Batch signature verification (#5023)

* create parallel tasks extension * make type system happy * basic externalities * test for dynamic extensions * batching test * remove premature verify_batch * shnschnorrkel batch * alter test * shnschnorrkel test * executive batching * some docs * also multi/any signatgures * error propagation * styling * make verification extension optional * experimental ed25519 parallelization * some merge fallout * utilize task executor * merge fallout * utilize task executor more * another merge fallout * feature-gate sp-io * arrange toml * fix no-std * sr25519 batching and refactoring * add docs * fix name * add newline * fix block import test * long sr25519 test * blocking instead of parking * move everything in crypto * return batch_verify to check :) * use condvars * use multi-threaded executor for benches * don't call via host interface * try no spawning * add true * cleanup * straighten batching * remove signature check from this test (?) * remove now pointless test * remove another now useless test * fix warnings * Revert "remove another now useless test" This reverts commit bbdec24bb67ed4373072daef7c863e1a8825bd8b. * rethink the sp-io-part * Revert "remove now pointless test" This reverts commit 4d553066322e65782264caa6053d4cd5538df977. * fix wording * add wording * add todo and fix * return check and fix * add logging in sp-io * Update primitives/io/src/batch_verifier.rs Co-Authored-By: cheme <emericchevalier.pro@gmail.com> * address review and use std condvar * account for early exit * address reivew * address review * more suggestions * add docs for batch verification * remove unused * more review suggestions * move to sp-runtime * add expects * remove blocks * use entry * Update primitives/io/src/batch_verifier.rs Co-Authored-By: Bastian Köcher <bkchr@users.noreply.github.com> * Update primitives/externalities/src/extensions.rs Co-Authored-By: Bastian Köcher <bkchr@users.noreply.github.com> * update overlooked note * remove stupid return * Update primitives/io/src/lib.rs Co-Authored-By: Bastian Köcher <bkchr@users.noreply.github.com> * Update primitives/io/src/lib.rs Co-Authored-By: Bastian Köcher <bkchr@users.noreply.github.com> * fix wording * bump spec_version Co-authored-by: cheme <emericchevalier.pro@gmail.com> Co-authored-by: Bastian Köcher <bkchr@users.noreply.github.com>
2026-04-26 05:17:58 +00:00 · 2020-04-16 22:40:04 +03:00
parent 36243068bd
commit 372f8b2c7e
21 changed files with 711 additions and 47 deletions
@@ -3672,6 +3672,7 @@ dependencies = [
 "frame-support",
 "frame-system",
 "fs_extra",
+ "futures 0.3.4",
 "log",
 "node-executor",
 "node-primitives",
@@ -7359,6 +7360,7 @@ dependencies = [
 "lazy_static",
 "libsecp256k1",
 "log",
+ "merlin",
 "num-traits 0.2.11",
 "parity-scale-codec",
 "parity-util-mem",
@@ -7447,10 +7449,12 @@ dependencies = [
 name = "sp-io"
 version = "2.0.0-dev"
 dependencies = [
+ "futures 0.3.4",
 "hash-db",
 "libsecp256k1",
 "log",
 "parity-scale-codec",
+ "parking_lot 0.10.2",
 "sp-core",
 "sp-externalities",
 "sp-runtime-interface",
@@ -7537,6 +7541,7 @@ dependencies = [
 "sp-core",
 "sp-inherents",
 "sp-io",
+ "sp-state-machine",
 "sp-std",
 ]

@@ -127,7 +127,7 @@ pub const VERSION: RuntimeVersion = RuntimeVersion {
 	// and set impl_version to 0. If only runtime
 	// implementation changes and behavior does not, then leave spec_version as
 	// is and increment impl_version.
-	spec_version: 241,
+	spec_version: 242,
 	impl_version: 0,
 	apis: RUNTIME_API_VERSIONS,
 };
@@ -50,6 +50,7 @@ sp-blockchain = { version = "2.0.0-dev", path = "../../../primitives/blockchain"
 log = "0.4.8"
 tempfile = "3.1.0"
 fs_extra = "1"
+futures = "0.3.1"

 [dev-dependencies]
 criterion = "0.3.0"
@@ -47,7 +47,7 @@ use node_runtime::{
 	AccountId,
 	Signature,
 };
-use sp_core::{ExecutionContext, blake2_256};
+use sp_core::{ExecutionContext, blake2_256, traits::CloneableSpawn};
 use sp_api::ProvideRuntimeApi;
 use sp_block_builder::BlockBuilder;
 use sp_inherents::InherentData;
@@ -57,6 +57,7 @@ use sc_client_api::{
 };
 use sp_core::{Pair, Public, sr25519, ed25519};
 use sc_block_builder::BlockBuilderProvider;
+use futures::{executor, task};

 /// Keyring full of accounts for benching.
 ///
@@ -142,6 +143,36 @@ impl BlockType {
 	}
 }

+/// Benchmarking task executor.
+///
+/// Uses multiple threads as the regular executable.
+#[derive(Debug, Clone)]
+pub struct TaskExecutor {
+	pool: executor::ThreadPool,
+}
+
+impl TaskExecutor {
+	fn new() -> Self {
+		Self {
+			pool: executor::ThreadPool::new()
+				.expect("Failed to create task executor")
+		}
+	}
+}
+
+impl task::Spawn for TaskExecutor {
+	fn spawn_obj(&self, future: task::FutureObj<'static, ()>)
+	-> Result<(), task::SpawnError> {
+		self.pool.spawn_obj(future)
+	}
+}
+
+impl CloneableSpawn for TaskExecutor {
+	fn clone(&self) -> Box<dyn CloneableSpawn> {
+		Box::new(Clone::clone(self))
+	}
+}
+
 impl BenchDb {
 	/// New immutable benchmarking database.
 	///
@@ -168,8 +199,8 @@ impl BenchDb {
 	/// and keep it there until struct is dropped.
 	///
 	/// You can `clone` this database or you can `create_context` from it
-	/// (which also do `clone`) to run actual operation against new database
-	/// which will be identical to this.
+	/// (which also does `clone`) to run actual operation against new database
+	/// which will be identical to the original.
 	pub fn new(keyring_length: usize) -> Self {
 		Self::with_key_types(keyring_length, KeyTypes::Sr25519)
 	}
@@ -197,7 +228,7 @@ impl BenchDb {
 			None,
 			None,
 			ExecutionExtensions::new(profile.into_execution_strategies(), None),
-			sp_core::tasks::executor(),
+			Box::new(TaskExecutor::new()),
 			None,
 		).expect("Should not fail");

@@ -20,7 +20,7 @@ use futures::executor::block_on;
 use txpool::{self, Pool};
 use sp_runtime::{
 	generic::BlockId,
-	transaction_validity::{ValidTransaction, InvalidTransaction, TransactionSource},
+	transaction_validity::{ValidTransaction, TransactionSource, InvalidTransaction},
 };
 use substrate_test_runtime_client::{
 	runtime::{Block, Hash, Index, Header, Extrinsic, Transfer},
@@ -263,7 +263,6 @@ fn should_not_retain_invalid_hashes_from_retracted() {
 	let event = block_event_with_retracted(1, vec![retracted_hash]);

 	block_on(pool.maintain(event));
-	// maintenance is in background
 	block_on(notifier.next());

 	assert_eq!(pool.status().ready, 0);
@@ -701,6 +700,6 @@ fn should_not_accept_old_signatures() {
 		Err(error::Error::Pool(
 			sp_transaction_pool::error::Error::InvalidTransaction(InvalidTransaction::BadProof)
 		)),
-		"Should be invalid transactiono with bad proof",
+		"Should be invalid transaction with bad proof",
 	);
 }
@@ -18,6 +18,7 @@ frame-system = { version = "2.0.0-dev", default-features = false, path = "../sys
 serde = { version = "1.0.101", optional = true }
 sp-runtime = { version = "2.0.0-dev", default-features = false, path = "../../primitives/runtime" }
 sp-std = { version = "2.0.0-dev", default-features = false, path = "../../primitives/std" }
+sp-io = { version = "2.0.0-dev", default-features = false, path = "../../primitives/io" }

 [dev-dependencies]
 hex-literal = "0.2.1"
@@ -237,9 +237,13 @@ where
 		// any initial checks
 		Self::initial_checks(&block);

+		let batching_safeguard = sp_runtime::SignatureBatching::start();
 		// execute extrinsics
 		let (header, extrinsics) = block.deconstruct();
 		Self::execute_extrinsics_with_book_keeping(extrinsics, *header.number());
+		if !sp_runtime::SignatureBatching::verify(batching_safeguard) {
+			panic!("Signature verification failed.");
+		}

 		// any final checks
 		Self::final_checks(&header);
@@ -47,6 +47,7 @@ sha2 = { version = "0.8.0", default-features = false, optional = true }
 hex = { version = "0.4", default-features = false, optional = true }
 twox-hash = { version = "1.5.0", default-features = false, optional = true }
 libsecp256k1 = { version = "0.3.2", default-features = false, features = ["hmac"], optional = true }
+merlin = { version = "2.0", default-features = false, optional = true }

 sp-runtime-interface = { version = "2.0.0-dev", default-features = false, path = "../runtime-interface" }

@@ -97,7 +98,6 @@ std = [
 	"schnorrkel/std",
 	"regex",
 	"num-traits/std",
-	"libsecp256k1/std",
 	"tiny-keccak",
 	"sp-debug-derive/std",
 	"sp-externalities",
@@ -106,6 +106,7 @@ std = [
 	"zeroize/alloc",
 	"futures",
 	"futures/thread-pool",
+	"libsecp256k1/std",
 ]

 # This feature enables all crypto primitives for `no_std` builds like microcontrollers
@@ -121,4 +122,5 @@ full_crypto = [
 	"twox-hash",
 	"libsecp256k1",
 	"sp-runtime-interface/disable_target_static_assertions",
+	"merlin",
 ]
@@ -611,6 +611,45 @@ impl CryptoType for Pair {
 	type Pair = Pair;
 }

+/// Batch verification.
+///
+/// `messages`, `signatures` and `pub_keys` should all have equal length.
+///
+/// Returns `true` if all signatures are correct, `false` otherwise.
+#[cfg(feature = "std")]
+pub fn verify_batch(
+	messages: Vec<&[u8]>,
+	signatures: Vec<&Signature>,
+	pub_keys: Vec<&Public>,
+) -> bool {
+	let mut sr_pub_keys = Vec::with_capacity(pub_keys.len());
+	for pub_key in pub_keys {
+		match schnorrkel::PublicKey::from_bytes(pub_key.as_ref()) {
+			Ok(pk) => sr_pub_keys.push(pk),
+			Err(_) => return false,
+		};
+	}
+
+	let mut sr_signatures = Vec::with_capacity(signatures.len());
+	for signature in signatures {
+		match schnorrkel::Signature::from_bytes(signature.as_ref()) {
+			Ok(s) => sr_signatures.push(s),
+			Err(_) => return false
+		};
+	}
+
+	let mut messages: Vec<merlin::Transcript> = messages.into_iter().map(
+		|msg| signing_context(SIGNING_CTX).bytes(msg)
+	).collect();
+
+	schnorrkel::verify_batch(
+		&mut messages,
+		&sr_signatures,
+		&sr_pub_keys,
+		true,
+	).is_ok()
+}
+
 #[cfg(test)]
 mod compatibility_test {
 	use super::*;
@@ -21,7 +21,8 @@
 //!
 //! It is required that each extension implements the [`Extension`] trait.

-use std::{collections::HashMap, any::{Any, TypeId}, ops::DerefMut};
+use std::{collections::HashMap, collections::hash_map::Entry, any::{Any, TypeId}, ops::DerefMut};
+use crate::Error;

 /// Marker trait for types that should be registered as [`Externalities`](crate::Externalities) extension.
 ///
@@ -87,6 +88,16 @@ pub trait ExtensionStore {
 	/// It is advised to use [`ExternalitiesExt::extension`](crate::ExternalitiesExt::extension)
 	/// instead of this function to get type system support and automatic type downcasting.
 	fn extension_by_type_id(&mut self, type_id: TypeId) -> Option<&mut dyn Any>;
+
+	/// Register extension `extension` with speciifed `type_id`.
+	///
+	/// It should return error if extension is already registered.
+	fn register_extension_with_type_id(&mut self, type_id: TypeId, extension: Box<dyn Extension>) -> Result<(), Error>;
+
+	/// Deregister extension with speicifed 'type_id' and drop it.
+	///
+	/// It should return error if extension is not registered.
+	fn deregister_extension_by_type_id(&mut self, type_id: TypeId) -> Result<(), Error>;
 }

 /// Stores extensions that should be made available through the externalities.
@@ -95,6 +106,12 @@ pub struct Extensions {
 	extensions: HashMap<TypeId, Box<dyn Extension>>,
 }

+impl std::fmt::Debug for Extensions {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "Extensions: ({})", self.extensions.len())
+    }
+}
+
 impl Extensions {
 	/// Create new instance of `Self`.
 	pub fn new() -> Self {
@@ -106,10 +123,23 @@ impl Extensions {
 		self.extensions.insert(ext.type_id(), Box::new(ext));
 	}

+	/// Register extension `ext`.
+	pub fn register_with_type_id(&mut self, type_id: TypeId, extension: Box<dyn Extension>) -> Result<(), Error> {
+		match self.extensions.entry(type_id) {
+			Entry::Vacant(vacant) => { vacant.insert(extension); Ok(()) },
+			Entry::Occupied(_) => Err(Error::ExtensionAlreadyRegistered),
+		}
+	}
+
 	/// Return a mutable reference to the requested extension.
 	pub fn get_mut(&mut self, ext_type_id: TypeId) -> Option<&mut dyn Any> {
 		self.extensions.get_mut(&ext_type_id).map(DerefMut::deref_mut).map(Extension::as_mut_any)
 	}
+
+	/// Deregister extension of type `E`.
+	pub fn deregister(&mut self, type_id: TypeId) -> Option<Box<dyn Extension>> {
+		self.extensions.remove(&type_id)
+	}
 }

 #[cfg(test)]
@@ -32,6 +32,17 @@ pub use extensions::{Extension, Extensions, ExtensionStore};
 mod extensions;
 mod scope_limited;

+/// Externalities error.
+#[derive(Debug)]
+pub enum Error {
+	/// Same extension cannot be registered twice.
+	ExtensionAlreadyRegistered,
+	/// Extensions are not supported.
+	ExtensionsAreNotSupported,
+	/// Extension `TypeId` is not registered.
+	ExtensionIsNotRegistered(TypeId),
+}
+
 /// The Substrate externalities.
 ///
 /// Provides access to the storage and to other registered extensions.
@@ -198,10 +209,29 @@ pub trait Externalities: ExtensionStore {
 pub trait ExternalitiesExt {
 	/// Tries to find a registered extension and returns a mutable reference.
 	fn extension<T: Any + Extension>(&mut self) -> Option<&mut T>;
+
+	/// Register extension `ext`.
+	///
+	/// Should return error if extension is already registered or extensions are not supported.
+	fn register_extension<T: Extension>(&mut self, ext: T) -> Result<(), Error>;
+
+	/// Deregister and drop extension of `T` type.
+	///
+	/// Should return error if extension of type `T` is not registered or
+	/// extensions are not supported.
+	fn deregister_extension<T: Extension>(&mut self) -> Result<(), Error>;
 }

 impl ExternalitiesExt for &mut dyn Externalities {
 	fn extension<T: Any + Extension>(&mut self) -> Option<&mut T> {
 		self.extension_by_type_id(TypeId::of::<T>()).and_then(Any::downcast_mut)
 	}
+
+	fn register_extension<T: Extension>(&mut self, ext: T) -> Result<(), Error> {
+		self.register_extension_with_type_id(TypeId::of::<T>(), Box::new(ext))
+	}
+
+	fn deregister_extension<T: Extension>(&mut self) -> Result<(), Error> {
+		self.deregister_extension_by_type_id(TypeId::of::<T>())
+	}
 }
@@ -25,6 +25,8 @@ sp-runtime-interface = { version = "2.0.0-dev", default-features = false, path =
 sp-trie = { version = "2.0.0-dev", optional = true, path = "../../primitives/trie" }
 sp-externalities = { version = "0.8.0-dev", optional = true, path = "../externalities" }
 log = { version = "0.4.8", optional = true }
+futures = { version = "0.3.1", features = ["thread-pool"], optional = true }
+parking_lot = { version = "0.10.0", optional = true }

 [features]
 default = ["std"]
@@ -40,6 +42,8 @@ std = [
 	"sp-externalities",
 	"sp-wasm-interface/std",
 	"log",
+	"futures",
+	"parking_lot",
 ]

 # These two features are used for `no_std` builds for the environments which already provides
@@ -0,0 +1,163 @@
+// Copyright 2020 Parity Technologies (UK) Ltd.
+// This file is part of Substrate.
+
+// Substrate is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Substrate is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Substrate.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Batch/parallel verification.
+
+use sp_core::{ed25519, sr25519, crypto::Pair, traits::CloneableSpawn};
+use std::sync::{Arc, atomic::{AtomicBool, Ordering as AtomicOrdering}};
+use futures::{future::FutureExt, task::FutureObj, channel::oneshot};
+
+#[derive(Debug, Clone)]
+struct Sr25519BatchItem {
+	signature: sr25519::Signature,
+	pub_key: sr25519::Public,
+	message: Vec<u8>,
+}
+
+/// Batch verifier.
+///
+/// Used to parallel-verify signatures for runtime host. Provide task executor and
+/// just push (`push_ed25519`, `push_sr25519`) as many signature as you need. At the end,
+/// call `verify_and_clear to get a result. After that, batch verifier is ready for the
+/// next batching job.
+pub struct BatchVerifier {
+	scheduler: Box<dyn CloneableSpawn>,
+	sr25519_items: Vec<Sr25519BatchItem>,
+	invalid: Arc<AtomicBool>,
+	pending_tasks: Vec<oneshot::Receiver<()>>,
+}
+
+impl BatchVerifier {
+	pub fn new(scheduler: Box<dyn CloneableSpawn>) -> Self {
+		BatchVerifier {
+			scheduler,
+			sr25519_items: Default::default(),
+			invalid: Arc::new(false.into()),
+			pending_tasks: vec![],
+		}
+	}
+
+	fn spawn_verification_task(
+		&mut self, f: impl FnOnce() -> bool + Send + 'static,
+	) -> Result<(), ()> {
+		// there is already invalid transaction encountered
+		if self.invalid.load(AtomicOrdering::Relaxed) { return Err(()); }
+
+		let invalid_clone = self.invalid.clone();
+		let (sender, receiver) = oneshot::channel();
+		self.pending_tasks.push(receiver);
+
+		self.scheduler.spawn_obj(FutureObj::new(async move {
+			if !f() {
+				invalid_clone.store(true, AtomicOrdering::Relaxed);
+			}
+			if sender.send(()).is_err() {
+				// sanity
+				log::warn!("Verification halted while result was pending");
+				invalid_clone.store(true, AtomicOrdering::Relaxed);
+			}
+		}.boxed())).map_err(drop)
+	}
+
+	/// Push ed25519 signature to verify.
+	///
+	/// Returns false if some of the pushed signatures before already failed the check
+	/// (in this case it won't verify anything else)
+	pub fn push_ed25519(
+		&mut self,
+		signature: ed25519::Signature,
+		pub_key: ed25519::Public,
+		message: Vec<u8>,
+	) -> bool {
+		if self.invalid.load(AtomicOrdering::Relaxed) { return false; }
+
+		if self.spawn_verification_task(move || ed25519::Pair::verify(&signature, &message, &pub_key)).is_err() {
+			log::debug!(
+				target: "runtime",
+				"Batch-verification returns false because failed to spawn background task.",
+			);
+
+			return false;
+		}
+		true
+	}
+
+	/// Push sr25519 signature to verify.
+	///
+	/// Returns false if some of the pushed signatures before already failed the check.
+	/// (in this case it won't verify anything else)
+	pub fn push_sr25519(
+		&mut self,
+		signature: sr25519::Signature,
+		pub_key: sr25519::Public,
+		message: Vec<u8>,
+	) -> bool {
+		if self.invalid.load(AtomicOrdering::Relaxed) { return false; }
+		self.sr25519_items.push(Sr25519BatchItem { signature, pub_key, message });
+		true
+	}
+
+	/// Verify all previously pushed signatures since last call and return
+	/// aggregated result.
+	#[must_use]
+	pub fn verify_and_clear(&mut self) -> bool {
+		use std::sync::{Mutex, Condvar};
+
+		let pending = std::mem::replace(&mut self.pending_tasks, vec![]);
+
+		log::trace!(
+			target: "runtime",
+			"Batch-verification: {} pending tasks, {} sr25519 signatures",
+			pending.len(),
+			self.sr25519_items.len(),
+		);
+
+		let messages = self.sr25519_items.iter().map(|item| &item.message[..]).collect();
+		let signatures = self.sr25519_items.iter().map(|item| &item.signature).collect();
+		let pub_keys = self.sr25519_items.iter().map(|item| &item.pub_key).collect();
+
+		if !sr25519::verify_batch(messages, signatures, pub_keys) {
+			self.sr25519_items.clear();
+
+			return false;
+		}
+
+		self.sr25519_items.clear();
+
+		if pending.len() > 0 {
+			let pair = Arc::new((Mutex::new(()), Condvar::new()));
+			let pair_clone = pair.clone();
+
+			if self.scheduler.spawn_obj(FutureObj::new(async move {
+				futures::future::join_all(pending).await;
+				pair_clone.1.notify_all();
+			}.boxed())).is_err() {
+				log::debug!(
+					target: "runtime",
+					"Batch-verification returns false because failed to spawn background task.",
+				);
+
+				return false;
+			}
+
+			let (mtx, cond_var) = &*pair;
+			let mtx = mtx.lock().expect("Locking can only fail when the mutex is poisoned; qed");
+			let _ = cond_var.wait(mtx).expect("Waiting can only fail when the mutex waited on is poisoned; qed");
+		}
+
+		!self.invalid.swap(false, AtomicOrdering::Relaxed)
+	}
+}
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU General Public License
 // along with Substrate.  If not, see <http://www.gnu.org/licenses/>.

-//! This is part of the Substrate runtime.
+//! I/O host interface for substrate runtime.

 #![warn(missing_docs)]

@@ -34,7 +34,7 @@ use sp_std::ops::Deref;
 #[cfg(feature = "std")]
 use sp_core::{
 	crypto::Pair,
-	traits::{KeystoreExt, CallInWasmExt},
+	traits::{KeystoreExt, CallInWasmExt, TaskExecutorExt},
 	offchain::{OffchainExt, TransactionPoolExt},
 	hexdisplay::HexDisplay,
 	storage::{ChildStorageKey, ChildInfo},
@@ -57,6 +57,12 @@ use codec::{Encode, Decode};
 #[cfg(feature = "std")]
 use sp_externalities::{ExternalitiesExt, Externalities};

+#[cfg(feature = "std")]
+mod batch_verifier;
+
+#[cfg(feature = "std")]
+use batch_verifier::BatchVerifier;
+
 /// Error verifying ECDSA signature
 #[derive(Encode, Decode)]
 pub enum EcdsaVerifyError {
@@ -416,16 +422,98 @@ pub trait Crypto {
 			.ok()
 	}

-	/// Verify an `ed25519` signature.
+	/// Verify `ed25519` signature.
 	///
-	/// Returns `true` when the verification in successful.
+	/// Returns `true` when the verification is either successful or batched.
+	/// If no batching verification extension registered, this will return the result
+	/// of verification immediately. If batching verification extension is registered
+	/// caller should call `crypto::finish_batch_verify` to actualy check all submitted
+	/// signatures.
 	fn ed25519_verify(
-		&self,
 		sig: &ed25519::Signature,
 		msg: &[u8],
 		pub_key: &ed25519::Public,
 	) -> bool {
-		ed25519::Pair::verify(sig, msg, pub_key)
+		// TODO: see #5554, this is used outside of externalities context/runtime, thus this manual
+		// `with_externalities`.
+		//
+		// This `with_externalities(..)` block returns Some(Some(result)) if signature verification was successfully
+		// batched, everything else (Some(None)/None) means it was not batched and needs to be verified.
+		let evaluated = sp_externalities::with_externalities(|mut instance|
+			instance.extension::<VerificationExt>().map(
+				|extension| extension.push_ed25519(
+					sig.clone(),
+					pub_key.clone(),
+					msg.to_vec(),
+				)
+			)
+		);
+
+		match evaluated {
+			Some(Some(val)) => val,
+			_ => ed25519::Pair::verify(sig, msg, pub_key),
+		}
+	}
+
+	/// Verify `sr25519` signature.
+	///
+	/// Returns `true` when the verification is either successful or batched.
+	/// If no batching verification extension registered, this will return the result
+	/// of verification immediately. If batching verification extension is registered,
+	/// caller should call `crypto::finish_batch_verify` to actualy check all submitted
+	#[version(2)]
+	fn sr25519_verify(
+		sig: &sr25519::Signature,
+		msg: &[u8],
+		pub_key: &sr25519::Public,
+	) -> bool {
+		// TODO: see #5554, this is used outside of externalities context/runtime, thus this manual
+		// `with_externalities`.
+		//
+		// This `with_externalities(..)` block returns Some(Some(result)) if signature verification was successfully
+		// batched, everything else (Some(None)/None) means it was not batched and needs to be verified.
+		let evaluated = sp_externalities::with_externalities(|mut instance|
+			instance.extension::<VerificationExt>().map(
+				|extension| extension.push_sr25519(
+					sig.clone(),
+					pub_key.clone(),
+					msg.to_vec(),
+				)
+			)
+		);
+
+		match evaluated {
+			Some(Some(val)) => val,
+			_ => sr25519::Pair::verify(sig, msg, pub_key),
+		}
+	}
+
+	/// Start verification extension.
+	fn start_batch_verify(&mut self) {
+		let scheduler = self.extension::<TaskExecutorExt>()
+			.expect("No task executor associated with the current context!")
+			.0
+			.clone();
+
+		self.register_extension(VerificationExt(BatchVerifier::new(scheduler)))
+			.expect("Failed to register required extension: `VerificationExt`");
+	}
+
+	/// Finish batch-verification of signatures.
+	///
+	/// Verify or wait for verification to finish for all signatures which were previously
+	/// deferred by `sr25519_verify`/`ed25519_verify`.
+	///
+	/// Will panic if no `VerificationExt` is registered (`start_batch_verify` was not called).
+	fn finish_batch_verify(&mut self) -> bool {
+		let result = self.extension::<VerificationExt>()
+			.expect("`finish_batch_verify` should only be called after `start_batch_verify`")
+			.verify_and_clear();
+
+		self.deregister_extension::<VerificationExt>()
+			.expect("No verification extension in current context!");
+
+		result
 	}

 	/// Returns all `sr25519` public keys for the given key id from the keystore.
@@ -477,14 +565,6 @@ pub trait Crypto {
 		sr25519::Pair::verify_deprecated(sig, msg, pubkey)
 	}

-	/// Verify an `sr25519` signature.
-	///
-	/// Returns `true` when the verification in successful.
-	#[version(2)]
-	fn sr25519_verify(sig: &sr25519::Signature, msg: &[u8], pubkey: &sr25519::Public) -> bool {
-		sr25519::Pair::verify(sig, msg, pubkey)
-	}
-
 	/// Verify and recover a SECP256k1 ECDSA signature.
 	///
 	/// - `sig` is passed in RSV format. V should be either `0/1` or `27/28`.
@@ -566,6 +646,12 @@ pub trait Hashing {
 	}
 }

+#[cfg(feature = "std")]
+sp_externalities::decl_extension! {
+	/// The keystore extension to register/retrieve from the externalities.
+	pub struct VerificationExt(BatchVerifier);
+}
+
 /// Interface that provides functions to access the offchain functionality.
 #[runtime_interface]
 pub trait Offchain {
@@ -949,6 +1035,7 @@ mod tests {
 	use sp_core::map;
 	use sp_state_machine::BasicExternalities;
 	use sp_core::storage::Storage;
+	use std::any::TypeId;

 	#[test]
 	fn storage_works() {
@@ -1010,4 +1097,132 @@ mod tests {
 			assert!(storage::get(b":abc").is_none());
 		});
 	}
+
+	#[test]
+	fn dynamic_extensions_work() {
+		let mut ext = BasicExternalities::with_tasks_executor();
+		ext.execute_with(|| {
+			crypto::start_batch_verify();
+		});
+
+		assert!(ext.extensions().get_mut(TypeId::of::<VerificationExt>()).is_some());
+
+		ext.execute_with(|| {
+			crypto::finish_batch_verify();
+		});
+
+		assert!(ext.extensions().get_mut(TypeId::of::<VerificationExt>()).is_none());
+	}
+
+	#[test]
+	fn long_sr25519_batching() {
+		let mut ext = BasicExternalities::with_tasks_executor();
+		ext.execute_with(|| {
+			let pair = sr25519::Pair::generate_with_phrase(None).0;
+			crypto::start_batch_verify();
+			for it in 0..70 {
+				let msg = format!("Schnorrkel {}!", it);
+				let signature = pair.sign(msg.as_bytes());
+				crypto::sr25519_verify(&signature, msg.as_bytes(), &pair.public());
+			}
+
+			// push invlaid
+			crypto::sr25519_verify(
+				&Default::default(),
+				&Vec::new(),
+				&Default::default(),
+			);
+			assert!(!crypto::finish_batch_verify());
+
+			crypto::start_batch_verify();
+			for it in 0..70 {
+				let msg = format!("Schnorrkel {}!", it);
+				let signature = pair.sign(msg.as_bytes());
+				crypto::sr25519_verify(&signature, msg.as_bytes(), &pair.public());
+			}
+			assert!(crypto::finish_batch_verify());
+		});
+	}
+
+	#[test]
+	fn batching_works() {
+		let mut ext = BasicExternalities::with_tasks_executor();
+		ext.execute_with(|| {
+			// invalid ed25519 signature
+			crypto::start_batch_verify();
+			crypto::ed25519_verify(
+				&Default::default(),
+				&Vec::new(),
+				&Default::default(),
+			);
+			assert!(!crypto::finish_batch_verify());
+
+			// 2 valid ed25519 signatures
+			crypto::start_batch_verify();
+
+			let pair = ed25519::Pair::generate_with_phrase(None).0;
+			let msg = b"Important message";
+			let signature = pair.sign(msg);
+			crypto::ed25519_verify(&signature, msg, &pair.public());
+
+			let pair = ed25519::Pair::generate_with_phrase(None).0;
+			let msg = b"Even more important message";
+			let signature = pair.sign(msg);
+			crypto::ed25519_verify(&signature, msg, &pair.public());
+
+			assert!(crypto::finish_batch_verify());
+
+			// 1 valid, 1 invalid ed25519 signature
+			crypto::start_batch_verify();
+
+			let pair = ed25519::Pair::generate_with_phrase(None).0;
+			let msg = b"Important message";
+			let signature = pair.sign(msg);
+			crypto::ed25519_verify(&signature, msg, &pair.public());
+
+			crypto::ed25519_verify(
+				&Default::default(),
+				&Vec::new(),
+				&Default::default(),
+			);
+
+			assert!(!crypto::finish_batch_verify());
+
+			// 1 valid ed25519, 2 valid sr25519
+			crypto::start_batch_verify();
+
+			let pair = ed25519::Pair::generate_with_phrase(None).0;
+			let msg = b"Ed25519 batching";
+			let signature = pair.sign(msg);
+			crypto::ed25519_verify(&signature, msg, &pair.public());
+
+			let pair = sr25519::Pair::generate_with_phrase(None).0;
+			let msg = b"Schnorrkel rules";
+			let signature = pair.sign(msg);
+			crypto::sr25519_verify(&signature, msg, &pair.public());
+
+			let pair = sr25519::Pair::generate_with_phrase(None).0;
+			let msg = b"Schnorrkel batches!";
+			let signature = pair.sign(msg);
+			crypto::sr25519_verify(&signature, msg, &pair.public());
+
+			assert!(crypto::finish_batch_verify());
+
+			// 1 valid sr25519, 1 invalid sr25519
+			crypto::start_batch_verify();
+
+			let pair = sr25519::Pair::generate_with_phrase(None).0;
+			let msg = b"Schnorrkcel!";
+			let signature = pair.sign(msg);
+			crypto::sr25519_verify(&signature, msg, &pair.public());
+
+			crypto::sr25519_verify(
+				&Default::default(),
+				&Vec::new(),
+				&Default::default(),
+			);
+
+			assert!(!crypto::finish_batch_verify());
+		});
+	}
 }
@@ -32,6 +32,7 @@ hash256-std-hasher = { version = "0.15.2", default-features = false }
 [dev-dependencies]
 serde_json = "1.0.41"
 rand = "0.7.2"
+sp-state-machine = { version = "0.8.0-alpha.5", path = "../../primitives/state-machine" }

 [features]
 bench = []
@@ -24,7 +24,8 @@ use crate::{
 		self, Member, MaybeDisplay, SignedExtension, Checkable, Extrinsic, ExtrinsicMetadata,
 		IdentifyAccount,
 	},
-	generic::CheckedExtrinsic, transaction_validity::{TransactionValidityError, InvalidTransaction},
+	generic::CheckedExtrinsic,
+	transaction_validity::{TransactionValidityError, InvalidTransaction},
 };

 const TRANSACTION_VERSION: u8 = 4;
@@ -125,9 +126,7 @@ where
 			Some((signed, signature, extra)) => {
 				let signed = lookup.lookup(signed)?;
 				let raw_payload = SignedPayload::new(self.function, extra)?;
-				if !raw_payload.using_encoded(|payload| {
-					signature.verify(payload, &signed)
-				}) {
+				if !raw_payload.using_encoded(|payload| signature.verify(payload, &signed)) {
 					return Err(InvalidTransaction::BadProof.into())
 				}

@@ -42,7 +42,8 @@ pub use sp_core::storage::{Storage, StorageChild};

 use sp_std::prelude::*;
 use sp_std::convert::TryFrom;
-use sp_core::{crypto, ed25519, sr25519, ecdsa, hash::{H256, H512}};
+use sp_core::{crypto::{self, Public}, ed25519, sr25519, ecdsa, hash::{H256, H512}};
+
 use codec::{Encode, Decode};

 pub mod curve;
@@ -299,7 +300,6 @@ impl std::fmt::Display for MultiSigner {
 impl Verify for MultiSignature {
 	type Signer = MultiSigner;
 	fn verify<L: Lazy<[u8]>>(&self, mut msg: L, signer: &AccountId32) -> bool {
-		use sp_core::crypto::Public;
 		match (self, signer) {
 			(MultiSignature::Ed25519(ref sig), who) => sig.verify(msg, &ed25519::Public::from_slice(who.as_ref())),
 			(MultiSignature::Sr25519(ref sig), who) => sig.verify(msg, &sr25519::Public::from_slice(who.as_ref())),
@@ -324,7 +324,6 @@ pub struct AnySignature(H512);
 impl Verify for AnySignature {
 	type Signer = sr25519::Public;
 	fn verify<L: Lazy<[u8]>>(&self, mut msg: L, signer: &sr25519::Public) -> bool {
-		use sp_core::crypto::Public;
 		let msg = msg.get();
 		sr25519::Signature::try_from(self.0.as_fixed_bytes().as_ref())
 			.map(|s| s.verify(msg, signer))
@@ -735,6 +734,39 @@ pub fn print(print: impl traits::Printable) {
 	print.print();
 }

+
+/// Batching session.
+///
+/// To be used in runtime only. Outside of runtime, just construct
+/// `BatchVerifier` directly.
+#[must_use = "`verify()` needs to be called to finish batch signature verification!"]
+pub struct SignatureBatching(bool);
+
+impl SignatureBatching {
+	/// Start new batching session.
+	pub fn start() -> Self {
+		sp_io::crypto::start_batch_verify();
+		SignatureBatching(false)
+	}
+
+	/// Verify all signatures submitted during the batching session.
+	#[must_use]
+	pub fn verify(mut self) -> bool {
+		self.0 = true;
+		sp_io::crypto::finish_batch_verify()
+	}
+}
+
+impl Drop for SignatureBatching {
+	fn drop(&mut self) {
+		// Sanity check. If user forgets to actually call `verify()`.
+		if !self.0 {
+			panic!("Signature verification has not been called before `SignatureBatching::drop`")
+		}
+	}
+}
+
+
 #[cfg(test)]
 mod tests {
 	use super::*;
@@ -782,4 +814,19 @@ mod tests {
 		let multi_signer = MultiSigner::from(pair.public());
 		assert!(multi_sig.verify(msg, &multi_signer.into_account()));
 	}
+
+
+	#[test]
+	#[should_panic(expected = "Signature verification has not been called")]
+	fn batching_still_finishes_when_not_called_directly() {
+		let mut ext = sp_state_machine::BasicExternalities::with_tasks_executor();
+		ext.execute_with(|| {
+			let _batching = SignatureBatching::start();
+			sp_io::crypto::sr25519_verify(
+				&Default::default(),
+				&Vec::new(),
+				&Default::default(),
+			);
+		});
+	}
 }
@@ -81,12 +81,15 @@ impl IdentifyAccount for sp_core::ecdsa::Public {
 pub trait Verify {
 	/// Type of the signer.
 	type Signer: IdentifyAccount;
-	/// Verify a signature. Return `true` if signature is valid for the value.
+	/// Verify a signature.
+	///
+	/// Return `true` if signature is valid for the value.
 	fn verify<L: Lazy<[u8]>>(&self, msg: L, signer: &<Self::Signer as IdentifyAccount>::AccountId) -> bool;
 }

 impl Verify for sp_core::ed25519::Signature {
 	type Signer = sp_core::ed25519::Public;
+
 	fn verify<L: Lazy<[u8]>>(&self, mut msg: L, signer: &sp_core::ed25519::Public) -> bool {
 		sp_io::crypto::ed25519_verify(self, msg.get(), signer)
 	}
@@ -94,6 +97,7 @@ impl Verify for sp_core::ed25519::Signature {

 impl Verify for sp_core::sr25519::Signature {
 	type Signer = sp_core::sr25519::Public;
+
 	fn verify<L: Lazy<[u8]>>(&self, mut msg: L, signer: &sp_core::sr25519::Public) -> bool {
 		sp_io::crypto::sr25519_verify(self, msg.get(), signer)
 	}
@@ -32,17 +32,35 @@ use sp_core::{
 };
 use log::warn;
 use codec::Encode;
+use sp_externalities::Extensions;

 /// Simple Map-based Externalities impl.
 #[derive(Debug)]
 pub struct BasicExternalities {
 	inner: Storage,
+	extensions: Extensions,
 }

 impl BasicExternalities {
 	/// Create a new instance of `BasicExternalities`
 	pub fn new(inner: Storage) -> Self {
-		BasicExternalities { inner }
+		BasicExternalities { inner, extensions: Default::default() }
+	}
+
+	/// New basic externalities with empty storage.
+	pub fn new_empty() -> Self {
+		Self::new(Storage::default())
+	}
+
+	/// New basic extternalities with tasks executor.
+	pub fn with_tasks_executor() -> Self {
+		let mut extensions = Extensions::default();
+		extensions.register(sp_core::traits::TaskExecutorExt(sp_core::tasks::executor()));
+
+		Self {
+			inner: Storage::default(),
+			extensions,
+		}
 	}

 	/// Insert key/value
@@ -62,10 +80,13 @@ impl BasicExternalities {
 		storage: &mut sp_core::storage::Storage,
 		f: impl FnOnce() -> R,
 	) -> R {
-		let mut ext = Self { inner: Storage {
-			top: std::mem::replace(&mut storage.top, Default::default()),
-			children: std::mem::replace(&mut storage.children, Default::default()),
-		}};
+		let mut ext = Self {
+			inner: Storage {
+				top: std::mem::replace(&mut storage.top, Default::default()),
+				children: std::mem::replace(&mut storage.children, Default::default()),
+			},
+			extensions: Default::default(),
+		};

 		let r = ext.execute_with(f);

@@ -80,6 +101,11 @@ impl BasicExternalities {
 	pub fn execute_with<R>(&mut self, f: impl FnOnce() -> R) -> R {
 		sp_externalities::set_and_run_with_externalities(self, f)
 	}
+
+	/// List of active extensions.
+	pub fn extensions(&mut self) -> &mut Extensions {
+		&mut self.extensions
+	}
 }

 impl PartialEq for BasicExternalities {
@@ -103,10 +129,13 @@ impl Default for BasicExternalities {

 impl From<BTreeMap<StorageKey, StorageValue>> for BasicExternalities {
 	fn from(hashmap: BTreeMap<StorageKey, StorageValue>) -> Self {
-		BasicExternalities { inner: Storage {
-			top: hashmap,
-			children: Default::default(),
-		}}
+		BasicExternalities {
+			inner: Storage {
+				top: hashmap,
+				children: Default::default(),
+			},
+			extensions: Default::default(),
+		}
 	}
 }

@@ -279,9 +308,23 @@ impl Externalities for BasicExternalities {
 }

 impl sp_externalities::ExtensionStore for BasicExternalities {
-	fn extension_by_type_id(&mut self, _: TypeId) -> Option<&mut dyn Any> {
-		warn!("Extensions are not supported by `BasicExternalities`.");
-		None
+	fn extension_by_type_id(&mut self, type_id: TypeId) -> Option<&mut dyn Any> {
+		self.extensions.get_mut(type_id)
+	}
+
+	fn register_extension_with_type_id(
+		&mut self,
+		type_id: TypeId,
+		extension: Box<dyn sp_externalities::Extension>,
+	) -> Result<(), sp_externalities::Error> {
+		self.extensions.register_with_type_id(type_id, extension)
+	}
+
+	fn deregister_extension_by_type_id(&mut self, type_id: TypeId) -> Result<(), sp_externalities::Error> {
+		self.extensions
+			.deregister(type_id)
+			.ok_or(sp_externalities::Error::ExtensionIsNotRegistered(type_id))
+			.map(drop)
 	}
 }

@@ -347,7 +390,7 @@ mod tests {
 	#[test]
 	fn basic_externalities_is_empty() {
 		// Make sure no values are set by default in `BasicExternalities`.
-		let storage = BasicExternalities::new(Default::default()).into_storages();
+		let storage = BasicExternalities::new_empty().into_storages();
 		assert!(storage.top.is_empty());
 		assert!(storage.children.is_empty());
 	}
@@ -28,7 +28,7 @@ use sp_core::{
 	traits::Externalities, hexdisplay::HexDisplay,
 };
 use sp_trie::{trie_types::Layout, default_child_trie_root};
-use sp_externalities::Extensions;
+use sp_externalities::{Extensions, Extension};
 use codec::{Decode, Encode};

 use std::{error, fmt, any::{Any, TypeId}};
@@ -548,6 +548,29 @@ where
 	fn extension_by_type_id(&mut self, type_id: TypeId) -> Option<&mut dyn Any> {
 		self.extensions.as_mut().and_then(|exts| exts.get_mut(type_id))
 	}
+
+	fn register_extension_with_type_id(
+		&mut self,
+		type_id: TypeId,
+		extension: Box<dyn Extension>,
+	) -> Result<(), sp_externalities::Error> {
+		if let Some(ref mut extensions) = self.extensions {
+			extensions.register_with_type_id(type_id, extension)
+		} else {
+			Err(sp_externalities::Error::ExtensionsAreNotSupported)
+		}
+	}
+
+	fn deregister_extension_by_type_id(&mut self, type_id: TypeId) -> Result<(), sp_externalities::Error> {
+		if let Some(ref mut extensions) = self.extensions {
+			match extensions.deregister(type_id) {
+				Some(_) => Ok(()),
+				None => Err(sp_externalities::Error::ExtensionIsNotRegistered(type_id))
+			}
+		} else {
+			Err(sp_externalities::Error::ExtensionsAreNotSupported)
+		}
+	}
 }

 #[cfg(test)]
@@ -80,6 +80,11 @@ impl<H: Hasher, N: ChangesTrieBlockNumber> TestExternalities<H, N>
 		Self::new_with_code(&[], storage)
 	}

+	/// New empty test externalities.
+	pub fn new_empty() -> Self {
+		Self::new_with_code(&[], Storage::default())
+	}
+
 	/// Create a new instance of `TestExternalities` with code and storage.
 	pub fn new_with_code(code: &[u8], mut storage: Storage) -> Self {
 		let mut overlay = OverlayedChanges::default();
@@ -93,12 +98,15 @@ impl<H: Hasher, N: ChangesTrieBlockNumber> TestExternalities<H, N>
 		storage.top.insert(HEAP_PAGES.to_vec(), 8u64.encode());
 		storage.top.insert(CODE.to_vec(), code.to_vec());

+		let mut extensions = Extensions::default();
+		extensions.register(sp_core::traits::TaskExecutorExt(sp_core::tasks::executor()));
+
 		TestExternalities {
 			overlay,
 			changes_trie_config,
+			extensions,
 			changes_trie_storage: ChangesTrieInMemoryStorage::new(),
 			backend: storage.into(),
-			extensions: Default::default(),
 			storage_transaction_cache: Default::default(),
 		}
 	}
@@ -191,6 +199,21 @@ impl<H, N> sp_externalities::ExtensionStore for TestExternalities<H, N> where
 	fn extension_by_type_id(&mut self, type_id: TypeId) -> Option<&mut dyn Any> {
 		self.extensions.get_mut(type_id)
 	}
+
+	fn register_extension_with_type_id(
+		&mut self,
+		type_id: TypeId,
+		extension: Box<dyn Extension>,
+	) -> Result<(), sp_externalities::Error> {
+		self.extensions.register_with_type_id(type_id, extension)
+	}
+
+	fn deregister_extension_by_type_id(&mut self, type_id: TypeId) -> Result<(), sp_externalities::Error> {
+		self.extensions
+			.deregister(type_id)
+			.expect("There should be an extension we try to remove in TestExternalities");
+		Ok(())
+	}
 }

 #[cfg(test)]