add bls signer abstraction from eigensdk

core/aggregation_test.go

@@ -30,7 +30,7 @@ func TestMain(m *testing.M) {
 	if err != nil {
 		panic(err)
 	}
-	logger := logging.NewNoopLogger()
+	logger := logging.NewTextSLogger(os.Stdout, &logging.SLoggerOptions{})
 	transactor := &mock.MockWriter{}
 	transactor.On("OperatorIDToAddress").Return(gethcommon.Address{}, nil)
 	agg, err = core.NewStdSignatureAggregator(logger, transactor)

go.mod

@@ -5,8 +5,8 @@ go 1.21
 toolchain go1.21.1
 
 require (
-	github.com/Layr-Labs/cerberus-api v0.0.0-20241112163132-950ce31ba1ee
-	github.com/Layr-Labs/eigensdk-go v0.1.7-0.20240507215523-7e4891d5099a
+	github.com/Layr-Labs/cerberus-api v0.0.1
+	github.com/Layr-Labs/eigensdk-go v0.1.13
 	github.com/aws/aws-sdk-go-v2 v1.26.1
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
 	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.13.12
@@ -48,6 +48,7 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/DataDog/zstd v1.5.2 // indirect
 	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20241211213446-c5ffb53d14b0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
@@ -84,7 +85,7 @@ require (
 	github.com/crate-crypto/go-kzg-4844 v1.0.0 // indirect
 	github.com/deckarep/golang-set/v2 v2.6.0 // indirect
 	github.com/docker/cli v25.0.3+incompatible // indirect
-	github.com/docker/docker v25.0.5+incompatible // indirect
+	github.com/docker/docker v25.0.6+incompatible // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/ethereum/c-kzg-4844 v1.0.0 // indirect

go.sum

@@ -10,8 +10,14 @@ github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc
 github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
 github.com/Layr-Labs/cerberus-api v0.0.0-20241112163132-950ce31ba1ee h1:aUOOI6lDb3mrAg0ClQPM+TUe0XkKcpP0Ddb9ZubciEA=
 github.com/Layr-Labs/cerberus-api v0.0.0-20241112163132-950ce31ba1ee/go.mod h1:Lm4fhzy0S3P7GjerzuseGaBFVczsIKmEhIjcT52Hluo=
+github.com/Layr-Labs/cerberus-api v0.0.1/go.mod h1:Lm4fhzy0S3P7GjerzuseGaBFVczsIKmEhIjcT52Hluo=
 github.com/Layr-Labs/eigensdk-go v0.1.7-0.20240507215523-7e4891d5099a h1:L/UsJFw9M31FD/WgXTPFB0oxbq9Cu4Urea1xWPMQS7Y=
 github.com/Layr-Labs/eigensdk-go v0.1.7-0.20240507215523-7e4891d5099a/go.mod h1:OF9lmS/57MKxS0xpSpX0qHZl0SKkDRpvJIvsGvMN1y8=
+github.com/Layr-Labs/eigensdk-go v0.1.13/go.mod h1:aYdNURUhaqeYOS+Cq12TfSdPbjFfiLaHkxPdR4Exq/s=
+github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20241207223931-577e26ef0df0 h1:ZbHP+RaM7/piSLiQK9NS8/6rz1jBUG5ecDMmf/3x3k4=
+github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20241207223931-577e26ef0df0/go.mod h1:ibvhYLQhmBqj+MqI+gjY2nRw7+QcbbLhHOBageOA0zY=
+github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20241211213446-c5ffb53d14b0 h1:Zf/bwHZlX+4anEkPLz2l9WSYPxTfACxNulgSupqxTGk=
+github.com/Layr-Labs/eigensdk-go/signer v0.0.0-20241211213446-c5ffb53d14b0/go.mod h1:ibvhYLQhmBqj+MqI+gjY2nRw7+QcbbLhHOBageOA0zY=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=
@@ -160,6 +166,7 @@ github.com/docker/cli v25.0.3+incompatible h1:KLeNs7zws74oFuVhgZQ5ONGZiXUUdgsdy6
 github.com/docker/cli v25.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE=
 github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=

node/config.go

@@ -15,7 +15,7 @@ import (
 	"github.com/Layr-Labs/eigenda/encoding/kzg"
 	"github.com/Layr-Labs/eigenda/node/flags"
 
-	"github.com/Layr-Labs/eigensdk-go/crypto/bls"
+	sdkSignerTypes "github.com/Layr-Labs/eigensdk-go/signer/bls/types"
 
 	"github.com/ethereum/go-ethereum/accounts/keystore"
 	"github.com/ethereum/go-ethereum/crypto"
@@ -79,11 +79,7 @@ type Config struct {
 	ReachabilityPollIntervalSec    uint64
 	DisableNodeInfoResources       bool
 
-	BLSRemoteSignerEnabled   bool
-	BLSRemoteSignerUrl       string
-	BLSPublicKeyHex          string
-	BLSKeyPassword           string
-	BLSSignerTLSCertFilePath string
+	BlsSignerConfig sdkSignerTypes.SignerConfig
 
 	EthClientConfig geth.EthClientConfig
 	LoggerConfig    common.LoggerConfig
@@ -160,25 +156,41 @@ func NewConfig(ctx *cli.Context) (*Config, error) {
 		ethClientConfig = geth.ReadEthClientConfig(ctx)
 	}
 
-	// check if BLS remote signer configuration is provided
-	blsRemoteSignerEnabled := ctx.GlobalBool(flags.BLSRemoteSignerEnabledFlag.Name)
-	if blsRemoteSignerEnabled && (ctx.GlobalString(flags.BLSRemoteSignerUrlFlag.Name) == "" || ctx.GlobalString(flags.BLSPublicKeyHexFlag.Name) == "") {
-		return nil, fmt.Errorf("BLS remote signer URL and Public Key Hex is required if BLS remote signer is enabled")
-	}
-	if !blsRemoteSignerEnabled && (ctx.GlobalString(flags.BlsKeyFileFlag.Name) == "" || ctx.GlobalString(flags.BlsKeyPasswordFlag.Name) == "") {
-		return nil, fmt.Errorf("BLS key file and password is required if BLS remote signer is disabled")
-	}
-
 	// Decrypt BLS key
 	var privateBls string
+	var blsSignerConfig sdkSignerTypes.SignerConfig
 	if !testMode {
-		// If remote signer fields are empty then try to read the BLS key from the file
-		if !blsRemoteSignerEnabled {
-			kp, err := bls.ReadPrivateKeyFromFile(ctx.GlobalString(flags.BlsKeyFileFlag.Name), ctx.GlobalString(flags.BlsKeyPasswordFlag.Name))
-			if err != nil {
-				return nil, fmt.Errorf("could not read or decrypt the BLS private key: %v", err)
-			}
-			privateBls = kp.PrivKey.String()
+		blsSignerCertFilePath := ctx.GlobalString(flags.BLSSignerCertFileFlag.Name)
+		enableTLS := len(blsSignerCertFilePath) > 0
+		signerType := sdkSignerTypes.Local
+
+		// check if BLS remote signer configuration is provided
+		blsRemoteSignerEnabled := ctx.GlobalBool(flags.BLSRemoteSignerEnabledFlag.Name)
+		blsRemoteSignerUrl := ctx.GlobalString(flags.BLSRemoteSignerUrlFlag.Name)
+		blsPublicKeyHex := ctx.GlobalString(flags.BLSPublicKeyHexFlag.Name)
+		blsKeyFilePath := ctx.GlobalString(flags.BlsKeyFileFlag.Name)
+		blsKeyPassword := ctx.GlobalString(flags.BlsKeyPasswordFlag.Name)
+
+		if blsRemoteSignerEnabled && (blsRemoteSignerUrl == "" || blsPublicKeyHex == "") {
+			return nil, fmt.Errorf("BLS remote signer URL and Public Key Hex is required if BLS remote signer is enabled")
+		}
+		if !blsRemoteSignerEnabled && (blsKeyFilePath == "" || blsKeyPassword == "") {
+			return nil, fmt.Errorf("BLS key file and password is required if BLS remote signer is disabled")
+		}
+
+		if blsRemoteSignerEnabled {
+			signerType = sdkSignerTypes.Cerberus
+		}
+
+		blsSignerConfig = sdkSignerTypes.SignerConfig{
+			SignerType:       signerType,
+			Path:             blsKeyFilePath,
+			Password:         blsKeyPassword,
+			CerberusUrl:      blsRemoteSignerUrl,
+			PublicKeyHex:     blsPublicKeyHex,
+			CerberusPassword: blsKeyPassword,
+			EnableTLS:        enableTLS,
+			TLSCertFilePath:  ctx.GlobalString(flags.BLSSignerCertFileFlag.Name),
 		}
 	} else {
 		privateBls = ctx.GlobalString(flags.TestPrivateBlsFlag.Name)
@@ -234,11 +246,7 @@ func NewConfig(ctx *cli.Context) (*Config, error) {
 		ClientIPHeader:                 ctx.GlobalString(flags.ClientIPHeaderFlag.Name),
 		UseSecureGrpc:                  ctx.GlobalBoolT(flags.ChurnerUseSecureGRPC.Name),
 		DisableNodeInfoResources:       ctx.GlobalBool(flags.DisableNodeInfoResourcesFlag.Name),
-		BLSRemoteSignerUrl:             ctx.GlobalString(flags.BLSRemoteSignerUrlFlag.Name),
-		BLSPublicKeyHex:                ctx.GlobalString(flags.BLSPublicKeyHexFlag.Name),
-		BLSKeyPassword:                 ctx.GlobalString(flags.BlsKeyPasswordFlag.Name),
-		BLSSignerTLSCertFilePath:       ctx.GlobalString(flags.BLSSignerCertFileFlag.Name),
-		BLSRemoteSignerEnabled:         blsRemoteSignerEnabled,
+		BlsSignerConfig:                blsSignerConfig,
 		EnableV2:                       ctx.GlobalBool(flags.EnableV2Flag.Name),
 		OnchainStateRefreshInterval:    ctx.GlobalDuration(flags.OnchainStateRefreshIntervalFlag.Name),
 		ChunkDownloadTimeout:           ctx.GlobalDuration(flags.ChunkDownloadTimeoutFlag.Name),

node/node.go

@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+
 	"io"
 	"maps"
 	"math"
@@ -28,10 +29,6 @@ import (
 	gethcommon "github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/crypto"
 
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
-	"google.golang.org/grpc/credentials/insecure"
-
 	"github.com/Layr-Labs/eigenda/api/clients"
 	"github.com/Layr-Labs/eigenda/api/grpc/node"
 	"github.com/Layr-Labs/eigenda/common/geth"
@@ -40,13 +37,14 @@ import (
 	"github.com/Layr-Labs/eigenda/core/indexer"
 	corev2 "github.com/Layr-Labs/eigenda/core/v2"
 	v2 "github.com/Layr-Labs/eigenda/core/v2"
+
 	"github.com/Layr-Labs/eigensdk-go/logging"
 	"github.com/Layr-Labs/eigensdk-go/metrics"
 	rpccalls "github.com/Layr-Labs/eigensdk-go/metrics/collectors/rpc_calls"
 	"github.com/Layr-Labs/eigensdk-go/nodeapi"
-	"github.com/gammazero/workerpool"
+	sdkSigner "github.com/Layr-Labs/eigensdk-go/signer/bls"
 
-	blssignerV1 "github.com/Layr-Labs/cerberus-api/pkg/api/v1"
+	"github.com/gammazero/workerpool"
 )
 
 const (
@@ -77,7 +75,8 @@ type Node struct {
 	PubIPProvider           pubip.Provider
 	OperatorSocketsFilterer indexer.OperatorSocketsFilterer
 	ChainID                 *big.Int
-	BLSSigner               blssignerV1.SignerClient
+
+	BlsSigner sdkSigner.Signer
 
 	RelayClient atomic.Value
 
@@ -133,7 +132,7 @@ func NewNode(
 	cst := eth.NewChainState(tx, client)
 
 	var keyPair *core.KeyPair
-	var blsClient blssignerV1.SignerClient
+	var blsSigner sdkSigner.Signer
 	if config.PrivateBls != "" {
 		nodeLogger.Info("using local keystore private key for BLS signing")
 		// Generate BLS keys
@@ -144,33 +143,18 @@ func NewNode(
 
 		config.ID = keyPair.GetPubKeyG1().GetOperatorID()
 	} else {
-		pkBytes, err := hex.DecodeString(config.BLSPublicKeyHex)
+		blsSigner, err = sdkSigner.NewSigner(config.BlsSignerConfig)
 		if err != nil {
-			return nil, fmt.Errorf("failed to decode BLS public key: %w", err)
+			return nil, fmt.Errorf("failed to create BLS signer: %w", err)
 		}
-		pubkey := new(core.G1Point)
-		publicKey, err := pubkey.Deserialize(pkBytes)
+		operatorID, err := blsSigner.GetOperatorId()
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("failed to get operator ID: %w", err)
 		}
-
-		config.ID = publicKey.GetOperatorID()
-
-		nodeLogger.Info("creating signer client", "url", config.BLSRemoteSignerUrl)
-		creds := insecure.NewCredentials()
-		if config.BLSSignerTLSCertFilePath != "" {
-			creds, err = credentials.NewClientTLSFromFile(config.BLSSignerTLSCertFilePath, "")
-			if err != nil {
-				return nil, err
-			}
-		}
-		conn, err := grpc.NewClient(
-			config.BLSRemoteSignerUrl, grpc.WithTransportCredentials(creds),
-		)
+		config.ID, err = core.OperatorIDFromHex(operatorID)
 		if err != nil {
-			return nil, fmt.Errorf("failed to create new BLS remote signer client: %w", err)
+			return nil, fmt.Errorf("failed to convert operator ID: %w", err)
 		}
-		blsClient = blssignerV1.NewSignerClient(conn)
 	}
 
 	// Setup Node Api
@@ -239,7 +223,7 @@ func NewNode(
 		PubIPProvider:           pubIPProvider,
 		OperatorSocketsFilterer: socketsFilterer,
 		ChainID:                 chainID,
-		BLSSigner:               blsClient,
+		BlsSigner:               blsSigner,
 	}
 
 	if !config.EnableV2 {
@@ -584,35 +568,25 @@ func (n *Node) ProcessBatch(ctx context.Context, header *core.BatchHeader, blobs
 	}
 
 	n.Metrics.RecordStoreChunksStage("signed", batchSize, time.Since(stageTimer))
-	log.Debug("Sign batch succeeded", "pubkey", n.Config.BLSPublicKeyHex, "duration", time.Since(stageTimer))
+	log.Debug("Sign batch succeeded", "pubkey", n.BlsSigner.GetPublicKeyHex(), "duration", time.Since(stageTimer))
 
 	log.Debug("Exiting process batch", "duration", time.Since(start))
 	return signature, nil
 }
 
 func (n *Node) SignMessage(ctx context.Context, data [32]byte) (*core.Signature, error) {
-	if n.Config.BLSRemoteSignerEnabled {
-		sigResp, err := n.BLSSigner.SignGeneric(
-			ctx,
-			&blssignerV1.SignGenericRequest{
-				PublicKey: n.Config.BLSPublicKeyHex,
-				Password:  n.Config.BLSKeyPassword,
-				Data:      data[:],
-			},
-		)
-		if err != nil {
-			return nil, fmt.Errorf("failed to sign data: %w", err)
-		}
-		sig := new(core.Signature)
-		g, err := sig.Deserialize(sigResp.Signature)
-		if err != nil {
-			return nil, fmt.Errorf("failed to deserialize signature: %w", err)
-		}
-		return &core.Signature{
-			G1Point: g,
-		}, nil
+	signature, err := n.BlsSigner.Sign(ctx, data[:])
+	if err != nil {
+		return nil, fmt.Errorf("failed to sign message: %w", err)
+	}
+	sig := new(core.Signature)
+	g, err := sig.Deserialize(signature)
+	if err != nil {
+		return nil, fmt.Errorf("failed to deserialize signature: %w", err)
 	}
-	return n.KeyPair.SignMessage(data), nil
+	return &core.Signature{
+		G1Point: g,
+	}, nil
 }
 
 func (n *Node) ValidateBatch(ctx context.Context, header *core.BatchHeader, blobs []*core.BlobMessage) error {