From a7937fa16250948abfbd9217aad29131d06d057e Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 16:14:20 +0200 Subject: [PATCH 01/14] Bump Rust to 1.69.0 --- .github/workflows/Basic.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Basic.yml b/.github/workflows/Basic.yml index 673fac0..3e33ae3 100644 --- a/.github/workflows/Basic.yml +++ b/.github/workflows/Basic.yml @@ -16,7 +16,7 @@ jobs: uses: actions-rs/toolchain@v1 with: profile: minimal - toolchain: 1.60.0 + toolchain: 1.69.0 target: wasm32-unknown-unknown override: true @@ -51,7 +51,7 @@ jobs: uses: actions-rs/toolchain@v1 with: profile: minimal - toolchain: 1.60.0 + toolchain: 1.69.0 target: wasm32-unknown-unknown override: true @@ -78,7 +78,7 @@ jobs: uses: actions-rs/toolchain@v1 with: profile: minimal - toolchain: 1.60.0 + toolchain: 1.69.0 override: true components: rustfmt, clippy From 30871e632df98e8f061eb644074d919d78fde450 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 15:28:58 +0200 Subject: [PATCH 02/14] Add arkworks implementation --- .github/workflows/Basic.yml | 13 +- .vscode/settings.json | 7 + Cargo.lock | 335 +++++++++++++++++++++++++++++++++++- Cargo.toml | 14 +- src/lib.rs | 4 + src/points.rs | 25 +++ src/randomness.rs | 5 +- src/verify.rs | 58 +++---- src/verify_arkworks.rs | 56 ++++++ src/verify_zkcrypro.rs | 42 +++++ 10 files changed, 506 insertions(+), 53 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 src/verify_arkworks.rs create mode 100644 src/verify_zkcrypro.rs diff --git a/.github/workflows/Basic.yml b/.github/workflows/Basic.yml index 3e33ae3..50d8153 100644 --- a/.github/workflows/Basic.yml +++ b/.github/workflows/Basic.yml @@ -8,6 +8,9 @@ jobs: test: name: Build and test runs-on: ubuntu-latest + strategy: + matrix: + bls_lib: [zkcrypto, arkworks] steps: - name: Checkout sources uses: actions/checkout@v2 @@ -20,23 +23,23 @@ jobs: target: wasm32-unknown-unknown override: true - - name: Build default feature + - name: Build uses: actions-rs/cargo@v1 with: command: build - args: --locked + args: --locked --features ${{ matrix.bls_lib }} - - name: Build js feature + - name: Build with js feature uses: actions-rs/cargo@v1 with: command: build - args: --locked --features js + args: --locked --features ${{ matrix.bls_lib }},js - name: Run unit tests uses: actions-rs/cargo@v1 with: command: test - args: --locked + args: --locked --features ${{ matrix.bls_lib }} env: RUST_BACKTRACE: 1 diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..42a6cfd --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,7 @@ +{ + "rust-analyzer.linkedProjects": [ + "./Cargo.toml", + "./Cargo.toml" + ], + "rust-analyzer.cargo.features": ["arkworks"] +} diff --git a/Cargo.lock b/Cargo.lock index cea2307..f0d1b98 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,141 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "ahash" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +dependencies = [ + "cfg-if", + "once_cell", + "version_check", +] + +[[package]] +name = "ark-bls12-381" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c775f0d12169cba7aae4caeb547bb6a50781c7449a8aa53793827c9ec4abf488" +dependencies = [ + "ark-ec", + "ark-ff", + "ark-serialize", + "ark-std", +] + +[[package]] +name = "ark-ec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "defd9a439d56ac24968cca0571f598a61bc8c55f71d50a89cda591cb750670ba" +dependencies = [ + "ark-ff", + "ark-poly", + "ark-serialize", + "ark-std", + "derivative", + "hashbrown", + "itertools", + "num-traits", + "zeroize", +] + +[[package]] +name = "ark-ff" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec847af850f44ad29048935519032c33da8aa03340876d351dfab5660d2966ba" +dependencies = [ + "ark-ff-asm", + "ark-ff-macros", + "ark-serialize", + "ark-std", + "derivative", + "digest 0.10.7", + "itertools", + "num-bigint", + "num-traits", + "paste", + "rustc_version", + "zeroize", +] + +[[package]] +name = "ark-ff-asm" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ed4aa4fe255d0bc6d79373f7e31d2ea147bcf486cba1be5ba7ea85abdb92348" +dependencies = [ + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-ff-macros" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7abe79b0e4288889c4574159ab790824d0033b9fdcb2a112a3182fac2e514565" +dependencies = [ + "num-bigint", + "num-traits", + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-poly" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d320bfc44ee185d899ccbadfa8bc31aab923ce1558716e1997a1e74057fe86bf" +dependencies = [ + "ark-ff", + "ark-serialize", + "ark-std", + "derivative", + "hashbrown", +] + +[[package]] +name = "ark-serialize" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "adb7b85a02b83d2f22f89bd5cac66c9c89474240cb6207cb1efc16d098e822a5" +dependencies = [ + "ark-serialize-derive", + "ark-std", + "digest 0.10.7", + "num-bigint", +] + +[[package]] +name = "ark-serialize-derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae3281bc6d0fd7e549af32b52511e1302185bd688fd3359fa36423346ff682ea" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-std" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94893f1e0c6eeab764ade8dc4c0db24caf4fe7cbbaafc0eba0a9030f447b5185" +dependencies = [ + "num-traits", + "rand", +] + +[[package]] +name = "autocfg" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + [[package]] name = "bitvec" version = "1.0.1" @@ -23,13 +158,22 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + [[package]] name = "bls12_381" version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7bc6d6292be3a19e6379786dac800f551e5865a5bb51ebbe3064ab80433f403" dependencies = [ - "digest", + "digest 0.9.0", "ff", "group", "pairing", @@ -58,6 +202,27 @@ dependencies = [ "libc", ] +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "derivative" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + [[package]] name = "digest" version = "0.9.0" @@ -67,18 +232,39 @@ dependencies = [ "generic-array", ] +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer 0.10.4", + "crypto-common", +] + [[package]] name = "drand-verify" version = "0.6.1" dependencies = [ + "ark-bls12-381", + "ark-ec", + "ark-ff", + "ark-serialize", "bls12_381", "hex", "hex-literal", "pairing", - "sha2", + "sha2 0.10.7", + "sha2 0.9.9", "wasm-bindgen", ] +[[package]] +name = "either" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" + [[package]] name = "ff" version = "0.13.0" @@ -117,6 +303,15 @@ dependencies = [ "subtle", ] +[[package]] +name = "hashbrown" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" +dependencies = [ + "ahash", +] + [[package]] name = "hex" version = "0.4.3" @@ -129,6 +324,15 @@ version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ebdb29d2ea9ed0083cd8cece49bbd968021bd99b0849edb4a9a7ee0fdf6a4e0" +[[package]] +name = "itertools" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" +dependencies = [ + "either", +] + [[package]] name = "libc" version = "0.2.147" @@ -141,6 +345,36 @@ version = "0.4.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4" +[[package]] +name = "num-bigint" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-integer" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +dependencies = [ + "autocfg", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2" +dependencies = [ + "autocfg", +] + [[package]] name = "once_cell" version = "1.18.0" @@ -162,6 +396,18 @@ dependencies = [ "group", ] +[[package]] +name = "paste" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + [[package]] name = "proc-macro2" version = "1.0.66" @@ -186,31 +432,88 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09" +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + [[package]] name = "rand_core" version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +[[package]] +name = "rustc_version" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +dependencies = [ + "semver", +] + +[[package]] +name = "semver" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918" + [[package]] name = "sha2" version = "0.9.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" dependencies = [ - "block-buffer", + "block-buffer 0.9.0", "cfg-if", "cpufeatures", - "digest", + "digest 0.9.0", "opaque-debug", ] +[[package]] +name = "sha2" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.10.7", +] + [[package]] name = "subtle" version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + [[package]] name = "syn" version = "2.0.26" @@ -267,7 +570,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn", + "syn 2.0.26", "wasm-bindgen-shared", ] @@ -289,7 +592,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.26", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -308,3 +611,23 @@ checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed" dependencies = [ "tap", ] + +[[package]] +name = "zeroize" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.26", +] diff --git a/Cargo.toml b/Cargo.toml index 96d6f21..5098ca1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,11 +12,19 @@ crate-type = ["cdylib", "rlib"] [features] js = ["hex", "wasm-bindgen"] +arkworks = ["ark-bls12-381", "ark-ec", "ark-ff", "ark-serialize", "sha2_v10"] +zkcrypto = ["pairing", "bls12_381", "sha2_v9"] +default = ["zkcrypto"] [dependencies] -pairing = "0.23.0" -bls12_381 = { version = "0.8.0", features = ["experimental"] } -sha2 = "0.9.1" # Must be compatible with bls12_381, see https://github.com/zkcrypto/bls12_381/issues/102 +ark-bls12-381 = { version = "0.4.0", optional = true } +ark-ec = { version = "0.4.2", optional = true } +ark-ff = { version = "0.4.2", optional = true } +ark-serialize = { version = "0.4.2", optional = true } +pairing = { version = "0.23.0", optional = true } +bls12_381 = { version = "0.8.0", features = ["experimental"], optional = true } +sha2_v9 = { package = "sha2", version = "0.9.1", optional = true } # Must be compatible with bls12_381, see https://github.com/zkcrypto/bls12_381/issues/102 +sha2_v10 = { package = "sha2", version = "0.10.6", optional = true } hex = { version = "0.4", optional = true } wasm-bindgen = { version = "0.2.83", optional = true } diff --git a/src/lib.rs b/src/lib.rs index 3478014..a76d599 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,8 +1,12 @@ mod points; mod randomness; mod verify; +#[cfg(feature = "arkworks")] +mod verify_arkworks; #[cfg(feature = "js")] mod verify_js; +#[cfg(not(feature = "arkworks"))] +mod verify_zkcrypro; pub use points::InvalidPoint; pub use randomness::derive_randomness; diff --git a/src/points.rs b/src/points.rs index 1877127..154d21c 100644 --- a/src/points.rs +++ b/src/points.rs @@ -1,5 +1,10 @@ use std::fmt; +#[cfg(feature = "arkworks")] +use ark_bls12_381::{G1Affine, G2Affine}; +#[cfg(feature = "arkworks")] +use ark_serialize::CanonicalDeserialize; +#[cfg(not(feature = "arkworks"))] use bls12_381::{G1Affine, G2Affine}; #[derive(Debug)] @@ -48,22 +53,42 @@ pub fn g2_from_variable(data: &[u8]) -> Result { } pub fn g1_from_fixed(data: [u8; 48]) -> Result { + #[cfg(feature = "arkworks")] + { + G1Affine::deserialize_compressed(&data[..]).map_err(|_| InvalidPoint::DecodingError {}) + } + #[cfg(not(feature = "arkworks"))] Option::from(G1Affine::from_compressed(&data)).ok_or(InvalidPoint::DecodingError {}) } /// Like [`g1_from_fixed`] without guaranteeing that the encoding represents a valid element. /// Only use this when you know for sure the encoding is correct. pub fn g1_from_fixed_unchecked(data: [u8; 48]) -> Result { + #[cfg(feature = "arkworks")] + { + G1Affine::deserialize_compressed(&data[..]).map_err(|_| InvalidPoint::DecodingError {}) + } + #[cfg(not(feature = "arkworks"))] Option::from(G1Affine::from_compressed_unchecked(&data)).ok_or(InvalidPoint::DecodingError {}) } pub fn g2_from_fixed(data: [u8; 96]) -> Result { + #[cfg(feature = "arkworks")] + { + G2Affine::deserialize_compressed(&data[..]).map_err(|_| InvalidPoint::DecodingError {}) + } + #[cfg(not(feature = "arkworks"))] Option::from(G2Affine::from_compressed(&data)).ok_or(InvalidPoint::DecodingError {}) } /// Like [`g2_from_fixed`] without guaranteeing that the encoding represents a valid element. /// Only use this when you know for sure the encoding is correct. pub fn g2_from_fixed_unchecked(data: [u8; 96]) -> Result { + #[cfg(feature = "arkworks")] + { + G2Affine::deserialize_compressed(&data[..]).map_err(|_| InvalidPoint::DecodingError {}) + } + #[cfg(not(feature = "arkworks"))] Option::from(G2Affine::from_compressed_unchecked(&data)).ok_or(InvalidPoint::DecodingError {}) } diff --git a/src/randomness.rs b/src/randomness.rs index 59a6e13..7136132 100644 --- a/src/randomness.rs +++ b/src/randomness.rs @@ -1,4 +1,7 @@ -use sha2::{Digest, Sha256}; +#[cfg(feature = "arkworks")] +use sha2_v10::{Digest, Sha256}; +#[cfg(not(feature = "arkworks"))] +use sha2_v9::{Digest, Sha256}; /// Derives a 32 byte randomness from the beacon's signature pub fn derive_randomness(signature: &[u8]) -> [u8; 32] { diff --git a/src/verify.rs b/src/verify.rs index f2e7094..2049c36 100644 --- a/src/verify.rs +++ b/src/verify.rs @@ -1,12 +1,20 @@ -use bls12_381::{ - hash_to_curve::{ExpandMsgXmd, HashToCurve}, - Bls12, G1Affine, G1Projective, G2Affine, G2Prepared, G2Projective, -}; -use pairing::{group::Group, MultiMillerLoop}; -use sha2::{Digest, Sha256}; use std::error::Error; use std::fmt; +#[cfg(feature = "arkworks")] +use crate::verify_arkworks::*; +#[cfg(not(feature = "arkworks"))] +use crate::verify_zkcrypro::*; +#[cfg(feature = "arkworks")] +use sha2_v10::{Digest, Sha256}; +#[cfg(not(feature = "arkworks"))] +use sha2_v9::{Digest, Sha256}; + +#[cfg(feature = "arkworks")] +use ark_bls12_381::{G1Affine, G2Affine}; +#[cfg(not(feature = "arkworks"))] +use bls12_381::{G1Affine, G2Affine}; + use crate::points::{ g1_from_fixed, g1_from_fixed_unchecked, g1_from_variable, g2_from_fixed, g2_from_fixed_unchecked, g2_from_variable, InvalidPoint, @@ -73,9 +81,7 @@ impl Pubkey for G1Pubkey { type Other = G2; fn msg_to_curve(msg: &[u8]) -> Self::Other { - let g: G2Projective = - HashToCurve::>::hash_to_curve(msg, DOMAIN_HASH_TO_G2); - G2(g.into()) + G2(hash_to_curve_g2(msg, DOMAIN_HASH_TO_G2)) } fn from_fixed(data: [u8; 48]) -> Result { @@ -97,7 +103,7 @@ impl Pubkey for G1Pubkey { signature: &[u8], msg_on_curve: &Self::Other, ) -> Result { - let g1 = G1Affine::generator(); + let g1 = g1_generator(); let sigma = match g2_from_variable(signature) { Ok(sigma) => sigma, Err(err) => { @@ -123,9 +129,7 @@ impl Pubkey for G2Pubkey { fn msg_to_curve(msg: &[u8]) -> Self::Other { // The usage of DOMAIN_HASH_TO_G2 here is needed to be compatible to a bug in drand's fastnet. // See https://github.com/noislabs/drand-verify/pull/22 for more information about that topic. - let g: G1Projective = - HashToCurve::>::hash_to_curve(msg, DOMAIN_HASH_TO_G2); - G1(g.into()) + G1(hash_to_curve_g1(msg, DOMAIN_HASH_TO_G2)) } fn from_fixed(data: [u8; 96]) -> Result { @@ -147,7 +151,7 @@ impl Pubkey for G2Pubkey { signature: &[u8], msg_on_curve: &Self::Other, ) -> Result { - let g2 = G2Affine::generator(); + let g2 = g2_generator(); let sigma = match g1_from_variable(signature) { Ok(sigma) => sigma, Err(err) => { @@ -171,9 +175,7 @@ impl Pubkey for G2PubkeyRfc { type Other = G1; fn msg_to_curve(msg: &[u8]) -> Self::Other { - let g: G1Projective = - HashToCurve::>::hash_to_curve(msg, DOMAIN_HASH_TO_G1); - G1(g.into()) + G1(hash_to_curve_g1(msg, DOMAIN_HASH_TO_G1)) } fn from_fixed(data: [u8; 96]) -> Result { @@ -195,7 +197,7 @@ impl Pubkey for G2PubkeyRfc { signature: &[u8], msg_on_curve: &Self::Other, ) -> Result { - let g2 = G2Affine::generator(); + let g2 = g2_generator(); let sigma = match g1_from_variable(signature) { Ok(sigma) => sigma, Err(err) => { @@ -227,26 +229,6 @@ impl fmt::Display for VerificationError { impl Error for VerificationError {} -/// Checks if e(p, q) == e(r, s) -/// -/// See https://hackmd.io/@benjaminion/bls12-381#Final-exponentiation. -/// -/// Optimized by this trick: -/// Instead of doing e(a,b) (in G2) multiplied by e(-c,d) (in G2) -/// (which is costly is to multiply in G2 because these are very big numbers) -/// we can do FinalExponentiation(MillerLoop( [a,b], [-c,d] )) which is the same -/// in an optimized way. -fn fast_pairing_equality(p: &G1Affine, q: &G2Affine, r: &G1Affine, s: &G2Affine) -> bool { - let minus_p = -p; - // "some number of (G1, G2) pairs" are the inputs of the miller loop - let pair1 = (&minus_p, &G2Prepared::from(*q)); - let pair2 = (r, &G2Prepared::from(*s)); - let looped = Bls12::multi_miller_loop(&[pair1, pair2]); - // let looped = Bls12::miller_loop([&pair1, &pair2]); - let value = looped.final_exponentiation(); - value.is_identity().into() -} - fn message(current_round: u64, prev_sig: &[u8]) -> Vec { let mut hasher = Sha256::default(); hasher.update(prev_sig); diff --git a/src/verify_arkworks.rs b/src/verify_arkworks.rs new file mode 100644 index 0000000..f52f1fd --- /dev/null +++ b/src/verify_arkworks.rs @@ -0,0 +1,56 @@ +use ark_bls12_381::{g1, g2, G1Affine, G2Affine}; +use ark_ec::{ + bls12::Bls12, + hashing::{curve_maps::wb::WBMap, map_to_curve_hasher::MapToCurveBasedHasher, HashToCurve}, + models::short_weierstrass, + pairing::Pairing, + AffineRepr, +}; +use ark_ff::{field_hashers::DefaultFieldHasher, Zero}; +use sha2_v10::Sha256; +use std::ops::Neg; + +pub fn hash_to_curve_g1(msg: &[u8], dst: &[u8]) -> G1Affine { + let mapper = MapToCurveBasedHasher::< + short_weierstrass::Projective, + DefaultFieldHasher, + WBMap, + >::new(dst) + .expect("cannot initialise mapper for sha2 to BLS12-381 G1"); + mapper.hash(msg).expect("hash cannot be mapped to G1") +} + +pub fn hash_to_curve_g2(msg: &[u8], dst: &[u8]) -> G2Affine { + let mapper = MapToCurveBasedHasher::< + short_weierstrass::Projective, + DefaultFieldHasher, + WBMap, + >::new(dst) + .expect("cannot initialise mapper for sha2 to BLS12-381 G2"); + mapper.hash(msg).expect("hash cannot be mapped to G2") +} + +/// Checks if e(p, q) == e(r, s) +/// +/// See https://hackmd.io/@benjaminion/bls12-381#Final-exponentiation. +/// +/// Optimized by this trick: +/// Instead of doing e(a,b) (in G2) multiplied by e(-c,d) (in G2) +/// (which is costly is to multiply in G2 because these are very big numbers) +/// we can do FinalExponentiation(MillerLoop( [a,b], [-c,d] )) which is the same +/// in an optimized way. +pub fn fast_pairing_equality(p: &G1Affine, q: &G2Affine, r: &G1Affine, s: &G2Affine) -> bool { + let minus_p = p.neg(); + // "some number of (G1, G2) pairs" are the inputs of the miller loop + let looped = Bls12::::multi_miller_loop([minus_p, *r], [*q, *s]); + let value = Bls12::final_exponentiation(looped); + value.unwrap().is_zero() +} + +pub fn g1_generator() -> G1Affine { + G1Affine::generator() +} + +pub fn g2_generator() -> G2Affine { + G2Affine::generator() +} diff --git a/src/verify_zkcrypro.rs b/src/verify_zkcrypro.rs new file mode 100644 index 0000000..839726e --- /dev/null +++ b/src/verify_zkcrypro.rs @@ -0,0 +1,42 @@ +use bls12_381::hash_to_curve::{ExpandMsgXmd, HashToCurve}; +use bls12_381::{Bls12, G1Affine, G1Projective, G2Affine, G2Prepared, G2Projective}; +use pairing::{group::Group, MultiMillerLoop}; +use sha2_v9::Sha256; + +pub fn hash_to_curve_g1(msg: &[u8], dst: &[u8]) -> G1Affine { + let g: G1Projective = HashToCurve::>::hash_to_curve(msg, dst); + g.into() +} + +pub fn hash_to_curve_g2(msg: &[u8], dst: &[u8]) -> G2Affine { + let g: G2Projective = HashToCurve::>::hash_to_curve(msg, dst); + g.into() +} + +/// Checks if e(p, q) == e(r, s) +/// +/// See https://hackmd.io/@benjaminion/bls12-381#Final-exponentiation. +/// +/// Optimized by this trick: +/// Instead of doing e(a,b) (in G2) multiplied by e(-c,d) (in G2) +/// (which is costly is to multiply in G2 because these are very big numbers) +/// we can do FinalExponentiation(MillerLoop( [a,b], [-c,d] )) which is the same +/// in an optimized way. +pub fn fast_pairing_equality(p: &G1Affine, q: &G2Affine, r: &G1Affine, s: &G2Affine) -> bool { + let minus_p = -p; + // "some number of (G1, G2) pairs" are the inputs of the miller loop + let pair1 = (&minus_p, &G2Prepared::from(*q)); + let pair2 = (r, &G2Prepared::from(*s)); + let looped = Bls12::multi_miller_loop(&[pair1, pair2]); + // let looped = Bls12::miller_loop([&pair1, &pair2]); + let value = looped.final_exponentiation(); + value.is_identity().into() +} + +pub fn g1_generator() -> G1Affine { + G1Affine::generator() +} + +pub fn g2_generator() -> G2Affine { + G2Affine::generator() +} From 915da1b335479e971485e5cbbe4afc9d4142ded7 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 15:47:08 +0200 Subject: [PATCH 03/14] Improve and document benchmarking --- README.md | 22 ++++++++++++++++++++++ benches/verify.rs | 22 ++++++++++++++++++++-- 2 files changed, 42 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2c3696c..dee09de 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,28 @@ $ ls ./pkg for browsers. Please refer to the wasm-bindgen handbook [to learn more about targets](https://rustwasm.github.io/docs/wasm-bindgen/reference/deployment.html). +## Benchmarks + +We benchmark a single drand beacon verification for various networks. Running the benchmarks: + +```sh +# default features (currently zkcrypto) +cargo +nightly bench bench_ + +# Using zkcrypto +cargo +nightly bench bench_ --no-default-features --features zkcrypto + +# Using arkworks +cargo +nightly bench bench_ --no-default-features --features arkworks +``` + +Results on an Apple M1 Pro with Rust 1.72.0-nightly: + +| BLS implementation | Classic mainnet | Fastnet | +| ------------------ | --------------- | -------- | +| zkcrypto | 1.958 ms | 1.489 ms | +| arkworks | 1.748 ms | 1.452 ms | + ## License Apache 2.0, see [LICENSE](./LICENSE) and [NOTICE](./NOTICE) diff --git a/benches/verify.rs b/benches/verify.rs index 8c26440..637bf84 100644 --- a/benches/verify.rs +++ b/benches/verify.rs @@ -2,14 +2,18 @@ extern crate test; -use drand_verify::{G1Pubkey, Pubkey}; +use drand_verify::{G1Pubkey, G2Pubkey, Pubkey}; use hex_literal::hex; /// Public key League of Entropy Mainnet (curl -sS https://drand.cloudflare.com/info) const PK_LEO_MAINNET: [u8; 48] = hex!("868f005eb8e6e4ca0a47c8a77ceaa5309a47978a7c71bc5cce96366b5d7a569937c529eeda66c7293784a9402801af31"); +// Fastnet is the unchained 3s mainnet launched Mar 1st, 2023 +// https://api3.drand.sh/dbd506d6ef76e5f386f41c651dcb808c5bcbd75471cc4eafa3f4df7ad4e4c493/info +const PK_FASTNET: [u8; 96] = hex!("a0b862a7527fee3a731bcb59280ab6abd62d5c0b6ea03dc4ddf6612fdfc9d01f01c31542541771903475eb1ec6615f8d0df0b8b6dce385811d6dcf8cbefb8759e5e616a3dfd054c928940766d9a5b9db91e3b697e5d70a975181e007f87fca5e"); + #[bench] -fn bench_verify(b: &mut ::test::Bencher) { +fn bench_verify_classic_mainnet(b: &mut ::test::Bencher) { let pk = G1Pubkey::from_fixed(PK_LEO_MAINNET).unwrap(); // curl -sS https://drand.cloudflare.com/public/72785 @@ -22,3 +26,17 @@ fn bench_verify(b: &mut ::test::Bencher) { result }); } + +#[bench] +fn bench_verify_fastnet(b: &mut ::test::Bencher) { + let pk = G2Pubkey::from_fixed(PK_FASTNET).unwrap(); + + // curl -sS https://drand.cloudflare.com/dbd506d6ef76e5f386f41c651dcb808c5bcbd75471cc4eafa3f4df7ad4e4c493/public/72785 + let signature = hex::decode("83f2bcb12b772602f27a1ad130a33781014ac73e82098580e934a5b5e4ad57ceff27ad22fd6344b33af9675e0d0b5e27").unwrap(); + let round: u64 = 72785; + + b.iter(|| { + let result = pk.verify(round, &[], &signature).unwrap(); + result + }); +} From 15950f6b140f0c08624165b93d8f87b90d023983 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 15:50:50 +0200 Subject: [PATCH 04/14] Remove unnecessary vector allocation --- README.md | 4 ++-- src/verify.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index dee09de..f2d6811 100644 --- a/README.md +++ b/README.md @@ -113,8 +113,8 @@ Results on an Apple M1 Pro with Rust 1.72.0-nightly: | BLS implementation | Classic mainnet | Fastnet | | ------------------ | --------------- | -------- | -| zkcrypto | 1.958 ms | 1.489 ms | -| arkworks | 1.748 ms | 1.452 ms | +| zkcrypto | 1.956 ms | 1.489 ms | +| arkworks | 1.714 ms | 1.425 ms | ## License diff --git a/src/verify.rs b/src/verify.rs index 2049c36..da8539e 100644 --- a/src/verify.rs +++ b/src/verify.rs @@ -229,11 +229,11 @@ impl fmt::Display for VerificationError { impl Error for VerificationError {} -fn message(current_round: u64, prev_sig: &[u8]) -> Vec { +fn message(current_round: u64, prev_sig: &[u8]) -> [u8; 32] { let mut hasher = Sha256::default(); hasher.update(prev_sig); hasher.update(round_to_bytes(current_round)); - hasher.finalize().to_vec() + hasher.finalize().into() } /// https://github.com/drand/drand-client/blob/master/wasm/chain/verify.go#L28-L33 From cfb2ccdb419107ac8f7b9aa50d04747e704bbf3c Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 16:04:08 +0200 Subject: [PATCH 05/14] Add arkworks-asm --- .github/workflows/Basic.yml | 2 +- Cargo.toml | 1 + README.md | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Basic.yml b/.github/workflows/Basic.yml index 50d8153..7b87431 100644 --- a/.github/workflows/Basic.yml +++ b/.github/workflows/Basic.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - bls_lib: [zkcrypto, arkworks] + bls_lib: [zkcrypto, arkworks, arkworks-asm] steps: - name: Checkout sources uses: actions/checkout@v2 diff --git a/Cargo.toml b/Cargo.toml index 5098ca1..c404e93 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,6 +13,7 @@ crate-type = ["cdylib", "rlib"] [features] js = ["hex", "wasm-bindgen"] arkworks = ["ark-bls12-381", "ark-ec", "ark-ff", "ark-serialize", "sha2_v10"] +arkworks-asm = ["arkworks", "ark-ff/asm"] zkcrypto = ["pairing", "bls12_381", "sha2_v9"] default = ["zkcrypto"] diff --git a/README.md b/README.md index f2d6811..0d39e7e 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,9 @@ cargo +nightly bench bench_ --no-default-features --features zkcrypto # Using arkworks cargo +nightly bench bench_ --no-default-features --features arkworks + +# Using arkworks(+asm) (see https://hackmd.io/@gnark/eccbench) +RUSTFLAGS="-C target-feature=+bmi2,+adx" cargo +nightly bench bench_ --no-default-features --features arkworks-asm ``` Results on an Apple M1 Pro with Rust 1.72.0-nightly: @@ -115,6 +118,7 @@ Results on an Apple M1 Pro with Rust 1.72.0-nightly: | ------------------ | --------------- | -------- | | zkcrypto | 1.956 ms | 1.489 ms | | arkworks | 1.714 ms | 1.425 ms | +| arkworks(+asm) | 1.712 ms | 1.424 ms | ## License From d7b99202fd99ffb8fe16a4d05dea9a86e8bf1aeb Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 16:23:54 +0200 Subject: [PATCH 06/14] Rename point to p --- src/verify_zkcrypro.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/verify_zkcrypro.rs b/src/verify_zkcrypro.rs index 839726e..731ef07 100644 --- a/src/verify_zkcrypro.rs +++ b/src/verify_zkcrypro.rs @@ -4,13 +4,13 @@ use pairing::{group::Group, MultiMillerLoop}; use sha2_v9::Sha256; pub fn hash_to_curve_g1(msg: &[u8], dst: &[u8]) -> G1Affine { - let g: G1Projective = HashToCurve::>::hash_to_curve(msg, dst); - g.into() + let p: G1Projective = HashToCurve::>::hash_to_curve(msg, dst); + p.into() } pub fn hash_to_curve_g2(msg: &[u8], dst: &[u8]) -> G2Affine { - let g: G2Projective = HashToCurve::>::hash_to_curve(msg, dst); - g.into() + let p: G2Projective = HashToCurve::>::hash_to_curve(msg, dst); + p.into() } /// Checks if e(p, q) == e(r, s) From f45db3426bb207a6f7074da742a8268bbbf19151 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 16:40:35 +0200 Subject: [PATCH 07/14] Add benchmarks --- .github/workflows/Basic.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.github/workflows/Basic.yml b/.github/workflows/Basic.yml index 7b87431..51a8471 100644 --- a/.github/workflows/Basic.yml +++ b/.github/workflows/Basic.yml @@ -11,6 +11,9 @@ jobs: strategy: matrix: bls_lib: [zkcrypto, arkworks, arkworks-asm] + include: + - bls_lib: arkworks-asm + rustflags: RUSTFLAGS="-C target-feature=+bmi2,+adx" steps: - name: Checkout sources uses: actions/checkout@v2 @@ -43,6 +46,32 @@ jobs: env: RUST_BACKTRACE: 1 + bench: + name: Benchmarks + runs-on: ubuntu-latest + strategy: + matrix: + bls_lib: [zkcrypto, arkworks, arkworks-asm] + steps: + - name: Checkout sources + uses: actions/checkout@v2 + + - name: Install nightly toolchain + uses: actions-rs/toolchain@v1 + with: + toolchain: nightly + profile: minimal + + - name: Set RUSTFLAGS + if: ${{ matrix.rustflags }} + run: echo ${{ matrix.rustflags }} >> $GITHUB_ENV + + - name: Run Benchmarks + uses: actions-rs/cargo@v1 + with: + command: bench + args: bench_ --no-default-features --features ${{ matrix.bls_lib }} + examples: name: Build and run examples runs-on: ubuntu-latest From 75960d9081041366796ca5b0bee0ec3615a6da61 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 16:51:57 +0200 Subject: [PATCH 08/14] Set installed toolchain as default --- .github/workflows/Basic.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/Basic.yml b/.github/workflows/Basic.yml index 51a8471..9d81487 100644 --- a/.github/workflows/Basic.yml +++ b/.github/workflows/Basic.yml @@ -21,10 +21,10 @@ jobs: - name: Install stable toolchain uses: actions-rs/toolchain@v1 with: - profile: minimal toolchain: 1.69.0 + profile: minimal target: wasm32-unknown-unknown - override: true + default: true - name: Build uses: actions-rs/cargo@v1 @@ -61,6 +61,7 @@ jobs: with: toolchain: nightly profile: minimal + default: true - name: Set RUSTFLAGS if: ${{ matrix.rustflags }} @@ -82,10 +83,10 @@ jobs: - name: Install stable toolchain uses: actions-rs/toolchain@v1 with: - profile: minimal toolchain: 1.69.0 + profile: minimal target: wasm32-unknown-unknown - override: true + default: true - name: Build all uses: actions-rs/cargo@v1 @@ -109,10 +110,10 @@ jobs: - name: Install stable toolchain uses: actions-rs/toolchain@v1 with: - profile: minimal toolchain: 1.69.0 - override: true + profile: minimal components: rustfmt, clippy + default: true - name: Run cargo fmt uses: actions-rs/cargo@v1 From b9a59c91f4c48c71c0a1d122f55b5518483c9914 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 16:46:24 +0200 Subject: [PATCH 09/14] Add Wasm build --- .github/workflows/Basic.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/Basic.yml b/.github/workflows/Basic.yml index 9d81487..7f6d17b 100644 --- a/.github/workflows/Basic.yml +++ b/.github/workflows/Basic.yml @@ -38,6 +38,12 @@ jobs: command: build args: --locked --features ${{ matrix.bls_lib }},js + - name: Build Wasm + uses: actions-rs/cargo@v1 + with: + command: build + args: --locked --lib --target wasm32-unknown-unknown --features ${{ matrix.bls_lib }} + - name: Run unit tests uses: actions-rs/cargo@v1 with: From 9d253657bddc778584d34d9478bfb5346c2282f9 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 16:49:45 +0200 Subject: [PATCH 10/14] Reduce number of GitHub Actions jobs --- .github/workflows/Basic.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Basic.yml b/.github/workflows/Basic.yml index 7f6d17b..b5b5c84 100644 --- a/.github/workflows/Basic.yml +++ b/.github/workflows/Basic.yml @@ -1,6 +1,11 @@ # Based on https://github.com/actions-rs/example/blob/master/.github/workflows/quickstart.yml -on: [push, pull_request] +# Pushes to long living branches and all PRs +on: + push: + branches: + - main + pull_request: name: Basic From ef31046d4ed201c01836206bd7690035e4fc3b59 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 16:58:37 +0200 Subject: [PATCH 11/14] Fix include statement --- .github/workflows/Basic.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Basic.yml b/.github/workflows/Basic.yml index b5b5c84..dd8d0e7 100644 --- a/.github/workflows/Basic.yml +++ b/.github/workflows/Basic.yml @@ -16,9 +16,6 @@ jobs: strategy: matrix: bls_lib: [zkcrypto, arkworks, arkworks-asm] - include: - - bls_lib: arkworks-asm - rustflags: RUSTFLAGS="-C target-feature=+bmi2,+adx" steps: - name: Checkout sources uses: actions/checkout@v2 @@ -63,6 +60,9 @@ jobs: strategy: matrix: bls_lib: [zkcrypto, arkworks, arkworks-asm] + include: + - bls_lib: arkworks-asm + rustflags: RUSTFLAGS="-C target-feature=+bmi2,+adx" steps: - name: Checkout sources uses: actions/checkout@v2 From b05b11f52bf09de8eaed896e30b685fedd694c90 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 17:06:16 +0200 Subject: [PATCH 12/14] Update README --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d39e7e..037d0c3 100644 --- a/README.md +++ b/README.md @@ -14,10 +14,11 @@ This can be used by other crates or be compiled to a Wasm blob (< 500 kilobytes) - G1/G2 swap ✅ - API does not expose types of the BLS implementation ✅ - Supports [quicknet] ([bls-unchained-g1-rfc9380]) ✅ +- Multiple BLS12-381 implementations: zkcrypto (default), arkworks ✅ Next up: -- Add alternative BLS12-381 implementation (especially [blst](https://github.com/supranational/blst)) +- Add [blst](https://github.com/supranational/blst) support The following things are intentionally unsupported: From 1b8919d0f265127264ed3a221955647d0730fd09 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 1 Aug 2023 17:09:48 +0200 Subject: [PATCH 13/14] Move g1_generator/g2_generator to points --- src/points.rs | 16 ++++++++++++++++ src/verify.rs | 4 ++-- src/verify_arkworks.rs | 9 --------- src/verify_zkcrypro.rs | 8 -------- 4 files changed, 18 insertions(+), 19 deletions(-) diff --git a/src/points.rs b/src/points.rs index 154d21c..e35cccb 100644 --- a/src/points.rs +++ b/src/points.rs @@ -92,6 +92,22 @@ pub fn g2_from_fixed_unchecked(data: [u8; 96]) -> Result Option::from(G2Affine::from_compressed_unchecked(&data)).ok_or(InvalidPoint::DecodingError {}) } +/// Constructs a generator in G1 +#[inline] +pub fn g1_generator() -> G1Affine { + #[cfg(feature = "arkworks")] + use ark_ec::AffineRepr; + G1Affine::generator() +} + +/// Constructs a generator in G2 +#[inline] +pub fn g2_generator() -> G2Affine { + #[cfg(feature = "arkworks")] + use ark_ec::AffineRepr; + G2Affine::generator() +} + #[cfg(test)] mod tests { use super::*; diff --git a/src/verify.rs b/src/verify.rs index da8539e..923608f 100644 --- a/src/verify.rs +++ b/src/verify.rs @@ -16,8 +16,8 @@ use ark_bls12_381::{G1Affine, G2Affine}; use bls12_381::{G1Affine, G2Affine}; use crate::points::{ - g1_from_fixed, g1_from_fixed_unchecked, g1_from_variable, g2_from_fixed, - g2_from_fixed_unchecked, g2_from_variable, InvalidPoint, + g1_from_fixed, g1_from_fixed_unchecked, g1_from_variable, g1_generator, g2_from_fixed, + g2_from_fixed_unchecked, g2_from_variable, g2_generator, InvalidPoint, }; // See https://github.com/drand/kyber-bls12381/issues/22 and diff --git a/src/verify_arkworks.rs b/src/verify_arkworks.rs index f52f1fd..46bd8d5 100644 --- a/src/verify_arkworks.rs +++ b/src/verify_arkworks.rs @@ -4,7 +4,6 @@ use ark_ec::{ hashing::{curve_maps::wb::WBMap, map_to_curve_hasher::MapToCurveBasedHasher, HashToCurve}, models::short_weierstrass, pairing::Pairing, - AffineRepr, }; use ark_ff::{field_hashers::DefaultFieldHasher, Zero}; use sha2_v10::Sha256; @@ -46,11 +45,3 @@ pub fn fast_pairing_equality(p: &G1Affine, q: &G2Affine, r: &G1Affine, s: &G2Aff let value = Bls12::final_exponentiation(looped); value.unwrap().is_zero() } - -pub fn g1_generator() -> G1Affine { - G1Affine::generator() -} - -pub fn g2_generator() -> G2Affine { - G2Affine::generator() -} diff --git a/src/verify_zkcrypro.rs b/src/verify_zkcrypro.rs index 731ef07..775096f 100644 --- a/src/verify_zkcrypro.rs +++ b/src/verify_zkcrypro.rs @@ -32,11 +32,3 @@ pub fn fast_pairing_equality(p: &G1Affine, q: &G2Affine, r: &G1Affine, s: &G2Aff let value = looped.final_exponentiation(); value.is_identity().into() } - -pub fn g1_generator() -> G1Affine { - G1Affine::generator() -} - -pub fn g2_generator() -> G2Affine { - G2Affine::generator() -} From d4e59687a38fa16a32b0badf70bb6966b895eac1 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Wed, 2 Aug 2023 09:45:25 +0200 Subject: [PATCH 14/14] Rename to hasher --- src/verify_arkworks.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/verify_arkworks.rs b/src/verify_arkworks.rs index 46bd8d5..770bf73 100644 --- a/src/verify_arkworks.rs +++ b/src/verify_arkworks.rs @@ -10,23 +10,23 @@ use sha2_v10::Sha256; use std::ops::Neg; pub fn hash_to_curve_g1(msg: &[u8], dst: &[u8]) -> G1Affine { - let mapper = MapToCurveBasedHasher::< + let hasher = MapToCurveBasedHasher::< short_weierstrass::Projective, DefaultFieldHasher, WBMap, >::new(dst) - .expect("cannot initialise mapper for sha2 to BLS12-381 G1"); - mapper.hash(msg).expect("hash cannot be mapped to G1") + .expect("Creating BLS12-381 (G1) hasher failed"); + hasher.hash(msg).expect("hash cannot be mapped to G1") } pub fn hash_to_curve_g2(msg: &[u8], dst: &[u8]) -> G2Affine { - let mapper = MapToCurveBasedHasher::< + let hasher = MapToCurveBasedHasher::< short_weierstrass::Projective, DefaultFieldHasher, WBMap, >::new(dst) - .expect("cannot initialise mapper for sha2 to BLS12-381 G2"); - mapper.hash(msg).expect("hash cannot be mapped to G2") + .expect("Creating BLS12-381 (G2) hasher failed"); + hasher.hash(msg).expect("hash cannot be mapped to G2") } /// Checks if e(p, q) == e(r, s)