New methodology for VerifyAggregateHashes

[Coresummer]

mistake

[Coresummer]

Dear herumi Hello this is Song form YNU.

Here I'd like to suggest a new verify method of VerifyAggregateHashes() for this herumi/bls repository. The main idea and implementation is based on accumulation of Miller's result when each message arrived to verifier.(see the diagram below)

Compare with original VerifyAggregateHashes function, the new three functions pre_VerifyAggregateHashes, loop_VerifyAggregateHashes and final_VerifyAggregateHashes that we implemented allows user split the verification calculation much loosely. Also user only need execute pairing once to verify the whole series of messages after the aggregated signature arrived. I believe this could be an another option for people using aggregate signature scheme. Sadly the implementation I did still contains some bugs that causes the verification fail sometime. I'm wondering if you can taka look the code and enlight me where did I code wrong. Eventually, I wish this modification could be merged with the master branch and be part of the options that users can take

regards. Song.

[herumi]

I'm sorry for the late response. I don't think that serialization/deserialization is necessary.

And I offer primitive functions. so you can implement your algorithm by using them without my library (for C/Go). Could you try it?

To compute that e(aggSig, Q) = prod_i e(MapToG1(msg), pub[i]),

• Fr <- msg ; mclBnFp_setLittleEndian(Mod)
• G1 <- Fr ; mclBnFp_mapToG1
• e <- (G1, G2) ; mclBn_millerLoop
• e1 <- e1 * e2 ; mclBnGT_mul
• ML(aggSig, Q) ; mclBn_millerLoop
• 1/e <- e ; mclBnGT_inv
• mclBn_finalExp
• mclBnGT_isOne

[Coresummer]

Appreciate for the response! Sure, I'm gonna give a try.

[herumi]

Do you want to use C++ or Go? I can make a sample of your algorithm.

[Coresummer]

I'd like to use go eventually. Yeah, it would be super helpful if you can provide me an sample. Thank you so much.

[herumi]

I made a sample of VerifyAggregateHashes by Go. https://github.com/herumi/bls-go-binary/blob/master/examples/agg-verify.go Could you try to implement your algorithm with reference to it?

[Coresummer]

Thank you so much !! I'm gonna try it out.

[Coresummer]

Thanks again for the sample. I made following modification to the function splitVAH_exec() for achieving the method I describe above: executing simple miller's algorithm right after the message arrive to accumulate the Miller result.

// return GT, modified from splitVAH_exec() func splitVAH_SingleExec(E bls.GT, preE1 bls.GT, pubs bls.PublicKey, hs []byte) bls.GT { g1s := toG(hs) g2s := bls.CastFromPublicKey(&pubs) var e1 bls.GT bls.MillerLoop(&e1, &g1s, &g2s)

if preE1 != nil {
    bls.GTMul(&e1, preE1, &e1)
}
return &e1

}

I'm still wondering if this methodology is gonna be implemented in the herumi/bls or herumi/bls-go-binary in the future. If so I will be glad to help.