search

herumi / bls

288 stars 132 forks source link

Curve Order and G2 starter points do not match EIP-197 for BN-256 #109

Open wanderingelephants opened 4 weeks ago

wanderingelephants commented 4 weeks ago

Hi

We are building an Ethereum based DKG/Threshold signature application, and trying to make it work with herumi/bls library for node.js (bls-wasm). While everything works fine, we are unable to verify the signature in the smart contract. After troubleshooting for some time, we discovered that the prime order for herumi/bls is different from the ethereum EIP-197 precompile. 
Herumi r/p = 16798108731015832284940804142231733909759579603404752749028378864165570215949

16798108731015832284940804142231733909889187121439069848933715426072753864723

Eth precompile EIP-197 r/p 21888242871839275222246405745257275088548364400416034343698204186575808495617 21888242871839275222246405745257275088548364400416034343698204186575808495617

The G2 starter points are also different (public key for BN-256)

Question: Can we set some mode (eth mode ?) so that the prime order matches what Ethereum pre-compile expects ? We did try bls-eth-wasm, but that assumes curve to be BLS12-281. We would like to use BN256 only, but with curve order and G2 starter points to match the precompile (https://eips.ethereum.org/EIPS/eip-197)

Thank you

herumi commented 4 weeks ago

Please use bls.init(MCL_BN_SNARK1), not bls.init(MCL_BN254) to use the prime in EIP-197. https://github.com/herumi/mcl/blob/master/api.md#curve-parameter

wanderingelephants commented 4 weeks ago

We tried BN_SNARK1, but no impact.

We are using Node.js and this package from npm : "bls-wasm": "1.1.1"

=== unit_test.js=== import bls from 'bls-wasm'

async function init(){ await bls.init(bls.BN_SNARK1) console.log('CurveOrder', bls.getCurveOrder()) console.log('PubKey Generator', bls.getGeneratorofPublicKey().getStr()) } init()

Output: (Same as BN256) CurveOrder 16798108731015832284940804142231733909759579603404752749028378864165570215949 PubKey Generator 1 8050999656951572043166116336689401143782608143268012009628426224787222606120 6841743123033894475720437258192488908696784055988491162529786551423042719130 3507616003101705781629256272146151370108199588114324144337091109834824948168 253696191335466996952298888522998585916253872240011774735052313237846753666

Debugged node_modules/bls-wasm/src/bls.js

line number 186

exports.blsInit = (curveType = exports.ethMode ? exports.BLS12_381 : exports.BN254) => {

(there's no support for BN_SNARK1. In fact, there is zero occurence in the js files for BN_SNARK1)

herumi commented 4 weeks ago

Sorry, I forgot to define BN_SNARK1(=4). I'll define it later.

>cd bls-wasm
>node
>const bls = require('./')
>bls.init(4)
> bls.getCurveOrder()
'21888242871839275222246405745257275088548364400416034343698204186575808495617'

> const P2 = new bls.PublicKey()
> P2.setStr('1 6113083414606956306240873673132027588861879190524899108509080153151285507543 16242682549308809807323456552341586602378002612562224286195274140399295058726 11291977434514029560374093314281851454388764465352618854337126145205310756123 20385218250388115367209399252938782547406668977531233989565714340424265097310')
>bls.setGeneratorOfPublicKey(P2)