search

status-im / nim-blscurve

Nim implementation of BLS signature scheme (Boneh-Lynn-Shacham) over Barreto-Lynn-Scott (BLS) curve BLS12-381
Apache License 2.0
26 stars 11 forks source link

[Don't Merge] Debug Milagro C vs Milagro Rust Bigint -> Field element conversion #31

Closed mratsim closed 4 years ago

mratsim commented 4 years ago

This adds debug output to Milagro FP conversion.

Script (assumes being run from build/ folder)

import ../blscurve/[common, milagro]

var a0: BIG_384

discard a0.fromHex("004AD233C619209060E40059B81E4C1F92796B05AA1BC6358D65E53DC0D657DFBC713D4030B0B6D9234A6634FD1944E7")
echo "a0 (big): ", a0

let a0_fp = nres(a0)
echo "a0 (FP): ", a0_fp

Output

a0 (big): 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7
r: 19ea66a2b13c5b3fb47e72f38a6de8fb36639944712d8c5c3976e2d09b54e6e2cd249131918b764fa20639a1d5bef7ae
d: 7930930f8f9d0f7bfa6bad68e1ef9878495afa7f15372e6899ceb32e8251bbea96468e3bc57e89ace9dd8273565d9e00c4306b4f881788c607795679aa8eb1f4380297416ab005058a7ce18750aacfd08b6b6a8fc9e0d4fbe3b93bf19b602
mod d: 0a8a4e02721e4947b373f6f6c879a638acd4d47a24919f37a023cfe5149ab6f0547e1b4c42c94ed91b3b2e1c69a05d32
a0 (FP): 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7
mratsim commented 4 years ago

In contrast the Rust version does

a0 (big): Big: [ 004AD233C619209060E40059B81E4C1F92796B05AA1BC6358D65E53DC0D657DFBC713D4030B0B6D9234A6634FD1944E7 ]
f.x: Big: [ 004AD233C619209060E40059B81E4C1F92796B05AA1BC6358D65E53DC0D657DFBC713D4030B0B6D9234A6634FD1944E7 ]
---- begin nres ----
r: Big: [ 19EA66A2B13C5B3FB47E72F38A6DE8FB36639944712D8C5C3976E2D09B54E6E2CD249131918B764FA20639A1D5BEF7AE ]
d: 7930930F8F9D0F7BFA6BAD68E1EF9878495AFA7F15372E6899CEB32E8251BBEA96468E3BC57E89ACE9DD8273565D9E00C4306B4F881788C607795679AA8EB1F4380297416AB005058A7CE18750AACFD08B6B6A8FC9E0D4FBE3B93BF19B602
mod d: Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ]
self.x: Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ]
---- end nres ----
f.x: Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ]
a0 (FP): FP: [ Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ] ]
cheatfate commented 4 years ago

@mratsim could we see rust code here? Because it looks like Rust do not make nres before print.

mratsim commented 4 years ago

it's here: https://github.com/mratsim/incubator-milagro-crypto-rust/pull/1

mratsim commented 4 years ago

Adding debug in montgomery reduction

C https://github.com/status-im/nim-blscurve/blob/496d3cb5e5d0226b6df33bec3fd96592d24d09fc/blscurve/csources/64/fp_BLS381.c#L172-L188

https://github.com/status-im/nim-blscurve/blob/496d3cb5e5d0226b6df33bec3fd96592d24d09fc/blscurve/csources/64/fp_BLS381.c#L200-L217

Output

a0 (big): 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7
r: 19ea66a2b13c5b3fb47e72f38a6de8fb36639944712d8c5c3976e2d09b54e6e2cd249131918b764fa20639a1d5bef7ae
d: 7930930f8f9d0f7bfa6bad68e1ef9878495afa7f15372e6899ceb32e8251bbea96468e3bc57e89ace9dd8273565d9e00c4306b4f881788c607795679aa8eb1f4380297416ab005058a7ce18750aacfd08b6b6a8fc9e0d4fbe3b93bf19b602
mod d: 
start mod, result: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
start mod, d: 7930930f8f9d0f7bfa6bad68e1ef9878495afa7f15372e6899ceb32e8251bbea96468e3bc57e89ace9dd8273565d9e00c4306b4f881788c607795679aa8eb1f4380297416ab005058a7ce18750aacfd08b6b6a8fc9e0d4fbe3b93bf19b602
start mod, modulus: 1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
end mod, monty: 0a8a4e02721e4947b373f6f6c879a638acd4d47a24919f37a023cfe5149ab6f0547e1b4c42c94ed91b3b2e1c69a05d32
0a8a4e02721e4947b373f6f6c879a638acd4d47a24919f37a023cfe5149ab6f0547e1b4c42c94ed91b3b2e1c69a05d32

start mod, result: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
start mod, d: a8a4e02721e4947b373f6f6c879a638acd4d47a24919f37a023cfe5149ab6f0547e1b4c42c94ed91b3b2e1c69a05d32
start mod, modulus: 1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
end mod, monty: 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7
a0 (FP): 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7

So FP_BLS381_nres is called twice

in Rust:

https://github.com/mratsim/incubator-milagro-crypto-rust/blob/debug-big-fp-conversion/src/fp.rs#L204-L211

        if MODTYPE == ModType::NotSpecial {
            let m = Big::new_ints(&rom::MODULUS);
            println!("start mod, modulus: {}", m);
            println!("start mod, d: {}", d.to_string());
            let result = Big::monty(&m, rom::MCONST, d);
            println!("end mod, monty: {}", result);
            return result
        }

Output

a0 (big): Big: [ 004AD233C619209060E40059B81E4C1F92796B05AA1BC6358D65E53DC0D657DFBC713D4030B0B6D9234A6634FD1944E7 ]
f.x: Big: [ 004AD233C619209060E40059B81E4C1F92796B05AA1BC6358D65E53DC0D657DFBC713D4030B0B6D9234A6634FD1944E7 ]
---- begin nres ----
r: Big: [ 19EA66A2B13C5B3FB47E72F38A6DE8FB36639944712D8C5C3976E2D09B54E6E2CD249131918B764FA20639A1D5BEF7AE ]
d: 7930930F8F9D0F7BFA6BAD68E1EF9878495AFA7F15372E6899CEB32E8251BBEA96468E3BC57E89ACE9DD8273565D9E00C4306B4F881788C607795679AA8EB1F4380297416AB005058A7CE18750AACFD08B6B6A8FC9E0D4FBE3B93BF19B602
start mod, modulus: Big: [ 1A0111EA397FE69A4B1BA7B6434BACD764774B84F38512BF6730D2A0F6B0F6241EABFFFEB153FFFFB9FEFFFFFFFFAAAB ]
start mod, d: 7930930F8F9D0F7BFA6BAD68E1EF9878495AFA7F15372E6899CEB32E8251BBEA96468E3BC57E89ACE9DD8273565D9E00C4306B4F881788C607795679AA8EB1F4380297416AB005058A7CE18750AACFD08B6B6A8FC9E0D4FBE3B93BF19B602
end mod, monty: Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ]
mod d: Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ]
self.x: Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ]
---- end nres ----
f.x: Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ]
a0 (FP): FP: [ Big: [ 0A8A4E02721E4947B373F6F6C879A638ACD4D47A24919F37A023CFE5149AB6F0547E1B4C42C94ED91B3B2E1C69A05D32 ] ]

So the difference is that there is an extra nres that seems to convert 0a8a4e02721e4947b373f6f6c879a638acd4d47a24919f37a023cfe5149ab6f0547e1b4c42c94ed91b3b2e1c69a05d32 back to 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7

mratsim commented 4 years ago

So I think you were right @cheatfate.

The Rust c code is probably printing the raw bytes, while the C code has extra formating steps:

import ../blscurve/[common, milagro]

var a0: BIG_384

discard a0.fromHex("004AD233C619209060E40059B81E4C1F92796B05AA1BC6358D65E53DC0D657DFBC713D4030B0B6D9234A6634FD1944E7")
echo "a0 (big): ", a0

# let a0_fp = nres(a0)
# echo "a0 (FP): ", a0_fp

echo "+======================+"
let xxx = nres(a0)
echo "xxx: ", xxx    # "formatted display"

echo "+======================+"
let yyy = nres(a0).g # Raw data access
echo "yyy: ", yyy    # Raw memory dump

Output:

a0 (big): 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7
a0 (FP): 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7
+======================+
xxx: 004ad233c619209060e40059b81e4c1f92796b05aa1bc6358d65e53dc0d657dfbc713d4030b0b6d9234a6634fd1944e7
+======================+
yyy: 0a8a4e02721e4947b373f6f6c879a638acd4d47a24919f37a023cfe5149ab6f0547e1b4c42c94ed91b3b2e1c69a05d32

i.e. in my Rust code, I need to call

println!("a0 (FP): {}", FP::new_big(&a).tostring());

instead of

println!("a0 (FP): {}", FP::new_big(&a));

because the Display traits doesn't call "tostring()" but does a raw dump