Skip to content
This repository has been archived by the owner on Mar 27, 2024. It is now read-only.

feat: BBS update #3400

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
24 changes: 20 additions & 4 deletions internal/third_party/kilic/bls12-381/g1_custom.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,19 @@ package bls12381

import (
"hash"

"golang.org/x/crypto/sha3"
)

func (g *G1) HashToCurveGeneric(msg, domain []byte, hashFunc func() hash.Hash) (*PointG1, error) {
hashRes, err := hashToFpXMD(hashFunc, msg, domain, 2)
func (g *G1) hashToCurveGeneric(msg, domain []byte, expand func([]byte, []byte, int) ([]byte, error)) (*PointG1, error) {
hashRes, err := hashToFpGeneric(expand, msg, domain, 2)
if err != nil {
return nil, err
}
u0, u1 := hashRes[0], hashRes[1]

x0, y0 := swuMapG1BE(u0)
x1, y1 := swuMapG1BE(u1)
x0, y0 := swuMapG1(u0)
x1, y1 := swuMapG1(u1)
one := new(fe).one()
p0, p1 := &PointG1{*x0, *y0, *one}, &PointG1{*x1, *y1, *one}

Expand All @@ -28,3 +30,17 @@ func (g *G1) HashToCurveGeneric(msg, domain []byte, hashFunc func() hash.Hash) (
g.ClearCofactor(p0)
return g.Affine(p0), nil
}

func (g *G1) HashToCurveGenericXMD(msg, domain []byte, hashFunc func() hash.Hash) (*PointG1, error) {
expand := func(msg []byte, tag []byte, outLen int) ([]byte, error) {
return expandMsgXMD(hashFunc, msg, tag, outLen)
}
return g.hashToCurveGeneric(msg, domain, expand)
}

func (g *G1) HashToCurveGenericXOF(msg, domain []byte, hash sha3.ShakeHash) (*PointG1, error) {
expand := func(msg []byte, tag []byte, outLen int) ([]byte, error) {
return ExpandMsgXOF(hash, msg, tag, outLen)
}
return g.hashToCurveGeneric(msg, domain, expand)
}
62 changes: 47 additions & 15 deletions internal/third_party/kilic/bls12-381/g1_custom_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,12 @@ SPDX-License-Identifier: Apache-2.0
package bls12381

import (
"crypto/sha256"
"encoding/hex"
"hash"
"testing"

"github.com/stretchr/testify/require"
"golang.org/x/crypto/blake2b"
)

Expand Down Expand Up @@ -37,23 +40,52 @@ func TestG1CustomSerialization(t *testing.T) {
}

func TestHashToCurve(t *testing.T) {
hashFunc := func() hash.Hash {
// We pass a null key so error is impossible here.
h, _ := blake2b.New512(nil)
g := NewG1()
t.Run("hello test", func(t *testing.T) {
hashFunc := func() hash.Hash {
// We pass a null key so error is impossible here.
h, _ := blake2b.New512(nil)

return h
}
return h
}

g := NewG1()
curve, err := g.HashToCurveGenericXMD([]byte("hello"),
[]byte("BLS12381G1_XMD:BLAKE2B_SSWU_RO_BBS+_SIGNATURES:1_0_0"),
hashFunc)

curve, err := g.HashToCurveGeneric([]byte("hello"),
[]byte("BLS12381G1_XMD:BLAKE2B_SSWU_RO_BBS+_SIGNATURES:1_0_0"),
hashFunc)
if err != nil {
t.Fatal(err)
}
require.NoError(t, err)
require.NotEqual(t, 0, len(curve))
})

if len(curve) == 0 {
t.Fatal("empty curve bytes")
}
t.Run("IRTF H2C draft16 J91 empty msg", func(t *testing.T) {
hashFunc := func() hash.Hash {
h := sha256.New()
return h
}

curve, err := g.HashToCurveGenericXMD([]byte(""),
[]byte("QUUX-V01-CS02-with-BLS12381G1_XMD:SHA-256_SSWU_RO_"),
hashFunc)
require.NoError(t, err)
require.Equal(t, ""+ //x and y coordinates
"052926add2207b76ca4fa57a8734416c8dc95e24501772c814278700eed6d1e4e8cf62d9c09db0fac349612b759e79a1"+
"08ba738453bfed09cb546dbb0783dbb3a5f1f566ed67bb6be0e8c67e2e81a4cc68ee29813bb7994998f3eae0c9c6a265",
hex.EncodeToString(NewG1().ToUncompressed(curve)))
})

t.Run("IRTF H2C draft16 J91 abc", func(t *testing.T) {
hashFunc := func() hash.Hash {
h := sha256.New()
return h
}

curve, err := g.HashToCurveGenericXMD([]byte("abc"),
[]byte("QUUX-V01-CS02-with-BLS12381G1_XMD:SHA-256_SSWU_RO_"),
hashFunc)
require.NoError(t, err)
require.Equal(t, ""+ //x and y coordinates
"03567bc5ef9c690c2ab2ecdf6a96ef1c139cc0b2f284dca0a9a7943388a49a3aee664ba5379a7655d3c68900be2f6903"+
"0b9c15f3fe6e5cf4211f346271d7b01c8f3b28be689c8429c85b67af215533311f0b8dfaaa154fa6b88176c229f2885d",
hex.EncodeToString(NewG1().ToUncompressed(curve)))
})
}
29 changes: 25 additions & 4 deletions internal/third_party/kilic/bls12-381/hash_to_field_custom.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,12 @@ package bls12381
import (
"errors"
"hash"

"golang.org/x/crypto/sha3"
)

func hashToFpXMD(f func() hash.Hash, msg []byte, domain []byte, count int) ([]*fe, error) {
randBytes, err := expandMsgXMD(f, msg, domain, count*64)
func hashToFpGeneric(expand func([]byte, []byte, int) ([]byte, error), msg []byte, domain []byte, count int) ([]*fe, error) {
randBytes, err := expand(msg, domain, count*64)
if err != nil {
return nil, err
}
Expand All @@ -36,10 +38,10 @@ func hashToFpXMD(f func() hash.Hash, msg []byte, domain []byte, count int) ([]*f

func expandMsgXMD(f func() hash.Hash, msg []byte, domain []byte, outLen int) ([]byte, error) {
h := f()
domainLen := uint8(len(domain))
if domainLen > 255 {
if len(domain) > 255 {
return nil, errors.New("invalid domain length")
}
domainLen := uint8(len(domain))

// DST_prime = DST || I2OSP(len(DST), 1)
// b_0 = H(Z_pad || msg || l_i_b_str || I2OSP(0, 1) || DST_prime)
Expand Down Expand Up @@ -84,3 +86,22 @@ func expandMsgXMD(f func() hash.Hash, msg []byte, domain []byte, outLen int) ([]

return out[:outLen], nil
}

// TODO move away?
func ExpandMsgXOF(h sha3.ShakeHash, msg []byte, dst []byte, outBytesCnt int) ([]byte, error) {
if len(dst) > 255 {
return nil, errors.New("invalid DST length")
}
dstLen := uint8(len(dst))

// msg || outBytesCnt || dst || dstLen
h.Write(msg)
h.Write([]byte{byte(outBytesCnt >> 8), byte(outBytesCnt & 0xFF)})
h.Write(dst)
h.Write([]byte{byte(dstLen)})

out := make([]byte, outBytesCnt)
h.Read(out)

return out, nil
}
60 changes: 60 additions & 0 deletions internal/third_party/kilic/bls12-381/hash_to_field_custom_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
SPDX-License-Identifier: Apache-2.0
*/

package bls12381

import (
"crypto/sha256"
"encoding/hex"
"hash"
"testing"

"github.com/stretchr/testify/require"
"golang.org/x/crypto/sha3"
)

func TestExpandMessageXMD(t *testing.T) {
t.Run("IRTF H2C draft16 K1 abc", func(t *testing.T) {
hashFunc := func() hash.Hash {
h := sha256.New()
return h
}
outCnt := 0x20
out, err := expandMsgXMD(hashFunc, []byte("abc"), []byte("QUUX-V01-CS02-with-expander-SHA256-128"), outCnt)
require.NoError(t, err)
require.Equal(t, len(out), outCnt)
require.Equal(t, "d8ccab23b5985ccea865c6c97b6e5b8350e794e603b4b97902f53a8a0d605615", hex.EncodeToString(out))
})

t.Run("IRTF H2C draft16 K1 abcdef0123456789", func(t *testing.T) {
hashFunc := func() hash.Hash {
h := sha256.New()
return h
}
outCnt := 0x20
out, err := expandMsgXMD(hashFunc, []byte("abcdef0123456789"), []byte("QUUX-V01-CS02-with-expander-SHA256-128"), outCnt)
require.NoError(t, err)
require.Equal(t, len(out), outCnt)
require.Equal(t, "eff31487c770a893cfb36f912fbfcbff40d5661771ca4b2cb4eafe524333f5c1", hex.EncodeToString(out))
})
}

func TestExpandMessageXOF(t *testing.T) {
dst := []byte("QUUX-V01-CS02-with-expander-SHAKE256")
t.Run("IRTF H2C draft16 K6 abc", func(t *testing.T) {
outCnt := 0x20
out, err := ExpandMsgXOF(sha3.NewShake256(), []byte("abc"), dst, outCnt)
require.NoError(t, err)
require.Equal(t, len(out), outCnt)
require.Equal(t, "b39e493867e2767216792abce1f2676c197c0692aed061560ead251821808e07", hex.EncodeToString(out))
})

t.Run("IRTF H2C draft16 K6 abcdef0123456789", func(t *testing.T) {
outCnt := 0x20
out, err := ExpandMsgXOF(sha3.NewShake256(), []byte("abcdef0123456789"), dst, outCnt)
require.NoError(t, err)
require.Equal(t, len(out), outCnt)
require.Equal(t, "245389cf44a13f0e70af8665fe5337ec2dcd138890bb7901c4ad9cfceb054b65", hex.EncodeToString(out))
})
}
19 changes: 0 additions & 19 deletions internal/third_party/kilic/bls12-381/swu_custom.go

This file was deleted.

49 changes: 0 additions & 49 deletions internal/third_party/kilic/bls12-381/swu_mod.go

This file was deleted.

2 changes: 1 addition & 1 deletion pkg/controller/command/verifiable/command_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2934,7 +2934,7 @@ func newBBSSigner(privKey *bbs12381g2pub.PrivateKey) (*bbsSigner, error) {
func (s *bbsSigner) Sign(data []byte) ([]byte, error) {
msgs := s.textToLines(string(data))

return bbs12381g2pub.New().Sign(msgs, s.privKeyBytes)
return bbs12381g2pub.New().Sign(nil, msgs, s.privKeyBytes)
}

func (s *bbsSigner) Alg() string {
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/rest/verifiable/operation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1523,7 +1523,7 @@ func newBBSSigner(privKey *bbs12381g2pub.PrivateKey) (*bbsSigner, error) {
func (s *bbsSigner) Sign(data []byte) ([]byte, error) {
msgs := s.textToLines(string(data))

return bbs12381g2pub.New().Sign(msgs, s.privKeyBytes)
return bbs12381g2pub.New().Sign(nil, msgs, s.privKeyBytes)
}

func (s *bbsSigner) Alg() string {
Expand Down
Loading