search

status-im / nim-blscurve

Nim implementation of BLS signature scheme (Boneh-Lynn-Shacham) over Barreto-Lynn-Scott (BLS) curve BLS12-381
Apache License 2.0
26 stars 11 forks source link

Implement Aggregate Signature #4

Closed mratsim closed 6 years ago

mratsim commented 6 years ago

Unfortunately, Milagro Crypto doesn't come with aggregate signatures so they must be implemented in C or Nim.

We can follow implementation in Rust done here: https://github.com/lovesh/signature-schemes.

Challenges

Octet string. One major pain point is having to workaround the "octet string" introduced by Milagro Crypto (probably to workaround C limitations that Nim doesn't have).

This octet string requires a lot of boilerplate and a high-level API that hides away all of this need to be built on top of Milagro-Crypto.

Boilerplate means allocating a storage backend with the proper size and lifetime (arrays are collected when function exists).

https://github.com/status-im/nim-milagro-crypto/blob/9ad68657cf0d6c238220a3b35efd62fddd6b2ab5/tests/all_tests.nim#L58-L93

Need to wrap lots of low level types and primitives

BIG. The big int implementation also brings problem due to pointers/lifetime/array passing in C. https://github.com/status-im/nim-milagro-crypto/blob/9ad68657cf0d6c238220a3b35efd62fddd6b2ab5/src/generated/big_384_29.h#L39-L60

typedef chunk BIG_384_29[NLEN_384_29];     /**< Define type BIG as array of chunks */

Other low-level types are stack objects are more straightforward.

Need to provide glue

To manage lifetimes properly, we will probably need glue, but also need to develop constant-time primitives to not grow the attack surface mentionned in #2.

mratsim commented 6 years ago

See https://github.com/status-im/nim-milagro-crypto/blob/a6581e833d364b8372b15b500410edb27c4c7a36/src/scheme1.nim