Pass on stm module

* StmSig does not require the Verification key + PoP, as in the registration PoP is already verified.
* PartyId is no longer linked to a signature.
* Introduced the StmAggrVerificationKey, which essentially is the root of the merkle tree and the full stake.
* Renamed StmMultiSig -> StmAggrSig
* Minor optimisation in StmAggrSig. Instead of individually verifying `k` signatures (= to evaluating `k` pairings), we first aggregate the signatures, and the keys, and verify the aggregate (= `k` additions in G1 and G2 and one pairing evaluation)

Author: iquerejeta

mithril-core/examples/key_registration.rs

@@ -3,10 +3,7 @@
 //! run presented in `tests/integration.rs`, we explicitly treat each party individually.
 
 use mithril::key_reg::{ClosedKeyReg, KeyReg};
-use mithril::stm::{
-    Stake, StmClerk, StmInitializer, StmParameters, StmSig, StmSigner, StmVerificationKey,
-    StmVerifier,
-};
+use mithril::stm::{Stake, StmClerk, StmInitializer, StmParameters, StmSig, StmSigner, StmVerificationKeyPoP, StmVerifier};
 
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
@@ -46,7 +43,7 @@ fn main() {
     let party_3_init = StmInitializer::setup(params, parties[3].0, parties[3].1, &mut rng);
 
     // The public keys are broadcast. All participants will have the same keys.
-    let parties_pks: Vec<StmVerificationKey> = vec![
+    let parties_pks: Vec<StmVerificationKeyPoP> = vec![
         party_0_init.verification_key(),
         party_1_init.verification_key(),
         party_2_init.verification_key(),
@@ -113,7 +110,7 @@ fn main() {
     let closed_registration = local_reg(&parties, &parties_pks);
     let clerk = StmClerk::from_registration(params, closed_registration.clone());
     let verifier = StmVerifier::new(
-        closed_registration.avk.to_commitment(),
+        closed_registration.merkle_tree.to_commitment(),
         params,
         closed_registration.total_stake,
     );
@@ -146,7 +143,7 @@ fn try_signatures(party: &StmSigner<H>, msg: &[u8], m: u64) -> Vec<StmSig<H>> {
         .collect()
 }
 
-fn local_reg(ids: &[(u64, u64)], pks: &[StmVerificationKey]) -> ClosedKeyReg<H> {
+fn local_reg(ids: &[(u64, u64)], pks: &[StmVerificationKeyPoP]) -> ClosedKeyReg<H> {
     let mut local_keyreg = KeyReg::init(ids);
     // todo: maybe its cleaner to have a `StmPublic` instance that covers the "shareable"
     // data, such as the public key, stake and id.

mithril-core/src/c_api.rs

@@ -9,9 +9,9 @@ use std::os::raw::c_char;
 pub const NULLPOINTERERR: i64 = -99;
 
 type H = blake2::Blake2b;
-type StmVerificationKeyPtr = *mut StmVerificationKey;
+type StmVerificationKeyPoPPtr = *mut StmVerificationKeyPoP;
 type SigPtr = *mut StmSig<H>;
-type MultiSigPtr = *mut StmMultiSig<H>;
+type MultiSigPtr = *mut StmAggrSig<H>;
 type StmInitializerPtr = *mut StmInitializer;
 type StmSignerPtr = *mut StmSigner<H>;
 type StmClerkPtr = *mut StmClerk<H>;
@@ -315,7 +315,7 @@ mod initializer {
     #[no_mangle]
     pub extern "C" fn stm_initializer_verification_key(
         me: StmInitializerPtr,
-        pk: *mut StmVerificationKeyPtr,
+        pk: *mut StmVerificationKeyPoPPtr,
     ) -> i64 {
         unsafe {
             if let (Some(ref_me), Some(ref_pk)) = (me.as_ref(), pk.as_mut()) {
@@ -444,7 +444,7 @@ mod signer {
 
 mod key_reg {
     use crate::c_api::{
-        ClosedKeyRegPtr, KeyRegPtr, MerkleTreeCommitmentPtr, StmVerificationKeyPtr, NULLPOINTERERR,
+        ClosedKeyRegPtr, KeyRegPtr, MerkleTreeCommitmentPtr, StmVerificationKeyPoPPtr, NULLPOINTERERR,
     };
     use crate::error::RegisterError;
     use crate::key_reg::KeyReg;
@@ -488,7 +488,7 @@ mod key_reg {
     pub extern "C" fn register_party(
         key_reg: KeyRegPtr,
         party_id: PartyId,
-        party_key: StmVerificationKeyPtr,
+        party_key: StmVerificationKeyPoPPtr,
     ) -> i64 {
         unsafe {
             if let (Some(ref_key_reg), Some(party_key)) = (key_reg.as_mut(), party_key.as_ref()) {
@@ -511,7 +511,7 @@ mod key_reg {
     ) -> i64 {
         unsafe {
             if let (Some(key_reg), Some(mk_tree)) = (key_reg.as_ref(), mk_tree.as_mut()) {
-                *mk_tree = Box::into_raw(Box::new(key_reg.avk.to_commitment()));
+                *mk_tree = Box::into_raw(Box::new(key_reg.merkle_tree.to_commitment()));
                 return 0;
             }
             NULLPOINTERERR
@@ -582,12 +582,13 @@ mod clerk {
         }
     }
 
-    /// Try to verify a signature.
+    /// Verify a signature.
     /// returns:
     /// * 0 if the signature is valid
     /// * -1 if the lottery win is false
-    /// * -2 if the Merkle Tree is invalid
+    /// * -2 if the Merkle Tree path is invalid
     /// * -3 if the MSP signature is invalid
+    /// * -4 if the Index is out of bounds
     /// * NULLPOINTERERR if invalid pointers
     ///
     #[no_mangle]
@@ -601,12 +602,14 @@ mod clerk {
                 (me.as_ref(), msg.as_ref(), sig.as_ref())
             {
                 let msg_str = CStr::from_ptr(msg);
-                let out = ref_me.verify_sig(ref_sig, msg_str.to_bytes());
+                let avk = StmAggrVerificationKey::from(&ref_me.closed_reg);
+                let out = ref_sig.verify(&ref_me.params, &avk, msg_str.to_bytes());
                 return match out {
                     Ok(()) => 0,
                     Err(VerificationFailure::LotteryLost) => -1,
                     Err(VerificationFailure::InvalidMerkleTree(_)) => -2,
                     Err(VerificationFailure::InvalidSignature(_)) => -3,
+                    Err(VerificationFailure::IndexBoundFailed(_,_)) => -4,
                 };
             }
             NULLPOINTERERR

mithril-core/src/error.rs

@@ -86,6 +86,9 @@ pub enum AggregationFailure {
 /// Error types for single signature verification
 #[derive(Debug, Clone, thiserror::Error)]
 pub enum VerificationFailure<D: Digest + FixedOutput> {
+    /// The signature index is out of bounds
+    #[error("Received index, {0}, is higher than what the security parameter allows, {1}.")]
+    IndexBoundFailed(u64, u64),
     /// The lottery was actually lost for the signature
     #[error("Lottery for this epoch was lost.")]
     LotteryLost,
@@ -151,6 +154,20 @@ impl From<MerkleTreeError> for MultiSignatureError {
     }
 }
 
+impl<D: Digest + Clone + FixedOutput> From<MultiSignatureError> for MithrilWitnessError<D> {
+    fn from(_: MultiSignatureError) -> Self {
+        // todo:
+        Self::StakeInvalid
+    }
+}
+
+impl<D: Digest + Clone + FixedOutput> From<VerificationFailure<D>> for MithrilWitnessError<D> {
+    fn from(_: VerificationFailure<D>) -> Self {
+        // todo:
+        Self::StakeInvalid
+    }
+}
+
 pub(crate) fn blst_err_to_atms(e: BLST_ERROR) -> Result<(), MultiSignatureError> {
     match e {
         BLST_ERROR::BLST_SUCCESS => Ok(()),

mithril-core/src/key_reg.rs

@@ -4,6 +4,7 @@ use crate::error::RegisterError;
 use digest::{Digest, FixedOutput};
 use std::collections::{HashMap, HashSet};
 use std::sync::Arc;
+use serde::{Deserialize, Serialize};
 
 use super::multi_sig::VerificationKeyPoP;
 use super::stm::{PartyId, Stake};
@@ -23,7 +24,11 @@ pub struct KeyReg {
 
 /// Structure generated out of a closed registration. One can only get a global `avk` out of
 /// a closed key registration.
-#[derive(Clone, Debug, PartialEq, Eq)]
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(bound(
+serialize = "MerkleTree<D>: Serialize",
+deserialize = "MerkleTree<D>: Deserialize<'de>"
+))]
 pub struct ClosedKeyReg<D>
 where
     D: Digest + FixedOutput,
@@ -33,7 +38,7 @@ where
     /// Total stake of the registered parties.
     pub total_stake: Stake,
     /// Unique public key out of the key registration instance.
-    pub avk: Arc<MerkleTree<D>>,
+    pub merkle_tree: Arc<MerkleTree<D>>,
 }
 
 /// Represents the status of a known participant in the protocol who is allowed
@@ -110,7 +115,7 @@ impl KeyReg {
         reg_parties.sort();
 
         ClosedKeyReg {
-            avk: Arc::new(MerkleTree::create(&reg_parties)),
+            merkle_tree: Arc::new(MerkleTree::create(&reg_parties)),
             reg_parties,
             total_stake,
         }