Move signatures encryption out of keystore

src/exits/tasks.py

@@ -24,6 +24,7 @@
     send_signature_rotation_requests,
 )
 from src.validators.keystores.base import BaseKeystore
+from src.validators.signing.common import encrypt_signatures_list
 
 logger = logging.getLogger(__name__)
 
@@ -203,9 +204,13 @@ async def _get_oracles_request(
             failed_indexes.append(validator_index)
             continue
 
+        encrypted_exit_signature_shards = encrypt_signatures_list(
+            oracles.public_keys, shards.exit_signatures
+        )
+
         request.public_keys.append(public_key)
         request.public_key_shards.append(shards.public_keys)
-        request.exit_signature_shards.append(shards.exit_signatures)
+        request.exit_signature_shards.append(encrypted_exit_signature_shards)
 
     if failed_indexes:
         logger.warning(

src/validators/keystores/local.py

@@ -17,7 +17,6 @@
 from src.config.settings import NETWORKS, settings
 from src.validators.exceptions import KeystoreException
 from src.validators.keystores.base import BaseKeystore
-from src.validators.signing.common import encrypt_signature
 from src.validators.signing.key_shares import (
     bls_signature_and_public_key_to_shares,
     private_key_to_private_key_shares,
@@ -102,11 +101,9 @@ async def get_exit_signature_shards(
             threshold=oracles.exit_signature_recover_threshold,
             total=len(oracles.public_keys),
         )
-        exit_signature_shards: list[HexStr] = []
-        for bls_priv_key, oracle_pubkey in zip(private_key_shares, oracles.public_keys):
-            exit_signature_shards.append(
-                encrypt_signature(oracle_pubkey, bls.Sign(bls_priv_key, message))
-            )
+        exit_signature_shards: list[BLSSignature] = []
+        for bls_priv_key in private_key_shares:
+            exit_signature_shards.append(bls.Sign(bls_priv_key, message))
 
         return ExitSignatureShards(
             public_keys=[Web3.to_hex(bls.SkToPk(priv_key)) for priv_key in private_key_shares],
@@ -143,16 +140,9 @@ async def get_exit_signature_shards_without_keystore(
             message, exit_signature, public_key_bytes, threshold, total
         )
 
-        encrypted_exit_signature_shares: list[HexStr] = []
-
-        for exit_signature_share, oracle_pubkey in zip(exit_signature_shares, oracles.public_keys):
-            encrypted_exit_signature_shares.append(
-                encrypt_signature(oracle_pubkey, exit_signature_share)
-            )
-
         return ExitSignatureShards(
             public_keys=[Web3.to_hex(p) for p in public_key_shares],
-            exit_signatures=encrypted_exit_signature_shares,
+            exit_signatures=exit_signature_shares,
         )
 
     async def get_exit_signature(

src/validators/keystores/remote.py

@@ -13,7 +13,6 @@
 from src.config.networks import NETWORKS
 from src.config.settings import REMOTE_SIGNER_TIMEOUT, settings
 from src.validators.keystores.base import BaseKeystore
-from src.validators.signing.common import encrypt_signature
 from src.validators.signing.key_shares import bls_signature_and_public_key_to_shares
 from src.validators.typings import ExitSignatureShards
 from src.validators.utils import load_deposit_data
@@ -93,16 +92,9 @@ async def get_exit_signature_shards(
             message, exit_signature, public_key_bytes, threshold, total
         )
 
-        encrypted_exit_signature_shares: list[HexStr] = []
-
-        for exit_signature_share, oracle_pubkey in zip(exit_signature_shares, oracles.public_keys):
-            encrypted_exit_signature_shares.append(
-                encrypt_signature(oracle_pubkey, exit_signature_share)
-            )
-
         return ExitSignatureShards(
             public_keys=[Web3.to_hex(p) for p in public_key_shares],
-            exit_signatures=encrypted_exit_signature_shares,
+            exit_signatures=exit_signature_shares,
         )
 
     async def get_exit_signature(

src/validators/signing/common.py

@@ -14,6 +14,15 @@ def encrypt_signature(oracle_pubkey: HexStr, signature: BLSSignature) -> HexStr:
     return Web3.to_hex(ecies.encrypt(oracle_pubkey, signature))
 
 
+def encrypt_signatures_list(
+    oracle_pubkeys: list[HexStr], signatures: list[BLSSignature]
+) -> list[HexStr]:
+    res: list[HexStr] = []
+    for signature, oracle_pubkey in zip(signatures, oracle_pubkeys):
+        res.append(encrypt_signature(oracle_pubkey, signature))
+    return res
+
+
 def get_validators_proof(
     tree: StandardMerkleTree,
     validators: list[Validator],

src/validators/tasks.py

@@ -31,7 +31,7 @@
 )
 from src.validators.keystores.base import BaseKeystore
 from src.validators.keystores.local import LocalKeystore
-from src.validators.signing.common import get_validators_proof
+from src.validators.signing.common import encrypt_signatures_list, get_validators_proof
 from src.validators.typings import (
     ApprovalRequest,
     DepositData,
@@ -305,6 +305,9 @@ async def create_approval_request(
                 oracles=oracles,
                 fork=settings.network_config.SHAPELLA_FORK,
             )
+        encrypted_exit_signature_shards = encrypt_signatures_list(
+            oracles.public_keys, shards.exit_signatures
+        )
 
         if not shards:
             logger.warning(
@@ -315,7 +318,7 @@ async def create_approval_request(
         request.public_keys.append(validator.public_key)
         request.deposit_signatures.append(validator.signature)
         request.public_key_shards.append(shards.public_keys)
-        request.exit_signature_shards.append(shards.exit_signatures)
+        request.exit_signature_shards.append(encrypted_exit_signature_shards)
 
         validator_index += 1
     return request

src/validators/typings.py

@@ -36,7 +36,7 @@ def public_keys(self) -> list[HexStr]:
 @dataclass
 class ExitSignatureShards:
     public_keys: list[HexStr]
-    exit_signatures: list[HexStr]  # encrypted exit signature shards
+    exit_signatures: list[BLSSignature]
 
 
 @dataclass