Implement BLS Signature Verification for ChainLocks #162
Description
Summary
BLS signature validation for ChainLocks is currently incomplete in the dash-spv library. This is a critical security feature that must be implemented before the library can be used on mainnet.
Problem Description
Dash uses BLS (Boneh-Lynn-Shacham) threshold signatures to secure ChainLocks and InstantLocks through Long-Living Masternode Quorums (LLMQs). Currently, the SPV client accepts ChainLocks and InstantLocks without fully validating their BLS
signatures, which breaks Dash's security model and could allow acceptance of invalid locks.
Affected Code
ChainLock Validation
File: dash-spv/src/chain/chainlock_manager.rs:127
Status: Signature validation is stubbed out with TODO
InstantLock Validation
File: dash-spv/src/validation/instantlock.rs
Status: Signature validation incomplete
Without proper BLS signature verification:
The client could accept fraudulent ChainLocks that don't represent actual quorum consensus
The client could accept invalid InstantLock transactions that weren't actually locked by masternodes
This undermines the core security guarantees that Dash provides (long-range attack protection, double-spend prevention)
Users could be misled about transaction finality
What Needs to Be Done
BLS Signature Verification Implementation
Implement full BLS signature verification that:
✅ Retrieves the correct quorum public key for the quorum that signed the lock
✅ Verifies the quorum existed at the required block height (8 blocks before ChainLock for chainlock validation)
✅ Validates the BLS signature against the message hash and quorum public key
Quorum Public Key Management
Ensure the client properly:
Tracks active quorums and their public keys
Maintains quorum history (quorums remain valid for a window of blocks)
Retrieves quorum info from masternode list diffs
Handles quorum rotation correctly
Dependencies
Consider using/integrating a Rust BLS library compatible with Dash's BLS implementation (BLS12-381 curve)
Dash Core uses a modified version of the BLS library - ensure compatibility
May need FFI bindings to dashcore's BLS implementation or a compatible Rust crate
Testing Requirements
Unit tests for BLS signature verification with known good/bad signatures
Integration tests using real mainnet ChainLocks and InstantLocks
Test cases for:
Valid signatures (should pass)
Invalid signatures (should fail)
Wrong quorum key (should fail)
Expired/non-existent quorums (should fail)
Malformed signatures (should fail gracefully)
Acceptance Criteria
BLS signature verification implemented for ChainLocks
BLS signature verification implemented for InstantLocks
Quorum public key retrieval working correctly
Invalid signatures are properly rejected, and nodes that relayed them get a short ban.
Comprehensive test coverage (unit + integration)
Documentation explaining the security model
All tests passing on testnet and mainnet data