Update blst to official crate and incorporate subgroup changes (#1979)
## Issue Addressed Move to latest official version of blst (v0.3.1). Incorporate all the subgroup check API changes. ## Proposed Changes Update Cargo.toml to use official blst crate 0.3.1 Modifications to blst.rs wrapper for subgroup check API changes ## Additional Info The overall subgroup check methodology is public keys should be check for validity using key_validate() at time of first seeing them. This will check for infinity and in group. Those keys can then be cached for future usage. All calls into blst set the pk_validate boolean to false to indicate there is no need for on the fly checking of public keys in the library. Additionally the public keys are supposed to be validated for proof of possession outside of blst. For signatures the subgroup check can be done at time of deserialization, prior to being used in aggregation or verification, or in the blst aggregation or verification functions themselves. In the interface wrapper the call to subgroup_check has been left for one instance, although that could be moved into the verify_multiple_aggregate_signatures() call if wanted. Checking beforehand does save some compute resources in the scenario a bad signature is received. Elsewhere the subgroup check is being done inside the higher level operations. See comments in the code. All checks on signature are done for subgroup only. There are no checks for infinity. The rationale is an aggregate signature could technically equal infinity. If any individual signature was infinity (invalid) then it would fail at time of verification. A loss of compute resources, although safety would be preserved.
This commit is contained in:
parent
a567f788bd
commit
9a37f356a9
6
Cargo.lock
generated
6
Cargo.lock
generated
@ -830,12 +830,14 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "blst"
|
||||
version = "0.2.0"
|
||||
source = "git+https://github.com/sigp/blst.git?rev=7cf47864627ca479cad06c2a164f30d0cbaf16ce#7cf47864627ca479cad06c2a164f30d0cbaf16ce"
|
||||
version = "0.3.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2bbf4f6a3ffa04c41ed616749b40dd83431b69db520a18cb60f09db2b7a77c57"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"glob",
|
||||
"threadpool",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -17,7 +17,7 @@ eth2_hashing = "0.1.0"
|
||||
ethereum-types = "0.9.2"
|
||||
arbitrary = { version = "0.4.6", features = ["derive"], optional = true }
|
||||
zeroize = { version = "1.1.1", features = ["zeroize_derive"] }
|
||||
blst = { git = "https://github.com/sigp/blst.git", rev = "7cf47864627ca479cad06c2a164f30d0cbaf16ce" }
|
||||
blst = "0.3.1"
|
||||
|
||||
[features]
|
||||
default = ["supranational"]
|
||||
|
@ -98,13 +98,21 @@ pub fn verify_signature_sets<'a>(
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
// Aggregate all the public keys.
|
||||
pks.push(blst_core::AggregatePublicKey::aggregate(&signing_keys).to_public_key());
|
||||
// Public keys have already been checked for subgroup and infinity
|
||||
let agg_pk = match blst_core::AggregatePublicKey::aggregate(&signing_keys, false) {
|
||||
Ok(agg_pk) => agg_pk,
|
||||
Err(_) => return false,
|
||||
};
|
||||
pks.push(agg_pk.to_public_key());
|
||||
}
|
||||
|
||||
let (sig_refs, pks_refs): (Vec<_>, Vec<_>) = sigs.iter().zip(pks.iter()).unzip();
|
||||
|
||||
// Public keys have already been checked for subgroup and infinity
|
||||
// Signatures have already been checked for subgroup
|
||||
// Signature checks above could be done here for convienence as well
|
||||
let err = blst_core::Signature::verify_multiple_aggregate_signatures(
|
||||
&msgs_refs, DST, &pks_refs, &sig_refs, &rands, RAND_BITS,
|
||||
&msgs_refs, DST, &pks_refs, false, &sig_refs, false, &rands, RAND_BITS,
|
||||
);
|
||||
|
||||
err == blst::BLST_ERROR::BLST_SUCCESS
|
||||
@ -157,10 +165,9 @@ impl TSignature<blst_core::PublicKey> for blst_core::Signature {
|
||||
}
|
||||
|
||||
fn verify(&self, pubkey: &blst_core::PublicKey, msg: Hash256) -> bool {
|
||||
if !self.subgroup_check() {
|
||||
return false;
|
||||
}
|
||||
self.verify(msg.as_bytes(), DST, &[], pubkey) == BLST_ERROR::BLST_SUCCESS
|
||||
// Public keys have already been checked for subgroup and infinity
|
||||
// Check Signature inside function for subgroup
|
||||
self.verify(true, msg.as_bytes(), DST, &[], pubkey, false) == BLST_ERROR::BLST_SUCCESS
|
||||
}
|
||||
}
|
||||
|
||||
@ -192,7 +199,8 @@ impl TAggregateSignature<blst_core::PublicKey, BlstAggregatePublicKey, blst_core
|
||||
}
|
||||
|
||||
fn add_assign(&mut self, other: &blst_core::Signature) {
|
||||
self.0.add_signature(other)
|
||||
// Add signature into aggregate, signature has already been subgroup checked
|
||||
let _ = self.0.add_signature(other, false);
|
||||
}
|
||||
|
||||
fn add_assign_aggregate(&mut self, other: &Self) {
|
||||
@ -217,10 +225,10 @@ impl TAggregateSignature<blst_core::PublicKey, BlstAggregatePublicKey, blst_core
|
||||
) -> bool {
|
||||
let pubkeys = pubkeys.iter().map(|pk| pk.point()).collect::<Vec<_>>();
|
||||
let signature = self.0.clone().to_signature();
|
||||
if !signature.subgroup_check() {
|
||||
return false;
|
||||
}
|
||||
signature.fast_aggregate_verify(msg.as_bytes(), DST, &pubkeys) == BLST_ERROR::BLST_SUCCESS
|
||||
// Public keys are already valid due to PoP
|
||||
// Check Signature inside function for subgroup
|
||||
signature.fast_aggregate_verify(true, msg.as_bytes(), DST, &pubkeys)
|
||||
== BLST_ERROR::BLST_SUCCESS
|
||||
}
|
||||
|
||||
fn aggregate_verify(
|
||||
@ -231,10 +239,9 @@ impl TAggregateSignature<blst_core::PublicKey, BlstAggregatePublicKey, blst_core
|
||||
let pubkeys = pubkeys.iter().map(|pk| pk.point()).collect::<Vec<_>>();
|
||||
let msgs = msgs.iter().map(|hash| hash.as_bytes()).collect::<Vec<_>>();
|
||||
let signature = self.0.clone().to_signature();
|
||||
if !signature.subgroup_check() {
|
||||
return false;
|
||||
}
|
||||
signature.aggregate_verify(&msgs, DST, &pubkeys) == BLST_ERROR::BLST_SUCCESS
|
||||
// Public keys have already been checked for subgroup and infinity
|
||||
// Check Signature inside function for subgroup
|
||||
signature.aggregate_verify(true, &msgs, DST, &pubkeys, false) == BLST_ERROR::BLST_SUCCESS
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user