-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BLS Compression c_flag #20
Comments
Yes, I'm currently integrating these tests into our implementation and have found the same issues (both with In addition, I think the flag(s) are being applied to the real part of the X coordinate (i.e. |
For reference, the summary of issues I found with the test data is here: Consensys/teku#401 (comment) Reproduced below for reference:
|
Excellent thanks :) |
@kirk-baird I'm working on the broken bit flags. We'll have an update in BLS signature library and generate the correct tests soon ethereum/eth2.0-test-generators#22. |
Hi @kirk-baird @benjaminion, the to be generated test would look like this https://gist.github.com/ChihChengLiang/328bc1db5d2a47950e5364c11f23052a . Could you please confirm if it works? |
@ChihChengLiang - this is a thing of beauty. All the tests ran perfectly with no need to modify the input at all. So, assuming that you and I didn't independently make the same mistakes, it LGTM 😃 Thank you very much for this ❤️ |
Works for me too 😃 Thanks heaps for this!! |
BLS tests updated. Waiting for another confirmation from Nim status-im/nim-blscurve#20 to close this issue. |
Closing, it's working fine on our side :). |
Hey,
I was just looking for clarification on the use of the c_flag in BLS G1 and G2 compression.
From reading:
https://github.com/ethereum/eth2.0-specs/blob/master/specs/bls_signature.md#g1-points
it was my interpretation that the c_flag / c_flag1 should always be set to 1.
In looking through the
test_bls.yml
I noticed that for both G1 (public keys) and G2 (Signatures) don't have the leading bit set to 1.Specifically in relation to case03 and case04 output I notice that neither of these have a leading 1 bit.
Now I know the c_flag doesn't impact the decompressed (x, y) values and I'm not certain of its function so I thought I'd raise this to clarify.
Cheers Kirk
=======================================================
Edit:
Upon further inspection I see in case02, the 7th input {domain: 0x01, msg: 5656...}
Output is: 0x996ebb76ef93b5c1b9b4adfa60d8526cbf64a3d681dc1aa4d0579c1961f28f0ec14622d6f5688e6d29a4873778b4f0fe
Which has the 2^383 bit set to 1 when the y value is odd.
Should it not be the 2^381 bit (i.e. a_flag)?
Again no impact on the point values/signing/verifying just mentioning for consensus.
The text was updated successfully, but these errors were encountered: