feat(parsigex): add eth2-based partial signature verifier#511
feat(parsigex): add eth2-based partial signature verifier#511emlautarom1-agent[bot] wants to merge 4 commits into
Conversation
Adds parsigex::new_eth2_verifier built on pluto_core::verify_eth2_signed_data (core/eth2signeddata, #501), porting Charon's parsigex.NewEth2Verifier: each inbound partial signature is verified against the sender's public share, looked up by the partial sig's share index. Adds pluto-eth2api and promotes pluto-crypto to a runtime dependency of parsigex (to name the beacon client + pubshare type).
e51cdf5 to
e8b009e
Compare
- Use qualified imports - Simplify docs
- Preserves duty information
The function lives in the `eth2signeddata` module, which is only in scope as a module path, so the bare link did not resolve. Qualify it with the module path.
|
Claude finished @emlautarom1's task in 1m 55s —— View job Code Review — eth2-based partial signature verifier
Overall this is a clean, faithful port of Charon's Correctness — looks good ✅
Suggestions (non-blocking)
Nits
I could not run |
Summary
Implements eth2 signature verification for inbound partial signatures in
parsigex, so a peer's partial signatures are cryptographically validated before they are accepted into the partial-signature database.What it implements
parsigex::new_eth2_verifier(eth2_cl, pub_shares_by_key) -> Verifier— for each inbound partial signature received for a validator, looks up the sender's public share by the signature's share index and verifies the eth2 BLS signature viapluto_core::verify_eth2_signed_data. Partial signatures with an unknown validator public key or an unknown share index are rejected.pluto-eth2apiand promotespluto-cryptoto runtime dependencies ofparsigex, to name the beacon node client and the public-share type.Ports Charon's
core/parsigex/parsigex.goNewEth2Verifier. Part of #402.Testing
Accept/reject unit tests using a mocked beacon node and threshold BLS shares: a valid partial signature against the correct share verifies, while a wrong share, an unknown public key, and a missing share index are each rejected.