[Ready for review - Pending fix of upstream vectors] Update BLS signature scheme to draft standard

status-im / nim-blscurve

Nim implementation of BLS signature scheme (Boneh-Lynn-Shacham) over Barreto-Lynn-Scott (BLS) curve BLS12-381

Apache License 2.0

26 stars 11 forks source link

[Ready for review - Pending fix of upstream vectors] Update BLS signature scheme to draft standard #36

Closed mratsim closed 4 years ago

mratsim commented 4 years ago

Update our BLS signature scheme to the draft standard:

We use the Proof-of-Possession scheme with Ciphersuite ID: "BLS_SIG_BLS12381G2-SHA256-SSWU-RO-POP"

Implementation is complete:

[x] sign
[x] verify
[x] aggregate verify
[x] popProve
[x] popVerify
[x] fastAggregateVerify
[x] keypair generation

Tests:

Passes the EF vectors except for 3 vectors that are broken upstream (https://github.com/ethereum/eth2.0-specs/issues/1618, https://github.com/ethereum/eth2.0-specs/issues/1597) and are skipped

Status:

Actual code ready for review. CI changes to be done (NimYaml) and fixes (Azure Pipelines broke Windows/Nim paths once again under bash)

Things not done:

Some stuff in common.nim is actual not common but part of the old signature scheme for example the old hashToG2. Some cleanup can be done later to remove all that old cruft once we fully switch to 10.1.

mratsim commented 4 years ago

Keygen pair generation and aggregate added.
instantiating from raw bytes and hex added
dumping hex added

The library provides both an API that enforces correct use of proof-of-possession (as required by the IETF draft) or an overload that implements the proposed standard API.

Test framework WIP. The failing test is quite strange, we do compute the correct signature especially when serialized to hex but there is a off by one on a byte. Probably a single signature may have multiple valid representations in-memory:

mratsim commented 4 years ago

One of the official EF test vectors that tests a forged aggregate signature is buggy, the aggregate signature is actually valid: https://github.com/ethereum/eth2.0-specs/issues/1618

mratsim commented 4 years ago

Ready for review.

CI fixes TBD but with no impact of actual code:

new depeendency on NimYAML for testing
Azure Pipelines or Nim Windows Path handling under bash shell is broken once again (see https://github.com/status-im/nim-blscurve/pull/32 for a day of experiments)

mratsim commented 4 years ago

Don't merge:

some fast_aggregate_verify vectors upstream have an issue (the same inputs are tested for both true/false), pending the release of fix https://github.com/ethereum/eth2.0-specs/pull/1599 in 0.10.2

See:

==> We wait for 0.10.2 and clean vectors before merging

cheatfate commented 4 years ago

@mratsim Let's wait until proper test vectors will be published and tested.

mratsim commented 4 years ago

Also closes #35

mratsim commented 4 years ago

The official test vectors generator according to the draft v5 has been released yesterday: https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/commit/2500e6c42c16ae719c92c4f60aac4b003662c24f

and can be run with make vectors (but requires Sagemath on Python 2 AFAIK)

mratsim commented 4 years ago

Merging as as discussed on Wednesday call, it's blocking further honest validator development by @tersec