Skip to content

Leios: Vote signing and committee selection#2039

Open
ch1bo wants to merge 21 commits into
leios-prototypefrom
ch1bo/leios-voting-committee
Open

Leios: Vote signing and committee selection#2039
ch1bo wants to merge 21 commits into
leios-prototypefrom
ch1bo/leios-voting-committee

Conversation

@ch1bo
Copy link
Copy Markdown

@ch1bo ch1bo commented May 12, 2026
edited
Loading

Refs input-output-hk/ouroboros-leios#790.

Builds on the initial Leios voting prototype (#1963) by adding committee selection and real signature creation/validation, replacing the placeholder voting from #1963. Cross-repo bumps are pinned via source-repository-package for ledger and network.

Summary

  • Committee selection (per EB) from the stake distribution. A HasLeiosVoting decides whether (and as which VoterId) the local node votes on an EB, derived from the Shelley PoolDistr. For now, this only runs in the latest era and uses a basic selection scheme.
  • Real BLS signatures. Switched from placeholder/fake signing to actual BLS signatures, using a cardano-crypto-class ^>=2.4 that exposes a BLS DSIGN instance. Votes carry a signature over the EB point, and LeiosVoteState validates each vote individually before adding/relaying.
  • Voting key material. Committee membership tracks signing keys in tests; the previous unsafe Ed25519-as-BLS reinterpretation derived from pool id has been removed and replaced with a safer scheme.
  • Tests. LeiosVoteState unit tests cover the new validation API; ThreadNet expectations remain green.

Notes for reviewers

Test plan

  • cabal build all against pinned sibling SRPs
  • ThreadNet property tests pass (votes diffuse and are validated)
  • LeiosVoteState unit tests pass

ch1bo and others added 16 commits May 12, 2026 13:28
@ch1bo
Add HasLeiosVoting to decide whether to vote
6288df2 
This class based approach mirrors other components of the consensus code
base where abstract code is made block-specific via type classes.
@ch1bo
Run voting only in latest era
a37523e 
Enumerating shelley / praos instances for HasLeiosVoting makes it very
clear that a committee is only expected to be selected in Conway (later Dijkstra)
@ch1bo
Get VoterId from Committee
2c7f8e1
@ch1bo
Access PoolDistr from shelley ledger state
d4358b5 
This will be just enough to derive a committe.. if I just re-use the
pool key hash as the vote signing key of all pools and derive
verification keys this way (to still skip proper key registration).
@ch1bo
Basic committee selection using stake distribution
5a5552a 
This derives vote signing key from the cold key hash - obviously still a
dirty hack, but just fine to avoid doing key registration.
@ch1bo
Use overlapping instance HasLeiosVoting ShelleyBlock
ce5d730 
Unsure about this because it's less explicit, but thought I give it a try.
@ch1bo
Draft vote validation in LeiosVoteState
c77a8f4 
Provide access to the committee using the HasLeiosVoting type class and
via the ChainDB access to the tip's ledger state.
@ch1bo
Update LeiosVoteState tests to cover new API
0d121f7
@ch1bo
Expect votes being signed
b298491 
The LeiosVoteState now drives us to add cryptographic signatures so we
cannot fake the voterId (index in the committee) without also having the
private key.
@ch1bo
Update to cardano-crypto-class ^>=2.4 for BLS DSIGN
3fde364
@ch1bo
Start using real BLS crypto
bb0efec
@ch1bo
Keep track of committee signing keys in tests
1265103
@ch1bo
Sign point instead of vote
0a80ca4
@ch1bo
Fix LeiosVoteState unit tests
fb6b80b
@ch1bo
Fix unsafe derivation of signing keys from pool id
aac5ae3 
Real signing keys requires some more bytes. This is still unsafe of course.
@ch1bo @claude
Use source-repository-package for ledger and network bumps
8fc7d16 
Point at the ch1bo/leios-voting branches of cardano-ledger and
ouroboros-network instead of relative local paths.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This was referenced May 12, 2026
Open
Merged
Open
@ch1bo ch1bo requested review from bladyjoker, palas and perturbing May 12, 2026 21:00
@ch1bo ch1bo added the Leios label May 12, 2026
@ch1bo ch1bo linked an issue May 12, 2026 that may be closed by this pull request
Prototype Voting input-output-hk/ouroboros-leios#790
Open
3 tasks
@ch1bo ch1bo mentioned this pull request May 12, 2026
Open
3 tasks
@ch1bo ch1bo requested review from dnadales and kderme May 12, 2026 21:02
ch1bo added 3 commits May 12, 2026 23:33
@ch1bo
Add a golden test for leios vote encoding
367ccf7
@ch1bo
Add a todo about disallowing votes from different epochs
2b5a282 
We might want to drop / not allow votes from previous epochs as the
committee can change and nodes would come silently to different
conclusions depending on their selected tips.
@ch1bo
Fix ledger build
082d00c
@ch1bo
Copy link
Copy Markdown
Author

ch1bo commented May 13, 2026

@kderme I'm hesitant in fixing most of the warnings/build errors of upstream packages because it would make the diff bigger for your rebase of leios-prototype, which would automatically include bumps to the latest cardano-crypto-class .. what do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bladyjoker bladyjoker Awaiting requested review from bladyjoker

@perturbing perturbing Awaiting requested review from perturbing

@palas palas Awaiting requested review from palas

@dnadales dnadales Awaiting requested review from dnadales

@kderme kderme Awaiting requested review from kderme

Assignees

No one assigned

Labels

Leios

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Prototype Voting

1 participant

@ch1bo