Devnet4 store and verification: dual-key verification, remove proposer attestation

- verify_signatures(): attestation proofs use get_attestation_pubkey(),
  proposer signature verified with get_proposal_pubkey() over block root
- on_block_core(): remove proposer attestation processing (~40 lines) —
  no more gossip signature insert or dummy proof for proposer
- Gossip attestation/aggregation verification: get_attestation_pubkey()
- Remove StoreError::ProposerAttestationMismatch variant
- Storage: write/read BlockSignatures directly (no wrapper), fix field
  access .message.block → .message
- Table docs: BlockSignatures stores BlockSignatures (not WithAttestation)

Author: pablodeymo

crates/blockchain/src/store.rs

@@ -11,10 +11,7 @@ use ethlambda_types::{
         AggregatedAttestation, AggregationBits, Attestation, AttestationData,
         SignedAggregatedAttestation, SignedAttestation, validator_indices,
     },
-    block::{
-        AggregatedAttestations, AggregatedSignatureProof, Block, BlockBody,
-        SignedBlockWithAttestation,
-    },
+    block::{AggregatedAttestations, AggregatedSignatureProof, Block, BlockBody, SignedBlock},
     checkpoint::Checkpoint,
     primitives::{H256, ssz::TreeHash},
     signature::ValidatorSignature,
@@ -160,7 +157,7 @@ fn aggregate_committee_signatures(store: &mut Store) -> Vec<SignedAggregatedAtte
             let Some(validator) = validators.get(*vid as usize) else {
                 continue;
             };
-            let Ok(pubkey) = validator.get_pubkey() else {
+            let Ok(pubkey) = validator.get_attestation_pubkey() else {
                 continue;
             };
             sigs.push(sig.clone());
@@ -378,7 +375,7 @@ pub fn on_gossip_attestation(
         return Err(StoreError::InvalidValidatorIndex);
     }
     let validator_pubkey = target_state.validators[validator_id as usize]
-        .get_pubkey()
+        .get_attestation_pubkey()
         .map_err(|_| StoreError::PubkeyDecodingFailed(validator_id))?;
 
     // Verify the validator's XMSS signature
@@ -449,7 +446,7 @@ pub fn on_gossip_aggregated_attestation(
         .iter()
         .map(|&vid| {
             validators[vid as usize]
-                .get_pubkey()
+                .get_attestation_pubkey()
                 .map_err(|_| StoreError::PubkeyDecodingFailed(vid))
         })
         .collect::<Result<_, _>>()?;
@@ -508,7 +505,8 @@ pub fn on_gossip_aggregated_attestation(
 /// and stores them for future block building. Use this for all production paths.
 pub fn on_block(
     store: &mut Store,
-    signed_block: SignedBlockWithAttestation,
+    signed_block: SignedBlock,
+    local_validator_ids: &[u64],
 ) -> Result<(), StoreError> {
     on_block_core(store, signed_block, true)
 }
@@ -519,7 +517,7 @@ pub fn on_block(
 /// where signatures are absent or irrelevant (e.g., fork choice spec tests).
 pub fn on_block_without_verification(
     store: &mut Store,
-    signed_block: SignedBlockWithAttestation,
+    signed_block: SignedBlock,
 ) -> Result<(), StoreError> {
     on_block_core(store, signed_block, false)
 }
@@ -530,13 +528,14 @@ pub fn on_block_without_verification(
 /// for future block building. When false, all signature checks are skipped.
 fn on_block_core(
     store: &mut Store,
-    signed_block: SignedBlockWithAttestation,
+    signed_block: SignedBlock,
     verify: bool,
+    _local_validator_ids: &[u64],
 ) -> Result<(), StoreError> {
     let _timing = metrics::time_fork_choice_block_processing();
     let block_start = std::time::Instant::now();
 
-    let block = &signed_block.block.block;
+    let block = &signed_block.message;
     let block_root = block.tree_hash_root();
     let slot = block.slot;
 
@@ -563,8 +562,7 @@ fn on_block_core(
     }
     let sig_verification = sig_verification_start.elapsed();
 
-    let block = signed_block.block.block.clone();
-    let proposer_attestation = signed_block.block.proposer_attestation.clone();
+    let block = signed_block.message.clone();
 
     // Execute state transition function to compute post-block state
     let state_transition_start = std::time::Instant::now();
@@ -594,7 +592,6 @@ fn on_block_core(
     let aggregated_attestations = &block.body.attestations;
     let attestation_signatures = &signed_block.signature.attestation_signatures;
 
-    // Process block body attestations.
     // Store attestation data by root and proofs in known aggregated payloads.
     let mut att_data_entries: Vec<(H256, AttestationData)> = Vec::new();
     let mut known_entries: Vec<(SignatureKey, StoredAggregatedPayload)> = Vec::new();
@@ -617,43 +614,13 @@ fn on_block_core(
         }
     }
 
-    // Process proposer attestation as pending (enters "new" stage via gossip path)
-    // The proposer's attestation should NOT affect this block's fork choice position.
-    let proposer_vid = proposer_attestation.validator_id;
-    let proposer_data_root = proposer_attestation.data.tree_hash_root();
-    att_data_entries.push((proposer_data_root, proposer_attestation.data.clone()));
-
-    // Batch-insert all attestation data (body + proposer) in a single commit
+    // Batch-insert attestation data and known aggregated payloads
     store.insert_attestation_data_by_root_batch(att_data_entries);
     store.insert_known_aggregated_payloads_batch(known_entries);
 
     // Update forkchoice head based on new block and attestations
-    // IMPORTANT: This must happen BEFORE processing proposer attestation
-    // to prevent the proposer from gaining circular weight advantage.
     update_head(store, false);
 
-    if !verify {
-        // Without sig verification, insert directly with a dummy proof
-        let participants = aggregation_bits_from_validator_indices(&[proposer_vid]);
-        let payload = StoredAggregatedPayload {
-            slot: proposer_attestation.data.slot,
-            proof: AggregatedSignatureProof::empty(participants),
-        };
-        store.insert_new_aggregated_payload((proposer_vid, proposer_data_root), payload);
-    } else {
-        // Store the proposer's signature unconditionally for future block building.
-        // Subnet filtering is handled at the P2P subscription layer.
-        let proposer_sig =
-            ValidatorSignature::from_bytes(&signed_block.signature.proposer_signature)
-                .map_err(|_| StoreError::SignatureDecodingFailed)?;
-        store.insert_gossip_signature(
-            proposer_data_root,
-            proposer_attestation.data.slot,
-            proposer_vid,
-            proposer_sig,
-        );
-    }
-
     let block_total = block_start.elapsed();
     info!(
         %slot,
@@ -944,14 +911,6 @@ pub enum StoreError {
 
     #[error("Validator {validator_index} is not the proposer for slot {slot}")]
     NotProposer { validator_index: u64, slot: u64 },
-
-    #[error(
-        "Proposer attestation validator_id {attestation_id} does not match block proposer_index {proposer_index}"
-    )]
-    ProposerAttestationMismatch {
-        attestation_id: u64,
-        proposer_index: u64,
-    },
 }
 
 /// Build an AggregationBits bitfield from a list of validator indices.
@@ -1147,16 +1106,13 @@ fn build_block(
 /// Verify all signatures in a signed block.
 ///
 /// Each attestation has a corresponding proof in the signature list.
-fn verify_signatures(
-    state: &State,
-    signed_block: &SignedBlockWithAttestation,
-) -> Result<(), StoreError> {
+fn verify_signatures(state: &State, signed_block: &SignedBlock) -> Result<(), StoreError> {
     use ethlambda_crypto::verify_aggregated_signature;
     use ethlambda_types::signature::ValidatorSignature;
 
     let total_start = std::time::Instant::now();
 
-    let block = &signed_block.block.block;
+    let block = &signed_block.message;
     let attestations = &block.body.attestations;
     let attestation_signatures = &signed_block.signature.attestation_signatures;
 
@@ -1179,14 +1135,14 @@ fn verify_signatures(
         let slot: u32 = attestation.data.slot.try_into().expect("slot exceeds u32");
         let message = attestation.data.tree_hash_root();
 
-        // Collect public keys with bounds check in a single pass
+        // Collect attestation public keys with bounds check in a single pass
         let public_keys: Vec<_> = validator_indices(&attestation.aggregation_bits)
             .map(|vid| {
                 if vid >= num_validators {
                     return Err(StoreError::InvalidValidatorIndex);
                 }
                 validators[vid as usize]
-                    .get_pubkey()
+                    .get_attestation_pubkey()
                     .map_err(|_| StoreError::PubkeyDecodingFailed(vid))
             })
             .collect::<Result<_, _>>()?;
@@ -1207,15 +1163,7 @@ fn verify_signatures(
 
     let proposer_start = std::time::Instant::now();
 
-    let proposer_attestation = &signed_block.block.proposer_attestation;
-
-    if proposer_attestation.validator_id != block.proposer_index {
-        return Err(StoreError::ProposerAttestationMismatch {
-            attestation_id: proposer_attestation.validator_id,
-            proposer_index: block.proposer_index,
-        });
-    }
-
+    // Verify proposer signature over block root using proposal key
     let proposer_signature =
         ValidatorSignature::from_bytes(&signed_block.signature.proposer_signature)
             .map_err(|_| StoreError::ProposerSignatureDecodingFailed)?;
@@ -1225,17 +1173,13 @@ fn verify_signatures(
         .ok_or(StoreError::InvalidValidatorIndex)?;
 
     let proposer_pubkey = proposer
-        .get_pubkey()
+        .get_proposal_pubkey()
         .map_err(|_| StoreError::PubkeyDecodingFailed(proposer.index))?;
 
-    let slot = proposer_attestation
-        .data
-        .slot
-        .try_into()
-        .expect("slot exceeds u32");
-    let message = proposer_attestation.data.tree_hash_root();
+    let slot: u32 = block.slot.try_into().expect("slot exceeds u32");
+    let block_root = block.tree_hash_root();
 
-    if !proposer_signature.is_valid(&proposer_pubkey, slot, &message) {
+    if !proposer_signature.is_valid(&proposer_pubkey, slot, &block_root) {
         return Err(StoreError::ProposerSignatureVerificationFailed);
     }
     let proposer_elapsed = proposer_start.elapsed();
@@ -1303,11 +1247,8 @@ fn reorg_depth(old_head: H256, new_head: H256, store: &Store) -> Option<u64> {
 mod tests {
     use super::*;
     use ethlambda_types::{
-        attestation::{AggregatedAttestation, AggregationBits, Attestation, AttestationData},
-        block::{
-            AggregatedSignatureProof, BlockBody, BlockSignatures, BlockWithAttestation,
-            SignedBlockWithAttestation,
-        },
+        attestation::{AggregatedAttestation, AggregationBits, AttestationData},
+        block::{AggregatedSignatureProof, BlockBody, BlockSignatures, SignedBlock},
         checkpoint::Checkpoint,
         state::State,
     };
@@ -1336,26 +1277,20 @@ mod tests {
 
         let attestation = AggregatedAttestation {
             aggregation_bits: attestation_bits,
-            data: attestation_data.clone(),
+            data: attestation_data,
         };
         let proof = AggregatedSignatureProof::empty(proof_bits);
 
         let attestations = AggregatedAttestations::new(vec![attestation]).unwrap();
         let attestation_signatures = ssz_types::VariableList::new(vec![proof]).unwrap();
 
-        let signed_block = SignedBlockWithAttestation {
-            block: BlockWithAttestation {
-                block: Block {
-                    slot: 0,
-                    proposer_index: 0,
-                    parent_root: H256::ZERO,
-                    state_root: H256::ZERO,
-                    body: BlockBody { attestations },
-                },
-                proposer_attestation: Attestation {
-                    validator_id: 0,
-                    data: attestation_data,
-                },
+        let signed_block = SignedBlock {
+            message: Block {
+                slot: 0,
+                proposer_index: 0,
+                parent_root: H256::ZERO,
+                state_root: H256::ZERO,
+                body: BlockBody { attestations },
             },
             signature: BlockSignatures {
                 attestation_signatures,

crates/storage/src/api/tables.rs

@@ -5,7 +5,7 @@ pub enum Table {
     BlockHeaders,
     /// Block body storage: H256 -> BlockBody
     BlockBodies,
-    /// Block signatures storage: H256 -> BlockSignaturesWithAttestation
+    /// Block signatures storage: H256 -> BlockSignatures
     ///
     /// Stored separately from blocks because the genesis block has no signatures.
     /// All other blocks must have an entry in this table.

crates/storage/src/store.rs

@@ -13,10 +13,7 @@ use crate::types::{StoredAggregatedPayload, StoredSignature};
 
 use ethlambda_types::{
     attestation::AttestationData,
-    block::{
-        AggregatedSignatureProof, Block, BlockBody, BlockHeader, BlockSignaturesWithAttestation,
-        BlockWithAttestation, SignedBlockWithAttestation,
-    },
+    block::{Block, BlockBody, BlockHeader, BlockSignatures, SignedBlock},
     checkpoint::Checkpoint,
     primitives::{
         H256,
@@ -742,7 +739,7 @@ impl Store {
     ///
     /// When the block is later processed via [`insert_signed_block`](Self::insert_signed_block),
     /// the same keys are overwritten (idempotent) and a `LiveChain` entry is added.
-    pub fn insert_pending_block(&mut self, root: H256, signed_block: SignedBlockWithAttestation) {
+    pub fn insert_pending_block(&mut self, root: H256, signed_block: SignedBlock) {
         let mut batch = self.backend.begin_write().expect("write batch");
         write_signed_block(batch.as_mut(), &root, signed_block);
         batch.commit().expect("commit");
@@ -755,7 +752,7 @@ impl Store {
     /// only storing signatures for non-genesis blocks.
     ///
     /// Takes ownership to avoid cloning large signature data.
-    pub fn insert_signed_block(&mut self, root: H256, signed_block: SignedBlockWithAttestation) {
+    pub fn insert_signed_block(&mut self, root: H256, signed_block: SignedBlock) {
         let mut batch = self.backend.begin_write().expect("write batch");
         let block = write_signed_block(batch.as_mut(), &root, signed_block);
 
@@ -774,7 +771,7 @@ impl Store {
     ///
     /// Returns None if any of the components are not found.
     /// Note: Genesis block has no entry in BlockSignatures table.
-    pub fn get_signed_block(&self, root: &H256) -> Option<SignedBlockWithAttestation> {
+    pub fn get_signed_block(&self, root: &H256) -> Option<SignedBlock> {
         let view = self.backend.begin_read().expect("read view");
         let key = root.as_ssz_bytes();
 
@@ -792,10 +789,12 @@ impl Store {
         };
 
         let block = Block::from_header_and_body(header, body);
-        let signatures =
-            BlockSignaturesWithAttestation::from_ssz_bytes(&sig_bytes).expect("valid signatures");
+        let signature = BlockSignatures::from_ssz_bytes(&sig_bytes).expect("valid signatures");
 
-        Some(signatures.to_signed_block(block))
+        Some(SignedBlock {
+            message: block,
+            signature,
+        })
     }
 
     // ============ States ============
@@ -1149,21 +1148,13 @@ impl Store {
 fn write_signed_block(
     batch: &mut dyn StorageWriteBatch,
     root: &H256,
-    signed_block: SignedBlockWithAttestation,
+    signed_block: SignedBlock,
 ) -> Block {
-    let SignedBlockWithAttestation {
-        block: BlockWithAttestation {
-            block,
-            proposer_attestation,
-        },
+    let SignedBlock {
+        message: block,
         signature,
     } = signed_block;
 
-    let signatures = BlockSignaturesWithAttestation {
-        proposer_attestation,
-        signatures: signature,
-    };
-
     let header = block.header();
     let root_bytes = root.as_ssz_bytes();
 
@@ -1180,7 +1171,7 @@ fn write_signed_block(
             .expect("put block body");
     }
 
-    let sig_entries = vec![(root_bytes, signatures.as_ssz_bytes())];
+    let sig_entries = vec![(root_bytes, signature.as_ssz_bytes())];
     batch
         .put_batch(Table::BlockSignatures, sig_entries)
         .expect("put block signatures");