From 4ae35dbf806f7a7a11f944ebfd3e0ff3fe0e873f Mon Sep 17 00:00:00 2001 From: Kealan McCusker Date: Wed, 19 Jun 2019 15:23:31 +0100 Subject: [PATCH 1/3] add point addition to BLS --- README.md | 2 +- config.mk | 2 +- examples/testbls_ZZZ.c.in | 182 ++++++++++++++++++++++++++++++++------ include/bls.h.in | 26 +++++- src/bls.c.in | 55 ++++++++++-- test/test_bls_ZZZ.c.in | 2 +- 6 files changed, 232 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 6d2baf2..025e7aa 100644 --- a/README.md +++ b/README.md @@ -260,5 +260,5 @@ Please add yourself here if you make or have made a contribution. 1. [Check for open issues](https://github.com/apache/incubator-milagro-crypto-c/issues) or start a discussion around a feature idea or a bug by sending a mail to dev@milagro.incubator.apache.org 2. Fork the repository to start making your changes. Please use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. -4. Send a pull request with a reference to the issue +4. Make a pull request with a reference to the issue diff --git a/config.mk b/config.mk index 13941ce..f3706a4 100644 --- a/config.mk +++ b/config.mk @@ -4,7 +4,7 @@ WORD_SIZE:=64 # Current choice of Elliptic Curve ANSSI C25519 NIST521 BLS24 C41417 NUMS256E BLS381 ED25519 NUMS256W BLS383 FP256BN NUMS384E BLS461 FP512BN NUMS384W BLS48 GOLDILOCKS NUMS512E BN254 HIFIVE NUMS512W BN254CX NIST256 SECP256K1 BRAINPOOL NIST384 -AMCL_CURVE:=ED25519,NIST256,GOLDILOCKS,BLS383 +AMCL_CURVE:=BLS383 # RSA security level: 2048 3072 4096 AMCL_RSA:=2048,3072 diff --git a/examples/testbls_ZZZ.c.in b/examples/testbls_ZZZ.c.in index f84525e..d249c69 100644 --- a/examples/testbls_ZZZ.c.in +++ b/examples/testbls_ZZZ.c.in @@ -16,8 +16,6 @@ specific language governing permissions and limitations under the License. */ -/* test driver and function exerciser for BLS Signature API Functions */ - /* Build executable after installation: gcc -O0 -g ./testbls_ZZZ.c $(pkg-config --libs --cflags amcl) -o testbls_ZZZ @@ -47,30 +45,97 @@ under the License. #define G2LEN 16*BFS_ZZZ #endif -static char message[]="This is a test message"; +static char message[]="test message"; int bls(csprng *RNG) { int rc; - char s[BGS_ZZZ]; - char w[G2LEN]; + + char sk1[BGS_ZZZ]; + octet SK1 = {0,sizeof(sk1),sk1}; + char pk1[G2LEN]; + octet PK1 = {0,sizeof(pk1),pk1}; + char sig1[BFS_ZZZ+1]; + octet SIG1 = {0,sizeof(sig1),sig1}; + + char sk2[BGS_ZZZ]; + octet SK2 = {0,sizeof(sk2),sk2}; + char pk2[G2LEN]; + octet PK2 = {0,sizeof(pk2),pk2}; + char sig2[BFS_ZZZ+1]; + octet SIG2 = {0,sizeof(sig2),sig2}; + + char sk3[BGS_ZZZ]; + octet SK3 = {0,sizeof(sk3),sk3}; + char pk3[G2LEN]; + octet PK3 = {0,sizeof(pk3),pk3}; + char sig3[BFS_ZZZ+1]; + octet SIG3 = {0,sizeof(sig3),sig3}; + + // Combined signature and public keys + char pk[G2LEN]; + octet PK = {0,sizeof(pk),pk}; char sig[BFS_ZZZ+1]; - octet S= {0,sizeof(s),s}; - octet W= {0,sizeof(w),w}; - octet SIG= {0,sizeof(sig),sig}; + octet SIG = {0,sizeof(sig),sig}; + + // Generate key pairs + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK1,&PK1); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK2,&PK2); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK3,&PK3); - BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&S,&W); + printf("Private key SK1: "); + OCT_output(&SK1); + printf("Public key PK1: "); + OCT_output(&PK1); + printf("Private key SK2: "); + OCT_output(&SK2); + printf("Public key PK2: "); + OCT_output(&PK2); + printf("Private key SK3: "); + OCT_output(&SK2); + printf("Public key PK3: "); + OCT_output(&PK2); + printf("\n"); - printf("Private key: 0x"); - OCT_output(&S); - printf("Public key: 0x"); - OCT_output(&W); + // Sign the message + BLS_ZZZ_SIGN(&SIG1,message,&SK1); + BLS_ZZZ_SIGN(&SIG2,message,&SK2); + BLS_ZZZ_SIGN(&SIG3,message,&SK3); - BLS_ZZZ_SIGN(&SIG,message,&S); - printf("Signature: 0x"); - OCT_output(&SIG); + printf("SIG1: "); + OCT_output(&SIG1); + printf("SIG2: "); + OCT_output(&SIG2); + printf("SIG3: "); + OCT_output(&SIG3); + printf("\n"); + + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); + if (rc==BLS_OK) + { + printf("Success: Signature is valid\n"); + } + else + { + printf("Error: Invalid Signature\n"); + return 1; + } + + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG2,message,&PK2); + if (rc==BLS_OK) + { + printf("Success: Signature is valid\n"); + } + else + { + printf("Error: Invalid Signature\n"); + return 1; + } - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG3,message,&PK3); if (rc==BLS_OK) { printf("Success: Signature is valid\n"); @@ -78,38 +143,105 @@ int bls(csprng *RNG) else { printf("Error: Invalid Signature\n"); + return 1; + } + + // Add Public keys + rc = BLS_ADD_G2(&PK1,&PK2,&PK); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ADD_G2 errorCode : %d\n", rc); + return 1; + } + rc = BLS_ADD_G2(&PK,&PK3,&PK); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ADD_G2 errorCode : %d\n", rc); + return 1; + } + printf("Public key PK: "); + OCT_output(&PK); + printf("\n"); + + // Add signatures + rc = BLS_ADD_G1(&SIG1,&SIG2,&SIG); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ADD_G1 errorCode : %d\n", rc); + return 1; + } + + // Verify combined signature. This should fail. + rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); + if (rc==BLS_OK) + { + printf("Success: Combined signature is valid\n"); + return 1; + } + else + { + printf("Error: Combined signature is invalid\n"); } + rc = BLS_ADD_G1(&SIG,&SIG3,&SIG); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ADD_G1 errorCode : %d\n", rc); + return 1; + } + printf("SIG: "); + OCT_output(&SIG); + printf("\n"); + // Verify combined signature. + rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); + if (rc==BLS_OK) + { + printf("Success: Combined signature is valid\n"); + } + else + { + printf("Error: Combined signature is invalid\n"); + return 1; + } + + // change the message message[0]='Z'; printf("message %s\n", message); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); if (rc==BLS_OK) { printf("Success: Signature is valid\n"); + return 1; } else { - printf("Error: Invalid Signature\n"); + printf("Error: Invalid Signature\n"); } // Change the signature - message[0]='T'; - SIG.val[0]=5; + message[0]='t'; + SIG1.val[0]=5; printf("message %s\n", message); - printf("Signature: 0x"); - OCT_output(&SIG); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); + printf("Sig1nature SIG1: "); + OCT_output(&SIG1); + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); if (rc==BLS_OK) { printf("Success: Signature is valid\n"); + return 1; } else { printf("Error: Invalid Signature\n"); } - return rc; + /* clear memory */ + OCT_clear(&SK1); + OCT_clear(&SK2); + OCT_clear(&SK3); + + return 0; } diff --git a/include/bls.h.in b/include/bls.h.in index de179c8..ab22d88 100644 --- a/include/bls.h.in +++ b/include/bls.h.in @@ -39,8 +39,10 @@ under the License. #define BGS_ZZZ MODBYTES_XXX /**< BLS Group Size */ #define BFS_ZZZ MODBYTES_XXX /**< BLS Field Size */ -#define BLS_OK 0 /**< Function completed without error */ -#define BLS_FAIL -1 /**< Point is NOT on the curve */ +#define BLS_OK 0 /**< Function completed without error */ +#define BLS_FAIL 41 /**< Invalid signature */ +#define BLS_INVALID_G1 42 /**< Not a valid G1 point on the curve */ +#define BLS_INVALID_G2 43 /**< Not a valid G2 point on the curve */ /* BLS API functions */ @@ -71,5 +73,25 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S); */ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W); + +/** @brief Add two members from the group G1 + * + @param R1 member of G1 + @param R2 member of G1 + @param R member of G1. R = R1+R2 + @return Zero for success or else an error code + */ +int BLS_ADD_G1(octet *R1,octet *R2,octet *R); + +/** @brief Add two members from the group G2 + * + @param W1 member of G2 + @param W2 member of G2 + @param W member of G2. W = W1+W2 + @return Zero for success or else an error code + */ +int BLS_ADD_G2(octet *W1,octet *W2,octet *W); + + #endif diff --git a/src/bls.c.in b/src/bls.c.in index 277d3cd..d00cbd0 100644 --- a/src/bls.c.in +++ b/src/bls.c.in @@ -26,7 +26,6 @@ under the License. #include "bls_ZZZ.h" /* hash a message to an ECP point, using SHA3 */ - static void BLS_HASHIT(ECP_ZZZ *P,char *m) { int i; @@ -41,7 +40,6 @@ static void BLS_HASHIT(ECP_ZZZ *P,char *m) } /* generate key pair, private key S, public key W */ - int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) { ECP2_ZZZ G; @@ -57,7 +55,6 @@ int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) } /* Sign message m using private key S to produce signature SIG */ - int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) { BIG_XXX s; @@ -70,7 +67,6 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) } /* Verify signature of message m, the signature SIG, and the public key W */ - int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) { FP12_YYY v; @@ -84,10 +80,55 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) PAIR_ZZZ_double_ate(&v,&G,&D,&PK,&HM); - PAIR_ZZZ_fexp(&v); - if (FP12_YYY_isunity(&v)) return BLS_OK; - return BLS_FAIL; + if (!FP12_YYY_isunity(&v)) + { + return BLS_FAIL; + } + return BLS_OK; +} + +/* R=R1+R2 in group G1 */ +int BLS_ADD_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P; + ECP_ZZZ T; + + if (!ECP_ZZZ_fromOctet(&P,R1)) + { + return BLS_INVALID_G1; + } + + if (!ECP_ZZZ_fromOctet(&T,R2)) + { + return BLS_INVALID_G1; + } + + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P,true); + + return BLS_OK; } +/* W=W1+W2 in group G2 */ +int BLS_ADD_G2(octet *W1,octet *W2,octet *W) +{ + ECP2_ZZZ Q; + ECP2_ZZZ T; + + if (!ECP2_ZZZ_fromOctet(&Q,W1)) + { + return BLS_INVALID_G2; + } + + if (!ECP2_ZZZ_fromOctet(&T,W2)) + { + return BLS_INVALID_G2; + } + + ECP2_ZZZ_add(&Q,&T); + ECP2_ZZZ_toOctet(W,&Q); + + return BLS_OK; +} diff --git a/test/test_bls_ZZZ.c.in b/test/test_bls_ZZZ.c.in index c35c75b..47d4642 100644 --- a/test/test_bls_ZZZ.c.in +++ b/test/test_bls_ZZZ.c.in @@ -96,7 +96,7 @@ int bls(csprng *RNG) printf("Signature: 0x"); OCT_output(&SIG); rc=BLS_ZZZ_VERIFY(&SIG,message,&W); - if (rc!=BLS_OK) + if (rc!=BLS_OK) { printf("Test Passed invalid Signature / valid message\n"); } From 5ba32074177f0bb205ede009e5e85b54d0c7cb5e Mon Sep 17 00:00:00 2001 From: Kealan McCusker Date: Thu, 20 Jun 2019 12:55:02 +0100 Subject: [PATCH 2/3] update bls129 and bls256 --- config.mk | 2 +- examples/testbls_ZZZ.c.in | 16 ++++----- include/bls.h.in | 6 ++-- include/bls192.h.in | 24 ++++++++++++-- include/bls256.h.in | 24 ++++++++++++-- src/bls.c.in | 21 ++++++++---- src/bls192.c.in | 70 ++++++++++++++++++++++++++++++++++----- src/bls256.c.in | 69 +++++++++++++++++++++++++++++++++----- 8 files changed, 191 insertions(+), 41 deletions(-) diff --git a/config.mk b/config.mk index f3706a4..13941ce 100644 --- a/config.mk +++ b/config.mk @@ -4,7 +4,7 @@ WORD_SIZE:=64 # Current choice of Elliptic Curve ANSSI C25519 NIST521 BLS24 C41417 NUMS256E BLS381 ED25519 NUMS256W BLS383 FP256BN NUMS384E BLS461 FP512BN NUMS384W BLS48 GOLDILOCKS NUMS512E BN254 HIFIVE NUMS512W BN254CX NIST256 SECP256K1 BRAINPOOL NIST384 -AMCL_CURVE:=BLS383 +AMCL_CURVE:=ED25519,NIST256,GOLDILOCKS,BLS383 # RSA security level: 2048 3072 4096 AMCL_RSA:=2048,3072 diff --git a/examples/testbls_ZZZ.c.in b/examples/testbls_ZZZ.c.in index d249c69..10fe65a 100644 --- a/examples/testbls_ZZZ.c.in +++ b/examples/testbls_ZZZ.c.in @@ -147,16 +147,16 @@ int bls(csprng *RNG) } // Add Public keys - rc = BLS_ADD_G2(&PK1,&PK2,&PK); + rc = BLS_ZZZ_ADD_G2(&PK1,&PK2,&PK); if (rc!=BLS_OK) { - printf("ERROR BLS_ADD_G2 errorCode : %d\n", rc); + printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); return 1; } - rc = BLS_ADD_G2(&PK,&PK3,&PK); + rc = BLS_ZZZ_ADD_G2(&PK,&PK3,&PK); if (rc!=BLS_OK) { - printf("ERROR BLS_ADD_G2 errorCode : %d\n", rc); + printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); return 1; } printf("Public key PK: "); @@ -164,10 +164,10 @@ int bls(csprng *RNG) printf("\n"); // Add signatures - rc = BLS_ADD_G1(&SIG1,&SIG2,&SIG); + rc = BLS_ZZZ_ADD_G1(&SIG1,&SIG2,&SIG); if (rc!=BLS_OK) { - printf("ERROR BLS_ADD_G1 errorCode : %d\n", rc); + printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); return 1; } @@ -183,10 +183,10 @@ int bls(csprng *RNG) printf("Error: Combined signature is invalid\n"); } - rc = BLS_ADD_G1(&SIG,&SIG3,&SIG); + rc = BLS_ZZZ_ADD_G1(&SIG,&SIG3,&SIG); if (rc!=BLS_OK) { - printf("ERROR BLS_ADD_G1 errorCode : %d\n", rc); + printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); return 1; } printf("SIG: "); diff --git a/include/bls.h.in b/include/bls.h.in index ab22d88..8905ddd 100644 --- a/include/bls.h.in +++ b/include/bls.h.in @@ -73,7 +73,6 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S); */ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W); - /** @brief Add two members from the group G1 * @param R1 member of G1 @@ -81,7 +80,7 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W); @param R member of G1. R = R1+R2 @return Zero for success or else an error code */ -int BLS_ADD_G1(octet *R1,octet *R2,octet *R); +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R); /** @brief Add two members from the group G2 * @@ -90,8 +89,7 @@ int BLS_ADD_G1(octet *R1,octet *R2,octet *R); @param W member of G2. W = W1+W2 @return Zero for success or else an error code */ -int BLS_ADD_G2(octet *W1,octet *W2,octet *W); - +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W); #endif diff --git a/include/bls192.h.in b/include/bls192.h.in index 8bd7fae..ae8ab26 100644 --- a/include/bls192.h.in +++ b/include/bls192.h.in @@ -39,8 +39,10 @@ under the License. #define BGS_ZZZ MODBYTES_XXX /**< BLS Group Size */ #define BFS_ZZZ MODBYTES_XXX /**< BLS Field Size */ -#define BLS_OK 0 /**< Function completed without error */ -#define BLS_FAIL -1 /**< Point is NOT on the curve */ +#define BLS_OK 0 /**< Function completed without error */ +#define BLS_FAIL 41 /**< Invalid signature */ +#define BLS_INVALID_G1 42 /**< Not a valid G1 point on the curve */ +#define BLS_INVALID_G2 43 /**< Not a valid G2 point on the curve */ /* BLS API functions */ @@ -71,5 +73,23 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S); */ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W); +/** @brief Add two members from the group G1 + * + @param R1 member of G1 + @param R2 member of G1 + @param R member of G1. R = R1+R2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R); + +/** @brief Add two members from the group G2 + * + @param W1 member of G2 + @param W2 member of G2 + @param W member of G2. W = W1+W2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W); + #endif diff --git a/include/bls256.h.in b/include/bls256.h.in index 977c4ee..ad9dfb0 100644 --- a/include/bls256.h.in +++ b/include/bls256.h.in @@ -39,8 +39,10 @@ under the License. #define BGS_ZZZ MODBYTES_XXX /**< BLS Group Size */ #define BFS_ZZZ MODBYTES_XXX /**< BLS Field Size */ -#define BLS_OK 0 /**< Function completed without error */ -#define BLS_FAIL -1 /**< Point is NOT on the curve */ +#define BLS_OK 0 /**< Function completed without error */ +#define BLS_FAIL 41 /**< Invalid signature */ +#define BLS_INVALID_G1 42 /**< Not a valid G1 point on the curve */ +#define BLS_INVALID_G2 43 /**< Not a valid G2 point on the curve */ /* BLS API functions */ @@ -71,5 +73,23 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S); */ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W); +/** @brief Add two members from the group G1 + * + @param R1 member of G1 + @param R2 member of G1 + @param R member of G1. R = R1+R2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R); + +/** @brief Add two members from the group G2 + * + @param W1 member of G2 + @param W2 member of G2 + @param W member of G2. W = W1+W2 + @return Zero for success or else an error code + */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W); + #endif diff --git a/src/bls.c.in b/src/bls.c.in index d00cbd0..4328342 100644 --- a/src/bls.c.in +++ b/src/bls.c.in @@ -62,7 +62,8 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) BLS_HASHIT(&D,m); BIG_XXX_fromBytes(s,S->val); PAIR_ZZZ_G1mul(&D,s); - ECP_ZZZ_toOctet(SIG,&D,true); /* compress output */ + // compress output + ECP_ZZZ_toOctet(SIG,&D,true); return BLS_OK; } @@ -73,11 +74,19 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) ECP2_ZZZ G,PK; ECP_ZZZ D,HM; BLS_HASHIT(&HM,m); - ECP_ZZZ_fromOctet(&D,SIG); + + if (!ECP_ZZZ_fromOctet(&D,SIG)) + { + return BLS_INVALID_G1; + } + ECP2_ZZZ_generator(&G); - ECP2_ZZZ_fromOctet(&PK,W); - ECP_ZZZ_neg(&D); + if (!ECP2_ZZZ_fromOctet(&PK,W)) + { + return BLS_INVALID_G2; + } + ECP_ZZZ_neg(&D); PAIR_ZZZ_double_ate(&v,&G,&D,&PK,&HM); PAIR_ZZZ_fexp(&v); @@ -90,7 +99,7 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) } /* R=R1+R2 in group G1 */ -int BLS_ADD_G1(octet *R1,octet *R2,octet *R) +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) { ECP_ZZZ P; ECP_ZZZ T; @@ -112,7 +121,7 @@ int BLS_ADD_G1(octet *R1,octet *R2,octet *R) } /* W=W1+W2 in group G2 */ -int BLS_ADD_G2(octet *W1,octet *W2,octet *W) +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) { ECP2_ZZZ Q; ECP2_ZZZ T; diff --git a/src/bls192.c.in b/src/bls192.c.in index bab100c..226fe9d 100644 --- a/src/bls192.c.in +++ b/src/bls192.c.in @@ -26,7 +26,6 @@ under the License. #include "bls192_ZZZ.h" /* hash a message to an ECP point, using SHA3 */ - static void BLS_HASHIT(ECP_ZZZ *P,char *m) { int i; @@ -41,7 +40,6 @@ static void BLS_HASHIT(ECP_ZZZ *P,char *m) } /* generate key pair, private key S, public key W */ - int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) { ECP4_ZZZ G; @@ -57,7 +55,6 @@ int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) } /* Sign message m using private key S to produce signature SIG */ - int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) { BIG_XXX s; @@ -70,22 +67,77 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) } /* Verify signature given message m, the signature SIG, and the public key W */ - int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) { FP24_YYY v; ECP4_ZZZ G,PK; ECP_ZZZ D,HM; BLS_HASHIT(&HM,m); - ECP_ZZZ_fromOctet(&D,SIG); + + if (!ECP_ZZZ_fromOctet(&D,SIG)) + { + return BLS_INVALID_G1; + } + ECP4_ZZZ_generator(&G); - ECP4_ZZZ_fromOctet(&PK,W); + + if (!ECP4_ZZZ_fromOctet(&PK,W)) + { + return BLS_INVALID_G2; + } ECP_ZZZ_neg(&D); PAIR_ZZZ_double_ate(&v,&G,&D,&PK,&HM); - PAIR_ZZZ_fexp(&v); - if (FP24_YYY_isunity(&v)) return BLS_OK; - return BLS_FAIL; + + if (!FP24_YYY_isunity(&v)) + { + return BLS_FAIL; + } + return BLS_OK; } + +/* R=R1+R2 in group G1 */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P; + ECP_ZZZ T; + + if (!ECP_ZZZ_fromOctet(&P,R1)) + { + return BLS_INVALID_G1; + } + + if (!ECP_ZZZ_fromOctet(&T,R2)) + { + return BLS_INVALID_G1; + } + + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P,true); + + return BLS_OK; +} + +/* W=W1+W2 in group G2 */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) +{ + ECP4_ZZZ Q; + ECP4_ZZZ T; + + if (!ECP4_ZZZ_fromOctet(&Q,W1)) + { + return BLS_INVALID_G2; + } + + if (!ECP4_ZZZ_fromOctet(&T,W2)) + { + return BLS_INVALID_G2; + } + + ECP4_ZZZ_add(&Q,&T); + ECP4_ZZZ_toOctet(W,&Q); + + return BLS_OK; +} diff --git a/src/bls256.c.in b/src/bls256.c.in index 6b250d1..0aca536 100644 --- a/src/bls256.c.in +++ b/src/bls256.c.in @@ -26,7 +26,6 @@ under the License. #include "bls256_ZZZ.h" /* hash a message to an ECP point, using SHA3 */ - static void BLS_HASHIT(ECP_ZZZ *P,char *m) { int i; @@ -41,7 +40,6 @@ static void BLS_HASHIT(ECP_ZZZ *P,char *m) } /* generate key pair, private key S, public key W */ - int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) { ECP8_ZZZ G; @@ -57,7 +55,6 @@ int BLS_ZZZ_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W) } /* Sign message m using private key S to produce signature SIG */ - int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) { BIG_XXX s; @@ -70,23 +67,77 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) } /* Verify signature given message m, the signature SIG, and the public key W */ - int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) { FP48_YYY v; ECP8_ZZZ G,PK; ECP_ZZZ D,HM; BLS_HASHIT(&HM,m); - ECP_ZZZ_fromOctet(&D,SIG); - ECP8_ZZZ_generator(&G); - ECP8_ZZZ_fromOctet(&PK,W); + + if (!ECP_ZZZ_fromOctet(&D,SIG)) + { + return BLS_INVALID_G1; + } ECP_ZZZ_neg(&D); + + ECP8_ZZZ_generator(&G); + + if (!ECP8_ZZZ_fromOctet(&PK,W)) + { + return BLS_INVALID_G2; + } PAIR_ZZZ_double_ate(&v,&G,&D,&PK,&HM); PAIR_ZZZ_fexp(&v); - if (FP48_YYY_isunity(&v)) return BLS_OK; - return BLS_FAIL; + if (!FP48_YYY_isunity(&v)) + { + return BLS_FAIL; + } + return BLS_OK; } +/* R=R1+R2 in group G1 */ +int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) +{ + ECP_ZZZ P; + ECP_ZZZ T; + + if (!ECP_ZZZ_fromOctet(&P,R1)) + { + return BLS_INVALID_G1; + } + + if (!ECP_ZZZ_fromOctet(&T,R2)) + { + return BLS_INVALID_G1; + } + + ECP_ZZZ_add(&P,&T); + ECP_ZZZ_toOctet(R,&P,true); + + return BLS_OK; +} + +/* W=W1+W2 in group G2 */ +int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) +{ + ECP8_ZZZ Q; + ECP8_ZZZ T; + + if (!ECP8_ZZZ_fromOctet(&Q,W1)) + { + return BLS_INVALID_G2; + } + + if (!ECP8_ZZZ_fromOctet(&T,W2)) + { + return BLS_INVALID_G2; + } + + ECP8_ZZZ_add(&Q,&T); + ECP8_ZZZ_toOctet(W,&Q); + + return BLS_OK; +} From 1b0b1f6a5dae2dcae4e0d82dcea864c02a0d16c0 Mon Sep 17 00:00:00 2001 From: Kealan McCusker Date: Thu, 20 Jun 2019 14:03:58 +0100 Subject: [PATCH 3/3] updated bls smoke test --- examples/testbls_ZZZ.c.in | 62 ++++++------ src/bls.c.in | 12 +-- src/bls192.c.in | 8 +- src/bls256.c.in | 10 +- test/test_bls_ZZZ.c.in | 194 ++++++++++++++++++++++++++++++++------ 5 files changed, 209 insertions(+), 77 deletions(-) diff --git a/examples/testbls_ZZZ.c.in b/examples/testbls_ZZZ.c.in index 10fe65a..61a5b23 100644 --- a/examples/testbls_ZZZ.c.in +++ b/examples/testbls_ZZZ.c.in @@ -52,36 +52,36 @@ int bls(csprng *RNG) int rc; char sk1[BGS_ZZZ]; - octet SK1 = {0,sizeof(sk1),sk1}; + octet SK1 = {0,sizeof(sk1),sk1}; char pk1[G2LEN]; octet PK1 = {0,sizeof(pk1),pk1}; char sig1[BFS_ZZZ+1]; octet SIG1 = {0,sizeof(sig1),sig1}; char sk2[BGS_ZZZ]; - octet SK2 = {0,sizeof(sk2),sk2}; + octet SK2 = {0,sizeof(sk2),sk2}; char pk2[G2LEN]; octet PK2 = {0,sizeof(pk2),pk2}; char sig2[BFS_ZZZ+1]; octet SIG2 = {0,sizeof(sig2),sig2}; char sk3[BGS_ZZZ]; - octet SK3 = {0,sizeof(sk3),sk3}; + octet SK3 = {0,sizeof(sk3),sk3}; char pk3[G2LEN]; octet PK3 = {0,sizeof(pk3),pk3}; char sig3[BFS_ZZZ+1]; octet SIG3 = {0,sizeof(sig3),sig3}; - + // Combined signature and public keys char pk[G2LEN]; - octet PK = {0,sizeof(pk),pk}; + octet PK = {0,sizeof(pk),pk}; char sig[BFS_ZZZ+1]; octet SIG = {0,sizeof(sig),sig}; - + // Generate key pairs BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK1,&PK1); BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK2,&PK2); - BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK3,&PK3); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK3,&PK3); printf("Private key SK1: "); OCT_output(&SK1); @@ -100,7 +100,7 @@ int bls(csprng *RNG) // Sign the message BLS_ZZZ_SIGN(&SIG1,message,&SK1); BLS_ZZZ_SIGN(&SIG2,message,&SK2); - BLS_ZZZ_SIGN(&SIG3,message,&SK3); + BLS_ZZZ_SIGN(&SIG3,message,&SK3); printf("SIG1: "); OCT_output(&SIG1); @@ -119,10 +119,10 @@ int bls(csprng *RNG) else { printf("Error: Invalid Signature\n"); - return 1; + return 1; } - // Verify signature + // Verify signature rc=BLS_ZZZ_VERIFY(&SIG2,message,&PK2); if (rc==BLS_OK) { @@ -131,10 +131,10 @@ int bls(csprng *RNG) else { printf("Error: Invalid Signature\n"); - return 1; + return 1; } - // Verify signature + // Verify signature rc=BLS_ZZZ_VERIFY(&SIG3,message,&PK3); if (rc==BLS_OK) { @@ -143,22 +143,22 @@ int bls(csprng *RNG) else { printf("Error: Invalid Signature\n"); - return 1; + return 1; } - + // Add Public keys rc = BLS_ZZZ_ADD_G2(&PK1,&PK2,&PK); if (rc!=BLS_OK) { printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); - return 1; + return 1; } rc = BLS_ZZZ_ADD_G2(&PK,&PK3,&PK); if (rc!=BLS_OK) { printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); - return 1; - } + return 1; + } printf("Public key PK: "); OCT_output(&PK); printf("\n"); @@ -168,15 +168,15 @@ int bls(csprng *RNG) if (rc!=BLS_OK) { printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); - return 1; - } + return 1; + } - // Verify combined signature. This should fail. + // Verify combined signature. This should fail. rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); if (rc==BLS_OK) { printf("Success: Combined signature is valid\n"); - return 1; + return 1; } else { @@ -187,12 +187,12 @@ int bls(csprng *RNG) if (rc!=BLS_OK) { printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); - return 1; - } + return 1; + } printf("SIG: "); OCT_output(&SIG); printf("\n"); - // Verify combined signature. + // Verify combined signature. rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); if (rc==BLS_OK) { @@ -201,10 +201,10 @@ int bls(csprng *RNG) else { printf("Error: Combined signature is invalid\n"); - return 1; + return 1; } - + // change the message message[0]='Z'; printf("message %s\n", message); @@ -212,11 +212,11 @@ int bls(csprng *RNG) if (rc==BLS_OK) { printf("Success: Signature is valid\n"); - return 1; + return 1; } else { - printf("Error: Invalid Signature\n"); + printf("Error: Invalid Signature\n"); } // Change the signature @@ -229,7 +229,7 @@ int bls(csprng *RNG) if (rc==BLS_OK) { printf("Success: Signature is valid\n"); - return 1; + return 1; } else { @@ -239,8 +239,8 @@ int bls(csprng *RNG) /* clear memory */ OCT_clear(&SK1); OCT_clear(&SK2); - OCT_clear(&SK3); - + OCT_clear(&SK3); + return 0; } diff --git a/src/bls.c.in b/src/bls.c.in index 4328342..0d4c899 100644 --- a/src/bls.c.in +++ b/src/bls.c.in @@ -62,8 +62,8 @@ int BLS_ZZZ_SIGN(octet *SIG,char *m,octet *S) BLS_HASHIT(&D,m); BIG_XXX_fromBytes(s,S->val); PAIR_ZZZ_G1mul(&D,s); - // compress output - ECP_ZZZ_toOctet(SIG,&D,true); + // compress output + ECP_ZZZ_toOctet(SIG,&D,true); return BLS_OK; } @@ -74,11 +74,11 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) ECP2_ZZZ G,PK; ECP_ZZZ D,HM; BLS_HASHIT(&HM,m); - + if (!ECP_ZZZ_fromOctet(&D,SIG)) { return BLS_INVALID_G1; - } + } ECP2_ZZZ_generator(&G); @@ -116,7 +116,7 @@ int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) ECP_ZZZ_add(&P,&T); ECP_ZZZ_toOctet(R,&P,true); - + return BLS_OK; } @@ -135,7 +135,7 @@ int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) { return BLS_INVALID_G2; } - + ECP2_ZZZ_add(&Q,&T); ECP2_ZZZ_toOctet(W,&Q); diff --git a/src/bls192.c.in b/src/bls192.c.in index 226fe9d..79a1c20 100644 --- a/src/bls192.c.in +++ b/src/bls192.c.in @@ -77,7 +77,7 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) if (!ECP_ZZZ_fromOctet(&D,SIG)) { return BLS_INVALID_G1; - } + } ECP4_ZZZ_generator(&G); @@ -94,7 +94,7 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) { return BLS_FAIL; } - return BLS_OK; + return BLS_OK; } @@ -116,7 +116,7 @@ int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) ECP_ZZZ_add(&P,&T); ECP_ZZZ_toOctet(R,&P,true); - + return BLS_OK; } @@ -135,7 +135,7 @@ int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) { return BLS_INVALID_G2; } - + ECP4_ZZZ_add(&Q,&T); ECP4_ZZZ_toOctet(W,&Q); diff --git a/src/bls256.c.in b/src/bls256.c.in index 0aca536..19f7e43 100644 --- a/src/bls256.c.in +++ b/src/bls256.c.in @@ -77,9 +77,9 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) if (!ECP_ZZZ_fromOctet(&D,SIG)) { return BLS_INVALID_G1; - } + } ECP_ZZZ_neg(&D); - + ECP8_ZZZ_generator(&G); if (!ECP8_ZZZ_fromOctet(&PK,W)) @@ -95,7 +95,7 @@ int BLS_ZZZ_VERIFY(octet *SIG,char *m,octet *W) { return BLS_FAIL; } - return BLS_OK; + return BLS_OK; } /* R=R1+R2 in group G1 */ @@ -116,7 +116,7 @@ int BLS_ZZZ_ADD_G1(octet *R1,octet *R2,octet *R) ECP_ZZZ_add(&P,&T); ECP_ZZZ_toOctet(R,&P,true); - + return BLS_OK; } @@ -135,7 +135,7 @@ int BLS_ZZZ_ADD_G2(octet *W1,octet *W2,octet *W) { return BLS_INVALID_G2; } - + ECP8_ZZZ_add(&Q,&T); ECP8_ZZZ_toOctet(W,&Q); diff --git a/test/test_bls_ZZZ.c.in b/test/test_bls_ZZZ.c.in index 47d4642..bd6f56a 100644 --- a/test/test_bls_ZZZ.c.in +++ b/test/test_bls_ZZZ.c.in @@ -16,7 +16,7 @@ specific language governing permissions and limitations under the License. */ -/* smoke test for BLS */ +// smoke test for BLS #include #include @@ -41,30 +41,85 @@ under the License. #define G2LEN 16*BFS_ZZZ #endif -static char message[]="This is a test message"; +static char message[]="test message"; int bls(csprng *RNG) { int rc; - char s[BGS_ZZZ]; - char w[G2LEN]; + + char sk1[BGS_ZZZ]; + octet SK1 = {0,sizeof(sk1),sk1}; + char pk1[G2LEN]; + octet PK1 = {0,sizeof(pk1),pk1}; + char sig1[BFS_ZZZ+1]; + octet SIG1 = {0,sizeof(sig1),sig1}; + + char sk2[BGS_ZZZ]; + octet SK2 = {0,sizeof(sk2),sk2}; + char pk2[G2LEN]; + octet PK2 = {0,sizeof(pk2),pk2}; + char sig2[BFS_ZZZ+1]; + octet SIG2 = {0,sizeof(sig2),sig2}; + + char sk3[BGS_ZZZ]; + octet SK3 = {0,sizeof(sk3),sk3}; + char pk3[G2LEN]; + octet PK3 = {0,sizeof(pk3),pk3}; + char sig3[BFS_ZZZ+1]; + octet SIG3 = {0,sizeof(sig3),sig3}; + + // Combined signature and public keys + char pk[G2LEN]; + octet PK = {0,sizeof(pk),pk}; char sig[BFS_ZZZ+1]; - octet S= {0,sizeof(s),s}; - octet W= {0,sizeof(w),w}; - octet SIG= {0,sizeof(sig),sig}; + octet SIG = {0,sizeof(sig),sig}; - BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&S,&W); + // Generate key pairs + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK1,&PK1); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK2,&PK2); + BLS_ZZZ_KEY_PAIR_GENERATE(RNG,&SK3,&PK3); - printf("Private key: 0x"); - OCT_output(&S); - printf("Public key: 0x"); - OCT_output(&W); + printf("Private key SK1: "); + OCT_output(&SK1); + printf("Public key PK1: "); + OCT_output(&PK1); + printf("Private key SK2: "); + OCT_output(&SK2); + printf("Public key PK2: "); + OCT_output(&PK2); + printf("Private key SK3: "); + OCT_output(&SK2); + printf("Public key PK3: "); + OCT_output(&PK2); + printf("\n"); - BLS_ZZZ_SIGN(&SIG,message,&S); - printf("Signature: 0x"); - OCT_output(&SIG); + // Sign the message + BLS_ZZZ_SIGN(&SIG1,message,&SK1); + BLS_ZZZ_SIGN(&SIG2,message,&SK2); + BLS_ZZZ_SIGN(&SIG3,message,&SK3); + + printf("SIG1: "); + OCT_output(&SIG1); + printf("SIG2: "); + OCT_output(&SIG2); + printf("SIG3: "); + OCT_output(&SIG3); + printf("\n"); + + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); + if (rc==BLS_OK) + { + printf("Test Passed valid Signature / message\n"); + } + else + { + printf("Test Failed valid Signature / message\n"); + return 1; + } - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG2,message,&PK2); if (rc==BLS_OK) { printf("Test Passed valid Signature / message\n"); @@ -75,37 +130,115 @@ int bls(csprng *RNG) return 1; } + // Verify signature + rc=BLS_ZZZ_VERIFY(&SIG3,message,&PK3); + if (rc==BLS_OK) + { + printf("Test Passed valid Signature / message\n"); + } + else + { + printf("Test Failed valid Signature / message\n"); + return 1; + } + + // Add Public keys + rc = BLS_ZZZ_ADD_G2(&PK1,&PK2,&PK); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); + return 1; + } + rc = BLS_ZZZ_ADD_G2(&PK,&PK3,&PK); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G2 errorCode : %d\n", rc); + return 1; + } + printf("Public key PK: "); + OCT_output(&PK); + printf("\n"); + + // Add signatures + rc = BLS_ZZZ_ADD_G1(&SIG1,&SIG2,&SIG); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); + return 1; + } + + // Verify combined signature. This should fail. + rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); + if (rc==BLS_FAIL) + { + printf("Test Passed invalid signature SIG = SIG1 + SIG2 \n"); + } + else + { + printf("Test Failed invalid signature SIG = SIG1 + SIG2 \n"); + return 1; + } + + rc = BLS_ZZZ_ADD_G1(&SIG,&SIG3,&SIG); + if (rc!=BLS_OK) + { + printf("ERROR BLS_ZZZ_ADD_G1 errorCode : %d\n", rc); + return 1; + } + printf("SIG: "); + OCT_output(&SIG); + printf("\n"); + + // Verify combined signature. + rc=BLS_ZZZ_VERIFY(&SIG,message,&PK); + if (rc==BLS_OK) + { + printf("Test Passed valid Signature SIG = SIG1 + SIG2 + SIG3\n"); + } + else + { + printf("Test Failed valid Signature SIG = SIG1 + SIG2 + SIG3\n"); + return 1; + } + + // change the message message[0]='Z'; printf("message %s\n", message); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); - if (rc!=BLS_OK) + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); + if (rc==BLS_FAIL) { - printf("Test Passed valid Signature / invalid message\n"); + printf("Test Passed valid signature / invalid message\n"); } else { - printf("Test Failed valid Signature / invalid message\n"); + printf("Test Failed valid signature / invalid message\n"); return 1; } - // Invalid signature - message[0]='T'; - SIG.val[0]=5; + + // Change the signature + message[0]='t'; + SIG1.val[0]=5; printf("message %s\n", message); - printf("Signature: 0x"); - OCT_output(&SIG); - rc=BLS_ZZZ_VERIFY(&SIG,message,&W); - if (rc!=BLS_OK) + printf("Sig1nature SIG1: "); + OCT_output(&SIG1); + rc=BLS_ZZZ_VERIFY(&SIG1,message,&PK1); + if (rc==BLS_FAIL) { - printf("Test Passed invalid Signature / valid message\n"); + printf("Test Passed invalid signature / valid message\n"); } else { - printf("Test Failed invalid Signature / valid message\n"); + printf("Test Failed invalid signature / valid message\n"); return 1; } + /* clear memory */ + OCT_clear(&SK1); + OCT_clear(&SK2); + OCT_clear(&SK3); + return 0; } @@ -129,8 +262,7 @@ int main() CREATE_CSPRNG(&RNG,&SEED); printf("\nTesting BLS signature for curve ZZZ\n"); - int rc = bls(&RNG); - if (rc == 0) + if (bls(&RNG)) { printf("SUCCESS"); }