Cache signature verifications

Create a maximum-10MB signature verification result cache.
This should almost double the number of transactions that
can be processed on a given CPU, because before this change
ECDSA signatures were verified when transactions were added
to the memory pool and then again when they appeared in
a block.

1 files changed, 68 insertions, 0 deletions

diff --git a/src/key.cpp b/src/key.cpp
index ece835d147..ac7ac4db77 100644
--- a/src/key.cpp
+++ b/src/key.cpp
@@ -2,10 +2,14 @@
 // Distributed under the MIT/X11 software license, see the accompanying
 // file license.txt or http://www.opensource.org/licenses/mit-license.php.
 
+#include <map>
+
+#include <boost/tuple/tuple.hpp>
 #include <openssl/ecdsa.h>
 #include <openssl/obj_mac.h>
 
 #include "key.h"
+#include "util.h"
 
 // Generate a private key from just the secret parameter
 int EC_KEY_regenerate_key(EC_KEY *eckey, BIGNUM *priv_key)
@@ -347,21 +351,85 @@ bool CKey::SetCompactSignature(uint256 hash, const std::vector<unsigned char>& v
     return false;
 }
 
+// Valid signature cache, to avoid doing expensive ECDSA signature checking
+// twice for every transaction (once when accepted into memory pool, and
+// again when accepted into the block chain)
+
+// sigdata_type is (signature hash, signature, public key):
+typedef boost::tuple<uint256, std::vector<unsigned char>, std::vector<unsigned char> > sigdata_type;
+static std::set< sigdata_type> setValidSigCache;
+static CCriticalSection cs_sigcache;
+
+static bool
+GetValidSigCache(uint256 hash, const std::vector<unsigned char>& vchSig, const std::vector<unsigned char>& pubKey)
+{
+    LOCK(cs_sigcache);
+
+    sigdata_type k(hash, vchSig, pubKey);
+    std::set<sigdata_type>::iterator mi = setValidSigCache.find(k);
+    if (mi != setValidSigCache.end())
+        return true;
+    return false;
+}
+
+static void
+SetValidSigCache(uint256 hash, const std::vector<unsigned char>& vchSig, const std::vector<unsigned char>& pubKey)
+{
+    // DoS prevention: limit cache size to less than 10MB
+    // (~200 bytes per cache entry times 50,000 entries)
+    // Since there are a maximum of 20,000 signature operations per block
+    // 50,000 is a reasonable default.
+    int64 nMaxCacheSize = GetArg("-maxsigcachesize", 50000);
+    if (nMaxCacheSize <= 0) return;
+
+    LOCK(cs_sigcache);
+
+    while (setValidSigCache.size() > nMaxCacheSize)
+    {
+        // Evict a random entry. Random because that helps
+        // foil would-be DoS attackers who might try to pre-generate
+        // and re-use a set of valid signatures just-slightly-greater
+        // than our cache size.
+        uint256 randomHash = GetRandHash();
+        std::vector<unsigned char> unused;
+        std::set<sigdata_type>::iterator it =
+            setValidSigCache.lower_bound(sigdata_type(randomHash, unused, unused));
+        if (it == setValidSigCache.end())
+            it = setValidSigCache.begin();
+        setValidSigCache.erase(*it);
+    }
+
+    sigdata_type k(hash, vchSig, pubKey);
+    setValidSigCache.insert(k);
+}
+
+
 bool CKey::Verify(uint256 hash, const std::vector<unsigned char>& vchSig)
 {
+    if (GetValidSigCache(hash, vchSig, GetPubKey()))
+        return true;
+
     // -1 = error, 0 = bad sig, 1 = good
     if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1)
         return false;
+
+    // good sig
+    SetValidSigCache(hash, vchSig, GetPubKey());
     return true;
 }
 
 bool CKey::VerifyCompact(uint256 hash, const std::vector<unsigned char>& vchSig)
 {
+    if (GetValidSigCache(hash, vchSig, GetPubKey()))
+        return true;
+
     CKey key;
     if (!key.SetCompactSignature(hash, vchSig))
         return false;
     if (GetPubKey() != key.GetPubKey())
         return false;
+
+    SetValidSigCache(hash, vchSig, GetPubKey());
     return true;
 }