Add BLS signatures over BLS12-381 #446
Conversation
sign/bls/bls.go
Outdated
| k.pub = new(PublicKey[K]) | ||
| switch (interface{})(k).(type) { | ||
| case *PrivateKey[G1]: | ||
| kk := (interface{})(&k.pub.key).(*G1) |
There was a problem hiding this comment.
question on the naming scheme: what is the reason behind naming inner variables with one additional duplicated letter?
For instance, inner variable of k becomes kk, for x it becomes xx and then xxx?
There was a problem hiding this comment.
it obey to conversions between interfaces to specific structs. The pattern of repeating a letter hints about the origin of the variable.
armfazh
force-pushed
the
blsSig
branch
2 times, most recently
from
a796343 to
c8d23eb
Compare
| ss.SetBytes(OKM) | ||
|
|
||
| if ss.IsZero() == 1 { | ||
| digest := sha256.Sum256(salt) |
There was a problem hiding this comment.
Do we have a test that covers this branch?
There was a problem hiding this comment.
no, this branch happens when HKDF outputs all-zeros, or a multiple of a prime.
| var Q GG.G1 | ||
| Q.Hash(msg, []byte(dstG1)) | ||
| Q.ScalarMult(&k.key, &Q) | ||
| return Q.BytesCompressed() |
There was a problem hiding this comment.
The compression matches the spec also in the corner cases?
There was a problem hiding this comment.
all the points have fixed-size length. or do you mean something different?
There was a problem hiding this comment.
Tests for serialization here depend only on the unique ciphersuite: BLS12-381 curve
The encoding format is tested in the ecc/bls12381 package, see: https://github.com/cloudflare/circl/blob/main/ecc/bls12381/encoding_test.go#L73
Tests for the point at infinity are checked in the ecc/bls12831 package the other case happens when the signing key is zero. |
Implements the basic version of BLS as in IETF draft.
https://github.com/cfrg/draft-irtf-cfrg-bls-signature