Update blst to official crate and incorporate subgroup changes (#1979)

## Issue Addressed

Move to latest official version of blst (v0.3.1).  Incorporate all the subgroup check API changes.

## Proposed Changes

Update Cargo.toml to use official blst crate 0.3.1
Modifications to blst.rs wrapper for subgroup check API changes

## Additional Info

The overall subgroup check methodology is public keys should be check for validity using key_validate() at time of first seeing them.  This will check for infinity and in group.  Those keys can then be cached for future usage.  All calls into blst set the pk_validate boolean to false to indicate there is no need for on the fly checking of public keys in the library.  Additionally the public keys are supposed to be validated for proof of possession outside of blst.

For signatures the subgroup check can be done at time of deserialization, prior to being used in aggregation or verification, or in the blst aggregation or verification functions themselves.  In the interface wrapper the call to subgroup_check has been left for one instance, although that could be moved into the 
verify_multiple_aggregate_signatures() call if wanted.  Checking beforehand does save some compute resources in the scenario a bad signature is received.  Elsewhere the subgroup check is being done inside the higher level operations.  See comments in the code.

All checks on signature are done for subgroup only.  There are no checks for infinity.  The rationale is an aggregate signature could technically equal infinity.  If any individual signature was infinity (invalid) then it would fail at time of verification.  A loss of compute resources, although safety would be preserved.
This commit is contained in:
Sean Gulley 2020-11-28 06:41:32 +00:00
parent a567f788bd
commit 9a37f356a9
3 changed files with 27 additions and 18 deletions

6
Cargo.lock generated
View File

@ -830,12 +830,14 @@ dependencies = [
[[package]] [[package]]
name = "blst" name = "blst"
version = "0.2.0" version = "0.3.1"
source = "git+https://github.com/sigp/blst.git?rev=7cf47864627ca479cad06c2a164f30d0cbaf16ce#7cf47864627ca479cad06c2a164f30d0cbaf16ce" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2bbf4f6a3ffa04c41ed616749b40dd83431b69db520a18cb60f09db2b7a77c57"
dependencies = [ dependencies = [
"cc", "cc",
"glob", "glob",
"threadpool", "threadpool",
"zeroize",
] ]
[[package]] [[package]]

View File

@ -17,7 +17,7 @@ eth2_hashing = "0.1.0"
ethereum-types = "0.9.2" ethereum-types = "0.9.2"
arbitrary = { version = "0.4.6", features = ["derive"], optional = true } arbitrary = { version = "0.4.6", features = ["derive"], optional = true }
zeroize = { version = "1.1.1", features = ["zeroize_derive"] } zeroize = { version = "1.1.1", features = ["zeroize_derive"] }
blst = { git = "https://github.com/sigp/blst.git", rev = "7cf47864627ca479cad06c2a164f30d0cbaf16ce" } blst = "0.3.1"
[features] [features]
default = ["supranational"] default = ["supranational"]

View File

@ -98,13 +98,21 @@ pub fn verify_signature_sets<'a>(
.collect::<Vec<_>>(); .collect::<Vec<_>>();
// Aggregate all the public keys. // Aggregate all the public keys.
pks.push(blst_core::AggregatePublicKey::aggregate(&signing_keys).to_public_key()); // Public keys have already been checked for subgroup and infinity
let agg_pk = match blst_core::AggregatePublicKey::aggregate(&signing_keys, false) {
Ok(agg_pk) => agg_pk,
Err(_) => return false,
};
pks.push(agg_pk.to_public_key());
} }
let (sig_refs, pks_refs): (Vec<_>, Vec<_>) = sigs.iter().zip(pks.iter()).unzip(); let (sig_refs, pks_refs): (Vec<_>, Vec<_>) = sigs.iter().zip(pks.iter()).unzip();
// Public keys have already been checked for subgroup and infinity
// Signatures have already been checked for subgroup
// Signature checks above could be done here for convienence as well
let err = blst_core::Signature::verify_multiple_aggregate_signatures( let err = blst_core::Signature::verify_multiple_aggregate_signatures(
&msgs_refs, DST, &pks_refs, &sig_refs, &rands, RAND_BITS, &msgs_refs, DST, &pks_refs, false, &sig_refs, false, &rands, RAND_BITS,
); );
err == blst::BLST_ERROR::BLST_SUCCESS err == blst::BLST_ERROR::BLST_SUCCESS
@ -157,10 +165,9 @@ impl TSignature<blst_core::PublicKey> for blst_core::Signature {
} }
fn verify(&self, pubkey: &blst_core::PublicKey, msg: Hash256) -> bool { fn verify(&self, pubkey: &blst_core::PublicKey, msg: Hash256) -> bool {
if !self.subgroup_check() { // Public keys have already been checked for subgroup and infinity
return false; // Check Signature inside function for subgroup
} self.verify(true, msg.as_bytes(), DST, &[], pubkey, false) == BLST_ERROR::BLST_SUCCESS
self.verify(msg.as_bytes(), DST, &[], pubkey) == BLST_ERROR::BLST_SUCCESS
} }
} }
@ -192,7 +199,8 @@ impl TAggregateSignature<blst_core::PublicKey, BlstAggregatePublicKey, blst_core
} }
fn add_assign(&mut self, other: &blst_core::Signature) { fn add_assign(&mut self, other: &blst_core::Signature) {
self.0.add_signature(other) // Add signature into aggregate, signature has already been subgroup checked
let _ = self.0.add_signature(other, false);
} }
fn add_assign_aggregate(&mut self, other: &Self) { fn add_assign_aggregate(&mut self, other: &Self) {
@ -217,10 +225,10 @@ impl TAggregateSignature<blst_core::PublicKey, BlstAggregatePublicKey, blst_core
) -> bool { ) -> bool {
let pubkeys = pubkeys.iter().map(|pk| pk.point()).collect::<Vec<_>>(); let pubkeys = pubkeys.iter().map(|pk| pk.point()).collect::<Vec<_>>();
let signature = self.0.clone().to_signature(); let signature = self.0.clone().to_signature();
if !signature.subgroup_check() { // Public keys are already valid due to PoP
return false; // Check Signature inside function for subgroup
} signature.fast_aggregate_verify(true, msg.as_bytes(), DST, &pubkeys)
signature.fast_aggregate_verify(msg.as_bytes(), DST, &pubkeys) == BLST_ERROR::BLST_SUCCESS == BLST_ERROR::BLST_SUCCESS
} }
fn aggregate_verify( fn aggregate_verify(
@ -231,10 +239,9 @@ impl TAggregateSignature<blst_core::PublicKey, BlstAggregatePublicKey, blst_core
let pubkeys = pubkeys.iter().map(|pk| pk.point()).collect::<Vec<_>>(); let pubkeys = pubkeys.iter().map(|pk| pk.point()).collect::<Vec<_>>();
let msgs = msgs.iter().map(|hash| hash.as_bytes()).collect::<Vec<_>>(); let msgs = msgs.iter().map(|hash| hash.as_bytes()).collect::<Vec<_>>();
let signature = self.0.clone().to_signature(); let signature = self.0.clone().to_signature();
if !signature.subgroup_check() { // Public keys have already been checked for subgroup and infinity
return false; // Check Signature inside function for subgroup
} signature.aggregate_verify(true, &msgs, DST, &pubkeys, false) == BLST_ERROR::BLST_SUCCESS
signature.aggregate_verify(&msgs, DST, &pubkeys) == BLST_ERROR::BLST_SUCCESS
} }
} }