-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BLS12-381 bindings #266
BLS12-381 bindings #266
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's great! 👍
However, as you'll see in the comments below, we should change a few things. The main points are the following:
- We should remove the pairing check (and by consequence the
two_miller_one_exp
) - We should change the definition of "equal elements" for GT elements
- We should check points are in the group before computing the miller loop
In a nutshell we will be doing the optimization we did in pairing_check
for all operations between GT elements. i.e. we are generalizing it so that, instead of only applying the optimization when checking equality of two pairing evaluations, we can apply the optimization to an arbitrary number of pairing evaluations. Therefore, we only compute the miller loop when "computing the pairing", and when we check for equality, we do the finalcheck
, which handles the final exponentiation.
To this end we should include the following test with three pairings to the library:
(BLS.pairing (BLS.mult p a, q) * BLS.pairing (p, BLS.mult q b))
==
BLS.pairing(BLS.mult p (a + b), q)
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/C.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/C.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/C.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/C.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comments on function naming for add
vs add_or_double
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
cardano-crypto-class/src/Cardano/Crypto/EllipticCurve/BLS12_381/Internal.hs
Outdated
Show resolved
Hide resolved
Hi @tdammers, can we get an update on the PR? Also, is there a branch that exposes these bindings to dapps via Plutus? |
Hi @arthurgreef . This PR is still in draft, as we are waiting for benchmarks to determine whether these primitives will be usable in practice (due to the execution budget). The use-case we are currently considering is that of ATMS signatures. What are you planning on using them for? btw, did you manage to solve the problem with nix you had? |
Hi @iquerejeta I still have the problem with nix-shell.
|
Hi @iquerejeta my use case is DKG. |
Thanks @arthurgreef . I will try to look into the nix issue soon (we've been building it directly with |
@iquerejeta we need BLS12-381 so that organizations can issue verifiable credentials using signatures that comply with the BBS+ selective disclosure protocol. https://w3c-ccg.github.io/ldp-bbs2020/ |
Hi @iquerejeta - we are need BLS12-381 for organizations that sign verifiable credentials compliant with BBS+ https://w3c-ccg.github.io/ldp-bbs2020/ |
Hi @tdammers , thanks for all the great works from you and your team on bring BLS12-381 to Plutus. |
f791c4a
to
43cba76
Compare
@arthurgreef you should be able to make it work with nix. Let me know if that is not the case. |
@arthurgreef , nix should work now. If that's not the case, please let me know. |
|
Co-authored-by: Alexey Kuleshevich <[email protected]>
* Bumped version to 2.1.1.0 * Consistency in yaml file * Renaming for haskell convention * More verbose naming for code clarity * Switched back to iohk-nix/master
Now that we enforce at type level that points are part of the subgroup, the miller loop will always succeed
Bindings in Haskell for curve BLS12-381 operations. End goal is to add BLS12-381 bindings to Plutus, following [CIP-0381](https://github.com/cardano-foundation/CIPs/tree/master/CIP-0381). Bindings based in the [blst](https://github.com/supranational/blst) library. Co-authored-by: iquerejeta <[email protected]> Co-authored-by: Moritz Angermann <[email protected]> Co-authored-by: Alexey Kuleshevich <[email protected]>
Bindings in Haskell for curve BLS12-381 operations. End goal is to add BLS12-381 bindings to Plutus, following [CIP-0381](https://github.com/cardano-foundation/CIPs/tree/master/CIP-0381). Bindings based in the [blst](https://github.com/supranational/blst) library. Co-authored-by: iquerejeta <[email protected]> Co-authored-by: Moritz Angermann <[email protected]> Co-authored-by: Alexey Kuleshevich <[email protected]>
Implements #302