Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BLST-based crypto package #4358

Merged
merged 238 commits into from Dec 6, 2023
Merged

BLST-based crypto package #4358

merged 238 commits into from Dec 6, 2023

Conversation

tarakby
Copy link
Contributor

@tarakby tarakby commented May 16, 2023
edited

Overview

This PR is a major refactor of the Flow crypto library, in particular the the BLS 12-381 curve implementation. It updates the curve implementation from relying on Relic external library to relying on BLST external library.

This has two advantages:

  • Flow crypto becomes an easily usable Go package, that is ready to import and build without extra friction steps. Previously the package needed a setup step to build a Relic static library using non-Go tools.
  • BLST is written and optimized specifically for the BLS12-381 curve, while Relic is a generic library supporting multiple curves and use cases. Moving to BLST improves the package performance significantly.

Changes

Flow crypto library implementation provides an implementation of the BLS signature scheme, BLS-based threshold signature, DKG for BLS-based threshold signature, and BLS-based SPoCK. All of these schemes are set up using the BLS 12-381 curve.
The implementation of all these schemes has a common structure into 3 layers:

  1. Go upper layer with public functions and structures - thin cryptography-related implementations
  2. C middle-layer: the major layer implementing all the cryptographic schemes/protocols above
  3. C lower layer implementing all BLS12-381 tools (field arithmetic, point arithmetic, pairing)

Layer 3 used to use Relic tools before this PR, and this PR is updating it to use BLST tools. As a consequence, Layer 2 underwent a major refactor to adapt to new BLST tools. Layer 1 also underwent a minor refactor.

The PR also integrates the new Flow crypto library into onflow/flow-go. In particular it updates all the test and build tooling (workflows, tests, makefiles)

This PR is made of the smaller PRs below, where more details can be found:

Testing

In addition to CI tests on this repo, the new module has been tested on transient Flow networks with up to 150 nodes (using the Benchnet2 framework). Results can be found here.

Benchmark

(on an Intel(R) Core(TM) i5-8259U CPU @ 2.30GHz)

For a quick read, you can focus only on the BLS_Sign (3.9x improvement) and BLS_Verify(3.6x improvement).

  • Relic based library
BenchmarkBLS12381_ScalarMult/G1-8                     8408            144367 ns/op
BenchmarkBLS12381_ScalarMult/G2-8                     2839            407404 ns/op
BenchmarkBLS12381_MapToG1-8                           4389            268728 ns/op
BenchmarkBLS12381_SubgroupCheck/G1-8                  4442            249818 ns/op
BenchmarkBLS12381_SubgroupCheck/G2-8                  1035           1141323 ns/op
BenchmarkBLS_Sign-8                                   1824            591269 ns/op
BenchmarkBLS_Verify-8                                  326           3652662 ns/op
BenchmarkBLS_BatchVerify/happy_path-8                   12          93642932 ns/op
BenchmarkBLS_BatchVerify/unhappy_path-8                 12         141479731 ns/op
BenchmarkBLS_VerifySignatureManyMessages-8             276           4352977 ns/op
BenchmarkBLS_Aggregate/PrivateKeys-8                 12282             97610 ns/op
BenchmarkBLS_Aggregate/PublicKeys-8                    297           3919277 ns/op
BenchmarkBLS_Aggregate/Signatures-8                     16          65730951 ns/op
BenchmarkBLS_ThresholdSimpleKeyGen-8                    43          25577217 ns/op
  • BLST based library (without ADX)
BenchmarkBLS12381_ScalarMult/G1-8                           9153            114988 ns/op
BenchmarkBLS12381_ScalarMult/G2-8                           4369            245211 ns/op
BenchmarkBLS12381_MapToG1-8                                14991             80184 ns/op
BenchmarkBLS12381_SubgroupCheck/G1-8                       19898             61015 ns/op
BenchmarkBLS12381_SubgroupCheck/G2-8                       15300             89980 ns/op
BenchmarkBLS_Sign-8                                         5122            196962 ns/op
BenchmarkBLS_Verify-8                                        920           1255320 ns/op
BenchmarkBLS_BatchVerify/happy_path-8                         26          44006822 ns/op
BenchmarkBLS_BatchVerify/unhappy_path-8                       24          43398434 ns/op
BenchmarkBLS_VerifySignatureManyMessages-8                    34          35534403 ns/op
BenchmarkBLS_Aggregate/PrivateKeys-8                       99625             11719 ns/op
BenchmarkBLS_Aggregate/PublicKeys-8                          434           2658353 ns/op
BenchmarkBLS_Aggregate/Signatures-8                           55          20230502 ns/op
BenchmarkBLS_ThresholdSimpleKeyGen-8                          73          14797332 ns/op
BenchmarkBLS_ThresholdSignatureReconstruction-8              220           5502518 ns/op
  • BLST based library (with ADX)
BenchmarkBLS12381_ScalarMult/G1-8                          13239             90085 ns/op
BenchmarkBLS12381_ScalarMult/G2-8                           6196            192959 ns/op
BenchmarkBLS12381_MapToG1-8                                20506             58979 ns/op
BenchmarkBLS12381_SubgroupCheck/G1-8                       24444             50676 ns/op
BenchmarkBLS12381_SubgroupCheck/G2-8                       20234             58880 ns/op
BenchmarkBLS_Sign-8                                         7964            152160 ns/op
BenchmarkBLS_Verify-8                                       1154           1008637 ns/op
BenchmarkBLS_BatchVerify/happy_path-8                         34          34089439 ns/op
BenchmarkBLS_BatchVerify/unhappy_path-8                       31          33988129 ns/op
BenchmarkBLS_VerifySignatureManyMessages-8                    42          27193364 ns/op
BenchmarkBLS_Aggregate/PrivateKeys-8                       89925             11401 ns/op
BenchmarkBLS_Aggregate/PublicKeys-8                          586           1995054 ns/op
BenchmarkBLS_Aggregate/Signatures-8                           73          14013157 ns/op
BenchmarkBLS_ThresholdSimpleKeyGen-8                          91          11392687 ns/op
BenchmarkBLS_ThresholdSignatureReconstruction-8              278           4393246 ns/op

Risks

  • substitute a generic implementations that works for multiple algorithms/curves/fields (RELIC) with a library that only supports BLS12-381 curve.
  • RELIC exports arithmetic tools on their external functions while BLST exports mainly BLS tools and Flow crypto rather imports the internal non-exported arithmetic tools (risk of BLST not maintaining same internal functions in future updates)

Review assignment:

Note: Please do not review files underonflow/flow-go/crypto/internal/ and onflow/flow-go/crypto/blst_src/ (about 135 files) because these are files copied from the BLST repo without changes. The reasoning behind the copy is explained in this README file.

Review is open to everyone interested. In particular, a review from the following members is appreciated:

  1. onflow/flow-go/crypto/ - .c and .h files: @durkmurder
  2. onflow/flow-go/crypto/ - go files (tests included): @jordanschalm
  3. Makefile and .yml and Dockerfile files: @gomisha / @peterargue
  4. READMEfiles : any member from above is welcome to review
  5. onflow/flow-go/ - go files outside /crypto: @peterargue

tarakby and others added 30 commits January 17, 2023 19:32
@tarakby
add c and asm srouce files from blst
dfe442c
@tarakby
add blst header files and README
635f960
@tarakby
cgo directives to compile blst files
abe0fe1
@tarakby
update README and clean up C directives
59be524
@tarakby
remove non code files
56b4b56
@tarakby
disable c99 and compile blst src and assembly
3c5accd
@tarakby
include blst.h
3c0247c
@tarakby
tidy go.mod after removing blst package
79601b6
@tarakby
add missing relic flags
e64cc36
@tarakby
first iteration of scalar type change
e51d94e
@tarakby
merge feature branch
7593960
@tarakby
merge keygen updates
0a066ec
@tarakby
use new type Fr in BLS simple sig
b99d75b
@tarakby
implement BLS threshold signature with new Fr type
e3f4fee
@tarakby
Merge pull request #3851 from onflow/tarak/add-blst-src
7163fc1 
[crypto] add blst source code
@tarakby
add Fermat inversion - Lagrange interpolation works with Euclidean in…
8b49d0a 
…version and multiple cleanups
@tarakby
DKG feldmanVSS with Fr type
1b3293f
@tarakby
enable all DKG protocols to work with new Fr type
2bbea26
@tarakby
uncomment tests
b113d33
@tarakby
renaming and linter errors
7a2617c
@tarakby
fix gcc compilation issue and remove blst.h
d7f3d5d
@tarakby
fix double definition
4979760
@tarakby
enable tmate on ci temporarily
90c412f
@tarakby
test improvement and temporary memory free
d96d6fa
@tarakby
fix memory allocation bug in temp function
0593da5
@tarakby
Revert "enable tmate on ci temporarily"
0e8829e 
This reverts commit 90c412f.
@tarakby
Merge pull request #3993 from onflow/tarak/2-blst-types
b2ae93c 
[Crypto] new BLST-based scalar and field element type
@tarakby
g1 and g2 exportable types to cgo
52cae3e
@tarakby
new Fp and Fp2 tools, but still the mess
e783a42
@tarakby
first changes to use new type G2
f025a01
@tarakby tarakby mentioned this pull request Nov 24, 2023
Merged
durkmurder
durkmurder approved these changes Nov 29, 2023
View reviewed changes
Copy link
Member

@durkmurder durkmurder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed .*c files. Great accomplishment! ⭐

@tarakby tarakby mentioned this pull request Dec 1, 2023
Merged
@tarakby tarakby added this pull request to the merge queue Dec 5, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Dec 5, 2023
@tarakby tarakby added this pull request to the merge queue Dec 6, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 6, 2023
@tarakby tarakby added this pull request to the merge queue Dec 6, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 6, 2023
@tarakby tarakby added this pull request to the merge queue Dec 6, 2023
Merged via the queue into master with commit 9dffe11 Dec 6, 2023
106 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@durkmurder durkmurder durkmurder approved these changes

@jordanschalm jordanschalm jordanschalm approved these changes

@gomisha gomisha gomisha approved these changes

@peterargue peterargue peterargue approved these changes

Assignees

@tarakby tarakby

Labels
Improvement Performance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@tarakby @codecov-commenter @durkmurder @jordanschalm @gomisha @peterargue