Merge branch 'tristan/war-529-deep-sylow-optimization' into tristan/d…

…iv-inv
warlock-labs · Sep 9, 2024 · ce4b512 · ce4b512
2 parents 5c14137 + 3a222bb
commit ce4b512
Show file tree

Hide file tree

Showing 54 changed files with 144,815 additions and 1,334 deletions.
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -21,12 +21,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        rust: [ "stable", "beta", "nightly", "1.65" ] # MSRV
+        rust: [ "stable", "beta", "nightly" ] # MSRV
         flags: [ "--no-default-features", "", "--all-features" ]
-        exclude:
-          # Skip because some features have highest MSRV.
-          - rust: "1.65" # MSRV
-            flags: "--all-features"
     steps:
       - uses: actions/checkout@v3
       - uses: dtolnay/rust-toolchain@master
@@ -36,12 +32,9 @@ jobs:
         with:
           cache-on-failure: true
       # Only run tests on the latest stable and above
-      - name: check
-        if: ${{ matrix.rust == '1.65' }} # MSRV
-        run: cargo check --workspace ${{ matrix.flags }}
       - name: test
         if: ${{ matrix.rust != '1.65' }} # MSRV
-        run: cargo test --workspace ${{ matrix.flags }}
+        run: cargo test --workspace ${{ matrix.flags }} --release
 
   coverage:
     name: Code Coverage
@@ -78,26 +71,26 @@ jobs:
           files: lcov.info
           fail_ci_if_error: false
 
-# TODO(Miri presently has errors/detects undefined behavior in the codebase)
-# We should fix this and then enable.
-#  miri:
-#    name: miri ${{ matrix.flags }}
-#    runs-on: ubuntu-latest
-#    timeout-minutes: 30
-#    strategy:
-#      fail-fast: false
-#      matrix:
-#        flags: [ "--no-default-features", "", "--all-features" ]
-#    env:
-#      MIRIFLAGS: -Zmiri-strict-provenance
-#    steps:
-#      - uses: actions/checkout@v3
-#      - uses: dtolnay/rust-toolchain@miri
-#      - uses: Swatinem/rust-cache@v2
-#        with:
-#          cache-on-failure: true
-#      - run: cargo miri setup ${{ matrix.flags }}
-#      - run: cargo miri test ${{ matrix.flags }}
+  # TODO(Miri presently has errors/detects undefined behavior in the codebase)
+  # We should fix this and then enable.
+  #  miri:
+  #    name: miri ${{ matrix.flags }}
+  #    runs-on: ubuntu-latest
+  #    timeout-minutes: 30
+  #    strategy:
+  #      fail-fast: false
+  #      matrix:
+  #        flags: [ "--no-default-features", "", "--all-features" ]
+  #    env:
+  #      MIRIFLAGS: -Zmiri-strict-provenance
+  #    steps:
+  #      - uses: actions/checkout@v3
+  #      - uses: dtolnay/rust-toolchain@miri
+  #      - uses: Swatinem/rust-cache@v2
+  #        with:
+  #          cache-on-failure: true
+  #      - run: cargo miri setup ${{ matrix.flags }}
+  #      - run: cargo miri test ${{ matrix.flags }}
 
   feature-checks:
     runs-on: ubuntu-latest

diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,6 @@ notebooks/.ipynb_checkpoints
 
 # RustRover
 /.idea
+
+src/sage_reference/sagelib
+src/sage_reference/ref.sage.py
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,23 +1,72 @@
 [package]
-authors = ["Tristan Britt <[email protected]>", "0xAlcibiades <[email protected]>"]
+authors = ["Tristan Britt <[email protected]>",
+           "0xAlcibiades <[email protected]>",
+           "Michael Rolish <[email protected]>"]
 categories = ["cryptography", "mathematics"]
 description = "Implementation of the BLS signature scheme using the alt-bn128 curve."
-homepage = "https://github.com/warlock-labs/alt-bn128-bls"
-keywords = ["alt-bn128", "bls", "cryptography", "elliptic-curve", "pairing"]
+homepage = "https://github.com/warlock-labs/sylow"
+keywords = ["alt-bn128", "zero-knowledge", "cryptography", "elliptic-curve", "pairing"]
 license = "MIT"
 readme = "README.md"
-repository = "https://github.com/warlock-labs/alt-bn128-bls.git"
-name = "alt-bn128-bls"
-version = "0.0.1"
+repository = "https://github.com/warlock-labs/sylow.git"
+name = "sylow"
+version = "0.1.0"
 edition = "2021"
-
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
+[[example]]
+name = "dkg"
+path = "examples/dkg.rs"
+
+[[example]]
+name = "ecdh"
+path = "examples/simple_ecdh.rs"
+
+[[example]]
+name = "threshold_signing"
+path = "examples/threshold_signing.rs"
+
+[[example]]
+name = "sign_and_verify_multiple_messages"
+path = "examples/verify_multiple_messages_same_signer.rs"
+
+[[example]]
+name = "simple_xor_ecies"
+path = "examples/simple_xor_ecies.rs"
+
+# TODO(Seems like we probably should not be using pre-releases, release candidates, etc. in our dependencies)
 [dependencies]
-hex-literal = "0.4.1"
+crypto-bigint = "0.6.0-rc.3"
 num-traits = "0.2.19"
+sha3 = "0.11.0-pre.4"
 subtle = "2.6.1"
-
-[lib]
+tracing = "0.1.40"
 
 [dev-dependencies]
+confy = "0.6.1"
+criterion = { version = "0.5", features = ["html_reports"] }
+dudect-bencher = "0.6.0"
+lazy_static = "1.5.0"
+proptest = "1.5.0"
+quickcheck = "1.0.3"
+quickcheck_macros = "1.0.0"
+rand = "0.8.5"
+rand_core = "0.6.4"
+serde = { version = "1.0.209", features = ["derive"] }
+serde_json = "1.0.127"
+sha2 = "0.11.0-pre.4"
+tracing = "0.1.40"
+tracing-subscriber = "0.3.18"
+
+[[bench]]
+name = "mod"
+harness = false
+
+[profile.bench]
+debug = false
+debug-assertions = false
+incremental = false
+lto = true
+opt-level = 3
+overflow-checks = false
+
diff --git a/README.md b/README.md
@@ -1,77 +1,131 @@
-# alt-bn128-bls
+![Logo](./sylow.png)
 
-[![License](https://img.shields.io/crates/l/alt-bn128-bls)](https://choosealicense.com/licenses/mit/)
-[![Crates.io](https://img.shields.io/crates/v/alt-bn128-bls)](https://crates.io/crates/alt-bn128-bls)
-[![Docs](https://img.shields.io/crates/v/alt-bn128-bls?color=blue&label=docs)](https://docs.rs/alt-bn128-bls/)
-![CI](https://github.com/warlock-labs/alt-bn128-bls/actions/workflows/CI.yml/badge.svg)
+# Sylow
 
-alt-bn128-bls is a Rust library implementing the BLS (Boneh-Lynn-Shacham) signature scheme using the alt-bn128 (BN254) elliptic curve. It provides threshold signing capabilities and associated utilities, initially developed for use in the Warlock Chaos product.
+[![License](https://img.shields.io/crates/l/sylow)](https://choosealicense.com/licenses/mit/)
+[![Crates.io](https://img.shields.io/crates/v/sylow)](https://crates.io/crates/sylow)
+[![Docs](https://img.shields.io/crates/v/sylow?color=blue&label=docs)](https://docs.rs/sylow/)
+![CI](https://github.com/warlock-labs/sylow/actions/workflows/CI.yml/badge.svg)
+[![codecov](https://codecov.io/gh/warlock-labs/sylow/graph/badge.svg?token=MJNRUZHI1Z)](https://codecov.io/gh/warlock-labs/sylow)
+
+<!-- Generally seems to be pronounced SEE-low at least in American English, and perhaps note that it's being named after Ludwig. -->
+Sylow (*ˈsyːlɔv*) is a comprehensive Rust library for elliptic curve cryptography, specifically tailored for the BN254 (
+alt-bn128) curve. It provides a robust implementation of finite fields, elliptic curve groups, and pairing-based
+cryptography, making it an ideal choice for applications in blockchain, zero-knowledge proofs, and other cryptographic
+systems.
 
 ## Features
 
-- Implementation of BLS signatures on the alt-bn128 (BN254) curve
-- Support for threshold signatures
-- Efficient pairing operations leveraging the alt-bn128 curve's properties
-- Utilities for key generation, signing, and verification
-- Compatibility with Ethereum's precompiled contracts for alt-bn128 operations
+- **Finite Field Arithmetic**: Efficient implementations of prime fields and their extensions 𝔽ₚ, 𝔽ₚ², 𝔽ₚ⁶, 𝔽ₚ¹²
+- **Elliptic Curve Groups**: Complete support for operations on 𝔾₁, 𝔾₂, and 𝔾ₜ groups of the BN254 curve
+- **Pairing Operations**: Optimized implementation of the optimal ate pairing
+- **Cryptographic Primitives**:
+    - Key generation
+    - BLS signature generation and verification
+    - Hash-to-curve functionality
+- **Compatibility**: Designed to be compatible with Ethereum's precompiled 
+                     contracts for BN254 operations and [Warlock](https://warlock.xyz/)'s 
+                     [SolBLS](https://github.com/warlock-labs/solbls) library.
 
-## Usage
+## Installation
 
 Add this to your `Cargo.toml`:
 
 ```toml
 [dependencies]
-alt-bn128-bls = "0.0.1"
+sylow = "0.1.0"
 ```
 
-Here's a basic example of generating a key pair, signing a message, and verifying the signature:
+## Usage
+
+Here's a basic example demonstrating key generation, signing, and verification:
 
 ```rust
-use alt_bn128_bls::{KeyPair, sign, verify};
+use sylow::{KeyPair, sign, verify};
 
 fn main() {
+    // Generate a new key pair
     let key_pair = KeyPair::generate();
-    let message = b"Hello, World!";
-
-    let signature = sign(&key_pair.secret_key, message);
-    assert!(verify(&key_pair.public_key, message, &signature));
+
+    // Message to be signed
+    let message = b"Hello, Sylow!";
+
+    // Sign the message
+    match sign(&key_pair.secret_key, message) {
+        Ok(signature) => {
+            // Verify the signature
+            match verify(&key_pair.public_key, message, &signature) {
+                Ok(is_valid) => {
+                    assert!(is_valid, "Signature verification failed");
+                    println!("Signature verified successfully!");
+                }
+                Err(e) => println!("Verification error: {:?}", e),
+            }
+        }
+        Err(e) => println!("Signing error: {:?}", e),
+    }
 }
 ```
 
-For more examples and usage details, see the [API documentation](https://docs.rs/alt-bn128-bls).
+For more examples, please see [the examples directory](https://github.com/warlock-labs/sylow/tree/main/examples).
 
 ## Core Concepts
 
-- **BLS Signatures**: A signature scheme allowing for signature aggregation and threshold signing.
-- **alt-bn128 (BN254) Curve**: An elliptic curve with efficient pairing operations, widely used in zkSNARKs and supported by Ethereum precompiles.
-- **Threshold Signatures**: A cryptographic primitive allowing a subset of parties to collaboratively sign messages.
+- **Finite fields**: The foundation of the library, providing arithmetic operations in prime fields and their
+  extensions.
+- **Elliptic Curve Groups**: Implementations of the 𝔾₁, 𝔾₂, and 𝔾ₜ groups on the BN254 curve, supporting both affine and
+  projective coordinates.
+- **Pairing**: Efficient implementation of the optimal ate pairing, crucial for many cryptographic protocols.
+- **alt-bn128 (BN254) Curve**: A pairing-friendly elliptic curve widely used in zkSNARKs and supported by Ethereum
+  precompiles.
+
+## Advanced Features
+
+- **Customizable Hashing**: Supports various hash functions through the `Expander` trait, such as the XMD and XOF
+  algorithms on any hasher from [sha3](https://github.com/RustCrypto/hashes/tree/master/sha3).
+- **Optimized Arithmetic**: Utilizes Montgomery form for efficient modular arithmetic.
+- **Constant-time Operations**: Implements algorithms resistant to timing attacks.
+- **Batch Verification**: Verify multiple signatures in a single operation for improved performance.
 
 ## Performance
 
-The alt-bn128 curve is chosen for its efficiency and widespread support, particularly in Ethereum and other EVM-compatible blockchains. The library aims to provide optimal performance for BLS operations on this curve.
+Sylow is designed with performance in mind, leveraging optimized algorithms for j-invariant zero curves, the optimal ate
+pairing for efficient signature verification, as well as multiprecision Montgomery arithmetic.
+
+## Security
+
+Sylow is designed in compliance with the recommendations set forth by Cloudflare
+in [RFC 9380](https://datatracker.ietf.org/doc/html/rfc9380), especially regarding hashing an arbitrary byte array to an
+element of the curve. We provide multiple secure implementations of the `hash_to_field` standard and implement the
+Shallue-van de Woestijne encoding for elliptic curve points.
 
-## Roadmap
+The multiprecision arithmetic operations are implemented in constant time, ensuring resistance to side-channel attacks.
+Constant-time operations are used whenever possible, and there are currently no variable-time functions used in Sylow.
 
-The following features and improvements are planned for future releases:
+If you discover any security issues, please report them to [[email protected]](mailto:[email protected]).
 
-- [ ] Basic BLS signature implementation
-- [ ] Key generation utilities
-- [ ] Signature aggregation
-- [ ] Threshold signature scheme
-- [ ] Optimizations for common operations
-- [ ] Extended test suite and benchmarks
-- [ ] Support for serialization formats used in blockchain contexts
+## Documentation
+
+For detailed API documentation, please refer to [docs.rs/sylow](https://docs.rs/sylow).
 
 ## Contributing
 
-Contributions are welcome! Please feel free to submit issues, feature requests, or pull requests on the [GitHub repository](https://github.com/warlock-labs/alt-bn128-bls).
+We welcome contributions to Sylow! Whether it's bug reports, feature requests, or code contributions, please feel free
+to engage with the project by submitting issues, feature requests, or pull requests on
+the [GitHub repository](https://github.com/warlock-labs/sylow).
 
 ## License
 
-This project is licensed under the [MIT License](https://choosealicense.com/licenses/mit/).
+This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
 
 ## Contact
 
+This project is maintained by:
+
+- [@trbritt](https://github.com/trbritt) - [[email protected]](mailto:[email protected])
+- [@0xAlcibiades](https://github.com/0xAlcibiades) - [[email protected]](mailto:[email protected])
+- [@merolish](https://github.com/merolish) - [[email protected]](mailto:[email protected])
+
 Warlock Labs - [https://github.com/warlock-labs](https://github.com/warlock-labs)
 
-Project Link: [https://github.com/warlock-labs/alt-bn128-bls](https://github.com/warlock-labs/alt-bn128-bls)
+Project Link: [https://github.com/warlock-labs/sylow](https://github.com/warlock-labs/sylow)