feat(stm): make 'AggregateSignature' support multiple proof systems

Author: jpraynaud

demo/protocol-demo/src/types.rs

@@ -32,7 +32,7 @@ pub type ProtocolKeyRegistrationNotCertified = KeyRegistration;
 /// Alias of [MithrilStm:SingleSignature](struct@mithril_stm::SingleSignature).
 pub type ProtocolSingleSignature = SingleSignature;
 
-/// Alias of [MithrilStm:AggregateSignature](struct@mithril_stm::AggregateSignature).
+/// Alias of [MithrilStm:AggregateSignature](enum@mithril_stm::AggregateSignature).
 pub type ProtocolMultiSignature = AggregateSignature<D>;
 
 /// Alias of [MithrilStm:VerificationKeyProofOfPossession](type@mithril_stm::VerificationKeyProofOfPossession).

mithril-common/src/crypto_helper/types/wrappers.rs

@@ -17,7 +17,7 @@ pub type ProtocolSignerVerificationKeySignature = ProtocolKey<Sum6KesSig>;
 /// Wrapper of [MithrilStm:SingleSignature](type@SingleSignature) to add serialization utilities.
 pub type ProtocolSingleSignature = ProtocolKey<SingleSignature>;
 
-/// Wrapper of [MithrilStm:AggregateSignature](struct@AggregateSignature) to add serialization utilities.
+/// Wrapper of [MithrilStm:AggregateSignature](enum@AggregateSignature) to add serialization utilities.
 pub type ProtocolMultiSignature = ProtocolKey<AggregateSignature<D>>;
 
 /// Wrapper of [OpCert] to add serialization utilities.

mithril-common/src/test/double/fake_keys.rs

@@ -52,7 +52,7 @@ pub const fn single_signature<'a>() -> [&'a str; 4] {
     ]
 }
 
-/// A list of pre json hex encoded [MithrilStm:AggregateSignature](struct@mithril_stm::AggregateSignature)
+/// A list of pre json hex encoded [MithrilStm:AggregateSignature](enum@mithril_stm::AggregateSignature)
 pub const fn multi_signature<'a>() -> [&'a str; 2] {
     [
         "7b227369676e617475726573223a5b5b7b227369676d61223a5b3137312c3136312c3232352c3139342c32382c\

mithril-stm/src/aggregate_signature/clerk.rs

@@ -4,6 +4,7 @@ use crate::{
     AggregateSignature, AggregateVerificationKey, AggregationError, BasicVerifier,
     ClosedKeyRegistration, Index, Parameters, Signer, SingleSignature,
     SingleSignatureWithRegisteredParty, Stake, VerificationKey,
+    aggregate_signature::ConcatenationProof,
 };
 
 /// `Clerk` can verify and aggregate `SingleSignature`s and verify `AggregateSignature`s.
@@ -15,7 +16,7 @@ pub struct Clerk<D: Clone + Digest> {
     pub(crate) params: Parameters,
 }
 
-impl<D: Digest + Clone + FixedOutput> Clerk<D> {
+impl<D: Digest + Clone + FixedOutput + Send + Sync> Clerk<D> {
     /// Create a new `Clerk` from a closed registration instance.
     pub fn new_clerk_from_closed_key_registration(
         params: &Parameters,
@@ -96,10 +97,10 @@ impl<D: Digest + Clone + FixedOutput> Clerk<D> {
             .merkle_tree
             .compute_merkle_tree_batch_path(mt_index_list);
 
-        Ok(AggregateSignature {
+        Ok(AggregateSignature::Concatenation(ConcatenationProof {
             signatures: unique_sigs,
             batch_proof,
-        })
+        }))
     }
 
     /// Aggregate a set of signatures for their corresponding indices.

mithril-stm/src/aggregate_signature/mod.rs

@@ -461,7 +461,7 @@ mod tests {
         #[test]
         fn test_invalid_proof_index_unique(tc in arb_proof_setup(10)) {
             with_proof_mod(tc, |aggr, clerk, _msg| {
-                for sig_reg in aggr.signatures.iter_mut() {
+                for sig_reg in aggr.signatures().iter_mut() {
                     for index in sig_reg.sig.indexes.iter_mut() {
                        *index %= clerk.params.k - 1
                     }
@@ -471,7 +471,7 @@ mod tests {
         #[test]
         fn test_invalid_proof_path(tc in arb_proof_setup(10)) {
             with_proof_mod(tc, |aggr, _, _msg| {
-                let p = aggr.batch_proof.clone();
+                let p = aggr.batch_proof().clone();
                 let mut index_list = p.indices.clone();
                 let values = p.values;
                 let batch_proof = {
@@ -482,7 +482,7 @@ mod tests {
                         hasher: Default::default()
                     }
                 };
-                aggr.batch_proof = batch_proof;
+                aggr.set_batch_proof(batch_proof);
             })
         }
     }

mithril-stm/src/aggregate_signature/signature.rs

@@ -1,3 +1,114 @@
+use std::collections::HashMap;
+use std::hash::Hash;
+
+use blake2::digest::{Digest, FixedOutput};
+use serde::{Deserialize, Serialize};
+use strum::{Display, EnumDiscriminants};
+
+use crate::error::StmAggregateSignatureError;
+use crate::merkle_tree::MerkleBatchPath;
+use crate::{AggregateVerificationKey, Parameters, SingleSignatureWithRegisteredParty};
+
 use super::ConcatenationProof;
 
-pub type AggregateSignature<D> = ConcatenationProof<D>;
+/// A STM aggregate signature.
+#[derive(Debug, Clone, Serialize, Deserialize, EnumDiscriminants)]
+#[strum(serialize_all = "PascalCase")]
+#[strum_discriminants(derive(Serialize, Hash, Display))] // TODO: replace strum with custom implementation
+#[strum_discriminants(name(AggregateSignatureType))]
+#[serde(bound(
+    serialize = "MerkleBatchPath<D>: Serialize",
+    deserialize = "MerkleBatchPath<D>: Deserialize<'de>"
+))]
+#[serde(untagged)]
+pub enum AggregateSignature<D: Clone + Digest + FixedOutput + Send + Sync> {
+    /// Concatenation proof system.
+    Concatenation(ConcatenationProof<D>),
+}
+
+impl<D: Clone + Digest + FixedOutput + Send + Sync> AggregateSignature<D> {
+    /// Verify an aggregate signature
+    pub fn verify(
+        &self,
+        msg: &[u8],
+        avk: &AggregateVerificationKey<D>,
+        parameters: &Parameters,
+    ) -> Result<(), StmAggregateSignatureError<D>> {
+        match self {
+            AggregateSignature::Concatenation(stm_aggr_sig) => {
+                stm_aggr_sig.verify(msg, avk, parameters)
+            }
+        }
+    }
+
+    /// Batch verify a set of aggregate signatures
+    pub fn batch_verify(
+        stm_signatures: &[Self],
+        msgs: &[Vec<u8>],
+        avks: &[AggregateVerificationKey<D>],
+        parameters: &[Parameters],
+    ) -> Result<(), StmAggregateSignatureError<D>> {
+        let stm_signatures: HashMap<AggregateSignatureType, Vec<Self>> =
+            stm_signatures.iter().fold(HashMap::new(), |mut acc, sig| {
+                acc.entry(sig.into()).or_default().push(sig.clone());
+                acc
+            });
+        stm_signatures
+            .into_iter()
+            .try_for_each(
+                |(stm_aggr_sig_type, stm_aggr_sigs)| match stm_aggr_sig_type {
+                    AggregateSignatureType::Concatenation => ConcatenationProof::batch_verify(
+                        &stm_aggr_sigs
+                            .into_iter()
+                            .filter_map(|s| match s {
+                                Self::Concatenation(stm_aggr_sig) => Some(stm_aggr_sig),
+                            })
+                            .collect::<Vec<_>>(),
+                        msgs,
+                        avks,
+                        parameters,
+                    ),
+                },
+            )
+            .map_err(|_| StmAggregateSignatureError::BatchInvalid)
+    }
+
+    /// Convert an aggregate signature to bytes
+    pub fn to_bytes(&self) -> Vec<u8> {
+        match self {
+            AggregateSignature::Concatenation(stm_aggr_sig) => stm_aggr_sig.to_bytes(),
+        }
+    }
+
+    /// Extract an aggregate signature from a byte slice.
+    pub fn from_bytes(bytes: &[u8]) -> Result<Self, StmAggregateSignatureError<D>> {
+        // TODO: Move first byte of concatenation proof here to identify the proof system
+        Ok(Self::Concatenation(ConcatenationProof::from_bytes(bytes)?))
+    }
+
+    /// Extract the list of signatures.
+    pub fn signatures(&self) -> Vec<SingleSignatureWithRegisteredParty> {
+        match self {
+            AggregateSignature::Concatenation(stm_aggr_sig) => stm_aggr_sig.signatures.clone(),
+        }
+    }
+
+    /// Extract the list of unique merkle tree nodes that covers path for all signatures.
+    // TODO: transfer this function to the concatenation proof
+    pub fn batch_proof(&self) -> MerkleBatchPath<D> {
+        match self {
+            AggregateSignature::Concatenation(stm_aggr_sig) => stm_aggr_sig.batch_proof.clone(),
+        }
+    }
+
+    /// Extract the list of unique merkle tree nodes that covers path for all signatures. (test only)
+    // TODO: transfer this function to the concatenation proof
+    #[cfg(test)]
+    pub(crate) fn set_batch_proof(&mut self, batch_proof: MerkleBatchPath<D>) {
+        match self {
+            AggregateSignature::Concatenation(stm_aggr_sig) => {
+                stm_aggr_sig.batch_proof = batch_proof
+            }
+        }
+    }
+}

mithril-stm/src/lib.rs

@@ -116,7 +116,9 @@ mod parameters;
 mod participant;
 mod single_signature;
 
-pub use aggregate_signature::{AggregateSignature, AggregateVerificationKey, BasicVerifier, Clerk};
+pub use aggregate_signature::{
+    AggregateSignature, AggregateSignatureType, AggregateVerificationKey, BasicVerifier, Clerk,
+};
 pub use error::{
     AggregationError, CoreVerifierError, RegisterError, StmAggregateSignatureError,
     StmSignatureError,