From 4bfae4c3398642dfee392fdeb8acfb7a6761a1f0 Mon Sep 17 00:00:00 2001 From: Alain Mebsout Date: Fri, 9 Sep 2022 15:54:42 +0200 Subject: [PATCH 1/6] Test: fix documentation --- src/lib_crypto/test/test_prop_signature.ml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/lib_crypto/test/test_prop_signature.ml b/src/lib_crypto/test/test_prop_signature.ml index 9531322c8a92..dde66c8d81d1 100644 --- a/src/lib_crypto/test/test_prop_signature.ml +++ b/src/lib_crypto/test/test_prop_signature.ml @@ -28,7 +28,7 @@ Component: Crypto Invocation: dune build @src/lib_crypto/runtest Subject: Property-tests over the interface S.SIGNATURE and its - instantiations Ed25519 and Secp256k1. + instantiations. *) open Lib_test.Qcheck2_helpers @@ -49,8 +49,8 @@ module Signature_Properties (Desc : sig end) (X : SIGNATURE) = struct - (** Tests that a signature of [s] by a generated key and [X.sign] is - accepted by [X.check] with the same key. *) + (** Tests that a signature of [s], with optional [watermark], by a generated + key and [X.sign] is accepted by [X.check] with the same key. *) let test_prop_sign_check (s, watermark) = let _, pk, sk = X.generate_key () in let data = Bytes.of_string s in @@ -84,7 +84,8 @@ module Aggregate_Signature_Properties (Desc : sig end) (X : AGGREGATE_SIGNATURE) = struct - (** Tests that signatures of [s] obtained using [X.sign] are accepted by + (** Tests that signatures of [msg1], [msg2], [msg3], (with optional + corresponding watermarks) obtained using [X.sign] are accepted by [X.check] when using the corresponding key. It then tests that the aggregation of all these signatures obtained using [X.aggregate_signature_opt] is accepted by [X.aggregate_check]. *) -- GitLab From b82a7dc37b343d6f584a6998f34569059ac80ee1 Mon Sep 17 00:00:00 2001 From: Alain Mebsout Date: Fri, 9 Sep 2022 21:30:09 +0200 Subject: [PATCH 2/6] Crypto: Do Blake2b on message before sign/check of Bls by default This uniformize with the other signature implementations. A variant that works on raw messages in provided for compatibility. --- src/lib_crypto/bls.ml | 27 ++++++++++++++++++++++++--- src/lib_crypto/bls.mli | 10 ++++++++++ 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/src/lib_crypto/bls.ml b/src/lib_crypto/bls.ml index c3414094b8a4..8a0d268e90cd 100644 --- a/src/lib_crypto/bls.ml +++ b/src/lib_crypto/bls.ml @@ -326,18 +326,32 @@ let zero = @@ Bytes.of_string "\192\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000" -let sign ?watermark sk msg = +let sign_aux ~blake2b ?watermark sk msg = let msg = match watermark with None -> msg | Some prefix -> Bytes.cat prefix msg in + let msg = + if blake2b then Blake2B.to_bytes @@ Blake2B.hash_bytes [msg] else msg + in Bls12_381.Signature.MinPk.Aug.sign sk msg -let check ?watermark pk signature msg = +let sign_raw = sign_aux ~blake2b:false + +let sign = sign_aux ~blake2b:true + +let check_aux ~blake2b ?watermark pk signature msg = let msg = match watermark with None -> msg | Some prefix -> Bytes.cat prefix msg in + let msg = + if blake2b then Blake2B.to_bytes @@ Blake2B.hash_bytes [msg] else msg + in Bls12_381.Signature.MinPk.Aug.verify pk msg signature +let check_raw = check_aux ~blake2b:false + +let check = check_aux ~blake2b:true + (* [seed] must be at least of 32 bytes or [Bls12_381.Signature.generate_sk] will throw an error. *) let generate_key ?seed () = @@ -361,7 +375,7 @@ let deterministic_nonce sk msg = let deterministic_nonce_hash sk msg = Blake2B.to_bytes (Blake2B.hash_bytes [deterministic_nonce sk msg]) -let aggregate_check pk_msg_list signature = +let aggregate_check_aux ~blake2b pk_msg_list signature = let pk_msg_list = List.map (fun (pk, watermark, msg) -> @@ -370,9 +384,16 @@ let aggregate_check pk_msg_list signature = | None -> msg | Some prefix -> Bytes.cat prefix msg in + let msg = + if blake2b then Blake2B.to_bytes @@ Blake2B.hash_bytes [msg] else msg + in (pk, msg)) pk_msg_list in Bls12_381.Signature.MinPk.Aug.aggregate_verify pk_msg_list signature +let aggregate_check_raw = aggregate_check_aux ~blake2b:false + +let aggregate_check = aggregate_check_aux ~blake2b:true + let aggregate_signature_opt = Bls12_381.Signature.MinPk.aggregate_signature_opt diff --git a/src/lib_crypto/bls.mli b/src/lib_crypto/bls.mli index 42bce61a3fa9..af3e63529ae1 100644 --- a/src/lib_crypto/bls.mli +++ b/src/lib_crypto/bls.mli @@ -33,3 +33,13 @@ include and type watermark = Bytes.t include S.RAW_DATA with type t := t + +(** Same as {!sign} but without hashing the message with Blake2B. *) +val sign_raw : ?watermark:watermark -> Secret_key.t -> Bytes.t -> t + +(** Same as {!check} but without hashing the message with Blake2B. *) +val check_raw : ?watermark:watermark -> Public_key.t -> t -> Bytes.t -> bool + +(** Same as {!aggregate_check} but without hashing the message with Blake2B. *) +val aggregate_check_raw : + (Public_key.t * watermark option * bytes) list -> t -> bool -- GitLab From d0cd8ea8f89bee41cce3a1a5241e70c89cb9dc0c Mon Sep 17 00:00:00 2001 From: Alain Mebsout Date: Fri, 9 Sep 2022 21:31:01 +0200 Subject: [PATCH 3/6] Crypto: use non-hashing BLS for Aggregate_signatures This is for backward compatibility with the implementation used in TORU. --- src/lib_crypto/aggregate_signature.ml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/lib_crypto/aggregate_signature.ml b/src/lib_crypto/aggregate_signature.ml index 080560895fba..55ea95a2f209 100644 --- a/src/lib_crypto/aggregate_signature.ml +++ b/src/lib_crypto/aggregate_signature.ml @@ -461,16 +461,19 @@ let pp ppf t = Format.fprintf ppf "%s" (to_b58check t) let zero = Bls12_381 Bls.zero let sign ?watermark (Secret_key.Bls12_381 sk) bytes = - Bls12_381 (Bls.sign ?watermark sk bytes) + (* NOTE: Not hashing for compatibility with TORU *) + Bls12_381 (Bls.sign_raw ?watermark sk bytes) let check ?watermark pk signature message = + (* NOTE: Not hashing for compatibility with TORU *) match (pk, signature) with | Public_key.Bls12_381 pk, Unknown signature -> Bls.of_bytes_opt signature - |> Option.map (fun signature -> Bls.check ?watermark pk signature message) + |> Option.map (fun signature -> + Bls.check_raw ?watermark pk signature message) |> Option.value ~default:false | Public_key.Bls12_381 pk, Bls12_381 signature -> - Bls.check ?watermark pk signature message + Bls.check_raw ?watermark pk signature message let generate_key ?seed () = let pkh, pk, sk = Bls.generate_key ?seed () in @@ -491,11 +494,12 @@ let aggregate_check pks signature = (pk, watermark, bytes)) pks in + (* NOTE: Not hashing for compatibility with TORU *) match signature with - | Bls12_381 signature -> Bls.aggregate_check pks signature + | Bls12_381 signature -> Bls.aggregate_check_raw pks signature | Unknown signature -> Bls.of_bytes_opt signature - |> Option.map (Bls.aggregate_check pks) + |> Option.map (Bls.aggregate_check_raw pks) |> Option.value ~default:false let aggregate_signature_opt signatures = -- GitLab From 650c060c80ec173f9f6fe2a1bfef0903a05eea98 Mon Sep 17 00:00:00 2001 From: Alain Mebsout Date: Wed, 31 Aug 2022 22:30:46 +0200 Subject: [PATCH 4/6] Proto/014/Tests: use non hashing BLS signing function --- .../lib_protocol/test/helpers/tx_rollup_l2_helpers.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/proto_014_PtKathma/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml b/src/proto_014_PtKathma/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml index 33c9c482b6bb..c91f55be3de6 100644 --- a/src/proto_014_PtKathma/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml +++ b/src/proto_014_PtKathma/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml @@ -165,7 +165,7 @@ let sign_transaction : Tx_rollup_l2_batch.V1.transaction_encoding transaction in - List.map (fun sk -> Bls.sign sk buf) sks + List.map (fun sk -> Bls.sign_raw sk buf) sks type Environment.Error_monad.error += Test_error of string -- GitLab From b6e6099e14a3d5618efbb8db3ed07684050f990f Mon Sep 17 00:00:00 2001 From: Alain Mebsout Date: Fri, 9 Sep 2022 21:24:54 +0200 Subject: [PATCH 5/6] Proto/Alpha/Tests: use non hashing BLS signing function --- .../lib_protocol/test/helpers/tx_rollup_l2_helpers.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/proto_alpha/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml b/src/proto_alpha/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml index 33c9c482b6bb..c91f55be3de6 100644 --- a/src/proto_alpha/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml +++ b/src/proto_alpha/lib_protocol/test/helpers/tx_rollup_l2_helpers.ml @@ -165,7 +165,7 @@ let sign_transaction : Tx_rollup_l2_batch.V1.transaction_encoding transaction in - List.map (fun sk -> Bls.sign sk buf) sks + List.map (fun sk -> Bls.sign_raw sk buf) sks type Environment.Error_monad.error += Test_error of string -- GitLab From b7d94944bd89e71cb92ae5eec53fe3ea36670108 Mon Sep 17 00:00:00 2001 From: Alain Mebsout Date: Thu, 15 Sep 2022 21:57:50 +0200 Subject: [PATCH 6/6] Crypto: Fix copyright header --- src/lib_crypto/bls.mli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib_crypto/bls.mli b/src/lib_crypto/bls.mli index af3e63529ae1..1ee7fe6c26ca 100644 --- a/src/lib_crypto/bls.mli +++ b/src/lib_crypto/bls.mli @@ -1,7 +1,7 @@ (*****************************************************************************) (* *) (* Open Source License *) -(* Copyright (c) 2021 Nomadic Labs *) +(* Copyright (c) 2022 Nomadic Labs *) (* *) (* Permission is hereby granted, free of charge, to any person obtaining a *) (* copy of this software and associated documentation files (the "Software"),*) -- GitLab