Merging the drand fork #509
Conversation
added index of signature
returning err only if not enough valid partials
* Implementing IBE on G2 & adapting tests for it * Adding CPA on G1 * Removing exposed insecure hash function from mod Int * Use iterative hashing also avoid loosing a bit before rehashing
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.7.0 to 0.17.0. - [Commits](golang/crypto@v0.7.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* bounds check when comparing polynomials * added extra check of threshold * fixing comment on PubPoly Equal being constant time --------- Co-authored-by: Yolan Romailler <[email protected]>
* Adding support for BLS12381 using CIRCL. * Register suite for bls12381. * Renaming to circl_bls12381 --------- Co-authored-by: Yolan Romailler <[email protected]>
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.2 to 1.3.7. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.3.2...v1.3.7) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add support for signatures on G2 to bdn * Adapt bdn_test.go to new BDN interface * Make API functions methods of the Scheme type * Generalize G1- and G2-related comments * Fixing bdn tests * Make the BDN test suite generic over suite and scheme * Keeping public APIs from v1 --------- Co-authored-by: Yolan Romailler <[email protected]> Co-authored-by: Jakub Sztandera <[email protected]>
* implement ethereum bn254 * pull in missing changes from geth * make G2 points affine in ValidatePairing * move bn254 to own dir * fix bn254 GT Base and Null * test G1 suite against gnark-crypto * adapt G2 test to gnark-crypto, fix bn254 marshal ids * fix G1 hashToPoint reference tests * fix pairing/bn254/gfp_amd64.s * use keccak256 instead of sha256 in bn254 * implement TestGT for bn254 * implement hashToField, expandMsgXmd * implement mapToPoint * implement hashToPoint * rename toPointG1 -> fromBigInt * add comments on mapToPoint, cleanup * fix TestPointG1_HashToPoint with new keccak256 impl * use ref implementation of expand_message_xmd * panic if DST length > 255 * remove unnecessary iteration in expandMsgXmd * update tests to use full length DSTs * set DST in group instead of suite * fix: actually write bytes in zeroPadBytes * fix: leftpad intermediate prb in expandMsgXmd * fix: leftpad intermediate xored hashes in expandMsgXmd * add instructions to create hash-to-point reference values, remove old TODO * remove irrelevant issue400 test for bn254 * use CX instead of R15 in amd64 replaying fix from geth, see: ethereum/go-ethereum@ec64358 When using -buildmode=shared, R15 is clobbered by a global variable access; use a different register instead. * remove gfp.h in bn254 * use geth's Unmarshal func: error out on invalid coordinates * make constants z0 and z1 private * check that random points are different in TestG1Ops * implement Stringer interface for bn254 groups * remove irrelevant benchmarks * implement SVDW from RFC9380 for bn254 G1 map-to-point * encode the right variable in hashToField * borrow expand_message_xmd implementation from kilic-bls12381 * update test vectors in TestPointG1_HashToPoint, TestHashToField * test expandMsgXmd against a copy of gnark's * fix default DST for hash-to-curve * remove unused fromBigInt func * add sources for gfp exp/sqrt functions * use curveB constant in g(x) * create new DST buffers instead of passing refs
Still has an error in the ibe_test.go file
Corrected some of the comments that still mentioned wrong paths
+ Small formatting changes
|
encrypt/ibe/ibe_test.go
Outdated
| @@ -1,5 +1,6 @@ | |||
| package ibe | |||
|
|
|||
| /* | |||
There was a problem hiding this comment.
Why comment out the entire IBE tests code?
There was a problem hiding this comment.
I uncommented them and used the circl bls12381 instead but there is a difference between the scalar of circl bls and the one of the other pairing curve which makes it not pass the tests. I am trying to change the circl implementation so that it uses mod.Int
There was a problem hiding this comment.
The conversion is not needed if rejection sampling is updated as in:
https://github.com/Robingoumaz/kyber-drand/pull/1
examples/dkg_test.go
Outdated
There was a problem hiding this comment.
Not sure why we would want to delete this file?
|
|
||
| // HashablePoint is an interface implemented by n | ||
| type HashablePoint interface { | ||
| Hash([]byte) Point |
There was a problem hiding this comment.
Since we're doing a V4, one thing worth discussing is probably this:
drand#50
|
|
||
| var hasBMI2 = cpu.X86.HasBMI2 | ||
|
|
||
| // go:noescape |
There was a problem hiding this comment.
you could disable this linter for this file in the ./.golangci.yml config file since it seems to apply to the whole file
…cl.go" files from the linter
|
This is a huge PR. Unless you want to keep up with the drand branch of kyber, I propose to split it in different PRs:
This would make it more manageable, but would also make it difficult for future exchanges between the drand fork and dedis/kyber. |
|
@ineiti the goal is to get rid of the drand/kyber fork and only have one unique kyber repo :D |
Then I would definitely pack this up in several easy-to-digest PRs. |
share/dkg/dkg.go
Outdated
There was a problem hiding this comment.
Here I think you should stick with the file structure from dedis/kyber and keep both Pedersen and Rabin subfolders in share/dkg/ instead of deleting Rabin and replacing everything with drand implementation.
There was a problem hiding this comment.
Okay, so @nikkolasg told me actually that the Pedersen dedis/kyber is not the same implementation as the drand/kyber, the latter being the secure one, while the former might be somewhat faulty.
So I think we should 100% replace the dedis/kyber/share/dkg/pedersen with the drand/kyber/share/dkg code.
I don't have strong opinion about keeping or not the Rabin one, but he told me that one is very slow, which means it's inferior to Pedersen.
We could either:
- keep both and make sure to benchmark them to warn users cc @matteosz
- remove Rabin and keep only the drand one, which is what this PR is currently doing.
Preferences @pierluca ?
There was a problem hiding this comment.
I vote for having both, and adding a benchmark is a good idea. Except if keeping the kyber dkg is a lot of work.
Thinking of kyber as a research library, so it's nice to have various algorithms for comparisons, or in case somebody has a brilliant idea to update one of the algorithms.
share/dkg/rabin/dkg.go
Outdated
There was a problem hiding this comment.
See my comment about keeping both pedersen and rabin packages, but having the drand dkg move to the pedersen folder rather than deleting and replacing with drand version
sign/dss/dss.go
Outdated
| buff := make([]byte, readerBytes) | ||
| for _, reader := range r.Readers { | ||
| n, err := io.ReadFull(reader, buff) | ||
| if err != nil { | ||
| nerr++ | ||
| errors = append(errors, err.Error()) | ||
| } | ||
| b.Write(buff[:n]) | ||
| } | ||
|
|
||
| // we are ok with few sources being insecure (i.e., providing less than | ||
| // readerBytes bytes), but not all of them | ||
| if nerr == len(r.Readers) { |
There was a problem hiding this comment.
you could get rid of nerr and use len(errors) instead here.
sign/test/threshold.go
Outdated
There was a problem hiding this comment.
This doesn't seem to conform to the _test nomenclature for Go tests and functions in it also don't use the proper TestXYZ format.
Please replace to use the proper Go test framework.
sign/test/scheme.go
Outdated
There was a problem hiding this comment.
same remark about it not being a proper test package as per the Go test nomenclature. Need _test.go in file name and TestName functions
sign/bls/bls_test.go
Outdated
|
I see that the tests failed, which means Sonar wasn't run. |
This PR is about merging the drand fork back into the dedis dyber.
Many files only got minimal changes, (comments, typos, moved to another folder) and some had bigger changes applied to them.