Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[doc] Aggregate - pairing_mul_n #8

Open
mratsim opened this issue Jul 13, 2020 · 4 comments
Open

[doc] Aggregate - pairing_mul_n #8

mratsim opened this issue Jul 13, 2020 · 4 comments

Comments

@mratsim
Copy link
Contributor

mratsim commented Jul 13, 2020

Looking into aggregate.c it's clear what blst_pairing_aggregate_pk_in_g1 is for but blst_pairing_mul_n_aggregate_pk_in_g1 is not documented.

blst/src/aggregate.c

Lines 7 to 34 in 6d6dec3

/*
* Usage pattern on single-processor system is
*
* blst_pairing_init(ctx);
* blst_pairing_aggregate_pk_in_g1(ctx, PK1, aggregated_signature, message1);
* blst_pairing_aggregate_pk_in_g1(ctx, PK2, NULL, message2);
* ...
* blst_pairing_commit(ctx);
* blst_pairing_finalverify(ctx, NULL);
*
***********************************************************************
* Usage pattern on multi-processor system is
*
* blst_pairing_init(pk0);
* blst_pairing_init(pk1);
* ...
* start threads each processing a slice of PKs and messages:
* blst_pairing_aggregate_pk_in_g1(pkx, PK[], NULL, message[]);
* blst_pairing_commit(pkx);
* ...
* blst_fp12 gtsig;
* blst_aggregated_in_g2(&gtsig, aggregated_signature);
* join threads and merge their contexts:
* blst_pairing_merge(pk0, pk1);
* blst_pairing_merge(pk0, pk2);
* ...
* blst_pairing_finalverify(pk0, gtsig);
*/

It seems like it's computing λ0 e(PK0, H(msg0)) λ1 e(PK1, H(msg1)) ... with λi != 1
@Nashatyrev
Copy link

@mratsim I bet this is exactly what you've described. I think will check this shortly.
But, yep, would be nice to have some more docs

@dot-asm
Copy link
Collaborator

dot-asm commented Jul 19, 2020

Yes, the subroutines in question facilitate multiple aggregated signature verifiction. Its usage pattern is not finalized, because straightforward/naive one is not optimal. In other words it will change.

As for documentation in more general sense. Does reference to commentary mean that you'd view it as adequate? I mean outlining the usage pattern. Next question would be what would you think if usage pattern was expressed in form of python script? Would it be valuable?

@vikulin
Copy link

vikulin commented Apr 15, 2021

@nano-o >because straightforward/naive one is not optimal
Could it cause the issue #66 ?

@mratsim
Copy link
Contributor Author

mratsim commented Apr 16, 2021

As for documentation in more general sense. Does reference to commentary mean that you'd view it as adequate? I mean outlining the usage pattern. Next question would be what would you think if usage pattern was expressed in form of python script? Would it be valuable?

Sorry I missed your question. For me it's adequate but I know both the low-level details and what I want to achieve.
I assume going forward people would like more handholding and are more familiar with something like a gitbook (https://docs.gitbook.com/).

For starters, a couple of Python scripts would likely be helpful indeed or maybe a tutorial folder with:

  • 01 - How to generate a keypair
  • 02 - How to sign a message
  • 03 - How to verify a message
  • 04 - How to have multiple keys sign the same message and produce a "fast aggregated" signature
  • 05 - How to verify a "fast aggregated" signature
  • 06 - How to batch verify n signatures on n messages

And each folder would have your support languages: C, Go, Rust, Python as demo.

This would be similar to what Halide does with its lessons:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vikulin @Nashatyrev @dot-asm @mratsim