Closed b00f closed 2 years ago
it would help to be able to set the DST label for other schemes
Okay, I'll add the api.
FYI. "BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_ROPOP" is for Ethereum. https://pypi.org/project/py-ecc/
I'd make use of being able to set BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_
and BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_AUG_
as DST labels
I added hashAndMapToG1 and hashAndMapToG2 with DST for C++. https://github.com/herumi/mcl/commit/b3f4d607cb5f823b88de11717e4f9c387606d2bb What language do you want to use them with?
Thank you very much!
I would use it from C.
I think a function setDSTLabel(*char, size_t) which sets a global setting like setMapToMode() would be more flexible, and require less changes in other libraries like herumi/bls which use mcl for signing and verification but dont support different schemes yet.
I've added mclBn{G1,G2}_setDst(const char* dst, size_t dstSize) functions at https://github.com/herumi/mcl/commit/d7fe9d748ab88b342024fa2f05dc38ea773ffa00 .
👍
@herumi and @aguycalled Thank you so much guys for the fast implementation. I will test it soon and update you guys.
@herumi I looked at your change.
I am going to test it with GoLang. Do you think you can update the bls-go-binary? I can update it if you don't mind. I suggest to add new methods like CoreSign
and CoreVerify
to accept DST as an additional parameter.
What do you think?
Is it enough only to add the global setting functions of DST?
That also should work. But I think it become a bit far from the spec. The APIs can follow the spec, for example, we can have different Sign and Verify methods for different schema. For example look here
I think now it is very risky to touch it. Better to have a global setting.
I updated https://github.com/herumi/bls-go-binary to support setDst.
I tested it, it worked as it promised. Thanks
The DST that is defined here is not compatible with the spec. It's defined like this: https://github.com/herumi/mcl/blob/41497c9cf9b38edb6d1aafbafaf2237848b0dee7/include/mcl/mapto_wb19.hpp#L556
However Spec definition recommends different DST for different schemes. Is there any reason for this?