core/utils: Add Penalty checker and VerifyDKGComplaint (#393)

* Add Util for checking penalty

* Add VerifyDKGComplaints

* Fixup and rename

* Happy New Year!

6 files changed, 519 insertions, 5 deletions

diff --git a/core/dkg-tsig-protocol.go b/core/dkg-tsig-protocol.go
index 492271e..7076ef3 100644
--- a/core/dkg-tsig-protocol.go
+++ b/core/dkg-tsig-protocol.go
@@ -142,10 +142,6 @@ type tsigProtocol struct {
 	threshold      int
 }
 
-func newDKGID(ID types.NodeID) dkg.ID {
-	return dkg.NewID(ID.Hash[:])
-}
-
 func newDKGProtocol(
 	ID types.NodeID,
 	recv dkgReceiver,
@@ -156,7 +152,7 @@ func newDKGProtocol(
 
 	recv.ProposeDKGMasterPublicKey(&typesDKG.MasterPublicKey{
 		Round:           round,
-		DKGID:           newDKGID(ID),
+		DKGID:           typesDKG.NewID(ID),
 		PublicKeyShares: *pubShare,
 	})
 
diff --git a/core/types/dkg/dkg.go b/core/types/dkg/dkg.go
index f021d1b..efe8467 100644
--- a/core/types/dkg/dkg.go
+++ b/core/types/dkg/dkg.go
@@ -31,6 +31,11 @@ import (
 	"github.com/dexon-foundation/dexon-consensus/core/types"
 )
 
+// NewID creates a DKGID from NodeID.
+func NewID(ID types.NodeID) cryptoDKG.ID {
+	return cryptoDKG.NewID(ID.Hash[:])
+}
+
 // PrivateShare describe a secret share in DKG protocol.
 type PrivateShare struct {
 	ProposerID   types.NodeID         `json:"proposer_id"`
diff --git a/core/utils/penalty-helper.go b/core/utils/penalty-helper.go
new file mode 100644
index 0000000..2b2456c
--- /dev/null
+++ b/core/utils/penalty-helper.go
@@ -0,0 +1,126 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+	"errors"
+
+	"github.com/dexon-foundation/dexon-consensus/core/types"
+	typesDKG "github.com/dexon-foundation/dexon-consensus/core/types/dkg"
+)
+
+var (
+	// ErrInvalidDKGMasterPublicKey means the DKG MasterPublicKey is invalid.
+	ErrInvalidDKGMasterPublicKey = errors.New("invalid DKG master public key")
+)
+
+// NeedPenaltyDKGPrivateShare checks if the proposer of dkg private share
+// should be penalized.
+func NeedPenaltyDKGPrivateShare(
+	complaint *typesDKG.Complaint, mpk *typesDKG.MasterPublicKey) (bool, error) {
+	if complaint.IsNack() {
+		return false, nil
+	}
+	if mpk.ProposerID != complaint.PrivateShare.ProposerID {
+		return false, nil
+	}
+	ok, err := VerifyDKGMasterPublicKeySignature(mpk)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		return false, ErrInvalidDKGMasterPublicKey
+	}
+	ok, err = VerifyDKGComplaintSignature(complaint)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		return false, nil
+	}
+	ok, err = mpk.PublicKeyShares.VerifyPrvShare(
+		typesDKG.NewID(complaint.PrivateShare.ReceiverID),
+		&complaint.PrivateShare.PrivateShare)
+	if err != nil {
+		return false, err
+	}
+	return !ok, nil
+}
+
+// NeedPenaltyForkVote checks if two votes are fork vote.
+func NeedPenaltyForkVote(vote1, vote2 *types.Vote) (bool, error) {
+	if vote1.ProposerID != vote2.ProposerID ||
+		vote1.Type != vote2.Type ||
+		vote1.Period != vote2.Period ||
+		vote1.Position != vote2.Position ||
+		vote1.BlockHash == vote2.BlockHash {
+		return false, nil
+	}
+	ok, err := VerifyVoteSignature(vote1)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		return false, nil
+	}
+	ok, err = VerifyVoteSignature(vote2)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		return false, nil
+	}
+	return true, nil
+}
+
+// NeedPenaltyForkBlock checks if two blocks are fork block.
+func NeedPenaltyForkBlock(block1, block2 *types.Block) (bool, error) {
+	if block1.ProposerID != block2.ProposerID ||
+		block1.Position != block2.Position ||
+		block1.Hash == block2.Hash {
+		return false, nil
+	}
+	verifyBlock := func(block *types.Block) (bool, error) {
+		err := VerifyBlockSignature(block)
+		switch err {
+		case nil:
+			return true, nil
+		case ErrIncorrectSignature:
+			return false, nil
+		case ErrIncorrectHash:
+			return false, nil
+		default:
+			return false, err
+		}
+	}
+	ok, err := verifyBlock(block1)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		return false, nil
+	}
+	ok, err = verifyBlock(block2)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		return false, nil
+	}
+	return true, nil
+}
diff --git a/core/utils/penalty-helper_test.go b/core/utils/penalty-helper_test.go
new file mode 100644
index 0000000..ba51867
--- /dev/null
+++ b/core/utils/penalty-helper_test.go
@@ -0,0 +1,222 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+
+	"github.com/dexon-foundation/dexon-consensus/common"
+	"github.com/dexon-foundation/dexon-consensus/core/crypto"
+	"github.com/dexon-foundation/dexon-consensus/core/crypto/dkg"
+	"github.com/dexon-foundation/dexon-consensus/core/crypto/ecdsa"
+	"github.com/dexon-foundation/dexon-consensus/core/types"
+	typesDKG "github.com/dexon-foundation/dexon-consensus/core/types/dkg"
+)
+
+type PenaltyHelperTestSuite struct {
+	suite.Suite
+}
+
+func (s *PenaltyHelperTestSuite) TestDKGComplaint() {
+	signComplaint := func(prv crypto.PrivateKey, complaint *typesDKG.Complaint) {
+		var err error
+		complaint.Signature, err = prv.Sign(hashDKGComplaint(complaint))
+		s.Require().NoError(err)
+	}
+	prv1, err := ecdsa.NewPrivateKey()
+	s.Require().NoError(err)
+	nID1 := types.NewNodeID(prv1.PublicKey())
+
+	prv2, err := ecdsa.NewPrivateKey()
+	s.Require().NoError(err)
+	nID2 := types.NewNodeID(prv2.PublicKey())
+
+	prvShares, pubShares := dkg.NewPrivateKeyShares(3)
+	mpk := &typesDKG.MasterPublicKey{
+		ProposerID:      nID1,
+		DKGID:           typesDKG.NewID(nID1),
+		PublicKeyShares: *pubShares,
+	}
+	mpk.Signature, err = prv1.Sign(hashDKGMasterPublicKey(mpk))
+	s.Require().NoError(err)
+
+	// NackComplaint should not be penalized.
+	complaint := &typesDKG.Complaint{
+		ProposerID: nID2,
+	}
+	signComplaint(prv2, complaint)
+	s.Require().True(complaint.IsNack())
+	ok, err := NeedPenaltyDKGPrivateShare(complaint, mpk)
+	s.Require().NoError(err)
+	s.False(ok)
+
+	// Correct privateShare should not be penalized.
+	prvShares.SetParticipants(dkg.IDs{typesDKG.NewID(nID1), typesDKG.NewID(nID2)})
+	share, exist := prvShares.Share(typesDKG.NewID(nID2))
+	s.Require().True(exist)
+	prvShare := &typesDKG.PrivateShare{
+		ProposerID:   nID1,
+		ReceiverID:   nID2,
+		PrivateShare: *share,
+	}
+	prvShare.Signature, err = prv1.Sign(hashDKGPrivateShare(prvShare))
+	s.Require().NoError(err)
+	complaint.PrivateShare = *prvShare
+	signComplaint(prv2, complaint)
+	ok, err = NeedPenaltyDKGPrivateShare(complaint, mpk)
+	s.Require().NoError(err)
+	s.False(ok)
+
+	// Penalize incorrect privateShare.
+	share, exist = prvShares.Share(typesDKG.NewID(nID1))
+	s.Require().True(exist)
+	prvShare.PrivateShare = *share
+	prvShare.Signature, err = prv1.Sign(hashDKGPrivateShare(prvShare))
+	s.Require().NoError(err)
+	complaint.PrivateShare = *prvShare
+	signComplaint(prv2, complaint)
+	ok, err = NeedPenaltyDKGPrivateShare(complaint, mpk)
+	s.Require().NoError(err)
+	s.True(ok)
+
+	// Should not penalize if mpk is incorrect.
+	mpk.Round++
+	ok, err = NeedPenaltyDKGPrivateShare(complaint, mpk)
+	s.Equal(ErrInvalidDKGMasterPublicKey, err)
+
+	// Should not penalize if mpk's proposer not match with prvShares'.
+	mpk.Round--
+	mpk.ProposerID = nID2
+	mpk.Signature, err = prv1.Sign(hashDKGMasterPublicKey(mpk))
+	s.Require().NoError(err)
+	ok, err = NeedPenaltyDKGPrivateShare(complaint, mpk)
+	s.Require().NoError(err)
+	s.False(ok)
+}
+
+func (s *PenaltyHelperTestSuite) TestForkVote() {
+	prv1, err := ecdsa.NewPrivateKey()
+	s.Require().NoError(err)
+
+	vote1 := types.NewVote(types.VoteCom, common.NewRandomHash(), uint64(0))
+	vote1.ProposerID = types.NewNodeID(prv1.PublicKey())
+
+	vote2 := vote1.Clone()
+	for vote2.BlockHash == vote1.BlockHash {
+		vote2.BlockHash = common.NewRandomHash()
+	}
+	vote1.Signature, err = prv1.Sign(hashVote(vote1))
+	s.Require().NoError(err)
+	vote2.Signature, err = prv1.Sign(hashVote(vote2))
+	s.Require().NoError(err)
+
+	ok, err := NeedPenaltyForkVote(vote1, vote2)
+	s.Require().NoError(err)
+	s.True(ok)
+
+	// Invalid signature should not be penalized.
+	vote2.VoteHeader.Period++
+	ok, err = NeedPenaltyForkVote(vote1, vote2)
+	s.Require().NoError(err)
+	s.False(ok)
+
+	// Period not matched.
+	vote2.Signature, err = prv1.Sign(hashVote(vote2))
+	s.Require().NoError(err)
+	ok, err = NeedPenaltyForkVote(vote1, vote2)
+	s.Require().NoError(err)
+	s.False(ok)
+
+	// Proposer not matched.
+	vote2 = vote1.Clone()
+	for vote2.BlockHash == vote1.BlockHash {
+		vote2.BlockHash = common.NewRandomHash()
+	}
+	prv2, err := ecdsa.NewPrivateKey()
+	s.Require().NoError(err)
+	vote2.ProposerID = types.NewNodeID(prv2.PublicKey())
+	vote2.Signature, err = prv2.Sign(hashVote(vote2))
+	s.Require().NoError(err)
+	ok, err = NeedPenaltyForkVote(vote1, vote2)
+	s.Require().NoError(err)
+	s.False(ok)
+}
+
+func (s *PenaltyHelperTestSuite) TestForkBlock() {
+	hashBlock := func(block *types.Block) common.Hash {
+		block.PayloadHash = crypto.Keccak256Hash(block.Payload)
+		var err error
+		block.Hash, err = HashBlock(block)
+		s.Require().NoError(err)
+		return block.Hash
+	}
+	prv1, err := ecdsa.NewPrivateKey()
+	s.Require().NoError(err)
+
+	block1 := &types.Block{
+		ProposerID: types.NewNodeID(prv1.PublicKey()),
+		ParentHash: common.NewRandomHash(),
+	}
+
+	block2 := block1.Clone()
+	for block2.ParentHash == block1.ParentHash {
+		block2.ParentHash = common.NewRandomHash()
+	}
+	block1.Signature, err = prv1.Sign(hashBlock(block1))
+	s.Require().NoError(err)
+	block2.Signature, err = prv1.Sign(hashBlock(block2))
+	s.Require().NoError(err)
+
+	ok, err := NeedPenaltyForkBlock(block1, block2)
+	s.Require().NoError(err)
+	s.True(ok)
+
+	// Invalid signature should not be penalized.
+	block2.ParentHash[0]++
+	ok, err = NeedPenaltyForkBlock(block1, block2)
+	s.Require().NoError(err)
+	s.False(ok)
+
+	// Position not matched.
+	block2.Position.Height++
+	block2.Signature, err = prv1.Sign(hashBlock(block2))
+	s.Require().NoError(err)
+	ok, err = NeedPenaltyForkBlock(block1, block2)
+	s.Require().NoError(err)
+	s.False(ok)
+
+	// Proposer not matched.
+	block2 = block1.Clone()
+	for block2.ParentHash == block1.ParentHash {
+		block2.ParentHash = common.NewRandomHash()
+	}
+	prv2, err := ecdsa.NewPrivateKey()
+	s.Require().NoError(err)
+	block2.ProposerID = types.NewNodeID(prv2.PublicKey())
+	block2.Signature, err = prv2.Sign(hashBlock(block2))
+	s.Require().NoError(err)
+	ok, err = NeedPenaltyForkBlock(block1, block2)
+	s.Require().NoError(err)
+	s.False(ok)
+}
+
+func TestPenaltyHelper(t *testing.T) {
+	suite.Run(t, new(PenaltyHelperTestSuite))
+}
diff --git a/core/utils/utils.go b/core/utils/utils.go
index 3e3803d..687d0ea 100644
--- a/core/utils/utils.go
+++ b/core/utils/utils.go
@@ -1,3 +1,20 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
 // This file is part of the dexon-consensus library.
 //
 // The dexon-consensus library is free software: you can redistribute it
@@ -21,6 +38,7 @@ import (
 
 	"github.com/dexon-foundation/dexon-consensus/common"
 	"github.com/dexon-foundation/dexon-consensus/core/types"
+	typesDKG "github.com/dexon-foundation/dexon-consensus/core/types/dkg"
 )
 
 type configAccessor interface {
@@ -57,5 +75,36 @@ func GetCRSWithPanic(accessor crsAccessor, round uint64,
 		panic(fmt.Errorf("CRS is not ready %v", round))
 	}
 	return crs
+}
 
+// VerifyDKGComplaint verifies if its a valid DKGCompliant.
+func VerifyDKGComplaint(
+	complaint *typesDKG.Complaint, mpk *typesDKG.MasterPublicKey) (bool, error) {
+	ok, err := VerifyDKGComplaintSignature(complaint)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		return false, nil
+	}
+	if complaint.IsNack() {
+		return true, nil
+	}
+	if complaint.Round != mpk.Round {
+		return false, nil
+	}
+	ok, err = VerifyDKGMasterPublicKeySignature(mpk)
+	if err != nil {
+		return false, err
+	}
+	if !ok {
+		return false, nil
+	}
+	ok, err = mpk.PublicKeyShares.VerifyPrvShare(
+		typesDKG.NewID(complaint.PrivateShare.ReceiverID),
+		&complaint.PrivateShare.PrivateShare)
+	if err != nil {
+		return false, err
+	}
+	return ok, nil
 }
diff --git a/core/utils/utils_test.go b/core/utils/utils_test.go
new file mode 100644
index 0000000..34336b3
--- /dev/null
+++ b/core/utils/utils_test.go
@@ -0,0 +1,116 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+
+	"github.com/dexon-foundation/dexon-consensus/core/crypto"
+	"github.com/dexon-foundation/dexon-consensus/core/crypto/dkg"
+	"github.com/dexon-foundation/dexon-consensus/core/crypto/ecdsa"
+	"github.com/dexon-foundation/dexon-consensus/core/types"
+	typesDKG "github.com/dexon-foundation/dexon-consensus/core/types/dkg"
+)
+
+type UtilsTestSuite struct {
+	suite.Suite
+}
+
+func (s *UtilsTestSuite) TestVerifyDKGComplaint() {
+	signComplaint := func(prv crypto.PrivateKey, complaint *typesDKG.Complaint) {
+		var err error
+		complaint.Signature, err = prv.Sign(hashDKGComplaint(complaint))
+		s.Require().NoError(err)
+	}
+	prv1, err := ecdsa.NewPrivateKey()
+	s.Require().NoError(err)
+	nID1 := types.NewNodeID(prv1.PublicKey())
+
+	prv2, err := ecdsa.NewPrivateKey()
+	s.Require().NoError(err)
+	nID2 := types.NewNodeID(prv2.PublicKey())
+
+	prvShares, pubShares := dkg.NewPrivateKeyShares(3)
+	mpk := &typesDKG.MasterPublicKey{
+		ProposerID:      nID1,
+		DKGID:           typesDKG.NewID(nID1),
+		PublicKeyShares: *pubShares,
+	}
+	mpk.Signature, err = prv1.Sign(hashDKGMasterPublicKey(mpk))
+	s.Require().NoError(err)
+
+	// Valid NackComplaint.
+	complaint := &typesDKG.Complaint{
+		ProposerID: nID2,
+	}
+	signComplaint(prv2, complaint)
+	s.Require().True(complaint.IsNack())
+	ok, err := VerifyDKGComplaint(complaint, mpk)
+	s.Require().NoError(err)
+	s.True(ok)
+
+	// Correct privateShare.
+	prvShares.SetParticipants(dkg.IDs{typesDKG.NewID(nID1), typesDKG.NewID(nID2)})
+	share, exist := prvShares.Share(typesDKG.NewID(nID2))
+	s.Require().True(exist)
+	prvShare := &typesDKG.PrivateShare{
+		ProposerID:   nID1,
+		ReceiverID:   nID2,
+		PrivateShare: *share,
+	}
+	prvShare.Signature, err = prv1.Sign(hashDKGPrivateShare(prvShare))
+	s.Require().NoError(err)
+	complaint.PrivateShare = *prvShare
+	signComplaint(prv2, complaint)
+	ok, err = VerifyDKGComplaint(complaint, mpk)
+	s.Require().NoError(err)
+	s.True(ok)
+
+	// Incorrect privateShare.
+	share, exist = prvShares.Share(typesDKG.NewID(nID1))
+	s.Require().True(exist)
+	prvShare.PrivateShare = *share
+	prvShare.Signature, err = prv1.Sign(hashDKGPrivateShare(prvShare))
+	s.Require().NoError(err)
+	complaint.PrivateShare = *prvShare
+	signComplaint(prv2, complaint)
+	ok, err = VerifyDKGComplaint(complaint, mpk)
+	s.Require().NoError(err)
+	s.False(ok)
+
+	// MPK is incorrect.
+	mpk.Round++
+	ok, err = VerifyDKGComplaint(complaint, mpk)
+	s.Require().NoError(err)
+	s.False(ok)
+
+	// MPK's proposer not match with prvShares'.
+	mpk.Round--
+	mpk.ProposerID = nID2
+	mpk.Signature, err = prv1.Sign(hashDKGMasterPublicKey(mpk))
+	s.Require().NoError(err)
+	ok, err = VerifyDKGComplaint(complaint, mpk)
+	s.Require().NoError(err)
+	s.False(ok)
+}
+
+func TestUtils(t *testing.T) {
+	suite.Run(t, new(UtilsTestSuite))
+}