search

herumi / bls

298 stars 131 forks source link

128-bit signature #38

Closed ostapmk closed 5 years ago

ostapmk commented 5 years ago

How about support of 128-bit length signature? Or configurable length in general.

herumi commented 5 years ago

Please use bls384_256 and call blsInit(MCL_BLS12_381, MCLBN_COMPILED_TIME_VAR); such as test.

ostapmk commented 5 years ago

Doc isn't clear. I've done exactly what you said and got an error on init. Which constant should i use for MCLBN_FP_UNIT_SIZE macro? Don't get me wrong i simply want define two macros and build custom target bls128 and use it. Or give me more clear example, please.

herumi commented 5 years ago

I've added a sample.

make bin/bls12_381_smpl.exe

If bls128 means 128-bit security level, then you should use bls12_381.

ostapmk commented 5 years ago

Thanks, it works. But maybe i don't understand something. When I run and print signature I`m getting something like

1 0x19d5d7b40e121a971661deb70b20c3857e5b499f2d475c678ae781d31ac771ece8dbefbe3c000a675ca5d18c63f21d31 0xd93f6cc6059af7937d862fd295b4976443c6c4d26f3781bc7369ef9735f45d104028ee6440331cad27e3180fd50b546

Can you explain what do these 3 values separated by spaces mean?

Briefly: in my application i want to force user to sign my data by his private key and then force him prompt the signature back to server. Signature should be short, but secure enough. 128 bit == 16 bytes is good choice for me, because these 16 bytes will be converted into base32 and user will input around 25 characters. Result of example is longer than 128 bits. I don't want him to type a lot of characters, it's inconvenient. And one more question: what part of output should be considered as signature?

herumi commented 5 years ago

Please see string format for the meaning of '1 '. blsSignatureSerialize outputs a compressed 384-bit format.

If you want shorter signature, then use MCL_BN254 instead of MCL_BLS12_381 for blsInit(). The signature size is 256 bit, and the security level is about 100 bit. 128-bit signature size of BLS signature is not secure, so we can't use it.

ostapmk commented 5 years ago

Thanks for all your help! Your library is awesome. And last question: what about BN-160 curve? 20 bytes length signature of it is secure? Pros and cons of it usage?

herumi commented 5 years ago

I think that the security level of BN-160 is less than 70-bit, so it is not secure anymore.

ostapmk commented 5 years ago

Thanks a lot!