phoreproject / bls Goto Github PK
View Code? Open in Web Editor NEWGo implementation of the BLS12-381 pairing
License: Apache License 2.0
bls's People
Contributors
Stargazers
Watchers
Forkers
jaanek samli88 mortdeus nmarley tri-stone prestonvanloon nisdas dadacf boohyunsik reogac protolambda bonedaddy herumi gauthamastro coderbradlee jgr-great qingche123 nanyan youchainhq kdimak kwanccc temuera jsign minxinping0105 hongery meyer9 malefooo yusufozturk wenfeige716bls's Issues
Does it support 32bit platform?
Hi there. This project seems to be not supporting 32bit platforms, and I found that some uint64 numbers are converted to unit before doing some calculates in stub_fallback.go, such as in the func AddWithCarry.
Is there any special considerations here?
Thanks.
Upgrade to latest BLS standard?
Are there any plans to upgrade this codebase to meet the latest changes to the standard, as per https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-05 ?
Phore does not use the correct hash-to-curve function with latest spec
Phore does not use the correct hash-to-curve function. The spec changed over time and Phore only supports the previous spec. This could be fixed by porting SSWU and SVD hash implementations to Phore
for latest hash2curve spec, expected sig result as below:
sec:4aac41b5cb665b93e031faa751944b1f14d77cb17322403cba8df1d6e4541a4d
pub:841c5235ec7f4eed02b3f3bb60622d3ed0aba74016f4850c6d7c962656a4b78d72a15caeef62dfe656d03990590c0026
sig:af7ab839885d3189502b1092895c4676357ef7a32863bd4253eb4c7ab12fc3aa5a9d9a82e1e641c1c85965c468e1d33018e8a0bbe1d4aef5e751b3c94876c4de312d7ccca34c9fe6b80d8dd00c6a499759cea7febfc661f80831f9547c158c84
Benchmarks
Hi there. We're looking to use this library for Ethereum 2.0. Do you have rough performance benchmarks, e.g. for pairings?
DecompressGn should handle invalid data without panic
Hi there. It's a great job to implementing BLS in pure go. I've made some test on it, and encountered a panic when calling DecompressG1 with an invalid data, which is 83051c87397e54313c98ad614e3f2085e43cd2c8cb5262c8d6cc27c871b91efabbbfd13033938e8bb95fdb3da5973dfd in the form of hex string.
I debug into it, and found the cause(corresponding to commit fb0e03c):
// DecompressG1 decompresses the big int into an affine point and checks
// if it is in the correct prime group.
func DecompressG1(b [48]byte) (*G1Affine, error) {
affine, err := DecompressG1Unchecked(b)
if err != nil {
return nil, err
}
if !affine.IsInCorrectSubgroupAssumingOnCurve() { //g1.go line191: panic here
return nil, errors.New("not in correct subgroup")
}
return affine, nil
}
// DecompressG1Unchecked decompresses the big int into an affine point without
// checking if it's in the correct prime group.
func DecompressG1Unchecked(b [48]byte) (*G1Affine, error) {
var copyBytes [48]byte
copy(copyBytes[:], b[:])
if len(copyBytes) == 0 || copyBytes[0]&(1<<7) == 0 {
return nil, errors.New("unexpected compression mode")
}
if copyBytes[0]&(1<<6) != 0 {
// this is the point at infinity
copyBytes[0] &= 0x3f
for _, b := range copyBytes {
if b != 0 {
return nil, errors.New("unexpected information in compressed infinity")
}
}
return G1AffineZero.Copy(), nil
}
greatest := copyBytes[0]&(1<<5) != 0
copyBytes[0] &= 0x1f
x := FQReprFromBytes(copyBytes)
xFQ := FQReprToFQ(x)
return GetG1PointFromX(xFQ, greatest), nil //g1.go line226: here will return nil,nil then cause panic
}
func GetG1PointFromX(x FQ, greatest bool) *G1Affine {
x3b := x.Copy()
x3b.SquareAssign()
x3b.MulAssign(x)
x3b.AddAssign(BCoeff)
y, success := x3b.Sqrt()
if !success {
return nil //g1.go line120: here‘s the root cause!
}
negY := y.Copy()
negY.NegAssign()
yVal := negY
if (y.Cmp(negY) < 0) != greatest {
yVal = y
}
return NewG1Affine(x, yVal)
}Missing domain parameter
We're blocked on updating the recent changes (prysmaticlabs/prysm#2724) due to an incompatible API change.
Many of the BLS methods required by ethereum specify using a particular domain for certain data. https://github.com/ethereum/eth2.0-specs/blob/dev/specs/bls_signature.md#hash_to_g2
The API previously supported this until changes in e8b4690 removed the domain parameter.
Wrong result with exponentiation/inverse?
I have written some tests to better understand the library. I came across a problem. In my opinion according to the laws of exponentiation ( (a^b)^c = a^(b*c) ), all tests should return true since a^(b * inv(b)) = a. But the second and fourth don't.
Is there a fault in my reasoning or is this a bug?
key, err := bls.RandFQ12(rand.Reader)
if err != nil {
fmt.Println(err)
return
}
k, err := bls.RandFQ(rand.Reader)
if err != nil {
fmt.Println(err)
return
}
kInv, b := k.Inverse()
if !b {
fmt.Println("no inverse")
return
}
r := k.Copy()
r.MulAssign(kInv)
tmp := key.Exp(k.ToRepr()).Exp(kInv.ToRepr())
fmt.Println("Test 1: ", r.Equals(bls.FQOne))
fmt.Println("Test 2: ", key.Equals(tmp))
g := bls.G1AffineOne.Mul(k.ToRepr())
h := bls.G2AffineOne.Mul(kInv.ToRepr())
p := bls.Pairing(g, h)
palt := bls.Pairing(bls.G1AffineOne.ToProjective(), bls.G2AffineOne.ToProjective())
fmt.Println("Test 3: ", r.Equals(bls.FQOne))
fmt.Println("Test 4: ", p.Equals(palt))
fmt.Println("Test 5: ", p.Equals(palt.Exp(k.ToRepr()).Exp(kInv.ToRepr())))
Cannot compile for ARM
Trying to cross compile for an ARM device and getting this error.
I haven't looked into it yet, logging an issue first.
env GOOS=linux GOARCH=arm go build
# github.com/phoreproject/bls
./fq.go:78:52: cannot use 0 (type int) as type *uint64 in argument to MACWithCarry
./primitivefuncs.go:5:6: missing function body
./primitivefuncs.go:9:6: missing function body
./primitivefuncs.go:13:6: missing function body
./uint384.go:5:6: MACWithCarry redeclared in this block
previous declaration at ./primitivefuncs.go:5:72
./uint384.go:5:6: missing function body
./uint384.go:9:6: SubWithBorrow redeclared in this block
previous declaration at ./primitivefuncs.go:9:64
./uint384.go:9:6: missing function body
./uint384.go:13:6: AddWithCarry redeclared in this block
previous declaration at ./primitivefuncs.go:13:62
./uint384.go:13:6: missing function body
./fq.go:78:52: too many errors
Add Apache 2 License
Hi Julian,
I recommend adding an Apache 2 open source license to the project as that would allow it to be used by most Ethereum 2.0 Serenity projects.
See here: https://www.apache.org/licenses/LICENSE-2.0
Best,
Raul
Is there a easy understand example code how to implement ECDH on bls g1 ?
I am an application programmer, not very familiar with encryption algorithms. I want to negotiate the key based on ECDH, but I don't know how to implement it based on BLS.
Is there a easy understand example code how to implement ECDH on bls g1 ?
just like this https://github.com/andreacorbellini/ecc/blob/master/scripts/ecdhe.py
# Alice generates her own keypair.
alice_private_key, alice_public_key = make_keypair()
print("Alice's private key:", hex(alice_private_key))
print("Alice's public key: (0x{:x}, 0x{:x})".format(*alice_public_key))
# Bob generates his own key pair.
bob_private_key, bob_public_key = make_keypair()
print("Bob's private key:", hex(bob_private_key))
print("Bob's public key: (0x{:x}, 0x{:x})".format(*bob_public_key))
# Alice and Bob exchange their public keys and calculate the shared secret.
s1 = scalar_mult(alice_private_key, bob_public_key)
s2 = scalar_mult(bob_private_key, alice_public_key)
assert s1 == s2
print('Shared secret: (0x{:x}, 0x{:x})'.format(*s1))
Is this an implementation of Boneh, Drijvers, Neven or otherwise secure against a rogue public-key attack?
I know there is a BLS multisig scheme where a common message can be signed and it is secure against a rogue public-key attack see https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html
Is this an implementation of that or do additional precautions need to be taken when signing a common message?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.