search

icon-project / goloop

A blockchain node written in Go
Apache License 2.0
75 stars 39 forks source link

Expose BLS12-381 curve operations via Java Context API #149

Closed bbist closed 1 year ago

bbist commented 1 year ago

Following the discussion in PR https://github.com/icon-project/goloop/pull/148 to support AltBN128 curve on ICON, we've decided to follow the suggestions from goloop core team to expose BLS12-381 curve operations via Context API using existing Java BLST JNI library. This is part of a set of enhancements necessary on ICON blockchain for supporting zkSNARKs.

This issue will track current and future changes related to BLS12-381 curve operations exposed via Context API. 

    /**
     * Returns result of point addition as bigendian integers:
     *   bls12-381: (x, y) 96 bytes or (flag | x) 48 bytes for compressed
     *   bls12-381-g2: (x_u * u + x, y_u * u + y) 192 bytes or (flag | x_u * u + x) 96 bytes for compressed
     * @param curve bls12-381, bls12-381-g2
     * @param data set of points each encoded as 96 bytes (or 48 bytes for compressed) bigendian integers 
     * @param compressed flag to represent compressed point
     * @return binary representation of point addition result
     * @throws IllegalArgumentException if the arguments are invalid
     */
    public static byte[] ecAdd(String curve, byte[] data, boolean compressed) {
        return null;
    }

    /**
     * Returns result of scalar multiplication as bigendian integers:
     *   bls12-381: (x, y) 96 bytes or (flag | x) 48 bytes for compressed
     *   bls12-381-g2: (x_u * u + x, y_u * u + y) 192 bytes or (flag | x_u * u + x) 96 bytes for compressed
     * @param curve bls12-381, bls12-381-g2
     * @param data set of points each encoded as 96 bytes (or 48 bytes for compressed) bigendian integers 
     * @param scalar 32 bytes scalar
     * @param compressed flag to represent compressed point
     * @return binary representation of scalar multiplication result
     * @throws IllegalArgumentException if the arguments are invalid
     */
    public static byte[] ecScalarMul(String curve, byte[] scalar, byte[] data, boolean compressed) {
        return null;
    }

    /**
     * Returns {@code true} if log_G1(a1) * log_G2(a2) + ... + log_G1(z1) + log_G2(z2) = 0
     * @param curve bls12-381
     * @param data set of alternating 
     *             G1 ((x, y) 96 bytes or (flag | x) 48 bytes for compressed bigendian integers) and 
     *             G2 points ((x_u * u + x, y_u * u + y) 192 bytes or (flag | x_u * u + x) 96 bytes for compressed bigendian integers) 
     * @param compressed flag to represent compressed points
     * @return boolean representing pairing check result
     * @throws IllegalArgumentException if the arguments are invalid
     */
    public static boolean ecPairingCheck(String curve, byte[] data, boolean compressed) {
        return false;
    }
sink772 commented 1 year ago

Hello @bbist,

For now, the new APIs you've proposed look good to me. You may proceed with those APIs design.

One thing I want to comment is how about clarifying the g1 point by using bls12-381-g1 instead of bls12-381 in ecAdd() and ecSalarMul()? As you may know, we've already used that term, bls12-381-g1, in aggregate(), so it would be aligned with the previous usage.

Additionally, please note that you should write your code based on the base branch code, not the master, since this kind of APIs addition is for common part, not only for ICON. See the https://github.com/icon-project/goloop#contribution-guidelines.

bbist commented 1 year ago

Thanks @sink772 for the suggestions. Will make the changes, and submit a PR to the base branch.