Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bls12: implements Marshaler interfaces and SetBytes for Scalar #277

Merged
merged 1 commit into from
Sep 21, 2021
Merged

bls12: implements Marshaler interfaces and SetBytes for Scalar #277

merged 1 commit into from
Sep 21, 2021

Conversation

armfazh
Copy link
Contributor

@armfazh armfazh commented Sep 10, 2021

Implements the Marshaler interfaces from go stdlib for serialization and deserialization.
Also, Scalar exposes SetBytes([]byte) to set scalars using variable-length data.

@armfazh armfazh self-assigned this Sep 10, 2021
@armfazh armfazh added the changesAPI PR changes the API of a package label Sep 10, 2021
bwesterb
bwesterb reviewed Sep 13, 2021
View reviewed changes
ecc/bls12381/ff/common.go
if isLessThan(in, order) == 0 {
return nil, errInputRange
}
return conv.BytesBe2Uint64Le(in), nil
}

func setBytesUnbounded(in []byte, order []byte) []uint64 {
inBig := new(big.Int).SetBytes(in)
inBig.Mod(inBig, new(big.Int).SetBytes(order))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are all scalars non-secret?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this function must be marked as non-constant time. Do you have any ideas on how to perform this operation in constant time?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What length are we applying it to? I think I only need it for double length ones, in which case a reduction is all that is required.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One alternative possibility is to take in a reader and use it to extract the requisit number of bytes to use as input to a reduction. Either Montgomery or Barrett would work, but I think with this approach Barrett makes the interface cleaner given the next toMont call. That said we could just go to Montgomery directly here, and avoid needing two reductions.

ecc/bls12381/ff/fp12.go Outdated Show resolved Hide resolved
ecc/bls12381/ff/fp2.go Outdated Show resolved Hide resolved
ecc/bls12381/ff/fp6.go Outdated Show resolved Hide resolved
wbl
wbl suggested changes Sep 17, 2021
View reviewed changes
ecc/bls12381/ff/common.go
if isLessThan(in, order) == 0 {
return nil, errInputRange
}
return conv.BytesBe2Uint64Le(in), nil
}

func setBytesUnbounded(in []byte, order []byte) []uint64 {
inBig := new(big.Int).SetBytes(in)
inBig.Mod(inBig, new(big.Int).SetBytes(order))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One alternative possibility is to take in a reader and use it to extract the requisit number of bytes to use as input to a reduction. Either Montgomery or Barrett would work, but I think with this approach Barrett makes the interface cleaner given the next toMont call. That said we could just go to Montgomery directly here, and avoid needing two reductions.

ecc/bls12381/ff/fp2.go Show resolved Hide resolved
ecc/bls12381/ff/fp6.go Show resolved Hide resolved
ecc/bls12381/g1.go Outdated Show resolved Hide resolved
@armfazh
Copy link
Contributor Author

armfazh commented Sep 20, 2021

please re-review @wbl and @bwesterb; everything is covered except by the setBytesUnbounded function. My plan is to implement Barret reduction in another PR, so we can unblock this one.

bwesterb
bwesterb approved these changes Sep 21, 2021
View reviewed changes
Copy link
Member

@bwesterb bwesterb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Provided we fix the constant-time issue soon enough.

@armfazh armfazh mentioned this pull request Sep 21, 2021
Open
@armfazh armfazh merged commit 5115a73 into cloudflare:master Sep 21, 2021
@armfazh armfazh deleted the bls12/Marshal branch September 21, 2021 21:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bwesterb bwesterb bwesterb approved these changes

@wbl wbl wbl approved these changes

@tanyav2 tanyav2 Awaiting requested review from tanyav2

Assignees

@armfazh armfazh

Labels
changesAPI PR changes the API of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@armfazh @bwesterb @wbl