ethash: implement Progpow (#9762)

* ethash: initial implementation of progpow * progpow: use wrapping arithmetic * progpow: cleanup comments * progpow: fix keccak_f800 * progpow: reorder definitions * progpow: general fixing * progpow: add basic tests from geth * progpow: generate c_dag and add test * progpow: fix progpow_init and progpow_loop * progpow: fix and add new test * progpow: tabify * progpow: add shared testvectors from geth and aleth * progpow: add benchmarks * progpow: don't read bytes from dag * ethash: use criterion for progpow benchmarks * progpow: dont borrow hash on fnv1a_hash * progpow: don't borrow operand on progpow merge * progpow: hardcode dag lookup function we only support light verification anyway * progpow: read double words directly from the dag * progpow: inline some small functions * progpow: remove some bounds checking from the main loop * progpow: remove unreachable match cases * progpow: remove bounds check in keccak_f800_round * progpow: fix ptr::swap * progpow: force loop unroll in keccak_f800_round * progpow: remove unnecessary branching in progpow_loop * progpow: force loop unroll in fill_mix * progpow: silence unused warning * progpow: dont run last keccak_f800_round out of the loop rustc generates the same assembly, it unrolls the loop * progpow: fix output of keccak_f800_short * ethcore: support progpow in ethash engine * ethash: fix typo * ethcore, ethash: fix tests * json: fix ethash spec tests * ethash: update quick_get_difficulty for progpow * ethash: drop light cache on progpow transition block * ethash: fix quick_get_difficulty tests * progpow: update to spec v0.9.0 * progpow: update to spec v0.9.1 * progpow: update to spec v0.9.2 * ethash: rename progpow benchmarks * fix Cargo.lock bad merge * ethash: only export modules for benchmarks * ethash: progpow: remove unsafe unchecked indexing * ethash: create enum for pow algorithm * ethash: box the progpow cdag * ethash: skip slow progpow test vectors on ci * ethash: don't skip progpow test vectors they don't take too long when running in release mode which is the case for CI. * ethash: progpow: update copyright date Co-Authored-By: andresilva <andre.beat@gmail.com> * ethcore: remove verification of ci-skip-tests on non-test builds
2019-02-20 09:05:11 +00:00
parent b4520c5886
commit b457f46c81
15 changed files with 932 additions and 84 deletions
--- a/ethash/src/compute.rs
+++ b/ethash/src/compute.rs
@@ -21,6 +21,7 @@

 use keccak::{keccak_512, keccak_256, H256};
 use cache::{NodeCache, NodeCacheBuilder};
+use progpow::{CDag, generate_cdag, progpow, keccak_f800_short, keccak_f800_long};
 use seed_compute::SeedHashCompute;
 use shared::*;
 use std::io;
@@ -30,7 +31,7 @@ use std::path::Path;

 const MIX_WORDS: usize = ETHASH_MIX_BYTES / 4;
 const MIX_NODES: usize = MIX_WORDS / NODE_WORDS;
-const FNV_PRIME: u32 = 0x01000193;
+pub const FNV_PRIME: u32 = 0x01000193;

 /// Computation result
 pub struct ProofOfWork {
@@ -40,9 +41,15 @@ pub struct ProofOfWork {
 	pub mix_hash: H256,
 }

+enum Algorithm {
+	Hashimoto,
+	Progpow(Box<CDag>),
+}
+
 pub struct Light {
 	block_number: u64,
 	cache: NodeCache,
+	algorithm: Algorithm,
 }

 /// Light cache structure
@@ -51,32 +58,55 @@ impl Light {
 		builder: &NodeCacheBuilder,
 		cache_dir: &Path,
 		block_number: u64,
+		progpow_transition: u64,
 	) -> Self {
 		let cache = builder.new_cache(cache_dir.to_path_buf(), block_number);

-		Light {
-			block_number: block_number,
-			cache: cache,
-		}
+		let algorithm = if block_number >= progpow_transition {
+			Algorithm::Progpow(Box::new(generate_cdag(cache.as_ref())))
+		} else {
+			Algorithm::Hashimoto
+		};
+
+		Light { block_number, cache, algorithm }
 	}

 	/// Calculate the light boundary data
 	/// `header_hash` - The header hash to pack into the mix
 	/// `nonce` - The nonce to pack into the mix
-	pub fn compute(&self, header_hash: &H256, nonce: u64) -> ProofOfWork {
-		light_compute(self, header_hash, nonce)
+	pub fn compute(&self, header_hash: &H256, nonce: u64, block_number: u64) -> ProofOfWork {
+		match self.algorithm {
+			Algorithm::Progpow(ref c_dag) => {
+				let (value, mix_hash) = progpow(
+					*header_hash,
+					nonce,
+					block_number,
+					self.cache.as_ref(),
+					c_dag,
+				);
+
+				ProofOfWork { value, mix_hash }
+			},
+			Algorithm::Hashimoto => light_compute(self, header_hash, nonce),
+		}
+
 	}

 	pub fn from_file_with_builder(
 		builder: &NodeCacheBuilder,
 		cache_dir: &Path,
 		block_number: u64,
+		progpow_transition: u64,
 	) -> io::Result<Self> {
 		let cache = builder.from_file(cache_dir.to_path_buf(), block_number)?;
-		Ok(Light {
-			block_number: block_number,
-			cache: cache,
-		})
+
+		let algorithm = if block_number >= progpow_transition {
+			Algorithm::Progpow(Box::new(generate_cdag(cache.as_ref())))
+		} else {
+			Algorithm::Hashimoto
+		};
+
+		Ok(Light { block_number, cache, algorithm })
 	}

 	pub fn to_file(&mut self) -> io::Result<&Path> {
@@ -99,27 +129,32 @@ fn fnv_hash(x: u32, y: u32) -> u32 {
 /// `nonce`            The block's nonce
 /// `mix_hash`         The mix digest hash
 /// Boundary recovered from mix hash
-pub fn quick_get_difficulty(header_hash: &H256, nonce: u64, mix_hash: &H256) -> H256 {
+pub fn quick_get_difficulty(header_hash: &H256, nonce: u64, mix_hash: &H256, progpow: bool) -> H256 {
 	unsafe {
-		// This is safe - the `keccak_512` call below reads the first 40 bytes (which we explicitly set
-		// with two `copy_nonoverlapping` calls) but writes the first 64, and then we explicitly write
-		// the next 32 bytes before we read the whole thing with `keccak_256`.
-		//
-		// This cannot be elided by the compiler as it doesn't know the implementation of
-		// `keccak_512`.
-		let mut buf: [u8; 64 + 32] = mem::uninitialized();
+		if progpow {
+			let seed = keccak_f800_short(*header_hash, nonce, [0u32; 8]);
+			keccak_f800_long(*header_hash, seed, mem::transmute(*mix_hash))
+		} else {
+			// This is safe - the `keccak_512` call below reads the first 40 bytes (which we explicitly set
+			// with two `copy_nonoverlapping` calls) but writes the first 64, and then we explicitly write
+			// the next 32 bytes before we read the whole thing with `keccak_256`.
+			//
+			// This cannot be elided by the compiler as it doesn't know the implementation of
+			// `keccak_512`.
+			let mut buf: [u8; 64 + 32] = mem::uninitialized();

-		ptr::copy_nonoverlapping(header_hash.as_ptr(), buf.as_mut_ptr(), 32);
-		ptr::copy_nonoverlapping(&nonce as *const u64 as *const u8, buf[32..].as_mut_ptr(), 8);
+			ptr::copy_nonoverlapping(header_hash.as_ptr(), buf.as_mut_ptr(), 32);
+			ptr::copy_nonoverlapping(&nonce as *const u64 as *const u8, buf[32..].as_mut_ptr(), 8);

-		keccak_512::unchecked(buf.as_mut_ptr(), 64, buf.as_ptr(), 40);
-		ptr::copy_nonoverlapping(mix_hash.as_ptr(), buf[64..].as_mut_ptr(), 32);
+			keccak_512::unchecked(buf.as_mut_ptr(), 64, buf.as_ptr(), 40);
+			ptr::copy_nonoverlapping(mix_hash.as_ptr(), buf[64..].as_mut_ptr(), 32);

-		// This is initialized in `keccak_256`
-		let mut hash: [u8; 32] = mem::uninitialized();
-		keccak_256::unchecked(hash.as_mut_ptr(), hash.len(), buf.as_ptr(), buf.len());
+			// This is initialized in `keccak_256`
+			let mut hash: [u8; 32] = mem::uninitialized();
+			keccak_256::unchecked(hash.as_mut_ptr(), hash.len(), buf.as_ptr(), buf.len());

-		hash
+			hash
+		}
 	}
 }

@@ -272,7 +307,7 @@ fn hash_compute(light: &Light, full_size: usize, header_hash: &H256, nonce: u64)
 		// We overwrite the second half since `keccak_256` has an internal buffer and so allows
 		// overlapping arrays as input.
 		let write_ptr: *mut u8 = &mut buf.compress_bytes as *mut [u8; 32] as *mut u8;
-		unsafe { 
+		unsafe {
 			keccak_256::unchecked(
 				write_ptr,
 				buf.compress_bytes.len(),
@@ -287,7 +322,7 @@ fn hash_compute(light: &Light, full_size: usize, header_hash: &H256, nonce: u64)
 }

 // TODO: Use the `simd` crate
-fn calculate_dag_item(node_index: u32, cache: &[Node]) -> Node {
+pub fn calculate_dag_item(node_index: u32, cache: &[Node]) -> Node {
 	let num_parent_nodes = cache.len();
 	let mut ret = cache[node_index as usize % num_parent_nodes].clone();
 	ret.as_words_mut()[0] ^= node_index;
@@ -361,13 +396,13 @@ mod test {
 			0x4a, 0x8e, 0x95, 0x69, 0xef, 0xc7, 0xd7, 0x1b, 0x33, 0x35, 0xdf, 0x36, 0x8c, 0x9a,
 			0xe9, 0x7e, 0x53, 0x84,
 		];
-		assert_eq!(quick_get_difficulty(&hash, nonce, &mix_hash)[..], boundary_good[..]);
+		assert_eq!(quick_get_difficulty(&hash, nonce, &mix_hash, false)[..], boundary_good[..]);
 		let boundary_bad = [
 			0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x3a, 0x9b, 0x6c, 0x69, 0xbc, 0x2c, 0xe2, 0xa2,
 			0x4a, 0x8e, 0x95, 0x69, 0xef, 0xc7, 0xd7, 0x1b, 0x33, 0x35, 0xdf, 0x36, 0x8c, 0x9a,
 			0xe9, 0x7e, 0x53, 0x84,
 		];
-		assert!(quick_get_difficulty(&hash, nonce, &mix_hash)[..] != boundary_bad[..]);
+		assert!(quick_get_difficulty(&hash, nonce, &mix_hash, false)[..] != boundary_bad[..]);
 	}

 	#[test]
@@ -391,7 +426,7 @@ mod test {

 		let tempdir = TempDir::new("").unwrap();
 		// difficulty = 0x085657254bd9u64;
-		let light = NodeCacheBuilder::new(None).light(tempdir.path(), 486382);
+		let light = NodeCacheBuilder::new(None, u64::max_value()).light(tempdir.path(), 486382);
 		let result = light_compute(&light, &hash, nonce);
 		assert_eq!(result.mix_hash[..], mix_hash[..]);
 		assert_eq!(result.value[..], boundary[..]);
@@ -400,7 +435,7 @@ mod test {
 	#[test]
 	fn test_drop_old_data() {
 		let tempdir = TempDir::new("").unwrap();
-		let builder = NodeCacheBuilder::new(None);
+		let builder = NodeCacheBuilder::new(None, u64::max_value());
 		let first = builder.light(tempdir.path(), 0).to_file().unwrap().to_owned();

 		let second = builder.light(tempdir.path(), ETHASH_EPOCH_LENGTH).to_file().unwrap().to_owned();