blsu

package module

v0.1.0 Latest Latest Go to latest Published: Feb 19, 2024 License: MIT Imports: 5 Imported by: 72

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/protolambda/bls12-381-util

Links

Open Source Insights

README ¶

BLS 12-381 util

BLS 12-381 util (BLSU, "bless you") is a collection of utils to work with BLS 12-381 in Go.

Warning: these wrapper utils have not been audited.

This package wraps github.com/kilic/bls12-381, a pure Go implementation of BLS, no CGO involved, no special dependencies. Instead, this BLS implementation uses Go-assembly to optimize the lower level computations. audit info.

This package implements the BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_ ciphersuite.

TODO: not safe for 32 bit usage: kilic BLS Fr.FromBytes->Fr.fromBytes->Fr.fromBig assumes word size is 64 bits.

Utils

Eth2 Typing
- Pubkeys: PointG1 wrapper
- Signatures: PointG2 wrapper
- Secret keys: Fr wrapper
- Signatures sets: see below
Draft 4 for signatures
- Hash to curve, from kilic/bls12-381: BLS12381G2_XMD:SHA-256_SSWU_RO_
- Schemes:
  - Core operations:
    - KeyGen (TODO)
    - SkToPk
    - ~~KeyValidate~~, implemented as part of Pubkey deserialization, except identity-pubkey check (checked in verify functions instead).
    - CoreSign
    - CoreVerify
    - Aggregate
    - CoreAggregateVerify
  - ~~Basic scheme~~, not supported
  - ~~Message Augmentation scheme~~, not supported
  - POP, Proof of Possession scheme (used in Eth2):
    - ~~PopProve~~, not supported, assumed through application-specific implementation
    - ~~PopVerify~~, not supported, assumed through application-specific implementation
    - FastAggregateVerify
Eth2 additions
- eth2_aggregate_pubkeys: AggregatePubkeys
- eth2_fast_aggregate_verify: Eth2FastAggregateVerify
Signature sets: verify non-singular set of signatures and its respective pubkeys and messages

Testing

Unit tests
- SecretKey deserialization/serialization
- Pubkey deserialization/serialization (with KeyValidate routine, except identity-pubkey check)
- Signature deserialization/serialization
- SkToPk (TODO: expand)
- SignatureSetVerify
Eth2 BLS tests
- Sign
- Aggregate
- Verify
- AggregateVerify
- FastAggregateVerify
- AggregatePubkeys
- Eth2FastAggregateVerify
Eth2 spec tests
- Integrate into ZRNT, run full eth2 test-suite
standard tests (if any)
- TODO, need standard signature-scheme test vectors (Work in progress)
- Run Hash-to-curve test-vectors on kilic/bls12-381 internals

License

MIT, see LICENSE file.

Documentation ¶

Index ¶

func AggregateVerify(pubkeys []*Pubkey, messages [][]byte, signature *Signature) bool
func Eth2FastAggregateVerify(pubkeys []*Pubkey, message []byte, signature *Signature) bool
func FastAggregateVerify(pubkeys []*Pubkey, message []byte, signature *Signature) bool
func SignatureSetVerify(pubkeys []*Pubkey, messages [][]byte, signatures []*Signature) (bool, error)
func Verify(pk *Pubkey, message []byte, signature *Signature) bool
type DeferBLS
- func NewAggregateCheck() DeferBLS
type ImmediateCheck
type Pubkey
- func AggregatePubkeys(pubkeys []*Pubkey) (*Pubkey, error)
- func SkToPk(sk *SecretKey) (*Pubkey, error)
- func (pub *Pubkey) Deserialize(in *[48]byte) error
- func (pub *Pubkey) Serialize() (out [48]byte)
type SecretKey
- func (sk *SecretKey) Deserialize(in *[32]byte) error
- func (sk *SecretKey) Serialize() (out [32]byte)
type Signature
- func Aggregate(signatures []*Signature) (*Signature, error)
- func Sign(sk *SecretKey, message []byte) *Signature
- func (sig *Signature) Deserialize(in *[96]byte) error
- func (sig *Signature) Serialize() (out [96]byte)
type SignatureSet
- func (s *SignatureSet) Add(pubkey *Pubkey, message []byte, signature *Signature)
- func (s *SignatureSet) Verify() bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AggregateVerify ¶

func AggregateVerify(pubkeys []*Pubkey, messages [][]byte, signature *Signature) bool

The AggregateVerify algorithm checks an aggregated signature over several (PK, message) pairs.

func Eth2FastAggregateVerify ¶

func Eth2FastAggregateVerify(pubkeys []*Pubkey, message []byte, signature *Signature) bool

Wrapper to FastAggregateVerify accepting the G2_POINT_AT_INFINITY signature when pubkeys is empty.

func FastAggregateVerify ¶

func FastAggregateVerify(pubkeys []*Pubkey, message []byte, signature *Signature) bool

FastAggregateVerify is a verification algorithm for the aggregate of multiple signatures on the same message. This function is faster than AggregateVerify.

This function applies only to the Proof Of Possession signature scheme.

func SignatureSetVerify ¶

func SignatureSetVerify(pubkeys []*Pubkey, messages [][]byte, signatures []*Signature) (bool, error)

SignatureSetVerify verifies (pubkey,message,signature) tuples as a single batch, and is faster than len(inputs) times Verify if the batch is not too small.

The caller should aggregate pubkeys and signatures if they signed the same message, this verification is safe to run on duplicate inputs, but not optimized for it.

A completely empty input is also considered to be VALID.

This function parallelizes the scalar-multiplication and signature-aggregation work.

An error is returned if the verification failed due to an operational error, e.g. input length mismatch or failing to read entropy bytes with the crypto/rand package.

Original: https://ethresear.ch/t/fast-verification-of-multiple-bls-signatures/5407

func Verify ¶

func Verify(pk *Pubkey, message []byte, signature *Signature) bool

The Verify algorithm checks an aggregated signature over several (PK, message) pairs.

Types ¶

type DeferBLS ¶

type DeferBLS interface {
	// AggregateVerify checks an aggregated signature over several (PK, message) pairs,
	// and may be deferred until Check().
	AggregateVerify(pubkeys []*Pubkey, messages [][]byte, signature *Signature) error
	// Verify checks an aggregated signature over several (PK, message) pairs,
	// and may be deferred until Check().
	Verify(pk *Pubkey, message []byte, signature *Signature) error
	// FastAggregateVerify verifies the aggregate of multiple signatures on the same message,
	// and may be deferred until Check().
	FastAggregateVerify(pubkeys []*Pubkey, message []byte, signature *Signature) error
	// Eth2FastAggregateVerify wraps FastAggregateVerify and accepts
	// the G2_POINT_AT_INFINITY signature when pubkeys is empty,
	// and may be deferred until Check().
	Eth2FastAggregateVerify(pubkeys []*Pubkey, message []byte, signature *Signature) error
	// Check checks if the aggregate deferred BLS signatures are valid
	Check() error
}

func NewAggregateCheck ¶

func NewAggregateCheck() DeferBLS

NewAggregateCheck returns a signature-set that implements DeferBLS

type ImmediateCheck ¶

type ImmediateCheck struct{}

ImmediateCheck implements DeferBLS without deferring anything, i.e. signature checks will be performed immediately.

func (ImmediateCheck) AggregateVerify ¶

func (i ImmediateCheck) AggregateVerify(pubkeys []*Pubkey, messages [][]byte, signature *Signature) error

func (ImmediateCheck) Check ¶

func (i ImmediateCheck) Check() error

func (ImmediateCheck) Eth2FastAggregateVerify ¶

func (i ImmediateCheck) Eth2FastAggregateVerify(pubkeys []*Pubkey, message []byte, signature *Signature) error

func (ImmediateCheck) FastAggregateVerify ¶

func (i ImmediateCheck) FastAggregateVerify(pubkeys []*Pubkey, message []byte, signature *Signature) error

func (ImmediateCheck) Verify ¶

func (i ImmediateCheck) Verify(pk *Pubkey, message []byte, signature *Signature) error

type Pubkey ¶

type Pubkey kbls.PointG1

func AggregatePubkeys ¶

func AggregatePubkeys(pubkeys []*Pubkey) (*Pubkey, error)

AggregatePubkeys is specified as `eth2_aggregate_pubkeys` in Eth2, and is the G1 variant of Aggregate in G2.

func SkToPk ¶

func SkToPk(sk *SecretKey) (*Pubkey, error)

The SkToPk algorithm takes a secret key SK and outputs the corresponding public key PK.

func (*Pubkey) Deserialize ¶

func (pub *Pubkey) Deserialize(in *[48]byte) error

Deserialize compressed point. Performs deserialization, a subgroup check, but not a full KeyValidate: the identity pubkey is allowed. Functions that are specified to perform a KeyValidate on a Pubkey can ignore it, after deserializing a valid *Pubkey, EXCEPT the identity pubkey check.

func (*Pubkey) Serialize ¶

func (pub *Pubkey) Serialize() (out [48]byte)

Serialize to compressed point

type SecretKey ¶

type SecretKey kbls.Fr

func (*SecretKey) Deserialize ¶

func (sk *SecretKey) Deserialize(in *[32]byte) error

Deserialize big-endian serialized integer. A modulo r is applied to out-of-range keys.

func (*SecretKey) Serialize ¶

func (sk *SecretKey) Serialize() (out [32]byte)

Serialize to big-endian serialized integer

type Signature ¶

type Signature kbls.PointG2

func Aggregate ¶

func Aggregate(signatures []*Signature) (*Signature, error)

The Aggregate algorithm aggregates multiple signatures into one.

func Sign ¶

func Sign(sk *SecretKey, message []byte) *Signature

The Sign algorithm computes a signature from SK, a secret key, and message, an octet string.

func (*Signature) Deserialize ¶

func (sig *Signature) Deserialize(in *[96]byte) error

Deserialize compressed point

func (*Signature) Serialize ¶

func (sig *Signature) Serialize() (out [96]byte)

Serialize to compressed point

type SignatureSet ¶

type SignatureSet struct {
	// contains filtered or unexported fields
}

func (*SignatureSet) Add ¶

func (s *SignatureSet) Add(pubkey *Pubkey, message []byte, signature *Signature)

func (*SignatureSet) Verify ¶

func (s *SignatureSet) Verify() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL