feat(consenus): [CON-1565] splitting cup share making/validating/aggregating

[kpop-dfinity]

Background

During subnet splitting, when replicas detect that a subnet should be split at a summary height H, they will immediately start producing CUP shares at height H + dkg_interval_length, according to the post-split subnet memberships, i.e.
half of the node will produce the shares as members of the original subnet, and the other half as the member of the new subnet.

Implement the logic of subnet splitting CUP share creation, validation, and aggregation.

CUP shares creation

When a replica detects that a "subnet splitting" block (denoted by a new field, subnet-splitting-status in the DkgSummary struct) has been finalized and the state at the block's height has been committed, it will create a CUP in the following way:

1. Create a new summary block, on the fly, at the next CUP height, with dkg transcript taken from the registry;
2. Create a dummy random beacon at the next CUP height,
3. Check if node belongs to the high threshold committee, based on the transcript from the newly created summary block, if not, return None,
4. Create a CUP, with the block and random beacon created in steps 1. and 2., respectively, and sign it using the key material from the block.

CUP shares validation

Validation works in the following way:

1. Check if the hash of the block in the CUP share matches the recreated summary block's hash
2. Check if the random beacon in the CUP share matches the recreated random beacon
3. Check if the signature can be verified using the key material from the recreated summary block
4. Check if the state hash matches our local state's hash

Note

As the field subnet_splitting_status is not yet population, the new code branches are never executed.

[eichhorl]

Don't we need to do something like this?

Suggested change

	if let Some(status) = subnet_splitting_status {
	status.hash(state);
	}

[pierugo-dfinity]

I think self.records[0] two lines above would have panicked before reaching this assert.

[eichhorl]

Suggested change

	/// [`CatchUpPackage`] maker is responsible for creating beacon shares
	/// [`CatchUpPackage`] maker is responsible for creating catch up package shares

[eichhorl]

What does "not enabled" mean? I don't think these variants are used anywhere (yet?).

[eichhorl]

I assume the Option part will disappear eventually? Do I understand correctly that calling this function with SubnetSplittingStatus::Scheduled { .. } doesn't make sense? Maybe we could change the argument to Option<SubnetId> where None corresponds to SubnetSplittingStatus::NotScheduled and Some(id) corresponds to SubnetSplittingStatus::Done { id }?

Or we could use the new CatchUpPackageType enum from below

[eichhorl]

Suggested change

	records: Vec<(u64, SubnetId, SubnetRecord)>,
	subnet_records: Vec<(u64, SubnetId, SubnetRecord)>,

[eichhorl]

Why do we need to do this twice if last_version != version (see line 174)?

[eichhorl]

Intuitively I would say yes, because the summary block is the first block of the current interval

[eichhorl]

Is this clone necessary?

Suggested change

	CatchUpContent::from_share_content(shares[0].content.clone(), block.clone());
	CatchUpContent::from_share_content(shares[0].content.clone(), block);

[eichhorl]

Does this work?

Suggested change

	summary_block: &Block,
	summary_block: Block,

[eichhorl]

I guess despite this check we might still not have enough shares below, because get_catch_up_package_shares above might return shares created by the other half of the subnet?

Or would the signature verification fail when validating those shares?

[eichhorl]

When do we ever expect to see the CatchUpPackageType::PostSplit { .. } case here?