-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[crypto] Add cross-testing of our BLS implementation with that of BLST #934
Conversation
5822009
to
35e2c11
Compare
dcfea2f
to
fcebaeb
Compare
Codecov Report
@@ Coverage Diff @@
## master #934 +/- ##
==========================================
+ Coverage 53.14% 53.17% +0.03%
==========================================
Files 321 321
Lines 21733 21730 -3
==========================================
+ Hits 11550 11556 +6
+ Misses 8618 8604 -14
- Partials 1565 1570 +5
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. While the detailed cryptographic operations are beyond my background, I am sure Tarak and you have these details covered.
540b3d5
to
d078692
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for starting to play with the BLST library!
I also didn't know about the rapid
package, we should be able to re-use it in many other tests!
I have made a suggestion branch that includes:
- updates to the deserialization functions to cover the malleability issue.
- minor comments updates.
- refactor
TestMapToG1Relic
.
Regarding the new test functions, I can group them into two categories:
-
test Relic map against the IRTF draft test vector
-
test consistency of flow-go/crypto and BLST
-
I think This is a useful test if we were to use relic hash to point mapping. This is unfortunately blocked by the PR to Relic. We can still use a similar test once I update our hash to point mapping to match the IRTF draft. Till these changes are made, I am wondering if the test should be merged to the repository, since it is testing a function that is not used in the package yet.
-
I have a similar feeling about the second type of tests. Since BLST isn't used in the package, we may need to wait before merging those tests. I can see the tests being very useful if we start the transition away from Relic and we want to make sure the updates are consistent with Relic. I think it's good to keep the tests on a feature branch and use them as a base to make more BLST work.
I'm curious to hear your thoughts about merging the tests!
3745ab9
to
69caa43
Compare
The test checks that our signature function, minus the hash-to-curve component, is the same as the one in blst. I find that valuable, and there's an obvious transition (removing "minus the hash-to-curve component") that this test will easily undergo once we've solved the map-to-curve issue, one way or another (blst allows signing w/o the hash-to-field, so that we'll be able to splice in our kmac there).
A feature branch is meant to isolate wide-ranging changes to the code base that would impact the work of many other otherwise uninterested developers. While the work of transitioning our Relic-based library to anything else would be wide-ranging in terms of SLoC, it happens in one directory, in a half-dozen files, and -at least according to commit history- there isn't a very large number of impacted developers (and I would hope he would not be uninterested). Moreover, even if we never transition to anything ever, we have to track both:
These present tests help warn us about a change in either of them. They would similarly help if we were to choose integrating blst in the emulator or the SDK. For future, transitional commits that would be moving the main arch of our relic library, we can certainly revisit the branch question. |
bb33fe3
to
0776983
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates 🏄
I have made more comments on the updates, and made a suggestion PR to address them in order to merge soon.
All comments were addressed in my PR, but the one related to EP_ISOMAP
.
As mentioned in my PR, I suggest to keep the current scope for this PR, and I'll submit a new PR to integrate the new Relic tool.
92997a2
to
ceaf0de
Compare
1. we're not using it, 2. it's a bad idea to use it (see [Tibouchi2012](https://www.normalesup.org/~tibouchi/papers/bnhash-scis.pdf) section 3.1)
we don't have any code to link it against
This allows accessing the map-to-field from Relic, a prequel to compatibility testing with other libraries
Fix an edge case in point deserialization: the deserialization would accept anything for the compressed byte as long as the point material would: - be of the correct length for the deserialization context, - be coherent with the sign bit for y which allows the bit representation of points to change (in particular, one can turn off the compressed bit)
Because of our non-standard map-to-curve (see https://github.com/dapperlabs/flow-go/issues/5647), we need a hybrid verification, that uses a standard-compliant map-to-curve (that of Relic) followed by our signing process, and compares the result to that of BLST. This opens entrypoints to achieve this comparison along the way. This depends on the serde fixes above.
Add testKeyGenDecodePrivateCrossBLST, testGenKeyDeserializeScalarCrossBLST which test the KeyGen of the one lib against the Deserialize of the other
Simplify superfluous tests
ceaf0de
to
b110e51
Compare
Please refer to individual commit messages.
Summary:
with our normal implementation. This is limited to the cipherSuite
BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_RO_NUL_
(extensible to other XMD:{SHA|BS) variants)