diff options
| author | MITSUNARI Shigeo <herumi@nifty.com> | 2018-09-21 16:48:19 +0800 |
|---|---|---|
| committer | MITSUNARI Shigeo <herumi@nifty.com> | 2018-09-21 16:48:19 +0800 |
| commit | e68b2a3fb07999ba000eccb1727c527763d56e9f (patch) | |
| tree | 17afbcda0b3c98129966df965a397f1d4d2cc725 | |
| parent | 5b33a863f08bbd60d7631bd586e00c993f8cda1e (diff) | |
| download | dexon-bls-e68b2a3fb07999ba000eccb1727c527763d56e9f.tar dexon-bls-e68b2a3fb07999ba000eccb1727c527763d56e9f.tar.gz dexon-bls-e68b2a3fb07999ba000eccb1727c527763d56e9f.tar.bz2 dexon-bls-e68b2a3fb07999ba000eccb1727c527763d56e9f.tar.lz dexon-bls-e68b2a3fb07999ba000eccb1727c527763d56e9f.tar.xz dexon-bls-e68b2a3fb07999ba000eccb1727c527763d56e9f.tar.zst dexon-bls-e68b2a3fb07999ba000eccb1727c527763d56e9f.zip | |
add blsVerifyAggregatedHashes
| -rw-r--r-- | include/bls/bls.h | 13 | ||||
| -rw-r--r-- | include/bls/bls.hpp | 10 | ||||
| -rw-r--r-- | src/bls_c_impl.hpp | 18 | ||||
| -rw-r--r-- | test/bls_test.hpp | 2 |
4 files changed, 16 insertions, 27 deletions
diff --git a/include/bls/bls.h b/include/bls/bls.h index 71e3d02..45bd839 100644 --- a/include/bls/bls.h +++ b/include/bls/bls.h @@ -124,11 +124,6 @@ BLS_DLL_API int blsPublicKeyIsValidOrder(const blsPublicKey *pub); #ifndef BLS_MINIMUM_API /* - set h to a point of G1 - return 0 if success else -1 -*/ -BLS_DLL_API int blsG1SetHash(mclBnG1 *g1, const void *h, mclSize size); -/* sign the hash use the low (bitSize of r) - 1 bit of h return 0 if success else -1 @@ -137,12 +132,14 @@ BLS_DLL_API int blsG1SetHash(mclBnG1 *g1, const void *h, mclSize size); BLS_DLL_API int blsSignHash(blsSignature *sig, const blsSecretKey *sec, const void *h, mclSize size); // return 1 if valid BLS_DLL_API int blsVerifyHash(const blsSignature *sig, const blsPublicKey *pub, const void *h, mclSize size); + /* - verify aggSig with pubVec[0, n) and g1Vec[0, n) - e(aggSig, Q) = prod_i e(g1Vec[i], pubVec[i]) + verify aggSig with pubVec[0, n) and hVec[0, n) + e(aggSig, Q) = prod_i e(hVec[i], pubVec[i]) return 1 if valid + @note do not check duplication of hVec */ -BLS_DLL_API int blsVerifyAggregation(const blsSignature *aggSig, const blsPublicKey *pubVec, const mclBnG1 *g1Vec, mclSize n); +BLS_DLL_API int blsVerifyAggregatedHashes(const blsSignature *aggSig, const blsPublicKey *pubVec, const void *hVec, size_t sizeofHash, mclSize n); // sub BLS_DLL_API void blsSecretKeySub(blsSecretKey *sec, const blsSecretKey *rhs); diff --git a/include/bls/bls.hpp b/include/bls/bls.hpp index 868e574..722e4e2 100644 --- a/include/bls/bls.hpp +++ b/include/bls/bls.hpp @@ -419,17 +419,9 @@ public: { return verifyHash(pub, h.c_str(), h.size()); } - bool verifyAggregation(const PublicKey *pubVec, const mclBnG1 *g1Vec, size_t n) const - { - return blsVerifyAggregation(&self_, &pubVec[0].self_, g1Vec, n) == 1; - } bool verifyAggregatedHashes(const PublicKey *pubVec, const void *hVec, size_t sizeofHash, size_t n) const { - std::vector<mclBnG1> g1Vec(n); - for (size_t i = 0; i < n; i++) { - if (blsG1SetHash(&g1Vec[i], (const char*)hVec + sizeofHash * i, sizeofHash) != 0) throw std::runtime_error("blsG1SetHash"); - } - return verifyAggregation(pubVec, g1Vec.data(), n); + return blsVerifyAggregatedHashes(&self_, &pubVec[0].self_, hVec, sizeofHash, n) == 1; } /* verify self(pop) with pub diff --git a/src/bls_c_impl.hpp b/src/bls_c_impl.hpp index ad52cf7..c041564 100644 --- a/src/bls_c_impl.hpp +++ b/src/bls_c_impl.hpp @@ -275,24 +275,24 @@ inline bool toG1(G1& Hm, const void *h, mclSize size) BN::mapToG1(&b, Hm, t); return b; } -int blsG1SetHash(mclBnG1 *g1, const void *h, mclSize size) -{ - return toG1(*cast(g1), h, size) ? 0 : -1; -} -int blsVerifyAggregation(const blsSignature *aggSig, const blsPublicKey *pubVec, const mclBnG1 *g1Vec, mclSize n) +int blsVerifyAggregatedHashes(const blsSignature *aggSig, const blsPublicKey *pubVec, const void *hVec, size_t sizeofHash, mclSize n) { if (n == 0) return 0; /* - e(aggSig, Q) = prod_i e(g1Vec[i], pubVec[i]) - <=> finalExp(ML(-aggSig, Q) * prod_i ML(g1Vec[i], pubVec[i])) == 1 + e(aggSig, Q) = prod_i e(hVec[i], pubVec[i]) + <=> finalExp(ML(-aggSig, Q) * prod_i ML(hVec[i], pubVec[i])) == 1 */ GT e1, e2; BN::precomputedMillerLoop(e1, -*cast(&aggSig->v), g_Qcoeff.data()); - BN::millerLoop(e2, *cast(&g1Vec[0]), *cast(&pubVec[0].v)); + const char *ph = (const char*)hVec; + G1 h; + if (!toG1(h, &ph[0], sizeofHash)) return 0; + BN::millerLoop(e2, h, *cast(&pubVec[0].v)); e1 *= e2; for (size_t i = 1; i < n; i++) { - BN::millerLoop(e2, *cast(&g1Vec[i]), *cast(&pubVec[i].v)); + if (!toG1(h, &ph[i * sizeofHash], sizeofHash)) return 0; + BN::millerLoop(e2, h, *cast(&pubVec[i].v)); e1 *= e2; } BN::finalExp(e1, e1); diff --git a/test/bls_test.hpp b/test/bls_test.hpp index 62ef0eb..e0329da 100644 --- a/test/bls_test.hpp +++ b/test/bls_test.hpp @@ -458,7 +458,7 @@ void verifyAggregateTest(int type) if (type == MCL_BLS12_381) { /* CAUTION!!! - BN::mapToG1 called in blsG1SetHash(h) may return same point for different h. + BN::mapToG1 may return same point for different h. especially, maptG1(h) may be equal to mapG1(h') such as |h - h'| < small value for BLS12_381. */ CYBOZU_TEST_ASSERT(sig.verifyAggregatedHashes(pubs, h.data(), sizeofHash, n)); |