From c4d3a12e0b94c136bfabf2d406a4e8d29ae8cc8e Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 12 Jul 2021 17:16:07 -0700
Subject: [PATCH 01/28] [BlockSigner] Add block signer thread initialization
 code.

The block signer has its own thread to manage active roles in the federation protocol.  Most state transitions happen in response to messages received over the network, and are therefore processed in the network thread.  However the master node for a round is responsible for kicking off the round with a block proposal, and it is the block-signer thread that does that.
---
 src/Makefile.am       |  2 ++
 src/federation.cpp    | 54 +++++++++++++++++++++++++++++++++++++++++++
 src/federation.h      | 20 ++++++++++++++++
 src/init.cpp          | 10 ++++++++
 src/logging.cpp       |  1 +
 src/logging.h         |  1 +
 src/threadinterrupt.h |  7 ++++++
 7 files changed, 95 insertions(+)
 create mode 100644 src/federation.cpp
 create mode 100644 src/federation.h

diff --git a/src/Makefile.am b/src/Makefile.am
index a29a52eb0d..cd26b0f5f0 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -143,6 +143,7 @@ BITCOIN_CORE_H = \
   cuckoocache.h \
   dbwrapper.h \
   dynafed.h \
+  federation.h \
   flatfile.h \
   fs.h \
   httprpc.h \
@@ -310,6 +311,7 @@ libbitcoin_server_a_SOURCES = \
   consensus/tx_verify.cpp \
   dynafed.cpp \
   dbwrapper.cpp \
+  federation.cpp \
   flatfile.cpp \
   httprpc.cpp \
   httpserver.cpp \
diff --git a/src/federation.cpp b/src/federation.cpp
new file mode 100644
index 0000000000..ada898b618
--- /dev/null
+++ b/src/federation.cpp
@@ -0,0 +1,54 @@
+// Copyright (c) 2021 Digital Garage
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <federation.h>
+
+#include <logging.h>
+#include <node/context.h>
+#include <sync.h>
+#include <threadinterrupt.h>
+
+#include <chrono>
+
+//! Pointer to the NodeContext for the process
+static NodeContext* g_context = nullptr;
+
+//! Critical section guarding access to any of the block-signing federation global state
+static RecursiveMutex cs_block_signer;
+
+//! Thread interrupter which is used to command the block-signing thread to terminate.
+static CThreadInterrupt g_thread_interrupt;
+void InterruptBlockSignerThread() {
+    g_thread_interrupt();
+}
+
+/** Manages connections to other nodes in the block-signing federation, and
+ ** performs this node's role in the block-signing protocol. */
+void ThreadBlockSigner(NodeContext& node)
+{
+    // Make node context accessible everywhere from within this file.
+    g_context = &node;
+
+    // Blocks are generated on the minute, every minute.  We round the current
+    // time up to the next minute to get the initial block generation time.
+    // (Note that the following code truncates back to the last minute interval
+    // start time, but will then be advanced past the present at the beginning
+    // of the mining loop below.)
+    std::chrono::steady_clock::time_point nextblocktime(
+        std::chrono::duration_cast<std::chrono::minutes>(
+            std::chrono::steady_clock::now().time_since_epoch()));
+
+    while (true) {
+        // Sleep this thread until the start of the next block interval.
+        nextblocktime += std::chrono::minutes{1};
+        if (!g_thread_interrupt.sleep_until(nextblocktime)) {
+            // Thread interrupted.  Shutdown in progress?
+            break;
+        }
+
+        LogPrint(BCLog::FEDERATION, "A real block signer would generate a block here.\n");
+    }
+}
+
+// End of File
diff --git a/src/federation.h b/src/federation.h
new file mode 100644
index 0000000000..b5d096ed8e
--- /dev/null
+++ b/src/federation.h
@@ -0,0 +1,20 @@
+// Copyright (c) 2021 Digital Garage
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_FEDERATION_H
+#define BITCOIN_FEDERATION_H
+
+#include <node/context.h>
+
+/** Run an instance of the block-signing protocol manager. */
+void ThreadBlockSigner(NodeContext &node);
+
+// For some reason the Boost thread interrupt is not interrupting the sleep
+// within ThreadBlockSigner, so we provide a special-purpose interruption
+// routine.  This should be investigated and removed if possible.
+void InterruptBlockSignerThread();
+
+#endif // BITCOIN_FEDERATION_H
+
+// End of File
diff --git a/src/init.cpp b/src/init.cpp
index 22d09d28e9..d6c34ee92d 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -17,6 +17,7 @@
 #include <chainparams.h>
 #include <compat/sanity.h>
 #include <consensus/validation.h>
+#include <federation.h>
 #include <fs.h>
 #include <hash.h>
 #include <httprpc.h>
@@ -92,6 +93,7 @@ static bool fFeeEstimatesInitialized = false;
 static const bool DEFAULT_PROXYRANDOMIZE = true;
 static const bool DEFAULT_REST_ENABLE = false;
 static const bool DEFAULT_STOPAFTERBLOCKIMPORT = false;
+static const bool DEFAULT_BLOCK_SIGNER_ENABLE = false;
 
 #ifdef WIN32
 // Win32 LevelDB doesn't use filedescriptors, and the ones used for
@@ -174,6 +176,7 @@ void Interrupt(NodeContext& node)
     InterruptREST();
     InterruptTorControl();
     InterruptMapPort();
+    InterruptBlockSignerThread();
     if (node.connman)
         node.connman->Interrupt();
     if (g_txindex) {
@@ -639,6 +642,8 @@ void SetupServerArgs(NodeContext& node)
     argsman.AddArg("-ct_bits", strprintf("The default number of hiding bits in a rangeproof. Will be exceeded to cover amounts exceeding the maximum hiding value. (default: %d)", 52), ArgsManager::ALLOW_ANY, OptionsCategory::CHAINPARAMS);
     argsman.AddArg("-ct_exponent", strprintf("The hiding exponent. (default: %s)", 0), ArgsManager::ALLOW_ANY, OptionsCategory::CHAINPARAMS);
 
+    argsman.AddArg("-blocksigner", strprintf("Enable built-in block-signing federated peer protocol. (default: %s)", DEFAULT_BLOCK_SIGNER_ENABLE ? "on" : "off"), ArgsManager::ALLOW_ANY, OptionsCategory::ELEMENTS);
+
     // Add the hidden options
     argsman.AddHiddenArgs(hidden_args);
     argsman.AddHiddenArgs(elements_hidden_args);
@@ -2064,6 +2069,11 @@ bool AppInitMain(const util::Ref& context, NodeContext& node, interfaces::BlockA
         return false;
     }
 
+    // Start the block-signing protocol management thread
+    if (args.GetBoolArg("-blocksigner", DEFAULT_BLOCK_SIGNER_ENABLE)) {
+        threadGroup.create_thread(std::bind(&TraceThread<CScheduler::Function>, "block-signer", [&node](){ThreadBlockSigner(node);}));
+    }
+
     // ********************************************************* Step 13: Check PAK
     if (chainparams.GetEnforcePak()) {
         if (!chainparams.GetConsensus().first_extension_space.empty() &&
diff --git a/src/logging.cpp b/src/logging.cpp
index 35e0754f20..fe621454e1 100644
--- a/src/logging.cpp
+++ b/src/logging.cpp
@@ -155,6 +155,7 @@ const CLogCategoryDesc LogCategories[] =
     {BCLog::QT, "qt"},
     {BCLog::LEVELDB, "leveldb"},
     {BCLog::VALIDATION, "validation"},
+    {BCLog::FEDERATION, "federation"},
     {BCLog::ALL, "1"},
     {BCLog::ALL, "all"},
 };
diff --git a/src/logging.h b/src/logging.h
index 7e646ef67a..d5d47550ff 100644
--- a/src/logging.h
+++ b/src/logging.h
@@ -56,6 +56,7 @@ namespace BCLog {
         QT          = (1 << 19),
         LEVELDB     = (1 << 20),
         VALIDATION  = (1 << 21),
+        FEDERATION  = (1 << 29),
         ALL         = ~(uint32_t)0,
     };
 
diff --git a/src/threadinterrupt.h b/src/threadinterrupt.h
index 2665f8a5be..f7a0a29dfc 100644
--- a/src/threadinterrupt.h
+++ b/src/threadinterrupt.h
@@ -27,6 +27,13 @@ class CThreadInterrupt
     bool sleep_for(std::chrono::seconds rel_time);
     bool sleep_for(std::chrono::minutes rel_time);
 
+    template<class Clock>
+    bool sleep_until(std::chrono::time_point<Clock> timeout)
+    {
+        WAIT_LOCK(mut, lock);
+        return !cond.wait_until(lock, timeout, [this]() { return flag.load(std::memory_order_acquire); });
+    }
+
 private:
     std::condition_variable cond;
     Mutex mut;

From cdae6ed962f3fe77804a59da074e2079d9a86af1 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 9 Aug 2021 20:56:37 -0700
Subject: [PATCH 02/28] [BlockSigner] Add utility function for fetching wallet
 to use for block signing.

---
 src/federation.cpp  | 41 +++++++++++++++++++++++++++++++++++++++++
 src/wallet/init.cpp |  2 ++
 2 files changed, 43 insertions(+)

diff --git a/src/federation.cpp b/src/federation.cpp
index ada898b618..a7ef59e2a4 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -8,8 +8,15 @@
 #include <node/context.h>
 #include <sync.h>
 #include <threadinterrupt.h>
+#include <util/system.h>
+#ifdef ENABLE_WALLET
+#include <wallet/wallet.h>
+#endif // ENABLE_WALLET
 
 #include <chrono>
+#include <memory>
+#include <string>
+#include <vector>
 
 //! Pointer to the NodeContext for the process
 static NodeContext* g_context = nullptr;
@@ -23,6 +30,40 @@ void InterruptBlockSignerThread() {
     g_thread_interrupt();
 }
 
+#ifdef ENABLE_WALLET
+// Elements supports multiple user wallets.  The wallet which should be used for
+// block signing can be specified via a configuration option, otherwise the
+// "default" wallet will be used.
+static std::shared_ptr<CWallet> GetWalletForBlockSigning()
+{
+    std::vector<std::shared_ptr<CWallet>> wallets = GetWallets();
+    if (wallets.empty()) {
+        return nullptr;
+    }
+    // The user can configure which wallet to use for block signing with the
+    // '-signblockwallet' option.  By default, the default wallet is used.
+    const std::string requestedwallet = g_context->args->GetArg("-signblockwallet", "");
+    std::shared_ptr<CWallet> ret = GetWallet(requestedwallet);
+    if (ret) {
+        return ret;
+    }
+    // If a wallet name was specified but not found, let's log that so the user
+    // knows they need to fix their configuration.
+    if (requestedwallet != "" && requestedwallet != "0") {
+        LogPrintf("Requested wallet \"%s\" be used to sign block proposals, but no such wallet found.\n", requestedwallet);
+    }
+    // The user can disable use of a wallet for block signing by setting
+    // '-signblockwallet' to 0 or false or '-nosignblockwallet=1'.  Note that
+    // there must not be a wallet named "0" (or "false", etc.), or else that
+    // wallet will be selected above.
+    if (!g_context->args->GetBoolArg("-signblockwallet", true)) {
+        return nullptr;
+    }
+    // If we get this far, it is because the default wallet is requested.
+    return !wallets.empty() ? wallets[0] : nullptr;
+}
+#endif // ENABLE_WALLET
+
 /** Manages connections to other nodes in the block-signing federation, and
  ** performs this node's role in the block-signing protocol. */
 void ThreadBlockSigner(NodeContext& node)
diff --git a/src/wallet/init.cpp b/src/wallet/init.cpp
index 8b2ef191fb..317c49f49e 100644
--- a/src/wallet/init.cpp
+++ b/src/wallet/init.cpp
@@ -68,6 +68,8 @@ void WalletInit::AddWalletOptions(ArgsManager& argsman) const
 #endif
     argsman.AddArg("-walletrbf", strprintf("Send transactions with full-RBF opt-in enabled (RPC only, default: %u)", DEFAULT_WALLET_RBF), ArgsManager::ALLOW_ANY, OptionsCategory::WALLET);
 
+    argsman.AddArg("-signblockwallet=<wallet>", "Use the named wallet for signing block proposals in the federation block-signing code", ArgsManager::ALLOW_ANY | ArgsManager::NETWORK_ONLY, OptionsCategory::ELEMENTS);
+
     argsman.AddArg("-dblogsize=<n>", strprintf("Flush wallet database activity from memory to disk log every <n> megabytes (default: %u)", DEFAULT_WALLET_DBLOGSIZE), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::WALLET_DEBUG_TEST);
     argsman.AddArg("-flushwallet", strprintf("Run a thread to flush wallet periodically (default: %u)", DEFAULT_FLUSHWALLET), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::WALLET_DEBUG_TEST);
     argsman.AddArg("-privdb", strprintf("Sets the DB_PRIVATE flag in the wallet db environment (default: %u)", DEFAULT_WALLET_PRIVDB), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::WALLET_DEBUG_TEST);

From a93c4594b2101e600285e893f584edf057bfcf5e Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 9 Aug 2021 12:00:21 -0700
Subject: [PATCH 03/28] [BlockSigner] Parse federation and block signer
 configuration options.

---
 src/federation.cpp | 170 +++++++++++++++++++++++++++++++++++++++++++++
 src/init.cpp       |   1 +
 2 files changed, 171 insertions(+)

diff --git a/src/federation.cpp b/src/federation.cpp
index a7ef59e2a4..4a2748dd14 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -4,18 +4,29 @@
 
 #include <federation.h>
 
+#include <chainparams.h>
 #include <logging.h>
+#include <netaddress.h>
+#include <netbase.h>
+#include <net.h>
 #include <node/context.h>
+#include <pubkey.h>
+#include <streams.h>
 #include <sync.h>
 #include <threadinterrupt.h>
+#include <util/strencodings.h>
 #include <util/system.h>
 #ifdef ENABLE_WALLET
 #include <wallet/wallet.h>
 #endif // ENABLE_WALLET
 
+#include <algorithm>
 #include <chrono>
 #include <memory>
+#include <map>
+#include <set>
 #include <string>
+#include <utility>
 #include <vector>
 
 //! Pointer to the NodeContext for the process
@@ -64,6 +75,158 @@ static std::shared_ptr<CWallet> GetWalletForBlockSigning()
 }
 #endif // ENABLE_WALLET
 
+//! All public keys contained within the block signing script.
+static std::vector<CPubKey> g_block_signing_keys;
+//! The block signing public key associated with this node.
+static CPubKey g_our_block_signing_key;
+//! The index of the block signing key associated with this node.
+static int g_our_block_signing_key_index = 0;
+
+//! The subnets match only the IPs which are known federation block-signing
+//! nodes.  Block-signing messages from other nodes not matching any of these
+//! subnets are ignored, so as to not reveal that we are a block-signing
+//! federation node.
+static std::set<CSubNet> g_whitelist;
+
+struct BlockSigner {
+    CPubKey m_pubkey;
+    std::set<std::string> netaddrs;
+    int64_t m_endpoint_last_update_time;
+    std::set<NodeId> m_nodes;
+
+    BlockSigner() : m_endpoint_last_update_time(0) { }
+    BlockSigner(const CPubKey& pubkey, const std::string& netaddr) : m_pubkey(pubkey), netaddrs({netaddr}), m_endpoint_last_update_time(0) { }
+};
+
+//! A record to store configuration information and state for each block signer.
+static std::map<CPubKey, BlockSigner> g_block_signers;
+
+// Parses the configuration options to determine connection and pubkey
+// information for all the other federation peers.
+static bool ReadFederationOpts() {
+    using std::swap;
+
+    LOCK(cs_block_signer);
+
+    CScript script = Params().GetConsensus().signblockscript;
+#if ENABLE_WALLET
+    std::shared_ptr<CWallet> pwallet = GetWalletForBlockSigning();
+    LegacyScriptPubKeyMan* spk_man = pwallet ? pwallet->GetOrCreateLegacyScriptPubKeyMan() : nullptr;
+#endif // ENABLE_WALLET
+    CScript::const_iterator pc = script.begin();
+    opcodetype opcode;
+    std::vector<unsigned char> data;
+    while (pc < script.end() && script.GetOp(pc, opcode, data)) {
+        // We are only interested in data pushes
+        if (data.empty()) {
+            continue;
+        }
+        // Check that the push data is a valid pubkey
+        CPubKey pk(data);
+        if (!pk.IsFullyValid()) {
+            continue;
+        }
+        // Treat any valid pubkey as a block-signing key
+        g_block_signing_keys.push_back(pk);
+#if ENABLE_WALLET
+        // And check to see if it is *our* block-signing key
+        if (spk_man && spk_man->HaveKey(pk.GetID())) {
+            g_our_block_signing_key = pk;
+        }
+#endif // ENABLE_WALLET
+    }
+
+    if (!g_our_block_signing_key.IsValid()) {
+        LogPrintf("Error: unable to determine block-signing key.\n");
+        return false;
+    }
+
+    std::sort(g_block_signing_keys.begin(),
+              g_block_signing_keys.end());
+
+    g_our_block_signing_key_index = 0;
+    for (const auto& key : g_block_signing_keys) {
+        if (key == g_our_block_signing_key) {
+            break;
+        }
+        ++g_our_block_signing_key_index;
+    }
+    if (g_our_block_signing_key_index >= g_block_signing_keys.size()) {
+        // log error
+        return false;
+    }
+
+    std::string pkstr(HexStr(CDataStream(SER_NETWORK, CLIENT_VERSION) << g_our_block_signing_key), 2);
+    LogPrint(BCLog::FEDERATION, "Identified block-signing key to be %s\n", pkstr);
+
+    int errors = 0;
+    const auto& opt_blocksignnodes = g_context->args->GetArgs("-blocksignnode");
+    for (const auto& opt_blocksignnode : opt_blocksignnodes) {
+        auto pos = opt_blocksignnode.find(':');
+        if (pos == std::string::npos) {
+            LogPrintf("Error: -blocksignnode configuration must be in the form '=<pubkey:ip[:port]>, not '=%s''\n", opt_blocksignnode);
+            ++errors;
+            continue;
+        }
+
+        CPubKey pk;
+        std::string substr(opt_blocksignnode, 0, pos);
+        if (IsHex(substr) && substr.size() == 2*33) {
+            auto data = ParseHex(substr);
+            pk.Set(data.begin(), data.end());
+            if (!pk.IsFullyValid()) {
+                LogPrintf("Error: invalid key provided to -blocksignnode: %s\n", substr);
+                ++errors;
+                continue;
+            }
+        } else {
+            LogPrintf("Error: \"%s\" is not a 33-byte hex-encoded public key\n", substr);
+            ++errors;
+            continue;
+        }
+
+        std::string netaddr(opt_blocksignnode, pos + 1);
+        if (netaddr.empty()) {
+            LogPrintf("Error: no network address is provided for -blocksignnode=%s\n", opt_blocksignnode);
+            ++errors;
+            continue;
+        }
+
+        std::vector<CService> endpoints;
+        int64_t time = GetTime();
+        if (!Lookup(netaddr.c_str(), endpoints, Params().GetDefaultPort(), fNameLookup && !HaveNameProxy(), 256)) {
+            LogPrintf("Error: unable to resolve network address for -blocksignnode=%s\n", opt_blocksignnode);
+            ++errors;
+            continue;
+        }
+
+        // We were able to resolve the network address into at least one ip:port
+        // service endpoint, so we now assume the address is well-formed.
+        LogPrint(BCLog::FEDERATION, "Mapping block signer %s to network address %s\n", pkstr, netaddr);
+        auto itr = g_block_signers.find(pk);
+        if (itr != g_block_signers.end()) {
+            itr->second.netaddrs.insert(netaddr);
+        } else {
+            g_block_signers[pk] = BlockSigner(pk, netaddr);
+            itr = g_block_signers.find(pk);
+        }
+        itr->second.m_endpoint_last_update_time = time;
+
+        // For each service endpoint, we let the connection manager know about
+        // the node, and add it to our own list of potential peers.
+        for (const auto& endpoint : endpoints) {
+            LogPrint(BCLog::FEDERATION, "Whitelisting resolved endpoint %s for block signer %s\n", endpoint.ToString(), pkstr);
+            g_whitelist.emplace(endpoint);
+        }
+
+        // Add the network address to the connection manager, so that a p2p
+        // connection is attempted.
+        g_context->connman->AddNode(netaddr);
+    }
+
+    return !errors;
+}
+
 /** Manages connections to other nodes in the block-signing federation, and
  ** performs this node's role in the block-signing protocol. */
 void ThreadBlockSigner(NodeContext& node)
@@ -71,6 +234,13 @@ void ThreadBlockSigner(NodeContext& node)
     // Make node context accessible everywhere from within this file.
     g_context = &node;
 
+    // Parse the various federation and block signing configuration
+    // options and initialize the global variable state accordingly.
+    if (!ReadFederationOpts()) {
+        LogPrintf("Error processing federation command-line options.  Block-signing services will be disabled.\n");
+        return;
+    }
+
     // Blocks are generated on the minute, every minute.  We round the current
     // time up to the next minute to get the initial block generation time.
     // (Note that the following code truncates back to the last minute interval
diff --git a/src/init.cpp b/src/init.cpp
index d6c34ee92d..f5793f2022 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -643,6 +643,7 @@ void SetupServerArgs(NodeContext& node)
     argsman.AddArg("-ct_exponent", strprintf("The hiding exponent. (default: %s)", 0), ArgsManager::ALLOW_ANY, OptionsCategory::CHAINPARAMS);
 
     argsman.AddArg("-blocksigner", strprintf("Enable built-in block-signing federated peer protocol. (default: %s)", DEFAULT_BLOCK_SIGNER_ENABLE ? "on" : "off"), ArgsManager::ALLOW_ANY, OptionsCategory::ELEMENTS);
+    argsman.AddArg("-blocksignnode=<pubkey>:<ip[:port]>", "Connection information for the block-signing federation peer associated with the specified pubkey.  May be specified as many times as necessary for different peers and/or alternative connection strings for a given peer.", ArgsManager::ALLOW_ANY | ArgsManager::NETWORK_ONLY, OptionsCategory::ELEMENTS);
 
     // Add the hidden options
     argsman.AddHiddenArgs(hidden_args);

From daf40f31b0ce577e83726dc58e61dd8d18bb58fa Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 2 Aug 2021 20:07:11 -0700
Subject: [PATCH 04/28] [BlockSigner] Use the wallet to generate blocks at
 fixed intervals.

---
 src/federation.cpp | 207 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 206 insertions(+), 1 deletion(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 4a2748dd14..ba82a25a83 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -4,19 +4,29 @@
 
 #include <federation.h>
 
+#include <block_proof.h>
 #include <chainparams.h>
+#include <consensus/validation.h>
 #include <logging.h>
+#include <miner.h>
 #include <netaddress.h>
 #include <netbase.h>
 #include <net.h>
 #include <node/context.h>
+#include <pow.h>
+#include <primitives/block.h>
 #include <pubkey.h>
+#include <script/script.h>
+#include <script/standard.h>
 #include <streams.h>
 #include <sync.h>
 #include <threadinterrupt.h>
 #include <util/strencodings.h>
 #include <util/system.h>
+#include <validation.h>
 #ifdef ENABLE_WALLET
+#include <script/generic.hpp>
+#include <script/sign.h>
 #include <wallet/wallet.h>
 #endif // ENABLE_WALLET
 
@@ -227,6 +237,173 @@ static bool ReadFederationOpts() {
     return !errors;
 }
 
+//! The current block proposal, which is announced by the leader at the
+//! beginning of their round.
+static CBlock g_block_proposal;
+//! A collection of valid signatures for the proposed block of the current round.
+static std::map<CPubKey, std::vector<unsigned char>> g_block_sigs;
+
+static bool GenerateBlockProposal()
+{
+    const CChainParams& params = Params();
+    const Consensus::Params& consensusParams = params.GetConsensus();
+
+    // FIXME: Is this mandatory coinbase destination really necessary?  I recall
+    //        that this is from the Liquid codebase to ensure that Blockstream
+    //        collected fees on Liquid rather than the functionaries.  Is this
+    //        something we want to carry over to our chain?  If so, there are
+    //        probably better ways to accomplish fee capture.
+    CScript fee_destination_script = consensusParams.mandatory_coinbase_destination;
+    // If no forced fee destination script is specified in the chain parameters,
+    // then it is not consensus-controlled.  For testing purposes, we make it
+    // anyone-can-spend.  Let's change this later when we decide what to do
+    // about collecting fees.
+    if (fee_destination_script == CScript()) {
+        fee_destination_script = CScript() << OP_TRUE;
+    }
+
+    // The required_wait parameter is useful for preventing DoS of the
+    // federation itself.  By only using transactions which have been in the
+    // mempool for X seconds, we ensure that there is probably sufficient time
+    // for those transactions to have reached the other federation nodes before
+    // the start of the round.
+    std::chrono::seconds required_wait{5}; // FIXME: fetch this from config?
+
+    std::unique_ptr<CBlockTemplate> pblocktemplate(BlockAssembler(*g_context->mempool, params).CreateNewBlock(fee_destination_script, required_wait));
+    if (!pblocktemplate.get()) {
+        LogPrint(BCLog::FEDERATION, "Error generating block template proposal.\n");
+        return false;
+    }
+
+    CBlock &block = pblocktemplate->block;
+    {
+        // IncrementExtraNonce sets coinbase flags and builds the merkle tree
+        LOCK(cs_main);
+        unsigned int extra_nonce = 0;
+        IncrementExtraNonce(&block, g_context->chainman->ActiveTip(), extra_nonce);
+    }
+
+    LOCK(cs_block_signer);
+
+    using std::swap;
+    swap(g_block_proposal, block);
+    return true;
+}
+
+// Verifies that the proposed block is building off the tip and is a valid
+// block, then signs a relayable confirmation that we will sign this block and
+// accept it if the signing threshold is reached.
+static bool AcceptBlockProposal()
+{
+    const CChainParams& params = Params();
+
+    LOCK(cs_block_signer);
+    const CBlock& block = g_block_proposal;
+
+    LOCK(cs_main);
+
+    // Verify that this isn't a replay of a prior block.
+    BlockMap::iterator mi = g_context->chainman->BlockIndex().find(block.GetHash());
+    if (mi != g_context->chainman->BlockIndex().end()) {
+        LogPrint(BCLog::FEDERATION, "Already have proposed block: %s\n", block.GetHash().GetHex());
+        return false;
+    }
+
+    // TestBlockValidity only supports blocks built on the current Tip
+    CBlockIndex* const pindexPrev = g_context->chainman->ActiveTip();
+    if (block.hashPrevBlock != pindexPrev->GetBlockHash()) {
+        LogPrint(BCLog::FEDERATION, "Block proposal was not based on our best chain. (%s != %s)\n", block.hashPrevBlock.GetHex(), g_context->chainman->ActiveTip()->GetBlockHash().GetHex());
+        return false;
+    }
+
+    // Attempt validation of the block proposal, to make sure it would be
+    // accepted once it is signed.
+    BlockValidationState state;
+    bool res = TestBlockValidity(state, params, block, pindexPrev, false, true);
+    if (!res || !state.IsValid()) {
+        LogPrint(BCLog::FEDERATION, "Block proposal %s failed validation: %s (%d)\n", block.GetHash().GetHex(), state.GetRejectReason(), (int)state.GetResult());
+        return false;
+    }
+
+    return true;
+}
+
+static bool SignBlock()
+{
+    LOCK(cs_block_signer);
+    if (g_block_sigs.count(g_our_block_signing_key)) {
+        // Already signed.
+        return true;
+    }
+
+    // Generate the block signature
+    std::vector<unsigned char> sig;
+#ifdef ENABLE_WALLET
+    const CBlock& block = g_block_proposal;
+    SignatureData block_sigs;
+    std::shared_ptr<CWallet> pwallet = GetWalletForBlockSigning();
+    LegacyScriptPubKeyMan* spk_man = pwallet ? pwallet->GetOrCreateLegacyScriptPubKeyMan() : nullptr;
+    if (g_signed_blocks && spk_man) {
+        // Sign the block.
+        if (block.m_dynafed_params.IsNull()) {
+            GenericSignScript(*spk_man, block.GetBlockHeader(), block.proof.challenge, block_sigs, SCRIPT_NO_SIGHASH_BYTE /* additional_flags */);
+        } else {
+            GenericSignScript(*spk_man, block.GetBlockHeader(), block.m_dynafed_params.m_current.m_signblockscript, block_sigs, SCRIPT_VERIFY_NONE /* additional_flags */);
+        }
+        // Extract the signature
+        if (block_sigs.signatures.count(g_our_block_signing_key.GetID())) {
+            sig = block_sigs.signatures[g_our_block_signing_key.GetID()].second;
+        }
+    }
+#endif // ENABLE_WALLET
+    if (sig.empty()) {
+        LogPrint(BCLog::FEDERATION, "Block signature not generated.  Not sure what to do.\n");
+        return false;
+    }
+
+    g_block_sigs[g_our_block_signing_key] = sig;
+    return true;
+}
+
+static bool SubmitBlock()
+{
+    LOCK(cs_block_signer);
+    CBlock& block = g_block_proposal;
+
+    SignatureData block_sigs;
+    for (const auto& item : g_block_sigs) {
+        const CPubKey& pk = item.first;
+        const std::vector<unsigned char> sig = item.second;
+        block_sigs.signatures[pk.GetID()] = std::make_pair(pk, sig);
+    }
+
+    // Finalizes the signatures, has no access to keys
+    FillableSigningProvider keystore;
+    if (block.m_dynafed_params.IsNull()) {
+        SimpleSignatureCreator signature_creator(block.GetHash(), 0);
+        ProduceSignature(keystore, signature_creator, block.proof.challenge, block_sigs, SCRIPT_NO_SIGHASH_BYTE);
+        block.proof.solution = block_sigs.scriptSig;
+    } else {
+        SimpleSignatureCreator signature_creator(block.GetHash(), SIGHASH_ALL);
+        ProduceSignature(keystore, signature_creator, block.m_dynafed_params.m_current.m_signblockscript, block_sigs, SCRIPT_VERIFY_NONE);
+        block.m_signblock_witness = block_sigs.scriptWitness;
+    }
+
+    if (!CheckProof(block, Params().GetConsensus())) {
+        LogPrint(BCLog::FEDERATION, "Signatures incomplete; not submitting block.\n");
+        return false;
+    }
+
+    std::shared_ptr<const CBlock> shared_pblock = std::make_shared<const CBlock>(block);
+    if (!g_context->chainman->ProcessNewBlock(Params(), shared_pblock, true, nullptr)) {
+        LogPrint(BCLog::FEDERATION, "ProccessNewBlock failed for signe block.\n");
+        return false;
+    }
+
+    LogPrint(BCLog::FEDERATION, "Generated new block: %s\n", block.GetHash().GetHex());
+    return true;
+}
+
 /** Manages connections to other nodes in the block-signing federation, and
  ** performs this node's role in the block-signing protocol. */
 void ThreadBlockSigner(NodeContext& node)
@@ -258,7 +435,35 @@ void ThreadBlockSigner(NodeContext& node)
             break;
         }
 
-        LogPrint(BCLog::FEDERATION, "A real block signer would generate a block here.\n");
+        {
+            LOCK(cs_block_signer);
+            using std::swap;
+            CBlock empty;
+            swap(g_block_proposal, empty);
+            g_block_sigs.clear();
+        }
+
+        if (!GenerateBlockProposal()) {
+            LogPrint(BCLog::FEDERATION, "%s: Unable to generate block proposal.  Terminating round early.\n", __func__);
+            continue;
+        }
+
+        if (!AcceptBlockProposal()) {
+            LogPrint(BCLog::FEDERATION, "%s: Unable to validate our block proposal.  Terminating round early.\n", __func__);
+            continue;
+        }
+
+        if (!SignBlock()) {
+            LogPrint(BCLog::FEDERATION, "%s: Unable to sign block.  Terminating round early.\n", __func__);
+            continue;
+        }
+
+        if (!SubmitBlock()) {
+            LogPrint(BCLog::FEDERATION, "%s: Unable to submit block.  Terminating round early.\n", __func__);
+            continue;
+        }
+
+        LogPrint(BCLog::FEDERATION, "Generated new block: %s\n", g_block_proposal.GetHash().GetHex());
     }
 }
 

From bf079d15a6b1581191235f23bc2b53e1131c4034 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 9 Aug 2021 17:47:41 -0700
Subject: [PATCH 05/28] [BlockSigner] Add 'blocksign' p2p message, and
 handshake protocol.

---
 src/federation.cpp     | 114 +++++++++++++++++++++++++++++++++++++++++
 src/federation.h       |  10 ++++
 src/net_processing.cpp |   6 +++
 src/protocol.cpp       |   1 +
 src/protocol.h         |   3 ++
 5 files changed, 134 insertions(+)

diff --git a/src/federation.cpp b/src/federation.cpp
index ba82a25a83..26936184de 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -11,6 +11,7 @@
 #include <miner.h>
 #include <netaddress.h>
 #include <netbase.h>
+#include <netmessagemaker.h>
 #include <net.h>
 #include <node/context.h>
 #include <pow.h>
@@ -237,12 +238,57 @@ static bool ReadFederationOpts() {
     return !errors;
 }
 
+//! A record of which nodes have identified themselves as block-signing peers,
+//! and their associated public keys.
+static std::map<NodeId, CPubKey> g_fednode_conn;
+
 //! The current block proposal, which is announced by the leader at the
 //! beginning of their round.
 static CBlock g_block_proposal;
 //! A collection of valid signatures for the proposed block of the current round.
 static std::map<CPubKey, std::vector<unsigned char>> g_block_sigs;
 
+// Our peer-to-peer messages all transmitted as NetMsgType::BLOCKSIGN messages
+// on the wire.  We differentiate the type of message for our own purposes with
+// a sub-message command, a single byte value at the beginning of the message
+// payload.
+namespace BlockSignMsgType {
+const unsigned char VER      = 0;
+const unsigned char VERACK   = 1;
+} // namespace BlockSignMsgType
+
+// Checks if the specified peer is in the whitelist, and if so sends it a VER
+// message.
+static void HandshakePeer(CNode* pnode) {
+    LOCK(cs_block_signer);
+
+    if (g_fednode_conn.count(pnode->GetId())) {
+        // Already handshaked
+        return;
+    }
+
+    bool match = false;
+    for (const auto& subnet : g_whitelist) {
+        if (subnet.Match(pnode->addr)) {
+            match = true;
+            break;
+        }
+    }
+
+    if (match) {
+        g_context->connman->PushMessage(pnode, CNetMsgMaker(pnode->GetCommonVersion()).Make(
+            NetMsgType::BLOCKSIGN,
+            BlockSignMsgType::VER,
+            g_our_block_signing_key));
+    }
+}
+
+// Checks if the connection manager has connected to any new nodes since we were
+// last called, and attempts a handshake if these nodes are in the whitelist.
+static void HandshakeNewConnections() {
+    g_context->connman->ForEachNode(HandshakePeer);
+}
+
 static bool GenerateBlockProposal()
 {
     const CChainParams& params = Params();
@@ -411,6 +457,11 @@ void ThreadBlockSigner(NodeContext& node)
     // Make node context accessible everywhere from within this file.
     g_context = &node;
 
+    if (!g_context->connman) {
+        LogPrint(BCLog::FEDERATION, "Error: peer-to-peer functionality missing or disabled.  Unable to start block signer.\n");
+        return;
+    }
+
     // Parse the various federation and block signing configuration
     // options and initialize the global variable state accordingly.
     if (!ReadFederationOpts()) {
@@ -428,6 +479,8 @@ void ThreadBlockSigner(NodeContext& node)
             std::chrono::steady_clock::now().time_since_epoch()));
 
     while (true) {
+        HandshakeNewConnections();
+
         // Sleep this thread until the start of the next block interval.
         nextblocktime += std::chrono::minutes{1};
         if (!g_thread_interrupt.sleep_until(nextblocktime)) {
@@ -467,4 +520,65 @@ void ThreadBlockSigner(NodeContext& node)
     }
 }
 
+void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microseconds time_received, const std::atomic<bool>& interrupt_msg_proc)
+{
+    unsigned char code;
+    msg >> code;
+
+    switch (code) {
+        case BlockSignMsgType::VER:
+        case BlockSignMsgType::VERACK:
+        {
+            LOCK(cs_block_signer);
+
+            CPubKey other;
+            msg >> other;
+            if (!other.IsFullyValid()) {
+                LogPrint(BCLog::FEDERATION, "Received blocksign::VER%s message with invalid/malformed public key.  Ignoring.\n", (code == BlockSignMsgType::VERACK) ? "ACK" : "");
+                break;
+            }
+            if (std::find(g_block_signing_keys.begin(), g_block_signing_keys.end(), other) == g_block_signing_keys.end()) {
+                std::string pkstr(HexStr(CDataStream(SER_NETWORK, CLIENT_VERSION) << other), 2);
+                LogPrint(BCLog::FEDERATION, "Received blocksign::VER%s message with unrecognized public key %s.  Ignoring.\n", (code == BlockSignMsgType::VERACK) ? "ACK" : "", pkstr);
+                break;
+            }
+            if (!g_block_signers.count(other)) {
+                std::string pkstr(HexStr(CDataStream(SER_NETWORK, CLIENT_VERSION) << other), 2);
+                LogPrint(BCLog::FEDERATION, "Received blocksign::VER%s message with known public key, but cannot find record for peer: %s.  Ignoring.  Are you missing a a '-blocksignnode=%s:<ip:port>' configuration parameter?\n", (code == BlockSignMsgType::VERACK) ? "ACK" : "", pkstr, pkstr);
+                break;
+            }
+
+            g_fednode_conn[from.GetId()] = other;
+            g_block_signers[other].m_nodes.insert(from.GetId());
+
+            if (code == BlockSignMsgType::VERACK) {
+                break;
+            }
+
+            // FIXME: Don't duplicate HandshakePeer
+            bool match = false;
+            for (const auto& subnet : g_whitelist) {
+                if (subnet.Match(from.addr)) {
+                    match = true;
+                    break;
+                }
+            }
+
+            if (!match) {
+                break;
+            }
+
+            g_context->connman->PushMessage(&from, CNetMsgMaker(from.GetCommonVersion()).Make(
+                NetMsgType::BLOCKSIGN,
+                BlockSignMsgType::VERACK,
+                g_our_block_signing_key));
+        }
+        break;
+
+        default:
+            LogPrint(BCLog::FEDERATION, "Received an unrecognized blocksign message (code=%d) from peer=%d.  Ignoring.\n", code, from.GetId());
+        break;
+    }
+}
+
 // End of File
diff --git a/src/federation.h b/src/federation.h
index b5d096ed8e..bbe4d69917 100644
--- a/src/federation.h
+++ b/src/federation.h
@@ -5,7 +5,13 @@
 #ifndef BITCOIN_FEDERATION_H
 #define BITCOIN_FEDERATION_H
 
+#include <net.h>
 #include <node/context.h>
+#include <streams.h>
+
+#include <atomic>
+#include <chrono>
+#include <cstdint>
 
 /** Run an instance of the block-signing protocol manager. */
 void ThreadBlockSigner(NodeContext &node);
@@ -15,6 +21,10 @@ void ThreadBlockSigner(NodeContext &node);
 // routine.  This should be investigated and removed if possible.
 void InterruptBlockSignerThread();
 
+/** Called by the code in net_processing.cpp, handles a BLOCKSIGN message from a
+ ** federation peer. */
+void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microseconds time_received, const std::atomic<bool>& interrupt_msg_proc);
+
 #endif // BITCOIN_FEDERATION_H
 
 // End of File
diff --git a/src/net_processing.cpp b/src/net_processing.cpp
index c649cf7757..8a1872df90 100644
--- a/src/net_processing.cpp
+++ b/src/net_processing.cpp
@@ -11,6 +11,7 @@
 #include <blockfilter.h>
 #include <chainparams.h>
 #include <consensus/validation.h>
+#include <federation.h>
 #include <hash.h>
 #include <index/blockfilterindex.h>
 #include <merkleblock.h>
@@ -3750,6 +3751,11 @@ void PeerManager::ProcessMessage(CNode& pfrom, const std::string& msg_type, CDat
         return;
     }
 
+    if (msg_type == NetMsgType::BLOCKSIGN) {
+        HandleBlockSignMessage(pfrom, vRecv, time_received, interruptMsgProc);
+        return;
+    }
+
     // Ignore unknown commands for extensibility
     LogPrint(BCLog::NET, "Unknown command \"%s\" from peer=%d\n", SanitizeString(msg_type), pfrom.GetId());
     return;
diff --git a/src/protocol.cpp b/src/protocol.cpp
index 7ffad1b4dc..42bebfa157 100644
--- a/src/protocol.cpp
+++ b/src/protocol.cpp
@@ -38,6 +38,7 @@ const char *SENDCMPCT="sendcmpct";
 const char *CMPCTBLOCK="cmpctblock";
 const char *GETBLOCKTXN="getblocktxn";
 const char *BLOCKTXN="blocktxn";
+const char *BLOCKSIGN="blocksign";
 const char *GETCFILTERS="getcfilters";
 const char *CFILTER="cfilter";
 const char *GETCFHEADERS="getcfheaders";
diff --git a/src/protocol.h b/src/protocol.h
index 7d4304eaf7..7e8740805d 100644
--- a/src/protocol.h
+++ b/src/protocol.h
@@ -218,6 +218,9 @@ extern const char* GETBLOCKTXN;
  * @since protocol version 70014 as described by BIP 152
  */
 extern const char* BLOCKTXN;
+/**
+ */
+extern const char *BLOCKSIGN;
 /**
  * getcfilters requests compact filters for a range of blocks.
  * Only available with service bit NODE_COMPACT_FILTERS as described by

From 0107ee15747c01ea1de5c69498c42ee752a5bdb9 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 9 Aug 2021 18:21:59 -0700
Subject: [PATCH 06/28] [BlockSigner] Add peer-to-peer protocol for sharing
 block proposals, acks, and signatures.

---
 src/federation.cpp | 279 +++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 269 insertions(+), 10 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 26936184de..76af5c19e8 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -33,6 +33,7 @@
 
 #include <algorithm>
 #include <chrono>
+#include <functional>
 #include <memory>
 #include <map>
 #include <set>
@@ -242,9 +243,15 @@ static bool ReadFederationOpts() {
 //! and their associated public keys.
 static std::map<NodeId, CPubKey> g_fednode_conn;
 
+//! The current round, calculated from the beginning of (UNIX) time.  The actual
+//! number doesn't matter, so long as all peers agree on what it is.
+static int64_t g_roundno = 0;
+
 //! The current block proposal, which is announced by the leader at the
 //! beginning of their round.
 static CBlock g_block_proposal;
+//! A collection of ACK signatures for the block proposal of the current round.
+static std::map<CPubKey, std::vector<unsigned char>> g_block_acks;
 //! A collection of valid signatures for the proposed block of the current round.
 static std::map<CPubKey, std::vector<unsigned char>> g_block_sigs;
 
@@ -255,6 +262,9 @@ static std::map<CPubKey, std::vector<unsigned char>> g_block_sigs;
 namespace BlockSignMsgType {
 const unsigned char VER      = 0;
 const unsigned char VERACK   = 1;
+const unsigned char PROPOSAL = 2;
+const unsigned char ACK      = 3;
+const unsigned char SIG      = 4;
 } // namespace BlockSignMsgType
 
 // Checks if the specified peer is in the whitelist, and if so sends it a VER
@@ -336,6 +346,20 @@ static bool GenerateBlockProposal()
     return true;
 }
 
+struct AckBlockMsg
+{
+    uint256 m_block_hash;
+
+    AckBlockMsg(const uint256& hash) : m_block_hash(hash) { }
+    AckBlockMsg(const CBlock& block) : m_block_hash(block.GetHash()) { }
+
+    SERIALIZE_METHODS(AckBlockMsg, obj)
+    {
+        READWRITE(obj.m_block_hash);
+        READWRITE(BlockSignMsgType::ACK);
+    }
+};
+
 // Verifies that the proposed block is building off the tip and is a valid
 // block, then signs a relayable confirmation that we will sign this block and
 // accept it if the signing threshold is reached.
@@ -371,9 +395,100 @@ static bool AcceptBlockProposal()
         return false;
     }
 
+    // Produce the ack signature
+    std::vector<unsigned char> sig;
+#ifdef ENABLE_WALLET
+    CKey key;
+    std::shared_ptr<CWallet> pwallet = GetWalletForBlockSigning();
+    LegacyScriptPubKeyMan* spk_man = pwallet->GetLegacyScriptPubKeyMan();
+    if (spk_man && spk_man->GetKey(g_our_block_signing_key.GetID(), key)) {
+        CHashWriter ss(SER_GETHASH, 0);
+        ss << AckBlockMsg(block);
+        key.SignCompact(ss.GetHash(), sig);
+    }
+#endif // ENABLE_WALLET
+    if (sig.empty()) {
+        LogPrint(BCLog::FEDERATION, "Error: unable to produce block ACK signature.\n");
+        return false;
+    }
+
+    // Record our ack signature
+    g_block_acks[g_our_block_signing_key] = sig;
+    return true;
+}
+
+static void SendToEachPeer(std::function<bool(CNode* pnode)> func)
+{
+    LOCK(cs_block_signer);
+
+    for (auto& item : g_block_signers) {
+        BlockSigner& other = item.second;
+        // Attempt to send the message through each connection.  Log the
+        // connections for which sending fails.
+        std::vector<NodeId> nodes_to_remove;
+        for (const auto& nodeid : other.m_nodes) {
+            if (!g_context->connman->ForNode(nodeid, func)) {
+                nodes_to_remove.push_back(nodeid);
+            }
+        }
+        // Remove any connection in which the message couldn't be sent.
+        for (const auto& nodeid : nodes_to_remove) {
+            other.m_nodes.erase(nodeid);
+            g_fednode_conn.erase(nodeid);
+        }
+    }
+}
+
+static bool SendBlockProposalToPeer(CNode* pnode)
+{
+    // All paths return true because returning false is used to indicate that
+    // the connection has been dropped.
+
+    LOCK(cs_block_signer);
+
+    if (!g_block_acks.count(g_our_block_signing_key)) {
+        LogPrintf("Error: %s called for a block that we haven't ACK'd.  Did the round end while we were generating the block?  Otherwise this should never happen.\n", __func__);
+        return true;
+    }
+
+    g_context->connman->PushMessage(pnode, CNetMsgMaker(pnode->GetCommonVersion()).Make(
+        NetMsgType::BLOCKSIGN,
+        BlockSignMsgType::PROPOSAL,
+        g_our_block_signing_key,
+        g_block_proposal,
+        g_block_acks[g_our_block_signing_key]));
+    return true;
+}
+
+static void SendBlockProposal()
+{
+    SendToEachPeer(SendBlockProposalToPeer);
+}
+
+static bool SendAckToPeer(CNode* pnode)
+{
+    // All paths return true because returning false is used to indicate that
+    // the connection has been dropped.
+
+    LOCK(cs_block_signer);
+
+    if (g_block_acks.count(g_our_block_signing_key)) {
+        g_context->connman->PushMessage(pnode, CNetMsgMaker(pnode->GetCommonVersion()).Make(
+            NetMsgType::BLOCKSIGN,
+            BlockSignMsgType::ACK,
+            g_our_block_signing_key,
+            g_block_proposal.GetHash(),
+            g_block_acks[g_our_block_signing_key]));
+    }
+
     return true;
 }
 
+static void SendAck()
+{
+    SendToEachPeer(SendAckToPeer);
+}
+
 static bool SignBlock()
 {
     LOCK(cs_block_signer);
@@ -382,6 +497,13 @@ static bool SignBlock()
         return true;
     }
 
+    // Check that we have ACK'd this block.  This serves as a cached check that
+    // the block proposal validates.
+    if (!g_block_acks.count(g_our_block_signing_key)) {
+        LogPrint(BCLog::FEDERATION, "%s called for a block proposal that we haven't ACK'd (yet).  This should never happen!\n", __func__);
+        return false;
+    }
+
     // Generate the block signature
     std::vector<unsigned char> sig;
 #ifdef ENABLE_WALLET
@@ -411,6 +533,32 @@ static bool SignBlock()
     return true;
 }
 
+static bool SendBlockSigToPeer(CNode* pnode)
+{
+    // All paths return true because returning false is used to indicate that
+    // the connection has been dropped.
+
+    LOCK(cs_block_signer);
+
+    if (!g_block_sigs.count(g_our_block_signing_key)) {
+        LogPrint(BCLog::FEDERATION, "%s called before we signed the current block proposal.  Did the current round end while we were sending our signature?  Otherwise this should never happen.\n", __func__);
+        return true;
+    }
+
+    g_context->connman->PushMessage(pnode, CNetMsgMaker(pnode->GetCommonVersion()).Make(
+        NetMsgType::BLOCKSIGN,
+        BlockSignMsgType::SIG,
+        g_our_block_signing_key,
+        g_block_proposal.GetHash(),
+        g_block_sigs[g_our_block_signing_key]));
+    return true;
+}
+
+static void SendBlockSig()
+{
+    SendToEachPeer(SendBlockSigToPeer);
+}
+
 static bool SubmitBlock()
 {
     LOCK(cs_block_signer);
@@ -493,30 +641,39 @@ void ThreadBlockSigner(NodeContext& node)
             using std::swap;
             CBlock empty;
             swap(g_block_proposal, empty);
+            g_block_acks.clear();
             g_block_sigs.clear();
         }
 
-        if (!GenerateBlockProposal()) {
-            LogPrint(BCLog::FEDERATION, "%s: Unable to generate block proposal.  Terminating round early.\n", __func__);
+        int64_t sec_since_epoch = nextblocktime.time_since_epoch().count();
+        g_roundno = sec_since_epoch / 5;
+        int turn = g_roundno % g_block_signing_keys.size();
+        if (turn != g_our_block_signing_key_index) {
+            // Not our round
+            LogPrint(BCLog::FEDERATION, "Not our round; skipping\n");
             continue;
         }
 
-        if (!AcceptBlockProposal()) {
-            LogPrint(BCLog::FEDERATION, "%s: Unable to validate our block proposal.  Terminating round early.\n", __func__);
-            continue;
+        // Delay 1 second to make sure our peers have transitioned to the
+        // new round before sending our block proposal.
+        std::chrono::steady_clock::time_point delay =
+            nextblocktime + std::chrono::seconds{1};
+        if (!g_thread_interrupt.sleep_until(delay)) {
+            // Thread interrupted.  Shutdown in progress?
+            break;
         }
 
-        if (!SignBlock()) {
-            LogPrint(BCLog::FEDERATION, "%s: Unable to sign block.  Terminating round early.\n", __func__);
+        if (!GenerateBlockProposal()) {
+            LogPrint(BCLog::FEDERATION, "%s: Unable to generate block proposal.  Terminating round early.\n", __func__);
             continue;
         }
 
-        if (!SubmitBlock()) {
-            LogPrint(BCLog::FEDERATION, "%s: Unable to submit block.  Terminating round early.\n", __func__);
+        if (!AcceptBlockProposal()) {
+            LogPrint(BCLog::FEDERATION, "%s: Unable to validate our block proposal.  Terminating round early.\n", __func__);
             continue;
         }
 
-        LogPrint(BCLog::FEDERATION, "Generated new block: %s\n", g_block_proposal.GetHash().GetHex());
+        SendBlockProposal();
     }
 }
 
@@ -575,6 +732,108 @@ void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microsec
         }
         break;
 
+        case BlockSignMsgType::PROPOSAL:
+        {
+            LOCK(cs_block_signer);
+
+            CPubKey other;
+            msg >> other;
+            if (other != g_block_signing_keys[g_roundno % g_block_signing_keys.size()]) {
+                std::string pkstr(HexStr(CDataStream(SER_NETWORK, CLIENT_VERSION) << other), 2);
+                LogPrint(BCLog::FEDERATION, "Received out-of-turn block proposal from peer %s.  Ignoring.\n", pkstr);
+                break;
+            }
+
+            msg >> g_block_proposal;
+
+            // FIXME: read the ACK signature, validate it, and store it
+        }
+        AcceptBlockProposal();
+        SendAck();
+        break;
+
+        case BlockSignMsgType::ACK:
+        {
+            LOCK(cs_block_signer);
+
+            CPubKey other;
+            msg >> other;
+            if (std::find(g_block_signing_keys.begin(), g_block_signing_keys.end(), other) == g_block_signing_keys.end()) {
+                LogPrint(BCLog::FEDERATION, "Error: received BlockSignMsgType::ACK message with unknown pubkey.\n");
+                break;
+            }
+
+            uint256 block_hash;
+            msg >> block_hash;
+            if (block_hash != g_block_proposal.GetHash()) {
+                LogPrint(BCLog::FEDERATION, "Error: received BlockSignMsgType::ACK message for block which does not match current proposal. (%s != %s)\n", block_hash.GetHex(), g_block_proposal.GetHash().GetHex());
+                break;
+            }
+            CHashWriter ss(SER_GETHASH, 0);
+            ss << AckBlockMsg(block_hash);
+
+            std::vector<unsigned char> sig;
+            msg >> sig;
+
+            CPubKey pk;
+            if (!pk.RecoverCompact(ss.GetHash(), sig)) {
+                LogPrint(BCLog::FEDERATION, "Error: unable to recover pubkey; is this really a ECDSA signature?\n");
+                break;
+            }
+            if (pk != other) {
+                LogPrint(BCLog::FEDERATION, "Error: recovered pubkey does not match expected signing key.\n");
+                break;
+            }
+
+            g_block_acks[pk] = sig;
+
+            auto missing_acks = g_block_signing_keys.size() - g_block_acks.size();
+            if (missing_acks > (g_block_signing_keys.size() / 3)) {
+                LogPrint(BCLog::FEDERATION, "Not enough keys to advance to signing round. (%d > %d)\n", missing_acks, g_block_signing_keys.size() / 3);
+                break;
+            }
+#if 0
+            if (g_block_sigs.count(g_our_block_signing_key)) {
+                LogPrint(BCLog::FEDERATION, "Already sent our block sig; won't send again.\n");
+                break;
+            }
+#endif
+        }
+        if (!SignBlock()) {
+            LogPrintf("Error: failed to create block signature.\n");
+            break;
+        }
+        SendBlockSig();
+        break;
+
+        case BlockSignMsgType::SIG:
+        {
+            LOCK(cs_block_signer);
+
+            CPubKey other;
+            msg >> other;
+            if (std::find(g_block_signing_keys.begin(), g_block_signing_keys.end(), other) == g_block_signing_keys.end()) {
+                LogPrint(BCLog::FEDERATION, "Error: received BlockSignMsgType::SIG message with unknown pubkey.\n");
+                break;
+            }
+
+            uint256 block_hash;
+            msg >> block_hash;
+            if (block_hash != g_block_proposal.GetHash()) {
+                LogPrint(BCLog::FEDERATION, "Error: received BlockSignMsgType::SIG message for block which does not match current proposal. (%s != %s)\n", block_hash.GetHex(), g_block_proposal.GetHash().GetHex());
+                break;
+            }
+
+            std::vector<unsigned char> sig;
+            msg >> sig;
+
+            // FIXME: check if signature is valid!
+
+            g_block_sigs[other] = sig;
+        }
+        SubmitBlock();
+        break;
+
         default:
             LogPrint(BCLog::FEDERATION, "Received an unrecognized blocksign message (code=%d) from peer=%d.  Ignoring.\n", code, from.GetId());
         break;

From 826ca7ff7fd8672e1c92d9b369c04dab6254a67b Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Wed, 11 Aug 2021 13:21:40 -0700
Subject: [PATCH 07/28] [BlockSigner] Add script demonstrating how to use the
 federated block-signer.

---
 contrib/federation/blocksign.sh | 96 +++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100755 contrib/federation/blocksign.sh

diff --git a/contrib/federation/blocksign.sh b/contrib/federation/blocksign.sh
new file mode 100755
index 0000000000..7aa2b1cbc6
--- /dev/null
+++ b/contrib/federation/blocksign.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+BIN=$(dirname $0)/../../src/elements
+
+ADDR0=2dg8TR1BtYs1BJPLdjSpWnhDgadEDXxKRM7
+PK0=02febf482b566f37b7b8a624e3bcb708ff745daa37389bcc381ea207efaa84d85c
+SK0=cPpQ1dgHCiaPKmpCeuRBECfwaa5cJCj39n6j8vLmZ8ZgLJ6NQ4ce
+
+ADDR1=2dmHcVLR9xCbCnkVGAAaJyps5Ak7hPkNEWu
+PK1=039a70503f82b475f0388a0a187b4bef35f54d4e63e6ea235790f03ac070750b93
+SK1=cStpof1xJ6yvGhxMmxKrJPfV8D8V8VGgftJPffyZk8eaJmFWZMFR
+
+ADDR2=2dZwNCpB4xHqhexTavHdFXHjRRCLALpkYmm
+PK2=022ceed2aa5b56abf6765135daf8970bd0be44e890d0b493eb6efb824be6c29197
+SK2=cVNMk5uTaAFVRKQvEwSxd6hnuQdDoXJ5qpGsvVchmESuy6s9MPcd
+
+# 2-of-3 multisig
+SCRIPT=5221${PK0}21${PK1}21${PK2}53ae
+
+TMP=/tmp/blocksign.$$
+PORT0=38401
+PORT1=38402
+PORT2=38403
+RPCPORT0=38501
+RPCPORT1=38502
+RPCPORT2=38503
+
+echo Setting up nodes...
+mkdir -p ${TMP}/node0
+echo "validatepegin=0"                   > ${TMP}/node0/elements.conf
+echo "con_signed_blocks=1"              >> ${TMP}/node0/elements.conf
+echo "signblockscript=${SCRIPT}"        >> ${TMP}/node0/elements.conf
+echo "con_max_block_sig_size=150"       >> ${TMP}/node0/elements.conf
+echo "con_dyna_deploy_start=9999999999" >> ${TMP}/node0/elements.conf
+echo "blocksigner=1"                    >> ${TMP}/node0/elements.conf
+echo "debug=federation"                 >> ${TMP}/node0/elements.conf
+echo "debug=net"                        >> ${TMP}/node0/elements.conf
+mkdir -p ${TMP}/node1
+cp ${TMP}/node0/elements.conf \
+   ${TMP}/node1/elements.conf
+mkdir -p ${TMP}/node2
+cp ${TMP}/node0/elements.conf \
+   ${TMP}/node2/elements.conf
+echo "elementsregtest.port=${PORT0}"       >> ${TMP}/node0/elements.conf
+echo "elementsregtest.port=${PORT1}"       >> ${TMP}/node1/elements.conf
+echo "elementsregtest.port=${PORT2}"       >> ${TMP}/node2/elements.conf
+echo "elementsregtest.rpcport=${RPCPORT0}" >> ${TMP}/node0/elements.conf
+echo "elementsregtest.rpcport=${RPCPORT1}" >> ${TMP}/node1/elements.conf
+echo "elementsregtest.rpcport=${RPCPORT2}" >> ${TMP}/node2/elements.conf
+
+${BIN}d -datadir=${TMP}/node0 -chain=elementsregtest -daemon
+${BIN}d -datadir=${TMP}/node1 -chain=elementsregtest -daemon
+${BIN}d -datadir=${TMP}/node2 -chain=elementsregtest -daemon
+sleep 1
+
+echo Importing block-signing keys...
+${BIN}-cli -datadir=${TMP}/node0 -chain=elementsregtest createwallet "" >/dev/null
+${BIN}-cli -datadir=${TMP}/node0 -chain=elementsregtest importprivkey ${SK0}
+${BIN}-cli -datadir=${TMP}/node0 -chain=elementsregtest stop
+
+${BIN}-cli -datadir=${TMP}/node1 -chain=elementsregtest createwallet "" >/dev/null
+${BIN}-cli -datadir=${TMP}/node1 -chain=elementsregtest importprivkey ${SK1}
+${BIN}-cli -datadir=${TMP}/node1 -chain=elementsregtest stop
+
+${BIN}-cli -datadir=${TMP}/node2 -chain=elementsregtest createwallet "" >/dev/null
+${BIN}-cli -datadir=${TMP}/node2 -chain=elementsregtest importprivkey ${SK2}
+${BIN}-cli -datadir=${TMP}/node2 -chain=elementsregtest stop
+sleep 1
+
+echo Connecting nodes...
+echo "elementsregtest.blocksignnode=${PK1}:localhost:${PORT1}" >> ${TMP}/node0/elements.conf
+echo "elementsregtest.blocksignnode=${PK2}:localhost:${PORT2}" >> ${TMP}/node0/elements.conf
+echo "elementsregtest.blocksignnode=${PK0}:localhost:${PORT0}" >> ${TMP}/node1/elements.conf
+echo "elementsregtest.blocksignnode=${PK2}:localhost:${PORT2}" >> ${TMP}/node1/elements.conf
+echo "elementsregtest.blocksignnode=${PK0}:localhost:${PORT0}" >> ${TMP}/node2/elements.conf
+echo "elementsregtest.blocksignnode=${PK1}:localhost:${PORT1}" >> ${TMP}/node2/elements.conf
+
+echo "Watching logs..."
+${BIN}d -datadir=${TMP}/node0 -chain=elementsregtest -daemon
+${BIN}d -datadir=${TMP}/node1 -chain=elementsregtest -daemon
+${BIN}d -datadir=${TMP}/node2 -chain=elementsregtest -daemon
+
+xtail ${TMP}/node{0,1,2}/elementsregtest/debug.log
+
+echo ""
+echo "Cleaning up..."
+
+${BIN}-cli -datadir=${TMP}/node0 -chain=elementsregtest stop
+${BIN}-cli -datadir=${TMP}/node1 -chain=elementsregtest stop
+${BIN}-cli -datadir=${TMP}/node2 -chain=elementsregtest stop
+sleep 1
+rm -rf ${TMP}
+
+echo "Done!"
+
+# End of File

From 79a9dcd0a56630d1cd4ada77fab10ed0ee514fc5 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 12:09:39 -0700
Subject: [PATCH 08/28] f '[BlockSigner] Parse federation and block signer
 configuration options.'

nit: netaddrs -> m_netaddrs
---
 src/federation.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 76af5c19e8..bc72d32fd4 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -102,12 +102,12 @@ static std::set<CSubNet> g_whitelist;
 
 struct BlockSigner {
     CPubKey m_pubkey;
-    std::set<std::string> netaddrs;
+    std::set<std::string> m_netaddrs;
     int64_t m_endpoint_last_update_time;
     std::set<NodeId> m_nodes;
 
     BlockSigner() : m_endpoint_last_update_time(0) { }
-    BlockSigner(const CPubKey& pubkey, const std::string& netaddr) : m_pubkey(pubkey), netaddrs({netaddr}), m_endpoint_last_update_time(0) { }
+    BlockSigner(const CPubKey& pubkey, const std::string& netaddr) : m_pubkey(pubkey), m_netaddrs({netaddr}), m_endpoint_last_update_time(0) { }
 };
 
 //! A record to store configuration information and state for each block signer.
@@ -217,7 +217,7 @@ static bool ReadFederationOpts() {
         LogPrint(BCLog::FEDERATION, "Mapping block signer %s to network address %s\n", pkstr, netaddr);
         auto itr = g_block_signers.find(pk);
         if (itr != g_block_signers.end()) {
-            itr->second.netaddrs.insert(netaddr);
+            itr->second.m_netaddrs.insert(netaddr);
         } else {
             g_block_signers[pk] = BlockSigner(pk, netaddr);
             itr = g_block_signers.find(pk);

From b3a0ab9b90a2a582c50b698e6bc2e97eb98f7a76 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 12:10:52 -0700
Subject: [PATCH 09/28] f '[BlockSigner] Parse federation and block signer
 configuration options.'

nit: C++11-isms
---
 src/federation.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index bc72d32fd4..de92fb0319 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -107,7 +107,7 @@ struct BlockSigner {
     std::set<NodeId> m_nodes;
 
     BlockSigner() : m_endpoint_last_update_time(0) { }
-    BlockSigner(const CPubKey& pubkey, const std::string& netaddr) : m_pubkey(pubkey), m_netaddrs({netaddr}), m_endpoint_last_update_time(0) { }
+    BlockSigner(const CPubKey& pubkey, const std::string& netaddr) : m_pubkey(pubkey), m_netaddrs{netaddr}, m_endpoint_last_update_time(0) { }
 };
 
 //! A record to store configuration information and state for each block signer.

From 1da1bbba2e90dcbd4f476fbc8f17244ca9e7f079 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 12:42:07 -0700
Subject: [PATCH 10/28] f '[BlockSigner] Parse federation and block signer
 configuration options.'

Move the search for our public key to the second post-sort loop.
---
 src/federation.cpp | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index de92fb0319..8b6b1a0b6e 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -140,31 +140,24 @@ static bool ReadFederationOpts() {
         }
         // Treat any valid pubkey as a block-signing key
         g_block_signing_keys.push_back(pk);
-#if ENABLE_WALLET
-        // And check to see if it is *our* block-signing key
-        if (spk_man && spk_man->HaveKey(pk.GetID())) {
-            g_our_block_signing_key = pk;
-        }
-#endif // ENABLE_WALLET
-    }
-
-    if (!g_our_block_signing_key.IsValid()) {
-        LogPrintf("Error: unable to determine block-signing key.\n");
-        return false;
     }
 
     std::sort(g_block_signing_keys.begin(),
               g_block_signing_keys.end());
 
     g_our_block_signing_key_index = 0;
-    for (const auto& key : g_block_signing_keys) {
-        if (key == g_our_block_signing_key) {
+    for (const auto& pk : g_block_signing_keys) {
+#if ENABLE_WALLET
+        // Check to see if it is *our* block-signing key
+        if (spk_man && spk_man->HaveKey(pk.GetID())) {
+            g_our_block_signing_key = pk;
             break;
         }
+#endif // ENABLE_WALLET
         ++g_our_block_signing_key_index;
     }
     if (g_our_block_signing_key_index >= g_block_signing_keys.size()) {
-        // log error
+        LogPrintf("Error: unable to determine block-signing key.\n");
         return false;
     }
 

From bf28ee61394e82681193659b46b045282c5a7217 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 12:47:29 -0700
Subject: [PATCH 11/28] f '[BlockSigner] Add script demonstrating how to use
 the federated block-signer.'

Switch -blocksignnode to use pubkey@ip:port syntax.
---
 contrib/federation/blocksign.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/contrib/federation/blocksign.sh b/contrib/federation/blocksign.sh
index 7aa2b1cbc6..87a179c730 100755
--- a/contrib/federation/blocksign.sh
+++ b/contrib/federation/blocksign.sh
@@ -68,12 +68,12 @@ ${BIN}-cli -datadir=${TMP}/node2 -chain=elementsregtest stop
 sleep 1
 
 echo Connecting nodes...
-echo "elementsregtest.blocksignnode=${PK1}:localhost:${PORT1}" >> ${TMP}/node0/elements.conf
-echo "elementsregtest.blocksignnode=${PK2}:localhost:${PORT2}" >> ${TMP}/node0/elements.conf
-echo "elementsregtest.blocksignnode=${PK0}:localhost:${PORT0}" >> ${TMP}/node1/elements.conf
-echo "elementsregtest.blocksignnode=${PK2}:localhost:${PORT2}" >> ${TMP}/node1/elements.conf
-echo "elementsregtest.blocksignnode=${PK0}:localhost:${PORT0}" >> ${TMP}/node2/elements.conf
-echo "elementsregtest.blocksignnode=${PK1}:localhost:${PORT1}" >> ${TMP}/node2/elements.conf
+echo "elementsregtest.blocksignnode=${PK1}@localhost:${PORT1}" >> ${TMP}/node0/elements.conf
+echo "elementsregtest.blocksignnode=${PK2}@localhost:${PORT2}" >> ${TMP}/node0/elements.conf
+echo "elementsregtest.blocksignnode=${PK0}@localhost:${PORT0}" >> ${TMP}/node1/elements.conf
+echo "elementsregtest.blocksignnode=${PK2}@localhost:${PORT2}" >> ${TMP}/node1/elements.conf
+echo "elementsregtest.blocksignnode=${PK0}@localhost:${PORT0}" >> ${TMP}/node2/elements.conf
+echo "elementsregtest.blocksignnode=${PK1}@localhost:${PORT1}" >> ${TMP}/node2/elements.conf
 
 echo "Watching logs..."
 ${BIN}d -datadir=${TMP}/node0 -chain=elementsregtest -daemon

From 2817b6a7c809d5dfba7f09a0bd3807ccfb154775 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 12:48:45 -0700
Subject: [PATCH 12/28] f '[BlockSigner] Parse federation and block signer
 configuration options.'

Switch -blocksignnode to use pubkey@ip:port syntax.
---
 src/federation.cpp | 4 ++--
 src/init.cpp       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 8b6b1a0b6e..129c3dcdee 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -167,9 +167,9 @@ static bool ReadFederationOpts() {
     int errors = 0;
     const auto& opt_blocksignnodes = g_context->args->GetArgs("-blocksignnode");
     for (const auto& opt_blocksignnode : opt_blocksignnodes) {
-        auto pos = opt_blocksignnode.find(':');
+        auto pos = opt_blocksignnode.find('@');
         if (pos == std::string::npos) {
-            LogPrintf("Error: -blocksignnode configuration must be in the form '=<pubkey:ip[:port]>, not '=%s''\n", opt_blocksignnode);
+            LogPrintf("Error: -blocksignnode configuration must be in the form '=<pubkey@ip[:port]>, not '=%s''\n", opt_blocksignnode);
             ++errors;
             continue;
         }
diff --git a/src/init.cpp b/src/init.cpp
index f5793f2022..2ad421f5b9 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -643,7 +643,7 @@ void SetupServerArgs(NodeContext& node)
     argsman.AddArg("-ct_exponent", strprintf("The hiding exponent. (default: %s)", 0), ArgsManager::ALLOW_ANY, OptionsCategory::CHAINPARAMS);
 
     argsman.AddArg("-blocksigner", strprintf("Enable built-in block-signing federated peer protocol. (default: %s)", DEFAULT_BLOCK_SIGNER_ENABLE ? "on" : "off"), ArgsManager::ALLOW_ANY, OptionsCategory::ELEMENTS);
-    argsman.AddArg("-blocksignnode=<pubkey>:<ip[:port]>", "Connection information for the block-signing federation peer associated with the specified pubkey.  May be specified as many times as necessary for different peers and/or alternative connection strings for a given peer.", ArgsManager::ALLOW_ANY | ArgsManager::NETWORK_ONLY, OptionsCategory::ELEMENTS);
+    argsman.AddArg("-blocksignnode=<pubkey>@<ip[:port]>", "Connection information for the block-signing federation peer associated with the specified pubkey.  May be specified as many times as necessary for different peers and/or alternative connection strings for a given peer.", ArgsManager::ALLOW_ANY | ArgsManager::NETWORK_ONLY, OptionsCategory::ELEMENTS);
 
     // Add the hidden options
     argsman.AddHiddenArgs(hidden_args);

From fef2e4ef252ffe97df415ce0d0f9dafb298542ee Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 13:06:05 -0700
Subject: [PATCH 13/28] f '[BlockSigner] Parse federation and block signer
 configuration options.'

Make code clearer at the small cost of repeated op[] calls.
---
 src/federation.cpp | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 129c3dcdee..901618bc26 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -107,7 +107,7 @@ struct BlockSigner {
     std::set<NodeId> m_nodes;
 
     BlockSigner() : m_endpoint_last_update_time(0) { }
-    BlockSigner(const CPubKey& pubkey, const std::string& netaddr) : m_pubkey(pubkey), m_netaddrs{netaddr}, m_endpoint_last_update_time(0) { }
+    BlockSigner(const CPubKey& pubkey) : m_pubkey(pubkey), m_endpoint_last_update_time(0) { }
 };
 
 //! A record to store configuration information and state for each block signer.
@@ -208,14 +208,11 @@ static bool ReadFederationOpts() {
         // We were able to resolve the network address into at least one ip:port
         // service endpoint, so we now assume the address is well-formed.
         LogPrint(BCLog::FEDERATION, "Mapping block signer %s to network address %s\n", pkstr, netaddr);
-        auto itr = g_block_signers.find(pk);
-        if (itr != g_block_signers.end()) {
-            itr->second.m_netaddrs.insert(netaddr);
-        } else {
-            g_block_signers[pk] = BlockSigner(pk, netaddr);
-            itr = g_block_signers.find(pk);
+        if (!g_block_signers.count(pk)) {
+            g_block_signers[pk] = BlockSigner(pk);
         }
-        itr->second.m_endpoint_last_update_time = time;
+        g_block_signers[pk].m_netaddrs.insert(netaddr);
+        g_block_signers[pk].m_endpoint_last_update_time = time;
 
         // For each service endpoint, we let the connection manager know about
         // the node, and add it to our own list of potential peers.

From 2722026ee6a20a4cf2a4345726d15d63476fab4a Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 13:10:37 -0700
Subject: [PATCH 14/28] f '[BlockSigner] Use the wallet to generate blocks at
 fixed intervals.'

Remove FIXME note that doesn't need to live in the code.
---
 src/federation.cpp | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 901618bc26..edd78b64c8 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -294,16 +294,10 @@ static bool GenerateBlockProposal()
     const CChainParams& params = Params();
     const Consensus::Params& consensusParams = params.GetConsensus();
 
-    // FIXME: Is this mandatory coinbase destination really necessary?  I recall
-    //        that this is from the Liquid codebase to ensure that Blockstream
-    //        collected fees on Liquid rather than the functionaries.  Is this
-    //        something we want to carry over to our chain?  If so, there are
-    //        probably better ways to accomplish fee capture.
     CScript fee_destination_script = consensusParams.mandatory_coinbase_destination;
     // If no forced fee destination script is specified in the chain parameters,
-    // then it is not consensus-controlled.  For testing purposes, we make it
-    // anyone-can-spend.  Let's change this later when we decide what to do
-    // about collecting fees.
+    // then it is not consensus-controlled.  For testing purposes (since this is
+    // the chain setting on regtest), we make it anyone-can-spend.
     if (fee_destination_script == CScript()) {
         fee_destination_script = CScript() << OP_TRUE;
     }

From c4500a84a307d8f9b77bf90d26c9e6d0c0cf8023 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 13:20:09 -0700
Subject: [PATCH 15/28] f '[BlockSigner] Use the wallet to generate blocks at
 fixed intervals.'

Fix code style nit
---
 src/federation.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index edd78b64c8..0dcafa4f7a 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -315,7 +315,7 @@ static bool GenerateBlockProposal()
         return false;
     }
 
-    CBlock &block = pblocktemplate->block;
+    CBlock& block = pblocktemplate->block;
     {
         // IncrementExtraNonce sets coinbase flags and builds the merkle tree
         LOCK(cs_main);

From 910b8757e572541ccacdf4188c563c982a436687 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 13:22:03 -0700
Subject: [PATCH 16/28] f '[BlockSigner] Use the wallet to generate blocks at
 fixed intervals.'

Fix typo
---
 src/federation.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 0dcafa4f7a..2bf0a4bae0 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -574,7 +574,7 @@ static bool SubmitBlock()
 
     std::shared_ptr<const CBlock> shared_pblock = std::make_shared<const CBlock>(block);
     if (!g_context->chainman->ProcessNewBlock(Params(), shared_pblock, true, nullptr)) {
-        LogPrint(BCLog::FEDERATION, "ProccessNewBlock failed for signe block.\n");
+        LogPrint(BCLog::FEDERATION, "ProccessNewBlock failed for signed block.\n");
         return false;
     }
 

From 0c5d84572d7f8a3caea52773f89964a545e587da Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 13:22:51 -0700
Subject: [PATCH 17/28] f '[BlockSigner] Add 'blocksign' p2p message, and
 handshake protocol.'

Fix typo
---
 src/federation.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 2bf0a4bae0..0041678618 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -685,7 +685,7 @@ void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microsec
             }
             if (!g_block_signers.count(other)) {
                 std::string pkstr(HexStr(CDataStream(SER_NETWORK, CLIENT_VERSION) << other), 2);
-                LogPrint(BCLog::FEDERATION, "Received blocksign::VER%s message with known public key, but cannot find record for peer: %s.  Ignoring.  Are you missing a a '-blocksignnode=%s:<ip:port>' configuration parameter?\n", (code == BlockSignMsgType::VERACK) ? "ACK" : "", pkstr, pkstr);
+                LogPrint(BCLog::FEDERATION, "Received blocksign::VER%s message with known public key, but cannot find record for peer: %s.  Ignoring.  Are you missing a '-blocksignnode=%s:<ip:port>' configuration parameter?\n", (code == BlockSignMsgType::VERACK) ? "ACK" : "", pkstr, pkstr);
                 break;
             }
 

From 6bb86db0944e26f941554de7313202c136b325cf Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 13:42:51 -0700
Subject: [PATCH 18/28] f '[BlockSigner] Add 'blocksign' p2p message, and
 handshake protocol.'

Remove redundant code.
---
 src/federation.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 0041678618..b71055976f 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -670,22 +670,24 @@ void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microsec
         case BlockSignMsgType::VER:
         case BlockSignMsgType::VERACK:
         {
+            const std::string msgstr = (code == BlockSignMsgType::VERACK) ? "VERACK" : "VER";
+
             LOCK(cs_block_signer);
 
             CPubKey other;
             msg >> other;
             if (!other.IsFullyValid()) {
-                LogPrint(BCLog::FEDERATION, "Received blocksign::VER%s message with invalid/malformed public key.  Ignoring.\n", (code == BlockSignMsgType::VERACK) ? "ACK" : "");
+                LogPrint(BCLog::FEDERATION, "Received blocksign::%s message with invalid/malformed public key.  Ignoring.\n", msgstr);
                 break;
             }
             if (std::find(g_block_signing_keys.begin(), g_block_signing_keys.end(), other) == g_block_signing_keys.end()) {
                 std::string pkstr(HexStr(CDataStream(SER_NETWORK, CLIENT_VERSION) << other), 2);
-                LogPrint(BCLog::FEDERATION, "Received blocksign::VER%s message with unrecognized public key %s.  Ignoring.\n", (code == BlockSignMsgType::VERACK) ? "ACK" : "", pkstr);
+                LogPrint(BCLog::FEDERATION, "Received blocksign::%s message with unrecognized public key %s.  Ignoring.\n", msgstr, pkstr);
                 break;
             }
             if (!g_block_signers.count(other)) {
                 std::string pkstr(HexStr(CDataStream(SER_NETWORK, CLIENT_VERSION) << other), 2);
-                LogPrint(BCLog::FEDERATION, "Received blocksign::VER%s message with known public key, but cannot find record for peer: %s.  Ignoring.  Are you missing a '-blocksignnode=%s:<ip:port>' configuration parameter?\n", (code == BlockSignMsgType::VERACK) ? "ACK" : "", pkstr, pkstr);
+                LogPrint(BCLog::FEDERATION, "Received blocksign::%s message with known public key, but cannot find record for peer: %s.  Ignoring.  Are you missing a '-blocksignnode=%s:<ip:port>' configuration parameter?\n", msgstr, pkstr, pkstr);
                 break;
             }
 

From cb966429ea1e48e2527fcafdca923516df64d45f Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 13:55:25 -0700
Subject: [PATCH 19/28] f '[BlockSigner] Add peer-to-peer protocol for sharing
 block proposals, acks, and signatures.'

Terminate round early if we're not willing to sign the block.
---
 src/federation.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index b71055976f..b3ed4dfc3a 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -734,8 +734,9 @@ void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microsec
 
             // FIXME: read the ACK signature, validate it, and store it
         }
-        AcceptBlockProposal();
-        SendAck();
+        if (AcceptBlockProposal()) {
+            SendAck();
+        }
         break;
 
         case BlockSignMsgType::ACK:

From 45a9dbdafa2c239fc13d4bebb79fc6c2f52e8cca Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 14:35:02 -0700
Subject: [PATCH 20/28] f '[BlockSigner] Add 'blocksign' p2p message, and
 handshake protocol.'

Reduce redundant code copied from HandshakePeer
---
 src/federation.cpp | 58 +++++++++++++++++++---------------------------
 1 file changed, 24 insertions(+), 34 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index b3ed4dfc3a..cde54d364b 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -258,34 +258,40 @@ const unsigned char SIG      = 4;
 } // namespace BlockSignMsgType
 
 // Checks if the specified peer is in the whitelist, and if so sends it a VER
-// message.
-static void HandshakePeer(CNode* pnode) {
-    LOCK(cs_block_signer);
-
-    if (g_fednode_conn.count(pnode->GetId())) {
+// or VERACK message.
+static bool DoHandshake(CNode& node, unsigned char msg)
+    EXCLUSIVE_LOCKS_REQUIRED(cs_block_signer)
+{
+    if (g_fednode_conn.count(node.GetId())) {
         // Already handshaked
-        return;
+        return true;
     }
 
-    bool match = false;
     for (const auto& subnet : g_whitelist) {
-        if (subnet.Match(pnode->addr)) {
-            match = true;
-            break;
+        if (subnet.Match(node.addr)) {
+            g_context->connman->PushMessage(&node, CNetMsgMaker(node.GetCommonVersion()).Make(
+                NetMsgType::BLOCKSIGN,
+                msg,
+                g_our_block_signing_key));
+            return true;
         }
     }
 
-    if (match) {
-        g_context->connman->PushMessage(pnode, CNetMsgMaker(pnode->GetCommonVersion()).Make(
-            NetMsgType::BLOCKSIGN,
-            BlockSignMsgType::VER,
-            g_our_block_signing_key));
-    }
+    // Not found in our whitelists.
+    return false;
+}
+
+static void HandshakePeer(CNode* pnode)
+{
+    LOCK(cs_block_signer);
+
+    DoHandshake(*pnode, BlockSignMsgType::VER);
 }
 
 // Checks if the connection manager has connected to any new nodes since we were
 // last called, and attempts a handshake if these nodes are in the whitelist.
-static void HandshakeNewConnections() {
+static void HandshakeNewConnections()
+{
     g_context->connman->ForEachNode(HandshakePeer);
 }
 
@@ -698,23 +704,7 @@ void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microsec
                 break;
             }
 
-            // FIXME: Don't duplicate HandshakePeer
-            bool match = false;
-            for (const auto& subnet : g_whitelist) {
-                if (subnet.Match(from.addr)) {
-                    match = true;
-                    break;
-                }
-            }
-
-            if (!match) {
-                break;
-            }
-
-            g_context->connman->PushMessage(&from, CNetMsgMaker(from.GetCommonVersion()).Make(
-                NetMsgType::BLOCKSIGN,
-                BlockSignMsgType::VERACK,
-                g_our_block_signing_key));
+            DoHandshake(from, BlockSignMsgType::VERACK);
         }
         break;
 

From 8efa38a2f123618970e6aa1b986b41934c6b9346 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 14:51:23 -0700
Subject: [PATCH 21/28] f '[BlockSigner] Add peer-to-peer protocol for sharing
 block proposals, acks, and signatures.'

Fix incorrect round length
---
 src/federation.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index cde54d364b..e4979ae8d4 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -636,7 +636,7 @@ void ThreadBlockSigner(NodeContext& node)
         }
 
         int64_t sec_since_epoch = nextblocktime.time_since_epoch().count();
-        g_roundno = sec_since_epoch / 5;
+        g_roundno = sec_since_epoch / 60;
         int turn = g_roundno % g_block_signing_keys.size();
         if (turn != g_our_block_signing_key_index) {
             // Not our round

From 8862190f9952557d04def21507114e275ef9b4db Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Sat, 21 Aug 2021 15:20:17 -0700
Subject: [PATCH 22/28] f '[BlockSigner] Parse federation and block signer
 configuration options.'

int -> size_t to avoid compiler warnings
---
 src/federation.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index e4979ae8d4..6d6f846ce7 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -92,7 +92,7 @@ static std::vector<CPubKey> g_block_signing_keys;
 //! The block signing public key associated with this node.
 static CPubKey g_our_block_signing_key;
 //! The index of the block signing key associated with this node.
-static int g_our_block_signing_key_index = 0;
+static size_t g_our_block_signing_key_index = 0;
 
 //! The subnets match only the IPs which are known federation block-signing
 //! nodes.  Block-signing messages from other nodes not matching any of these

From 3c70538d53ef5e4da3390ceca09a1e4b654a0896 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 15 Nov 2021 23:28:18 -0800
Subject: [PATCH 23/28] [Mining] Explicitly record block height as part of
 CBlockTemplate structure.

---
 src/miner.cpp | 1 +
 src/miner.h   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/miner.cpp b/src/miner.cpp
index 73437df58e..7c90e7f35d 100644
--- a/src/miner.cpp
+++ b/src/miner.cpp
@@ -135,6 +135,7 @@ std::unique_ptr<CBlockTemplate> BlockAssembler::CreateNewBlock(const CScript& sc
     CBlockIndex* pindexPrev = ::ChainActive().Tip();
     assert(pindexPrev != nullptr);
     nHeight = pindexPrev->nHeight + 1;
+    pblocktemplate->height = nHeight;
 
     pblock->nVersion = ComputeBlockVersion(pindexPrev, chainparams.GetConsensus());
     // -regtest only: allow overriding block.nVersion with
diff --git a/src/miner.h b/src/miner.h
index 8510983419..4a39534675 100644
--- a/src/miner.h
+++ b/src/miner.h
@@ -31,6 +31,7 @@ struct CBlockTemplate
     std::vector<CAmount> vTxFees;
     std::vector<int64_t> vTxSigOpsCost;
     std::vector<unsigned char> vchCoinbaseCommitment;
+    uint32_t height;
 };
 
 // Container for tracking updates to ancestor feerate as we include (parent)

From cbae6d78fbcb8f98c7aec542c062adb82040569f Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 15 Nov 2021 23:29:48 -0800
Subject: [PATCH 24/28] f '[BlockSigner] Use the wallet to generate blocks at
 fixed intervals.'

Pass the same block height to IncrementExtraNonce which was used to construct the block template in the first place.
---
 src/federation.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index 6d6f846ce7..b047f8dfaf 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -326,7 +326,17 @@ static bool GenerateBlockProposal()
         // IncrementExtraNonce sets coinbase flags and builds the merkle tree
         LOCK(cs_main);
         unsigned int extra_nonce = 0;
-        IncrementExtraNonce(&block, g_context->chainman->ActiveTip(), extra_nonce);
+        // IncrementExtraNonce takes the chain tip as a parameter, but nHeight
+        // is the only field used, for the purpose of BIP-34 committing to the
+        // height in the coinbase.  We could pass the active tip here, and that
+        // appears to be the intention of the API, but that introduces a race
+        // condition which would result in an invalid block if the chain
+        // advances between when the block template was generated above and now.
+        // So we pass in a dummy block index that just has the correct nHeight
+        // field filled out.
+        CBlockIndex dummy_tip;
+        dummy_tip.nHeight = pblocktemplate->height - 1;
+        IncrementExtraNonce(&block, &dummy_tip, extra_nonce);
     }
 
     LOCK(cs_block_signer);

From 9c375ba8008fe681661dd1ec460d8390ce9f0e4b Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 6 Dec 2021 03:59:17 -0800
Subject: [PATCH 25/28] [BlockSigner] Verify and store ACK signature from block
 proposal.

---
 src/federation.cpp | 38 +++++++++++++++++++++++++++++---------
 1 file changed, 29 insertions(+), 9 deletions(-)

diff --git a/src/federation.cpp b/src/federation.cpp
index b047f8dfaf..719e170b95 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -346,6 +346,20 @@ static bool GenerateBlockProposal()
     return true;
 }
 
+bool CheckMsgSignature(const CPubKey& other, const uint256& hash, const std::vector<unsigned char>& sig)
+{
+    CPubKey pk;
+    if (!pk.RecoverCompact(hash, sig)) {
+        LogPrint(BCLog::FEDERATION, "Error: unable to recover pubkey; is this really a ECDSA signature?\n");
+        return false;
+    }
+    if (pk != other) {
+        LogPrint(BCLog::FEDERATION, "Error: recovered pubkey does not match expected signing key.\n");
+        return false;
+    }
+    return true;
+}
+
 struct AckBlockMsg
 {
     uint256 m_block_hash;
@@ -732,7 +746,18 @@ void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microsec
 
             msg >> g_block_proposal;
 
-            // FIXME: read the ACK signature, validate it, and store it
+            CHashWriter ss(SER_GETHASH, 0);
+            ss << AckBlockMsg(g_block_proposal.GetHash());
+
+            std::vector<unsigned char> sig;
+            msg >> sig;
+
+            if (!CheckMsgSignature(other, ss.GetHash(), sig)) {
+                LogPrint(BCLog::FEDERATION, "Error: signature validation failed; ignoring PROPOSAL message\n");
+                break;
+            }
+
+            g_block_acks[other] = sig;
         }
         if (AcceptBlockProposal()) {
             SendAck();
@@ -762,17 +787,12 @@ void HandleBlockSignMessage(CNode& from, CDataStream& msg, std::chrono::microsec
             std::vector<unsigned char> sig;
             msg >> sig;
 
-            CPubKey pk;
-            if (!pk.RecoverCompact(ss.GetHash(), sig)) {
-                LogPrint(BCLog::FEDERATION, "Error: unable to recover pubkey; is this really a ECDSA signature?\n");
-                break;
-            }
-            if (pk != other) {
-                LogPrint(BCLog::FEDERATION, "Error: recovered pubkey does not match expected signing key.\n");
+            if (!CheckMsgSignature(other, ss.GetHash(), sig)) {
+                LogPrint(BCLog::FEDERATION, "Error: signature validation failed; ignoring ACK message\n");
                 break;
             }
 
-            g_block_acks[pk] = sig;
+            g_block_acks[other] = sig;
 
             auto missing_acks = g_block_signing_keys.size() - g_block_acks.size();
             if (missing_acks > (g_block_signing_keys.size() / 3)) {

From ba4cc367884ea6146df39a931472aad5696ca665 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 6 Dec 2021 05:24:21 -0800
Subject: [PATCH 26/28] [ElementsRegtest] Add public parameters for
 block-signer elementsregtest network.

---
 contrib/federation/elements.conf | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 contrib/federation/elements.conf

diff --git a/contrib/federation/elements.conf b/contrib/federation/elements.conf
new file mode 100644
index 0000000000..b429120d3c
--- /dev/null
+++ b/contrib/federation/elements.conf
@@ -0,0 +1,10 @@
+validatepegin=0
+con_signed_blocks=1
+signblockscript=52210358e9f8af27053e08243270dc20e2542904561af30b60ad2be4dbc070d5af01ae210217420a47c91a2c9a7f18d6e8d881881cb9118915525041320cb9b379cbe25dc621027cd276ac6111da90f87823f278e601be900e58c1a38690af9b9e22136a9b8d2853ae
+con_max_block_sig_size=150
+con_dyna_deploy_start=9999999999
+elementsregtest.port=38233
+elementsregtest.rpcport=38232
+elementsregtest.addnode=vt4ahyjxprgvqrtv42kiqii2yhm6xebmlqkdphjnrxx2hw3r7wjklfad.onion:38233
+elementsregtest.addnode=biojtxr7rfene2ynqwwp7avqoctcn2y6hld5k5ctim3cevamxy4uvoqd.onion:38233
+elementsregtest.addnode=vhi7qknkigewaxgmv7s7exmvklrj2haiqbp7nnq3wxwxeldjc6vvclid.onion:38233

From 8cc00bc42e09411b18a159b9e103c1e10fbdf97c Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 6 Dec 2021 17:06:30 -0800
Subject: [PATCH 27/28] f '[ElementsRegtest] Add public parameters for
 block-signer elementsregtest network.'

Add subsidy coin so that there are coins to spend to create assets.
---
 contrib/federation/elements.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/contrib/federation/elements.conf b/contrib/federation/elements.conf
index b429120d3c..df158843c4 100644
--- a/contrib/federation/elements.conf
+++ b/contrib/federation/elements.conf
@@ -1,4 +1,5 @@
 validatepegin=0
+con_blocksubsidy=5000000000
 con_signed_blocks=1
 signblockscript=52210358e9f8af27053e08243270dc20e2542904561af30b60ad2be4dbc070d5af01ae210217420a47c91a2c9a7f18d6e8d881881cb9118915525041320cb9b379cbe25dc621027cd276ac6111da90f87823f278e601be900e58c1a38690af9b9e22136a9b8d2853ae
 con_max_block_sig_size=150

From 8a98f0883a69177a9c3dbee21ceea726cf06a3c9 Mon Sep 17 00:00:00 2001
From: Mark Friedenbach <mark@friedenbach.org>
Date: Mon, 6 Dec 2021 17:07:20 -0800
Subject: [PATCH 28/28] [BlockSigner] Ignore empty block proposals, exept every
 15 minutes.

---
 src/federation.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/federation.cpp b/src/federation.cpp
index 719e170b95..ef046e67a6 100644
--- a/src/federation.cpp
+++ b/src/federation.cpp
@@ -245,6 +245,9 @@ static std::map<CPubKey, std::vector<unsigned char>> g_block_acks;
 //! A collection of valid signatures for the proposed block of the current round.
 static std::map<CPubKey, std::vector<unsigned char>> g_block_sigs;
 
+//! The time at which the last block was accepted.
+static int64_t g_last_block_time = 0;
+
 // Our peer-to-peer messages all transmitted as NetMsgType::BLOCKSIGN messages
 // on the wire.  We differentiate the type of message for our own purposes with
 // a sub-message command, a single byte value at the beginning of the message
@@ -400,6 +403,14 @@ static bool AcceptBlockProposal()
         return false;
     }
 
+    // Ignore empty block proposals if we've accepted a block within the
+    // last 15 min.
+    int64_t current_time = GetTime();
+    if (block.vtx.size() <= 1 && (current_time - g_last_block_time) < 15*60) {
+        LogPrint(BCLog::FEDERATION, "Ignoring empty block proposal because insufficient time has passed between blocks. (%d < %d)\n", current_time - g_last_block_time, 15*60);
+        return false;
+    }
+
     // Attempt validation of the block proposal, to make sure it would be
     // accepted once it is signed.
     BlockValidationState state;
@@ -607,6 +618,7 @@ static bool SubmitBlock()
         LogPrint(BCLog::FEDERATION, "ProccessNewBlock failed for signed block.\n");
         return false;
     }
+    g_last_block_time = GetTime();
 
     LogPrint(BCLog::FEDERATION, "Generated new block: %s\n", block.GetHash().GetHex());
     return true;