feat: BBS update

internal/third_party/kilic/bls12-381/g1_custom.go

@@ -8,17 +8,19 @@ package bls12381
 
 import (
  "hash"
+
+ "golang.org/x/crypto/sha3"
 )
 
-func (g *G1) HashToCurveGeneric(msg, domain []byte, hashFunc func() hash.Hash) (*PointG1, error) {
- hashRes, err := hashToFpXMD(hashFunc, msg, domain, 2)
+func (g *G1) hashToCurveGeneric(msg, domain []byte, expand func([]byte, []byte, int) ([]byte, error)) (*PointG1, error) {
+ hashRes, err := hashToFpGeneric(expand, msg, domain, 2)
  if err != nil {
  return nil, err
  }
  u0, u1 := hashRes[0], hashRes[1]
 
- x0, y0 := swuMapG1BE(u0)
- x1, y1 := swuMapG1BE(u1)
+ x0, y0 := swuMapG1(u0)
+ x1, y1 := swuMapG1(u1)
  one := new(fe).one()
  p0, p1 := &PointG1{*x0, *y0, *one}, &PointG1{*x1, *y1, *one}
 
@@ -28,3 +30,17 @@ func (g *G1) HashToCurveGeneric(msg, domain []byte, hashFunc func() hash.Hash) (
  g.ClearCofactor(p0)
  return g.Affine(p0), nil
 }
+
+func (g *G1) HashToCurveGenericXMD(msg, domain []byte, hashFunc func() hash.Hash) (*PointG1, error) {
+ expand := func(msg []byte, tag []byte, outLen int) ([]byte, error) {
+ return expandMsgXMD(hashFunc, msg, tag, outLen)
+ }
+ return g.hashToCurveGeneric(msg, domain, expand)
+}
+
+func (g *G1) HashToCurveGenericXOF(msg, domain []byte, hash sha3.ShakeHash) (*PointG1, error) {
+ expand := func(msg []byte, tag []byte, outLen int) ([]byte, error) {
+ return ExpandMsgXOF(hash, msg, tag, outLen)
+ }
+ return g.hashToCurveGeneric(msg, domain, expand)
+}

internal/third_party/kilic/bls12-381/g1_custom_test.go

@@ -7,9 +7,12 @@ SPDX-License-Identifier: Apache-2.0
 package bls12381
 
 import (
+ "crypto/sha256"
+ "encoding/hex"
  "hash"
  "testing"
 
+ "github.com/stretchr/testify/require"
  "golang.org/x/crypto/blake2b"
 )
 
@@ -37,23 +40,52 @@ func TestG1CustomSerialization(t *testing.T) {
 }
 
 func TestHashToCurve(t *testing.T) {
- hashFunc := func() hash.Hash {
- // We pass a null key so error is impossible here.
- h, _ := blake2b.New512(nil)
+ g := NewG1()
+ t.Run("hello test", func(t *testing.T) {
+ hashFunc := func() hash.Hash {
+ // We pass a null key so error is impossible here.
+ h, _ := blake2b.New512(nil)
 
- return h
- }
+  return h
+  }
 
- g := NewG1()
+ curve, err := g.HashToCurveGenericXMD([]byte("hello"),
+ []byte("BLS12381G1_XMD:BLAKE2B_SSWU_RO_BBS+_SIGNATURES:1_0_0"),
+ hashFunc)
 
- curve, err := g.HashToCurveGeneric([]byte("hello"),
- []byte("BLS12381G1_XMD:BLAKE2B_SSWU_RO_BBS+_SIGNATURES:1_0_0"),
- hashFunc)
- if err != nil {
- t.Fatal(err)
- }
+ require.NoError(t, err)
+ require.NotEqual(t, 0, len(curve))
+ })
 
- if len(curve) == 0 {
- t.Fatal("empty curve bytes")
- }
+ t.Run("IRTF H2C draft16 J91 empty msg", func(t *testing.T) {
+ hashFunc := func() hash.Hash {
+ h := sha256.New()
+ return h
+ }
+
+ curve, err := g.HashToCurveGenericXMD([]byte(""),
+ []byte("QUUX-V01-CS02-with-BLS12381G1_XMD:SHA-256_SSWU_RO_"),
+ hashFunc)
+ require.NoError(t, err)
+ require.Equal(t, ""+ //x and y coordinates
+ "052926add2207b76ca4fa57a8734416c8dc95e24501772c814278700eed6d1e4e8cf62d9c09db0fac349612b759e79a1"+
+ "08ba738453bfed09cb546dbb0783dbb3a5f1f566ed67bb6be0e8c67e2e81a4cc68ee29813bb7994998f3eae0c9c6a265",
+ hex.EncodeToString(NewG1().ToUncompressed(curve)))
+ })
+
+ t.Run("IRTF H2C draft16 J91 abc", func(t *testing.T) {
+ hashFunc := func() hash.Hash {
+ h := sha256.New()
+ return h
+ }
+
+ curve, err := g.HashToCurveGenericXMD([]byte("abc"),
+ []byte("QUUX-V01-CS02-with-BLS12381G1_XMD:SHA-256_SSWU_RO_"),
+ hashFunc)
+ require.NoError(t, err)
+ require.Equal(t, ""+ //x and y coordinates
+ "03567bc5ef9c690c2ab2ecdf6a96ef1c139cc0b2f284dca0a9a7943388a49a3aee664ba5379a7655d3c68900be2f6903"+
+ "0b9c15f3fe6e5cf4211f346271d7b01c8f3b28be689c8429c85b67af215533311f0b8dfaaa154fa6b88176c229f2885d",
+ hex.EncodeToString(NewG1().ToUncompressed(curve)))
+ })
 }

internal/third_party/kilic/bls12-381/hash_to_field_custom.go

@@ -14,10 +14,12 @@ package bls12381
 import (
  "errors"
  "hash"
+
+ "golang.org/x/crypto/sha3"
 )
 
-func hashToFpXMD(f func() hash.Hash, msg []byte, domain []byte, count int) ([]*fe, error) {
- randBytes, err := expandMsgXMD(f, msg, domain, count*64)
+func hashToFpGeneric(expand func([]byte, []byte, int) ([]byte, error), msg []byte, domain []byte, count int) ([]*fe, error) {
+ randBytes, err := expand(msg, domain, count*64)
  if err != nil {
  return nil, err
  }
@@ -36,10 +38,10 @@ func hashToFpXMD(f func() hash.Hash, msg []byte, domain []byte, count int) ([]*f
 
 func expandMsgXMD(f func() hash.Hash, msg []byte, domain []byte, outLen int) ([]byte, error) {
  h := f()
- domainLen := uint8(len(domain))
- if domainLen > 255 {
+ if len(domain) > 255 {
  return nil, errors.New("invalid domain length")
  }
+ domainLen := uint8(len(domain))
 
  // DST_prime = DST || I2OSP(len(DST), 1)
  // b_0 = H(Z_pad || msg || l_i_b_str || I2OSP(0, 1) || DST_prime)
@@ -84,3 +86,22 @@ func expandMsgXMD(f func() hash.Hash, msg []byte, domain []byte, outLen int) ([]
 
  return out[:outLen], nil
 }
+
+// TODO move away?
+func ExpandMsgXOF(h sha3.ShakeHash, msg []byte, dst []byte, outBytesCnt int) ([]byte, error) {
+ if len(dst) > 255 {
+ return nil, errors.New("invalid DST length")
+ }
+ dstLen := uint8(len(dst))
+
+ // msg || outBytesCnt || dst || dstLen
+ h.Write(msg)
+ h.Write([]byte{byte(outBytesCnt >> 8), byte(outBytesCnt & 0xFF)})
+ h.Write(dst)
+ h.Write([]byte{byte(dstLen)})
+
+ out := make([]byte, outBytesCnt)
+ h.Read(out)
+
+ return out, nil
+}

internal/third_party/kilic/bls12-381/hash_to_field_custom_test.go

@@ -0,0 +1,60 @@
+/*
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package bls12381
+
+import (
+ "crypto/sha256"
+ "encoding/hex"
+ "hash"
+ "testing"
+
+ "github.com/stretchr/testify/require"
+ "golang.org/x/crypto/sha3"
+)
+
+func TestExpandMessageXMD(t *testing.T) {
+ t.Run("IRTF H2C draft16 K1 abc", func(t *testing.T) {
+ hashFunc := func() hash.Hash {
+ h := sha256.New()
+ return h
+ }
+ outCnt := 0x20
+ out, err := expandMsgXMD(hashFunc, []byte("abc"), []byte("QUUX-V01-CS02-with-expander-SHA256-128"), outCnt)
+ require.NoError(t, err)
+ require.Equal(t, len(out), outCnt)
+ require.Equal(t, "d8ccab23b5985ccea865c6c97b6e5b8350e794e603b4b97902f53a8a0d605615", hex.EncodeToString(out))
+ })
+
+ t.Run("IRTF H2C draft16 K1 abcdef0123456789", func(t *testing.T) {
+ hashFunc := func() hash.Hash {
+ h := sha256.New()
+ return h
+ }
+ outCnt := 0x20
+ out, err := expandMsgXMD(hashFunc, []byte("abcdef0123456789"), []byte("QUUX-V01-CS02-with-expander-SHA256-128"), outCnt)
+ require.NoError(t, err)
+ require.Equal(t, len(out), outCnt)
+ require.Equal(t, "eff31487c770a893cfb36f912fbfcbff40d5661771ca4b2cb4eafe524333f5c1", hex.EncodeToString(out))
+ })
+}
+
+func TestExpandMessageXOF(t *testing.T) {
+ dst := []byte("QUUX-V01-CS02-with-expander-SHAKE256")
+ t.Run("IRTF H2C draft16 K6 abc", func(t *testing.T) {
+ outCnt := 0x20
+ out, err := ExpandMsgXOF(sha3.NewShake256(), []byte("abc"), dst, outCnt)
+ require.NoError(t, err)
+ require.Equal(t, len(out), outCnt)
+ require.Equal(t, "b39e493867e2767216792abce1f2676c197c0692aed061560ead251821808e07", hex.EncodeToString(out))
+ })
+
+ t.Run("IRTF H2C draft16 K6 abcdef0123456789", func(t *testing.T) {
+ outCnt := 0x20
+ out, err := ExpandMsgXOF(sha3.NewShake256(), []byte("abcdef0123456789"), dst, outCnt)
+ require.NoError(t, err)
+ require.Equal(t, len(out), outCnt)
+ require.Equal(t, "245389cf44a13f0e70af8665fe5337ec2dcd138890bb7901c4ad9cfceb054b65", hex.EncodeToString(out))
+ })
+}

pkg/controller/command/verifiable/command_test.go

@@ -2934,7 +2934,7 @@ func newBBSSigner(privKey *bbs12381g2pub.PrivateKey) (*bbsSigner, error) {
 func (s *bbsSigner) Sign(data []byte) ([]byte, error) {
  msgs := s.textToLines(string(data))
 
- return bbs12381g2pub.New().Sign(msgs, s.privKeyBytes)
+ return bbs12381g2pub.New().Sign(nil, msgs, s.privKeyBytes)
 }
 
 func (s *bbsSigner) Alg() string {

pkg/controller/rest/verifiable/operation_test.go

@@ -1523,7 +1523,7 @@ func newBBSSigner(privKey *bbs12381g2pub.PrivateKey) (*bbsSigner, error) {
 func (s *bbsSigner) Sign(data []byte) ([]byte, error) {
  msgs := s.textToLines(string(data))
 
- return bbs12381g2pub.New().Sign(msgs, s.privKeyBytes)
+ return bbs12381g2pub.New().Sign(nil, msgs, s.privKeyBytes)
 }
 
 func (s *bbsSigner) Alg() string {