forkchoice: skip STARK aggregate verify on proofs the filler just produced#679
Closed
tcoratger wants to merge 1 commit intoleanEthereum:mainfrom
Closed
Conversation
…duced During fixture generation the filler creates aggregated proofs itself, so re-verifying them inside the fork-choice Store is duplicated work that clients run anyway when they consume fixtures. Thread an explicit opt-in flag from the filler down to the two STARK-verify call sites: - skip_aggregate_verify on SignedBlock.verify_signatures (keeps structural checks and proposer-signature verify). - trust_proofs on Store.on_block (forwards to verify_signatures). - trust_proof on Store.on_gossip_aggregated_attestation. The fork-choice filler mirrors each spec's valid_signature flag, so tests with valid_signature=False still drive the verifier and keep rejecting. Measured on a single-process test-scheme fill of tests/consensus/devnet/: wall time 113 s -> 77 s (-32%); verify_aggregated_signatures count 611 -> 1. Prod mode benefits proportionally. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Aggregated STARK proofs built by the fixture filler were re-verified by the fork-choice
Storeon every block and every gossip aggregated attestation — pure duplicated work, since client teams rerun verification when they consume the fixtures.Thread an opt-in trust flag from the filler down to the two STARK-verify call sites so fresh, filler-produced proofs skip verification while leaving every other code path (client consumers, unit tests, the
verify_signaturesfixture format) untouched.SignedBlock.verify_signatures(..., skip_aggregate_verify=False)— new kw-only flag. Skips the per-attestation STARK aggregate verify. Proposer XMSS verify and structural checks still run.Store.on_block(..., trust_proofs=False)— forwards toverify_signaturesasskip_aggregate_verify.Store.on_gossip_aggregated_attestation(..., trust_proof=False)— gates only theproof.verify(...)call.validate_attestationand validator-index bounds checks still run.packages/testing/src/consensus_testing/test_fixtures/fork_choice.py) mirrors the existingvalid_signatureflag on each spec:valid_signature=True→ trust,valid_signature=False→ still verify (so explicit invalid-proof tests keep rejecting).Measured impact
Single-process test-scheme fill of
tests/consensus/devnet/:verify_aggregated_signaturescallsverify_aggregated_signaturestotalThe one remaining verify call is the explicit-invalid test that needs the verifier to run. Prod mode (larger STARK params) benefits proportionally.
What does not change
AggregatedSignatureProof.verifyitself — stays pure; the caller decides whether to call it.fill.pyCLI,filler.pypytest plugin,State.state_transition,State.build_block.verify_signatures_testfixture — callsverify_signatures(...)with the defaultFalse, so that fixture format (which exists precisely to exercise the verifier) still runs the full STARK verify.tests/consensus/devnet/. No test was edited.Test plan
uvx tox -e all-checksclean (ruff, ty, codespell, mdformat).uvx tox -e pytest— 3251 passed, 91.74% coverage.fillontests/consensus/devnet/fc/+tests/consensus/devnet/verify_signatures/— 87/87 passed. Explicit-invalid specs (tests/consensus/devnet/fc/test_gossip_attestation_validation.py,tests/consensus/devnet/verify_signatures/test_invalid_signatures.py) still reject as expected.verify_aggregated_signaturescount.New unit coverage
Added 4 minimal tests, folded into existing test files rather than new standalone modules:
tests/lean_spec/subspecs/containers/block/test_verify_signatures_skip.py(new file, only becausecontainers/block/had no existing unit tests yet) — 2 tests:skip_aggregate_verify=Truebypasses the STARK verifier; proposer-signature verify still runs when the flag is True.tests/lean_spec/subspecs/forkchoice/test_store_attestations.py(existing) — 2 new tests:on_block(..., trust_proofs=True)andon_gossip_aggregated_attestation(..., trust_proof=True)both skip the STARK verifier.🤖 Generated with Claude Code