github.com/platonnetwork/platon-go@v0.7.6/crypto/bls/bls.go (about) 1 package bls 2 3 /* 4 #include <bls/bls.h> 5 */ 6 import "C" 7 import ( 8 "bytes" 9 "encoding/hex" 10 "errors" 11 "fmt" 12 "io" 13 "io/ioutil" 14 "os" 15 "strings" 16 "unsafe" 17 18 "github.com/PlatONnetwork/PlatON-Go/rlp" 19 20 "github.com/PlatONnetwork/PlatON-Go/crypto" 21 ) 22 23 // Init -- 24 // call this function before calling all the other operations 25 // this function is not thread safe 26 func Init(curve int) error { 27 err := C.blsInit(C.int(curve), C.MCLBN_COMPILED_TIME_VAR) 28 if err != 0 { 29 return fmt.Errorf("ERR Init curve=%d", curve) 30 } 31 err = C.mclBn_init(C.int(curve), C.MCLBN_COMPILED_TIME_VAR) 32 if err != 0 { 33 return fmt.Errorf("ERR mclBn_init curve=%d", curve) 34 } 35 return nil 36 } 37 38 // ID -- 39 type ID struct { 40 v Fr 41 } 42 43 // getPointer -- 44 func (id *ID) getPointer() (p *C.blsId) { 45 // #nosec 46 return (*C.blsId)(unsafe.Pointer(id)) 47 } 48 49 // GetLittleEndian -- 50 func (id *ID) GetLittleEndian() []byte { 51 return id.v.Serialize() 52 } 53 54 // SetLittleEndian -- 55 func (id *ID) SetLittleEndian(buf []byte) error { 56 return id.v.SetLittleEndian(buf) 57 } 58 59 // GetHexString -- 60 func (id *ID) GetHexString() string { 61 return id.v.GetString(16) 62 } 63 64 // GetDecString -- 65 func (id *ID) GetDecString() string { 66 return id.v.GetString(10) 67 } 68 69 // SetHexString -- 70 func (id *ID) SetHexString(s string) error { 71 return id.v.SetString(s, 16) 72 } 73 74 // SetDecString -- 75 func (id *ID) SetDecString(s string) error { 76 return id.v.SetString(s, 10) 77 } 78 79 // IsEqual -- 80 func (id *ID) IsEqual(rhs *ID) bool { 81 return id.v.IsEqual(&rhs.v) 82 } 83 84 // SecretKey -- 85 type SecretKey struct { 86 v Fr 87 } 88 89 func LoadBLS(file string) (*SecretKey, error) { 90 buf := make([]byte, 64) 91 fd, err := os.Open(file) 92 if err != nil { 93 return nil, err 94 } 95 defer fd.Close() 96 if _, err := io.ReadFull(fd, buf); err != nil { 97 return nil, err 98 } 99 var sec SecretKey 100 key, err := hex.DecodeString(string(buf)) 101 if err != nil { 102 return nil, err 103 } 104 err = sec.SetLittleEndian(key) 105 return &sec, err 106 } 107 108 func SaveBLS(file string, key *SecretKey) error { 109 k := hex.EncodeToString(key.GetLittleEndian()) 110 return ioutil.WriteFile(file, []byte(k), 0600) 111 } 112 113 func GenerateKey() *SecretKey { 114 var privateKey SecretKey 115 privateKey.SetByCSPRNG() 116 return &privateKey 117 } 118 119 // Serialize -- 120 func (sec *SecretKey) Serialize() []byte { 121 return sec.v.Serialize() 122 } 123 124 // Deserialize -- 125 func (sec *SecretKey) Deserialize(buf []byte) error { 126 return sec.v.Deserialize(buf) 127 } 128 129 // getPointer -- 130 func (sec *SecretKey) getPointer() (p *C.blsSecretKey) { 131 // #nosec 132 return (*C.blsSecretKey)(unsafe.Pointer(sec)) 133 } 134 135 // GetLittleEndian -- 136 func (sec *SecretKey) GetLittleEndian() []byte { 137 return sec.v.Serialize() 138 } 139 140 // SetLittleEndian -- 141 func (sec *SecretKey) SetLittleEndian(buf []byte) error { 142 return sec.v.SetLittleEndian(buf) 143 } 144 145 // GetHexString -- 146 func (sec *SecretKey) GetHexString() string { 147 return sec.v.GetString(16) 148 } 149 150 // GetDecString -- 151 func (sec *SecretKey) GetDecString() string { 152 return sec.v.GetString(10) 153 } 154 155 // SetHexString -- 156 func (sec *SecretKey) SetHexString(s string) error { 157 return sec.v.SetString(s, 16) 158 } 159 160 // SetDecString -- 161 func (sec *SecretKey) SetDecString(s string) error { 162 return sec.v.SetString(s, 10) 163 } 164 165 // IsEqual -- 166 func (sec *SecretKey) IsEqual(rhs *SecretKey) bool { 167 return sec.v.IsEqual(&rhs.v) 168 } 169 170 // SetByCSPRNG -- 171 func (sec *SecretKey) SetByCSPRNG() { 172 sec.v.SetByCSPRNG() 173 } 174 175 // Add -- 176 func (sec *SecretKey) Add(rhs *SecretKey) { 177 FrAdd(&sec.v, &sec.v, &rhs.v) 178 } 179 180 // Mul -- 181 func (sec *SecretKey) Mul(rhs *SecretKey) { 182 FrMul(&sec.v, &sec.v, &rhs.v) 183 } 184 185 // Sub -- 186 func (sec *SecretKey) Sub(rhs *SecretKey) { 187 FrSub(&sec.v, &sec.v, &rhs.v) 188 } 189 190 // GetMasterSecretKey -- 191 func (sec *SecretKey) GetMasterSecretKey(k int) (msk []SecretKey) { 192 msk = make([]SecretKey, k) 193 msk[0] = *sec 194 for i := 1; i < k; i++ { 195 msk[i].SetByCSPRNG() 196 } 197 return msk 198 } 199 200 // GetMasterPublicKey -- 201 func GetMasterPublicKey(msk []SecretKey) (mpk []PublicKey) { 202 n := len(msk) 203 mpk = make([]PublicKey, n) 204 for i := 0; i < n; i++ { 205 mpk[i] = *msk[i].GetPublicKey() 206 } 207 return mpk 208 } 209 210 // Set -- 211 func (sec *SecretKey) Set(msk []SecretKey, id *ID) error { 212 // #nosec 213 return FrEvaluatePolynomial(&sec.v, *(*[]Fr)(unsafe.Pointer(&msk)), &id.v) 214 } 215 216 // Recover -- 217 func (sec *SecretKey) Recover(secVec []SecretKey, idVec []ID) error { 218 // #nosec 219 return FrLagrangeInterpolation(&sec.v, *(*[]Fr)(unsafe.Pointer(&idVec)), *(*[]Fr)(unsafe.Pointer(&secVec))) 220 } 221 222 // GetPop -- 223 func (sec *SecretKey) GetPop() (sign *Sign) { 224 sign = new(Sign) 225 C.blsGetPop(sign.getPointer(), sec.getPointer()) 226 return sign 227 } 228 229 // PublicKey -- 230 type PublicKey struct { 231 v G2 232 } 233 234 // Match only 192 hex char length public keys 235 type PublicKeyHex [96]byte 236 237 func (pe PublicKeyHex) String() string { 238 return hex.EncodeToString(pe[:]) 239 } 240 241 func (pe PublicKeyHex) Bytes() []byte { 242 return pe[:] 243 } 244 245 // MarshalText implements the encoding.TextMarshaler interface. 246 func (pe PublicKeyHex) MarshalText() ([]byte, error) { 247 return []byte(hex.EncodeToString(pe[:])), nil 248 } 249 250 // UnmarshalText implements the encoding.TextUnmarshaler interface. 251 func (pe *PublicKeyHex) UnmarshalText(text []byte) error { 252 253 var p PublicKeyHex 254 b, err := hex.DecodeString(strings.TrimPrefix(string(text), "0x")) 255 if err != nil { 256 return err 257 } else if len(b) != len(p) { 258 return fmt.Errorf("wrong length, want %d hex chars", len(p)*2) 259 } 260 copy(p[:], b) 261 262 *pe = p 263 return nil 264 } 265 266 func (pe *PublicKeyHex) ParseBlsPubKey() (*PublicKey, error) { 267 pubKeyByte, err := pe.MarshalText() 268 if nil != err { 269 return nil, err 270 } 271 272 var blsPk PublicKey 273 if err := blsPk.UnmarshalText(pubKeyByte); nil != err { 274 275 return nil, err 276 } 277 return &blsPk, nil 278 } 279 280 func (pub *PublicKey) getQ() (p *C.blsPublicKey) { 281 // #nosec 282 return (*C.blsPublicKey)(unsafe.Pointer(pub)) 283 } 284 285 // getPointer -- 286 func (pub *PublicKey) getPointer() (p *C.blsPublicKey) { 287 // #nosec 288 return (*C.blsPublicKey)(unsafe.Pointer(pub)) 289 } 290 291 // Serialize -- 292 func (pub *PublicKey) Serialize() []byte { 293 return pub.v.Serialize() 294 } 295 296 // Deserialize -- 297 func (pub *PublicKey) Deserialize(buf []byte) error { 298 return pub.v.Deserialize(buf) 299 } 300 301 // GetHexString -- 302 func (pub *PublicKey) GetHexString() string { 303 return pub.v.GetString(16) 304 } 305 306 // SetHexString -- 307 func (pub *PublicKey) SetHexString(s string) error { 308 return pub.v.SetString(s, 16) 309 } 310 311 // IsEqual -- 312 func (pub *PublicKey) IsEqual(rhs *PublicKey) bool { 313 return pub.v.IsEqual(&rhs.v) 314 } 315 316 // Add -- 317 func (pub *PublicKey) Add(rhs *PublicKey) { 318 G2Add(&pub.v, &pub.v, &rhs.v) 319 } 320 321 // Mul -- 322 func (pub *PublicKey) Mul(rhs *SecretKey) { 323 G2Mul(&pub.v, &pub.v, &rhs.v) 324 } 325 326 // Set -- 327 func (pub *PublicKey) Set(mpk []PublicKey, id *ID) error { 328 // #nosec 329 return G2EvaluatePolynomial(&pub.v, *(*[]G2)(unsafe.Pointer(&mpk)), &id.v) 330 } 331 332 // Recover -- 333 func (pub *PublicKey) Recover(pubVec []PublicKey, idVec []ID) error { 334 // #nosec 335 return G2LagrangeInterpolation(&pub.v, *(*[]Fr)(unsafe.Pointer(&idVec)), *(*[]G2)(unsafe.Pointer(&pubVec))) 336 } 337 338 func (pub *PublicKey) MarshalText() ([]byte, error) { 339 return []byte(fmt.Sprintf("%x", pub.Serialize())), nil 340 } 341 342 func (pub *PublicKey) UnmarshalText(text []byte) error { 343 key, err := hex.DecodeString(string(text)) 344 if err != nil { 345 return err 346 } 347 return pub.Deserialize(key) 348 } 349 func (pub *PublicKey) EncodeRLP(w io.Writer) error { 350 return rlp.Encode(w, pub.Serialize()) 351 } 352 353 func (pub *PublicKey) DecodeRLP(s *rlp.Stream) error { 354 buf, err := s.Bytes() 355 if err != nil { 356 return err 357 } 358 return pub.Deserialize(buf) 359 } 360 361 // Sign -- 362 type Sign struct { 363 v G1 364 } 365 366 // getPointer -- 367 func (sign *Sign) getPointer() (p *C.blsSignature) { 368 // #nosec 369 return (*C.blsSignature)(unsafe.Pointer(sign)) 370 } 371 372 // Serialize -- 373 func (sign *Sign) Serialize() []byte { 374 return sign.v.Serialize() 375 } 376 377 // Deserialize -- 378 func (sign *Sign) Deserialize(buf []byte) error { 379 return sign.v.Deserialize(buf) 380 } 381 382 // GetHexString -- 383 func (sign *Sign) GetHexString() string { 384 return sign.v.GetString(16) 385 } 386 387 // SetHexString -- 388 func (sign *Sign) SetHexString(s string) error { 389 return sign.v.SetString(s, 16) 390 } 391 392 // IsEqual -- 393 func (sign *Sign) IsEqual(rhs *Sign) bool { 394 return sign.v.IsEqual(&rhs.v) 395 } 396 397 // GetPublicKey -- 398 func (sec *SecretKey) GetPublicKey() (pub *PublicKey) { 399 pub = new(PublicKey) 400 C.blsGetPublicKey(pub.getPointer(), sec.getPointer()) 401 return pub 402 } 403 404 // Sign -- Constant Time version 405 func (sec *SecretKey) Sign(m string) (sign *Sign) { 406 sign = new(Sign) 407 buf := []byte(m) 408 // #nosec 409 C.blsSign(sign.getPointer(), sec.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) 410 return sign 411 } 412 413 // Add -- 414 func (sign *Sign) Add(rhs *Sign) { 415 C.blsSignatureAdd(sign.getPointer(), rhs.getPointer()) 416 } 417 418 // Recover -- 419 func (sign *Sign) Recover(signVec []Sign, idVec []ID) error { 420 // #nosec 421 return G1LagrangeInterpolation(&sign.v, *(*[]Fr)(unsafe.Pointer(&idVec)), *(*[]G1)(unsafe.Pointer(&signVec))) 422 } 423 424 // Verify -- 425 func (sign *Sign) Verify(pub *PublicKey, m string) bool { 426 buf := []byte(m) 427 // #nosec 428 return C.blsVerify(sign.getPointer(), pub.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) == 1 429 } 430 431 // VerifyPop -- 432 func (sign *Sign) VerifyPop(pub *PublicKey) bool { 433 return C.blsVerifyPop(sign.getPointer(), pub.getPointer()) == 1 434 } 435 436 // DHKeyExchange -- 437 func DHKeyExchange(sec *SecretKey, pub *PublicKey) (out PublicKey) { 438 C.blsDHKeyExchange(out.getPointer(), sec.getPointer(), pub.getPointer()) 439 return out 440 } 441 442 //add@20190716 443 //get G2 444 func GetGeneratorOfG2() (pub *PublicKey) { 445 pub = new(PublicKey) 446 C.blsGetGeneratorOfPublicKey(pub.getPointer()) 447 return pub 448 } 449 450 // PubBatchAdd -- 451 func PubkeyBatchAdd(pkVec []PublicKey) (pub PublicKey) { 452 var pk PublicKey 453 for i := 0; i < len(pkVec); i++ { 454 pk.Add(&pkVec[i]) 455 } 456 return pk 457 } 458 459 // SecBatchAdd -- 460 func SeckeyBatchAdd(secVec []SecretKey) (sec SecretKey) { 461 var sk SecretKey 462 for i := 0; i < len(secVec); i++ { 463 sk.Add(&secVec[i]) 464 } 465 return sk 466 } 467 468 func AggregateSign(sigVec []Sign) (sig Sign) { 469 var sign Sign 470 for i := 0; i < len(sigVec); i++ { 471 sign.Add(&sigVec[i]) 472 } 473 return sign 474 } 475 476 func GTBatchMul(eVec []GT) (e GT) { 477 var e1, e2 GT 478 e1 = eVec[0] 479 for j := 1; j < len(eVec); j++ { 480 e2 = eVec[j] 481 GTMul(&e2, &e1, &e2) 482 e1 = e2 483 } 484 return e2 485 } 486 487 func GTBatchAdd(eVec []GT) (e GT) { 488 var e1, e2 GT 489 e1 = eVec[0] 490 for j := 1; j < len(eVec); j++ { 491 e2 = eVec[j] 492 GTAdd(&e2, &e1, &e2) 493 e1 = e2 494 } 495 return e2 496 } 497 498 func MsgsToHashToG1(mVec []string) ([]Sign, error) { 499 n := len(mVec) 500 p_Hm := make([]Sign, n) 501 for i := 0; i < n; i++ { 502 err := p_Hm[i].v.HashAndMapTo([]byte(mVec[i])) 503 if err != nil { 504 return []Sign{}, err 505 } 506 } 507 return p_Hm, nil 508 } 509 510 func BatchVerifySameMsg(curve int, msg string, pkVec []PublicKey, sign Sign) error { 511 err := Init(curve) 512 if err != nil { 513 return err 514 } 515 /* if len(pkVec) != len(signVec) { 516 return errors.New("sig/pub length not equal") 517 }*/ 518 var pk PublicKey 519 // var sig Sign 520 for i := 0; i < len(pkVec); i++ { 521 pk.Add(&pkVec[i]) 522 // sig.Add(&signVec[i]) 523 } 524 if !sign.Verify(&pk, msg) { 525 return errors.New("signature verification failed") 526 } 527 return nil 528 } 529 530 func BatchVerifyDistinctMsg(curve int, pkVec []PublicKey, msgVec []Sign, sign Sign) error { 531 err := Init(curve) 532 if err != nil { 533 return err 534 } 535 if len(pkVec) != len(msgVec) { 536 return errors.New("pub/msg length not equal") 537 } 538 /*var sig Sign 539 for i := 0; i < len(pkVec); i++ { 540 sig.Add(&signVec[i]) 541 }*/ 542 P := GetGeneratorOfG2() 543 var e, e1, e2 GT 544 Pairing(&e, &(sign.v), &(P.v)) 545 546 n := len(msgVec) 547 Pairing(&e1, &(msgVec[0].v), &(pkVec[0].v)) 548 for j := 1; j < n; j++ { 549 Pairing(&e2, &(msgVec[j].v), &(pkVec[j].v)) 550 GTMul(&e2, &e1, &e2) 551 e1 = e2 552 } 553 if !e.IsEqual(&e2) { 554 return errors.New("not equal pairing\n") 555 } 556 return nil 557 } 558 559 func SynthSameMsg(curve int, pkVec []PublicKey, mVec []string) ([]PublicKey, []string, []string, error) { 560 err := Init(curve) 561 if err != nil { 562 return nil, nil, nil, err 563 } 564 pubMap := make(map[string]PublicKey) 565 mark := make(map[string]string) 566 for i := 0; i < len(mVec); i++ { 567 pub, ok := pubMap[mVec[i]] 568 if ok { 569 pub.Add(&pkVec[i]) 570 pubMap[mVec[i]] = pub 571 mark[mVec[i]] = mark[mVec[i]] + fmt.Sprintf(",%d", i) 572 } else { 573 pubMap[mVec[i]] = pkVec[i] 574 mark[mVec[i]] = fmt.Sprintf("%d", i) 575 } 576 } 577 n := len(pubMap) 578 newPkVec := make([]PublicKey, n) 579 newMVec := make([]string, n) 580 var j int = 0 581 for k, v := range pubMap { 582 newMVec[j] = k 583 newPkVec[j] = v 584 j++ 585 } 586 var index []string 587 for _, result := range mark { 588 if strings.Contains(result, ",") { 589 index = append(index, result) 590 } 591 } 592 return newPkVec, newMVec, index, nil 593 } 594 595 // IsValid -- 596 func G2IsValid(rhs *PublicKey) bool { 597 return C.mclBnG2_isValid((&rhs.v).getPointer()) == 1 598 } 599 600 func Schnorr_test(curve int, r, c SecretKey, G, V, P PublicKey) error { 601 err := Init(curve) 602 if err != nil { 603 return err 604 } 605 if !G2IsValid(&P) { 606 return errors.New("P isnot valid") 607 } 608 Pr := G 609 Pr.Mul(&r) 610 Pc := P 611 Pc.Mul(&c) 612 Psum := Pr 613 Psum.Add(&Pc) 614 if !V.IsEqual(&Psum) { 615 return errors.New("V = G*[r] + P*[c] not equal") 616 } 617 return nil 618 } 619 620 // Deprecated: use SchnorrProof 621 type Proof struct { 622 C, R SecretKey 623 } 624 625 // Serialize -- 626 func (pf *Proof) Serialize() []byte { 627 return append(pf.C.Serialize(), (pf.R.Serialize())...) 628 629 } 630 631 // Deserialize -- 632 func (pf *Proof) Deserialize(buf []byte) error { 633 if len(buf)%2 != 0 { 634 return errors.New("the length of C and R not equal in proof") 635 } 636 637 pivot := len(buf) / 2 638 639 pf.C.Deserialize(buf[:pivot]) 640 pf.R.Deserialize(buf[pivot:]) 641 return nil 642 } 643 644 func (pf *Proof) MarshalText() ([]byte, error) { 645 return []byte(fmt.Sprintf("%x", pf.Serialize())), nil 646 } 647 648 func (pf *Proof) UnmarshalText(text []byte) error { 649 key, err := hex.DecodeString(string(text)) 650 if err != nil { 651 return err 652 } 653 return pf.Deserialize(key) 654 } 655 656 func (pf *Proof) EncodeRLP(w io.Writer) error { 657 return rlp.Encode(w, pf.Serialize()) 658 } 659 660 func (pf *Proof) DecodeRLP(s *rlp.Stream) error { 661 buf, err := s.Bytes() 662 if err != nil { 663 return err 664 } 665 return pf.Deserialize(buf) 666 } 667 668 func SchnorrNIZKProve(curve int, sec SecretKey) (*Proof, error) { 669 err := Init(curve) 670 if err != nil { 671 return nil, err 672 } 673 P := sec.GetPublicKey() 674 var v SecretKey 675 v.SetByCSPRNG() 676 V := v.GetPublicKey() 677 G := GetGeneratorOfG2() 678 679 input1 := G.Serialize() 680 input2 := P.Serialize() 681 input3 := V.Serialize() 682 683 var buffer bytes.Buffer 684 buffer.Write(input1) 685 buffer.Write(input2) 686 buffer.Write(input3) 687 output := buffer.Bytes() 688 h := crypto.Keccak256(output) 689 var c SecretKey 690 err = c.SetLittleEndian(h) 691 if err != nil { 692 return nil, err 693 } 694 temp := sec 695 temp.Mul(&c) 696 r := v 697 r.Sub(&temp) 698 proof := new(Proof) 699 proof.C = c 700 proof.R = r 701 return proof, nil 702 } 703 704 func SchnorrNIZKVerify(curve int, proof Proof, P PublicKey) error { 705 err := Init(curve) 706 if err != nil { 707 return err 708 } 709 if !G2IsValid(&P) { 710 return errors.New("P isnot valid") 711 } 712 c := proof.C 713 r := proof.R 714 G := GetGeneratorOfG2() 715 // V1 = G * r + A * c c = H(G || pk || V’) 716 var Pr PublicKey 717 Pr = *G 718 Pr.Mul(&r) 719 Pc := P 720 Pc.Mul(&c) 721 V1 := Pr 722 V1.Add(&Pc) 723 724 input1 := G.Serialize() 725 input2 := P.Serialize() 726 input3 := V1.Serialize() 727 var buffer bytes.Buffer 728 buffer.Write(input1) 729 buffer.Write(input2) 730 buffer.Write(input3) 731 output := buffer.Bytes() 732 h := crypto.Keccak256(output) 733 var c1 SecretKey 734 err = c1.SetLittleEndian(h) 735 if err != nil { 736 return err 737 } 738 if !c.IsEqual(&c1) { 739 return errors.New("not same c = H(G || pk || V’)") 740 } 741 return nil 742 }