Hash sig

[kamilsa]

Update up to the leanSpec 49f70c7:

1. Introduce hash-sig
2. Refactorings and documentations according to spec

[Copilot]

Pull request overview

This PR introduces XMSS (eXtended Merkle Signature Scheme) hash-based signatures to replace placeholder signatures in the consensus protocol. The implementation integrates the qdrvm-crates dependency for cryptographic operations and refactors the validator key management system.

Key Changes:

• Adds XMSS signature support through new crypto::xmss module with provider interface, types, and utility functions
• Removes num_validators from Config in favor of dynamic validator list stored in State
• Implements ValidatorKeysManifest for loading and managing validator public keys from YAML manifests
• Refactors signature verification throughout the fork choice and state transition systems

Reviewed changes

Copilot reviewed 57 out of 60 changed files in this pull request and generated 16 comments.

Show a summary per file

File	Description
vcpkg.json	Adds qdrvm-crates dependency for XMSS cryptography
vcpkg-overlay/qdrvm-crates/*	Configures qdrvm-crates package with c_hash_sig binding
src/crypto/xmss/*	Implements XMSS provider, types, and key loading utilities
src/app/validator_keys_manifest	Adds validator key manifest loading and management
src/types/{config,state,signature,validator}.hpp	Refactors types to use XMSS keys and dynamic validator lists
src/blockchain/state_transition_function.*	Updates genesis state generation to populate validators from manifest
src/blockchain/fork_choice.*	Implements XMSS signature verification for blocks and attestations
tests/unit/crypto/*	Adds XMSS provider tests
tests/unit/blockchain/*	Updates tests for new validator registry and key manifest interfaces
tests/mock/*	Adds mocks for XMSS provider and validator keys manifest
example/1-network/genesis/*	Updates example configuration with XMSS keys and manifest

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[Copilot]

The validatorCount() method now returns validators.size() instead of config.num_validators. However, this could be problematic if the validators vector is not properly initialized or if it's empty. In scenarios where the state is constructed but validators haven't been populated yet, this would return 0, potentially causing issues in code that depends on validator counts. Consider adding validation to ensure validators is populated, or documenting the initialization requirements clearly.

[Copilot]

The sszHash(attestation) is computed but assigned to payload which is then not used in the stub implementation. This unused variable suggests incomplete implementation. Either the payload should be used for actual signing, or it should be removed if this is intentionally a stub.

[Copilot]

Inconsistent time increment logic. When produceBlockWithSignatures fails (line 625), the code increments time and continues (line 630). However, the normal flow already increments time at line 705. This means that when block production fails, time is incremented twice in one iteration - once at line 630 and once at line 705. This will cause the node to skip an interval, which could lead to timing issues and missed attestation opportunities.

Suggested change

time_ += 1;

[Copilot]

The genesis state generation iterates through validator indices using registry->allValidatorsIndices().size() (line 74) but then looks up the public key by that loop index i (line 75). This assumes that validator indices are contiguous starting from 0, which may not be the case. If allValidatorsIndices() returns a set like {5, 10, 15}, the code will look up indices 0, 1, 2 instead of 5, 10, 15, resulting in missing or incorrect validators. The loop should iterate over the actual indices returned by allValidatorsIndices(), not just its size.

[Copilot]

Similar to line 30, this test checks keypair.private_key.size() on line 34, but XmssPrivateKey is a std::shared_ptr which doesn't have a size() method. This test will not compile.

[Copilot]

[nitpick] Empty line added at line 710. While not harmful, this extra blank line is inconsistent with the surrounding code formatting and should be removed.

Suggested change

[Copilot]

The loop variable i is declared as auto which will deduce to uint64_t (type of num_empty_slots). However, the loop counts down with --i and checks i > 0. If num_empty_slots is 0, the loop won't execute, which is correct. However, using an unsigned type in a countdown loop is a code smell - if the logic ever changes and i reaches 0 and then decrements, it will wrap around to the maximum value. Consider using a signed type or restructuring the loop to count up instead.

[Copilot]

[nitpick] Extra blank line at line 68. This creates inconsistent spacing in the method implementation.

Suggested change

[Copilot]

Trailing whitespace on line 18. This should be removed for code cleanliness.

[Copilot]

The reserve call on line 92 is inefficient for a set container. ValidatorIndices appears to be a set (based on the insert call on line 94), and sets don't support reserve() since they're typically implemented as red-black trees. This will either fail to compile or the reserve call has no effect. If ValidatorIndices is actually an unordered_set, then reserve would work but the size hint would be wrong since we're reserving based on index_to_node_.size() but then inserting into the set. Sets automatically handle capacity, so this line should be removed.

Suggested change

	all_indices.reserve(index_to_node_.size());
	// reserve() is not needed for set containers

[turuslan]

Not used, can be removed