.com/Layr-Labs/eigenda/api/grpc/validator"
+	"github.com/Layr-Labs/eigenda/api/hashing"
+	"github.com/Layr-Labs/eigenda/core"
 
 	"github.com/Layr-Labs/eigenda/api/clients/v2/coretypes"
+	aws2 "github.com/Layr-Labs/eigenda/common/aws"
+	caws "github.com/Layr-Labs/eigenda/common/aws"
+	corev2 "github.com/Layr-Labs/eigenda/core/v2"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/kms"
+	"github.com/consensys/gnark-crypto/ecc/bn254"
+	"github.com/consensys/gnark-crypto/ecc/bn254/fr"
 	"github.com/ethereum/go-ethereum/accounts/abi/bind"
 	gethcommon "github.com/ethereum/go-ethereum/common"
-	"golang.org/x/crypto/sha3"
-
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"golang.org/x/crypto/sha3"
 )
 
+func RandomG1Point() (encoding.G1Commitment, error) {
+	// 1) pick r ← 𝐹ᵣ at random
+	var r fr.Element
+	if _, err := r.SetRandom(); err != nil {
+		return encoding.G1Commitment{}, err
+	}
+
+	// 2) compute P = r·G₁ in Jacobian form
+	G1Jac, _, _, _ := bn254.Generators()
+	var Pjac bn254.G1Jac
+
+	var rBigInt big.Int
+	r.BigInt(&rBigInt)
+	Pjac.ScalarMultiplication(&G1Jac, &rBigInt)
+
+	// 3) convert to affine (x, y)
+	var Paff bn254.G1Affine
+	Paff.FromJacobian(&Pjac)
+	return encoding.G1Commitment(Paff), nil
+}
+
+func RandomG2Point() (encoding.G2Commitment, error) {
+
+	// 1) pick r ← 𝐹ᵣ at random
+	var r fr.Element
+	if _, err := r.SetRandom(); err != nil {
+		return encoding.G2Commitment{}, err
+	}
+
+	// 2) compute P = r·G₂ in Jacobian form
+	_, g2Jac, _, _ := bn254.Generators()
+	var Pjac bn254.G2Jac
+
+	var rBigInt big.Int
+	r.BigInt(&rBigInt)
+	Pjac.ScalarMultiplication(&g2Jac, &rBigInt)
+
+	// 3) convert to affine (x, y)
+	var Paff bn254.G2Affine
+	Paff.FromJacobian(&Pjac)
+	return encoding.G2Commitment(Paff), nil
+}
+
+var _ = Describe("Inabox v2 blacklisting Integration test", func() {
+	It("test end to end scenario of blacklisting", func() {
+		ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+		defer cancel()
+
+		// random G1 point
+		g1Commitment, err := RandomG1Point()
+		if err != nil {
+			Fail("failed to generate random G1 point")
+		}
+
+		g2Commitment, err := RandomG2Point()
+		if err != nil {
+			Fail("failed to generate random G2 point")
+		}
+
+		// random data blob certificate
+		blobCert := &corev2.BlobCertificate{
+			BlobHeader: &corev2.BlobHeader{
+				BlobVersion: 2,
+				BlobCommitments: encoding.BlobCommitments{
+					Commitment:       &g1Commitment,
+					LengthCommitment: &g2Commitment,
+					LengthProof:      &g2Commitment,
+					Length:           100,
+				},
+				QuorumNumbers: []core.QuorumID{0, 1},
+				PaymentMetadata: core.PaymentMetadata{
+					AccountID:         gethcommon.HexToAddress("0x1234567890123456789012345678901234567890"),
+					Timestamp:         time.Now().UnixNano(),
+					CumulativePayment: big.NewInt(100),
+				},
+			},
+			Signature: []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65},
+			RelayKeys: []corev2.RelayKey{0, 1},
+		}
+
+		blobCertProto, err := blobCert.ToProtobuf()
+		if err != nil {
+			Fail("failed to convert blob certificate to protobuf")
+		}
+		fmt.Println("blobCertProto size", len(blobCertProto.String()))
+
+		mineAnvilBlocks(1)
+		// println("latest block number", deploy.GetLatestBlockNumber("http://localhost:8545"))
+
+		request := &nodegrpc.StoreChunksRequest{
+			Batch: &commonpb.Batch{
+				Header: &commonpb.BatchHeader{
+					BatchRoot:            []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32},
+					ReferenceBlockNumber: 70,
+				},
+				BlobCertificates: []*commonpb.BlobCertificate{
+					blobCertProto,
+				},
+			},
+			DisperserID: api.EigenLabsDisperserID,
+			Timestamp:   uint32(time.Now().Unix()),
+			Signature:   []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65},
+		}
+
+		hash, err := hashing.HashStoreChunksRequest(request)
+		if err != nil {
+			Fail("failed to hash request")
+		}
+
+		keyManager := kms.New(kms.Options{
+			Region:       "us-east-1",
+			BaseEndpoint: aws.String("http://localhost:4570"),
+		})
+
+		// pick the first key in the key manager
+		keys, err := keyManager.ListKeys(ctx, &kms.ListKeysInput{})
+		if err != nil {
+			Fail("failed to list keys")
+		}
+		keyID := keys.Keys[0].KeyId
+
+		publicKey, err := caws.LoadPublicKeyKMS(ctx, keyManager, *keyID)
+		if err != nil {
+			Fail("failed to load public key")
+		}
+
+		signature, err := aws2.SignKMS(ctx, keyManager, *keyID, publicKey, hash)
+		if err != nil {
+			Fail("failed to sign request")
+		}
+
+		request.Signature = signature
+
+		addr := fmt.Sprintf("%v:%v", "localhost", "32017")
+		dialOptions := clients.GetGrpcDialOptions(false, 4*units.MiB)
+		// conn, err := grpc.NewClient(addr, dialOptions...)
+		// if err != nil {
+		// 	Fail("failed to create grpc connection")
+		// }
+		conn, err := grpc.NewClient(addr, dialOptions...)
+		if err != nil {
+			Fail("failed to create grpc connection")
+		}
+		dispersalClient := nodegrpc.NewDispersalClient(conn)
+
+		// after this request, the disperser should be blacklisted
+		_, err = dispersalClient.StoreChunks(ctx, request)
+		Expect(err).To(Not(BeNil()))
+		Expect(err.Error()).To(ContainSubstring("failed to validate blob request"))
+
+		// should get error saying disperser is blacklisted
+		_, err = dispersalClient.StoreChunks(ctx, request)
+		Expect(err).To(Not(BeNil()))
+		Expect(err.Error()).To(ContainSubstring("disperser is blacklisted"))
+
+	})
+})
+
 var _ = Describe("Inabox v2 Integration", func() {
 	/*
 		This end to end test ensures that:

node/blacklist.go

@@ -0,0 +1,50 @@
+// This file contains the structs which are converted to JSON and stored in the blacklist store
+
+package node
+
+import (
+	"encoding/json"
+	"time"
+)
+
+// Blacklist contains entries of blacklisted dispersers
+type Blacklist struct {
+	Entries     []BlacklistEntry `json:"entries"`
+	LastUpdated uint64           `json:"last_updated"`
+}
+
+// BlacklistEntry represents a single blacklist record
+type BlacklistEntry struct {
+	DisperserID uint32            `json:"disperser_id"`
+	Metadata    BlacklistMetadata `json:"metadata"`
+	Timestamp   uint64            `json:"timestamp"`
+}
+
+// BlacklistMetadata contains additional information about the blacklisting
+type BlacklistMetadata struct {
+	ContextId string `json:"context_id"`
+	Reason    string `json:"reason"`
+}
+
+// ToBytes serializes the Blacklist to JSON bytes
+func (b *Blacklist) ToBytes() ([]byte, error) {
+	return json.Marshal(b)
+}
+
+// FromBytes deserializes JSON bytes into the current Blacklist
+func (b *Blacklist) FromBytes(data []byte) error {
+	return json.Unmarshal(data, b)
+}
+
+// AddEntry adds a new blacklist entry
+func (b *Blacklist) AddEntry(disperserId uint32, contextId, reason string) {
+	b.LastUpdated = uint64(time.Now().Unix())
+	b.Entries = append(b.Entries, BlacklistEntry{
+		DisperserID: disperserId,
+		Metadata: BlacklistMetadata{
+			ContextId: contextId,
+			Reason:    reason,
+		},
+		Timestamp: b.LastUpdated,
+	})
+}