bindings/rust: implement MultiPoint for [Signature] and [PublicKey]

supranational / blst

Multilingual BLS12-381 signature library

Apache License 2.0

454 stars 171 forks source link

bindings/rust: implement MultiPoint for [Signature] and [PublicKey] #226

Closed wemeetagain closed 4 hours ago

wemeetagain commented 3 weeks ago

Implement MultiPoint for slices of Signatures and PublicKeys, as suggested in this comment: https://github.com/supranational/blst/pull/225#issuecomment-2191717350
Enforce compatible memory layout via repr(transparent), see https://doc.rust-lang.org/nomicon/other-reprs.html#reprtransparent

dot-asm commented 3 weeks ago

Can we do the following? I take your commits and open another merge request with one extra thing for you to review and test. Because when it comes to performance, there is one additional thing that is worth implementing. In #225 I mentioned the significant parts, but I've omitted one common part, i.e. a step you would need to perform in either of the discussed cases, group checks. I suppose you won't need to perform group checks on public keys in your scheme, because you have proofs of possession, which implies the group check. But as far as signatures go, you have to vet them, and do so individually, i.e. it would be inappropriate to group-check the result of aggregation. On the plus side if you group-check the inputs, you don't need to group-check the result of the aggregation...

mratsim commented 3 weeks ago

In Ethereum I think most clients separate input flow into 2 layers:

networking layer (gossip)
processing

Deserializing and group check are likely done in the networking layer in all clients. This is allows singling out a bad peer. And also it's easy to parallelize deserialization. Afterwards signature verification can be done but no group checks are needed.

dot-asm commented 3 weeks ago

When exactly the additional implementation will be used, or if at all, would be up to the application. The rationale is that since we provide options to perform group checks upon individual calls, for consistency it would be appropriate to provide it as option even with suggested aggregate_with_randomness.

wemeetagain commented 2 weeks ago

Can we do the following? I take your commits and open another merge request with one extra thing for you to review and test. a step ... group checks

sounds good.

As @mratsim said, we probably won't need to do group checks inside the add/mult operation for our purposes, but if it's desired for consistency then so be it :)

dot-asm commented 4 hours ago

Committed as 104ad64f697e1ec8cf098950023f9832ec3cbddb, and see v0.3.13.