github.com/onflow/flow-go/crypto@v0.24.8/bls12381_utils.h

github.com/onflow/flow-go/crypto@v0.24.8/bls12381_utils.h (about)

     1  // +build relic
     2  
     3  // this file contains utility functions for the curve BLS 12-381
     4  // these tools are shared by the BLS signature scheme, the BLS based threshold signature
     5  // and the BLS distributed key generation protocols
     6  
     7  #ifndef _REL_MISC_INCLUDE_H
     8  #define _REL_MISC_INCLUDE_H
     9  
    10  #include "relic.h"
    11  
    12  typedef uint8_t byte;
    13  
    14  #define VALID     RLC_OK
    15  #define INVALID   RLC_ERR
    16  #define UNDEFINED (((VALID&1)^1) | ((INVALID&2)^2)) // different value than RLC_OK and RLC_ERR
    17  
    18  #define BITS_TO_BYTES(x) ((x+7)>>3)
    19  #define BITS_TO_DIGITS(x) ((x+63)>>6)
    20  #define BYTES_TO_DIGITS(x) ((x+7)>>3)
    21  #define MIN(a,b) ((a)>(b)?(b):(a))
    22  
    23  // Fields and Group serialization lengths
    24  #define SEC_BITS  128
    25  #define Fp_BITS   381
    26  #define Fr_BITS   255
    27  #define Fp_BYTES  BITS_TO_BYTES(Fp_BITS)
    28  #define Fp2_BYTES (2*Fp_BYTES)
    29  #define Fp_DIGITS BITS_TO_DIGITS(Fp_BITS)
    30  #define Fr_BYTES  BITS_TO_BYTES(Fr_BITS)
    31  
    32  #define G1_BYTES (2*Fp_BYTES)
    33  #define G2_BYTES (2*Fp2_BYTES)
    34  
    35  // Compressed and uncompressed points
    36  #define COMPRESSED      1
    37  #define UNCOMPRESSED    0
    38  #define G1_SERIALIZATION   COMPRESSED
    39  #define G2_SERIALIZATION   COMPRESSED
    40  
    41  // Subgroup membership check method
    42  #define EXP_ORDER 0
    43  #define BOWE 1
    44  #define MEMBERSHIP_CHECK_G1 BOWE
    45  #define MEMBERSHIP_CHECK_G2 EXP_ORDER
    46  
    47  
    48  // constants used in the optimized SWU hash to curve
    49  #if (hashToPoint == LOCAL_SSWU)
    50      #define ELLP_Nx_LEN 12
    51      #define ELLP_Dx_LEN 10
    52      #define ELLP_Ny_LEN 16
    53      #define ELLP_Dy_LEN 15
    54  #endif
    55  
    56  
    57  // Structure of precomputed data
    58  typedef struct prec_ {
    59      #if (hashToPoint == LOCAL_SSWU)
    60      // constants needed in optimized SSWU
    61      bn_st p_3div4;
    62      fp_st sqrt_z;
    63      // related hardcoded constants for faster access,
    64      // where a1 is the coefficient of isogenous curve E1
    65      fp_st minus_a1;
    66      fp_st a1z;
    67      // coefficients of the isogeny map
    68      fp_st iso_Nx[ELLP_Nx_LEN];
    69      fp_st iso_Ny[ELLP_Ny_LEN];
    70      #endif
    71      #if  (MEMBERSHIP_CHECK_G1 == BOWE)
    72      bn_st beta;
    73      bn_st z2_1_by3;
    74      #endif
    75      // other field-related constants
    76      bn_st p_1div2;
    77      fp_t r;   // Montgomery multiplication constant
    78  } prec_st;
    79  
    80  // BLS based SPoCK
    81  int bls_spock_verify(const ep2_t, const byte*, const ep2_t, const byte*);
    82  
    83  // hash to curve functions (functions in bls12381_hashtocurve.c)
    84  void     map_to_G1(ep_t, const byte*, const int);
    85  
    86  // Utility functions
    87  int      get_valid();
    88  int      get_invalid();
    89  void     bn_new_wrapper(bn_t a);
    90  
    91  ctx_t*   relic_init_BLS12_381();
    92  prec_st* init_precomputed_data_BLS12_381();
    93  void     precomputed_data_set(const prec_st* p);
    94  void     seed_relic(byte*, int);
    95  
    96  int      ep_read_bin_compact(ep_t, const byte *, const int);
    97  void     ep_write_bin_compact(byte *, const ep_t,  const int);
    98  int      ep2_read_bin_compact(ep2_t, const byte *,  const int);
    99  void     ep2_write_bin_compact(byte *, const ep2_t,  const int);
   100  int      bn_read_Zr_bin(bn_t, const uint8_t *, int );
   101  
   102  void     ep_mult_gen_bench(ep_t, const bn_t);
   103  void     ep_mult_generic_bench(ep_t, const bn_t);
   104  void     ep_mult(ep_t, const ep_t, const bn_t);
   105  void     ep2_mult_gen(ep2_t, const bn_t);
   106  
   107  void     bn_randZr(bn_t);
   108  void     bn_randZr_star(bn_t);
   109  int      bn_map_to_Zr(bn_t, const uint8_t*, int);
   110  void     bn_map_to_Zr_star(bn_t, const uint8_t*, int);
   111  
   112  void     bn_sum_vector(bn_t, const bn_st*, const int);
   113  void     ep_sum_vector(ep_t, ep_st*, const int);
   114  void     ep2_sum_vector(ep2_t, ep2_st*, const int);
   115  int      ep_sum_vector_byte(byte*, const byte*, const int);
   116  void     ep2_subtract_vector(ep2_t res, ep2_t x, ep2_st* y, const int len);
   117  
   118  // membership checks
   119  int      check_membership_G1(const ep_t);
   120  int      check_membership_G2(const ep2_t);
   121  int      check_membership_Zr_star(const bn_t);
   122  
   123  int      simple_subgroup_check_G1(const ep_t);
   124  int      simple_subgroup_check_G2(const ep2_t);
   125  void     ep_rand_G1(ep_t);
   126  void     ep_rand_G1complement( ep_t);
   127  void     ep2_rand_G2(ep2_t);
   128  void     ep2_rand_G2complement( ep2_t);
   129  #if  (MEMBERSHIP_CHECK_G1 == BOWE)
   130  int      bowe_subgroup_check_G1(const ep_t);
   131  #endif
   132  
   133  // utility testing function
   134  void xmd_sha256(uint8_t *, int, uint8_t *, int, uint8_t *, int);
   135  
   136  // Debugging related functions
   137  void     bytes_print_(char*, byte*, int);
   138  void     fp_print_(char*, fp_t);
   139  void     bn_print_(char*, bn_st*);
   140  void     ep_print_(char*, ep_st*);
   141  void     ep2_print_(char*, ep2_st*);
   142  
   143  #endif