9a37f356a9
## Issue Addressed Move to latest official version of blst (v0.3.1). Incorporate all the subgroup check API changes. ## Proposed Changes Update Cargo.toml to use official blst crate 0.3.1 Modifications to blst.rs wrapper for subgroup check API changes ## Additional Info The overall subgroup check methodology is public keys should be check for validity using key_validate() at time of first seeing them. This will check for infinity and in group. Those keys can then be cached for future usage. All calls into blst set the pk_validate boolean to false to indicate there is no need for on the fly checking of public keys in the library. Additionally the public keys are supposed to be validated for proof of possession outside of blst. For signatures the subgroup check can be done at time of deserialization, prior to being used in aggregation or verification, or in the blst aggregation or verification functions themselves. In the interface wrapper the call to subgroup_check has been left for one instance, although that could be moved into the verify_multiple_aggregate_signatures() call if wanted. Checking beforehand does save some compute resources in the scenario a bad signature is received. Elsewhere the subgroup check is being done inside the higher level operations. See comments in the code. All checks on signature are done for subgroup only. There are no checks for infinity. The rationale is an aggregate signature could technically equal infinity. If any individual signature was infinity (invalid) then it would fail at time of verification. A loss of compute resources, although safety would be preserved. |
||
---|---|---|
.. | ||
bls | ||
eth2_hashing | ||
eth2_key_derivation | ||
eth2_keystore | ||
eth2_wallet |