Skip to content

fix(core): wire-format reset — BLAKE3 block hash, PQTX domain prefix, 16-byte AA domains, 32-byte address wire#54

Merged
LucienSong merged 1 commit into
mainfrom
fix/wire-format-reset
May 28, 2026
Merged

fix(core): wire-format reset — BLAKE3 block hash, PQTX domain prefix, 16-byte AA domains, 32-byte address wire#54
LucienSong merged 1 commit into
mainfrom
fix/wire-format-reset

Conversation

@LucienSong
Copy link
Copy Markdown
Contributor

@LucienSong LucienSong commented May 27, 2026

Summary

Phase 2 of the white-paper alignment plan. Stages breaking wire-format changes ahead of the single testnet restart after Phase 5.

Changes

1. Block hash → BLAKE3 canonical encoding (WP §1489-1499)

  • BlockHeader::hash() now returns blake3(canonical_encode(header)) instead of keccak256(rlp(header))
  • canonical_encode() produces a fixed 424-byte deterministic preimage:
    • 16-byte domain: SHELL_BLOCK_HDR\0
    • 11 × 32-byte hash fields (variable-length fields committed as BLAKE3 hash)
    • 7 × 8-byte LE u64 fields
  • Added header_canonical_encode_len() test asserting exactly 424 bytes

2. PQTX signing envelope domain prefix (WP §1503-1509)

  • Transaction::signing_hash() preimage now starts with PQTX_SIGNING_V1\0 (16 bytes)
  • SDK golden vector updated: 0xf5a1…08360x68ee…4761
  • Note: shell-sdk's hashTransaction() must be updated to prepend the same 16-byte domain

3. 16-byte AA signing domains

Upgraded from 1-byte to 16-byte domain strings across all AA signing paths:

Function Old New
batch_signing_hash() 0x7E PQTX_BUNDLE_V1\0\0
paymaster_signing_hash() 0x7F PQTX_PAYMASTER_V
SessionAuth::auth_hash() 0x81 PQTX_SESSION_V1\0
  • Removed legacy BATCH_SIGNING_HASH_DOMAIN, PAYMASTER_SIGNING_HASH_DOMAIN, SESSION_AUTH_HASH_DOMAIN u8 constants
  • Exported new 16-byte constants from shell-core crate root

4. 32-byte address enforcement on wire (remove 20-byte decode fallbacks)

  • InnerCall::decode() — rejects 20-byte to address; only 32-byte or empty accepted
  • Transaction::decode() — rejects 20-byte to address
  • AaBundle::decode() — rejects 20-byte paymaster address
  • SessionAuth::decode() — rejects 20-byte target address
  • SessionAuth::auth_hash()None target now pads to [0u8; 32] (was [0u8; 20])

Test results

test result: ok. 220 passed; 0 failed; 0 ignored

Downstream impact

  • shell-sdk: hashTransaction() must prepend PQTX_SIGNING_V1\0 (16 bytes) before chain_id
  • All clients: block hash algorithm change takes effect immediately on merge; any cached block hashes are invalid
  • Testnet restart: scheduled after Phase 5 (single restart covers all Phase 2–5 wire changes)

@LucienSong
fix(core): wire-format reset — BLAKE3 block hash, PQTX domain prefix,…
bc34db9 
… 16-byte AA domains, 32-byte address wire

- BlockHeader::hash() now uses blake3(canonical_encode(header)) instead of
  keccak256(rlp(header)); canonical_encode() produces a fixed 424-byte
  deterministic preimage (16B domain + 11×32B fields + 7×8B u64 fields)
- Transaction::signing_hash() preimage now starts with PQTX_SIGNING_V1\0 (16B)
  domain prefix per WP §1503-1509; shell-sdk golden vector updated accordingly
- AaBundle signing domains upgraded from 1-byte to 16-byte strings:
  PQTX_BUNDLE_V1\0\0, PQTX_PAYMASTER_V, PQTX_SESSION_V1\0
- SessionAuth::auth_hash() None target now pads to 32 bytes (was 20)
- InnerCall, Transaction.to, AaBundle.paymaster, SessionAuth.target decoders
  no longer accept 20-byte address fallback; only 32-byte or empty accepted
- Remove legacy 1-byte BATCH/PAYMASTER/SESSION_AUTH_HASH_DOMAIN constants
- Add header_canonical_encode_len() test (asserts 424-byte output)
- cargo fmt cleanup on Phase 1 consensus files

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 27, 2026 21:04
Copilot AI reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Stages Phase 2 whitepaper-alignment breaking wire-format changes by switching block hashing to a BLAKE3 canonical encoding, introducing PQTX/AA 16-byte domain prefixes for signing hashes, and enforcing 32-byte addresses on the wire (removing 20-byte decode fallbacks). This affects core hashing/signing primitives and transaction/session/bundle decoding behavior, with small follow-up adjustments in node/consensus code and test vectors.

Changes:

  • Switch BlockHeader::hash() to blake3(canonical_encode(header)) with a fixed-width (424B) canonical preimage.
  • Add PQTX domain prefixing for transaction signing + move AA signing domains to 16-byte tags; update golden vectors accordingly.
  • Enforce 32-byte addresses in decode paths for Transaction, InnerCall, AaBundle, and SessionAuth (reject legacy 20-byte inputs).

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
crates/core/src/block.rs Introduces canonical 424-byte block-header encoding and updates block hash to BLAKE3 over that encoding; adds length test.
crates/core/src/transaction.rs Adds PQTX signing domain prefix, upgrades AA signing domains to 16 bytes, and removes 20-byte address decode fallbacks across multiple wire decoders.
crates/core/src/lib.rs Re-exports new PQTX/AA domain constants from the core crate root and removes legacy u8 domain exports.
crates/core/tests/sdk_vectors.rs Updates SDK golden vector to match the new PQTX signing preimage domain prefix.
crates/node/src/node/event_loop.rs Avoids cloning the finalized hash by copying the ShellHash value directly.
crates/node/src/node/p2p_handlers.rs Formatting-only change around attestation signing message construction.
crates/consensus/src/wpoa.rs Adjusts imports and formats test calls (no functional behavior change intended).
crates/consensus/src/view_change.rs Formatting-only change for own_signing_message() call site.
crates/consensus/src/finality.rs Formats test helper + attestation signing message calls (no functional behavior change intended).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/core/src/block.rs
let mut buf = Vec::new();
self.encode(&mut buf);
shell_primitives::keccak256(&buf)
shell_primitives::blake3_hash(&self.canonical_encode())
@LucienSong LucienSong mentioned this pull request May 27, 2026
Merged
4 tasks
@LucienSong LucienSong changed the base branch from fix/consensus-signing-hardening to main May 28, 2026 12:59
@LucienSong LucienSong merged commit ec356b9 into main May 28, 2026
1 check passed
@LucienSong LucienSong deleted the fix/wire-format-reset branch May 28, 2026 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LucienSong