[Cherrypick] Protocol update to allow recovery of stolen funds #22237 (#22259)

## Release notes

Check each box that your changes affect. If none of the boxes relate to
your changes, release notes aren't required.

For each box you select, include information after the relevant heading
that describes the impact of your changes that a user might notice and
any actions they must take to implement updates.

- [x] Protocol: upgrade to allow recovery of stolen funds in accordance
with community vote
- [ ] Nodes (Validators and Full nodes): 
- [ ] gRPC:
- [ ] JSON-RPC: 
- [ ] GraphQL: 
- [ ] CLI: 
- [ ] Rust SDK:

Author: mystenmark

Cargo.lock

@@ -83,6 +83,7 @@ fn async_verifier_bench(c: &mut Criterion) {
                         true,
                         true,
                         Some(30),
+                        vec![],
                     ));
 
                     b.iter(|| {
@@ -139,6 +140,7 @@ fn batch_verification_bench(c: &mut Criterion) {
                             &committee,
                             &certs.iter().collect_vec(),
                             Arc::new(VerifiedDigestCache::new_empty()),
+                            None,
                         );
                     })
                 },

crates/sui-core/benches/batch_verification_bench.rs

@@ -907,14 +907,39 @@ impl AuthorityState {
         // Note: the deny checks may do redundant package loads but:
         // - they only load packages when there is an active package deny map
         // - the loads are cached anyway
-        sui_transaction_checks::deny::check_transaction_for_signing(
+        let deny_status = sui_transaction_checks::deny::check_transaction_for_signing(
             tx_data,
             transaction.tx_signatures(),
             &input_object_kinds,
             &receiving_objects_refs,
             &self.config.transaction_deny_config,
             self.get_backing_package_store().as_ref(),
-        )?;
+        );
+
+        match deny_status {
+            Ok(_) => {}
+            // If the transaction was blocked, it may still be allowed if it is in
+            // the aliased address list.
+            // TODO: Delete this code after protocol version 86.
+            Err(e) => {
+                let allowed = transaction
+                    .inner()
+                    .data()
+                    .tx_signatures()
+                    .iter()
+                    .filter_map(|sig| sig.try_into().ok())
+                    .any(|signer: SuiAddress| {
+                        epoch_store.protocol_config().is_tx_allowed_via_aliasing(
+                            tx_data.sender().to_inner(),
+                            signer.to_inner(),
+                            tx_digest.inner(),
+                        )
+                    });
+                if !allowed {
+                    return Err(e);
+                }
+            }
+        }
 
         let (input_objects, receiving_objects) = self.input_loader.read_objects_for_signing(
             Some(tx_digest),

crates/sui-core/src/authority.rs

@@ -852,6 +852,7 @@ impl AuthorityPerEpochStore {
             protocol_config.accept_zklogin_in_multisig(),
             protocol_config.accept_passkey_in_multisig(),
             protocol_config.zklogin_max_epoch_upper_bound_delta(),
+            protocol_config.get_aliased_addresses().clone(),
         );
 
         let authenticator_state_exists = epoch_start_configuration

crates/sui-core/src/authority/authority_per_epoch_store.rs

@@ -12,9 +12,12 @@ use mysten_metrics::monitored_scope;
 use parking_lot::{Mutex, MutexGuard, RwLock};
 use prometheus::{register_int_counter_with_registry, IntCounter, Registry};
 use shared_crypto::intent::Intent;
+use std::collections::{BTreeMap, BTreeSet};
 use std::sync::Arc;
-use sui_types::digests::SenderSignedDataDigest;
+use sui_protocol_config::AliasedAddress;
+use sui_types::base_types::SuiAddress;
 use sui_types::digests::ZKLoginInputsDigest;
+use sui_types::digests::{SenderSignedDataDigest, TransactionDigest};
 use sui_types::signature_verification::{
     verify_sender_signed_data_message_signatures, VerifiedDigestCache,
 };
@@ -87,6 +90,7 @@ impl CertBuffer {
     }
 }
 
+pub type AliasedAddressMap = BTreeMap<SuiAddress, (SuiAddress, BTreeSet<TransactionDigest>)>;
 /// Verifies signatures in ways that faster than verifying each signature individually.
 /// - BLS signatures - caching and batch verification.
 /// - User signed data - caching.
@@ -96,6 +100,10 @@ pub struct SignatureVerifier {
     signed_data_cache: VerifiedDigestCache<SenderSignedDataDigest>,
     zklogin_inputs_cache: Arc<VerifiedDigestCache<ZKLoginInputsDigest>>,
 
+    /// Map from original address to aliased address and the list of transaction digests for
+    /// which the aliasing is allowed to be in effect.
+    aliased_addresses: Option<Arc<AliasedAddressMap>>,
+
     /// Map from JwkId (iss, kid) to the fetched JWK for that key.
     /// We use an immutable data structure because verification of ZKLogins may be slow, so we
     /// don't want to pass a reference to the map to the verify method, since that would lead to a
@@ -138,7 +146,36 @@ impl SignatureVerifier {
         accept_zklogin_in_multisig: bool,
         accept_passkey_in_multisig: bool,
         zklogin_max_epoch_upper_bound_delta: Option<u64>,
+        aliased_addresses: Vec<AliasedAddress>,
     ) -> Self {
+        let aliased_addresses: Option<Arc<BTreeMap<_, _>>> = if aliased_addresses.is_empty() {
+            None
+        } else {
+            Some(Arc::new(
+                aliased_addresses
+                    .into_iter()
+                    .map(
+                        |AliasedAddress {
+                             original,
+                             aliased,
+                             allowed_tx_digests,
+                         }| {
+                            (
+                                SuiAddress::from_bytes(original).unwrap(),
+                                (
+                                    SuiAddress::from_bytes(aliased).unwrap(),
+                                    allowed_tx_digests
+                                        .into_iter()
+                                        .map(TransactionDigest::new)
+                                        .collect(),
+                                ),
+                            )
+                        },
+                    )
+                    .collect(),
+            ))
+        };
+
         Self {
             committee,
             certificate_cache: VerifiedDigestCache::new(
@@ -167,6 +204,7 @@ impl SignatureVerifier {
                 accept_passkey_in_multisig,
                 zklogin_max_epoch_upper_bound_delta,
             },
+            aliased_addresses,
         }
     }
 
@@ -179,6 +217,7 @@ impl SignatureVerifier {
         accept_zklogin_in_multisig: bool,
         accept_passkey_in_multisig: bool,
         zklogin_max_epoch_upper_bound_delta: Option<u64>,
+        aliased_addresses: Vec<AliasedAddress>,
     ) -> Self {
         Self::new_with_batch_size(
             committee,
@@ -190,6 +229,7 @@ impl SignatureVerifier {
             accept_zklogin_in_multisig,
             accept_passkey_in_multisig,
             zklogin_max_epoch_upper_bound_delta,
+            aliased_addresses,
         )
     }
 
@@ -319,9 +359,16 @@ impl SignatureVerifier {
         let committee = self.committee.clone();
         let metrics = self.metrics.clone();
         let zklogin_inputs_cache = self.zklogin_inputs_cache.clone();
+        let aliased_addresses = self.aliased_addresses.clone();
         Handle::current()
             .spawn_blocking(move || {
-                Self::process_queue_sync(committee, metrics, buffer, zklogin_inputs_cache)
+                Self::process_queue_sync(
+                    committee,
+                    metrics,
+                    buffer,
+                    zklogin_inputs_cache,
+                    aliased_addresses.as_ref().map(|arc| arc.as_ref()),
+                )
             })
             .await
             .expect("Spawn blocking should not fail");
@@ -332,13 +379,15 @@ impl SignatureVerifier {
         metrics: Arc<SignatureVerifierMetrics>,
         buffer: CertBuffer,
         zklogin_inputs_cache: Arc<VerifiedDigestCache<ZKLoginInputsDigest>>,
+        aliased_addresses: Option<&BTreeMap<SuiAddress, (SuiAddress, BTreeSet<TransactionDigest>)>>,
     ) {
         let _scope = monitored_scope("BatchCertificateVerifier::process_queue");
 
         let results = batch_verify_certificates(
             &committee,
             &buffer.certs.iter().collect_vec(),
             zklogin_inputs_cache,
+            aliased_addresses,
         );
         izip!(
             results.into_iter(),
@@ -403,6 +452,7 @@ impl SignatureVerifier {
                     self.committee.epoch(),
                     &verify_params,
                     self.zklogin_inputs_cache.clone(),
+                    self.aliased_addresses.as_ref().map(|arc| arc.as_ref()),
                 )
             },
             || Ok(()),
@@ -544,6 +594,7 @@ pub fn batch_verify_certificates(
     committee: &Committee,
     certs: &[&CertifiedTransaction],
     zk_login_cache: Arc<VerifiedDigestCache<ZKLoginInputsDigest>>,
+    aliased_addresses: Option<&BTreeMap<SuiAddress, (SuiAddress, BTreeSet<TransactionDigest>)>>,
 ) -> Vec<SuiResult> {
     // certs.data() is assumed to be verified already by the caller.
     let verify_params = VerifyParams::default();
@@ -556,7 +607,12 @@ pub fn batch_verify_certificates(
             // TODO: verify_signature currently checks the tx sig as well, which might be cached
             // already.
             .map(|c| {
-                c.verify_signatures_authenticated(committee, &verify_params, zk_login_cache.clone())
+                c.verify_signatures_authenticated(
+                    committee,
+                    &verify_params,
+                    zk_login_cache.clone(),
+                    aliased_addresses,
+                )
             })
             .collect(),
 

crates/sui-core/src/signature_verifier.rs

@@ -310,6 +310,7 @@ pub fn make_cert_with_large_committee(
         committee,
         &Default::default(),
         Arc::new(VerifiedDigestCache::new_empty()),
+        None,
     )
     .unwrap();
     cert

crates/sui-core/src/test_utils.rs

@@ -120,6 +120,7 @@ async fn test_batch_verify() {
             &committee,
             &certs.iter().collect_vec(),
             Arc::new(VerifiedDigestCache::new_empty()),
+            None,
         );
         results[i].as_ref().unwrap_err();
         for (_, r) in results.iter().enumerate().filter(|(j, _)| *j != i) {
@@ -147,6 +148,7 @@ async fn test_async_verifier() {
         true,
         true,
         Some(30),
+        vec![],
     ));
 
     let tasks: Vec<_> = (0..32)