initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Nim-POS
|
|
|
|
|
## Copyright (c) 2021 Status Research & Development GmbH
|
|
|
|
|
## Licensed under either of
|
|
|
|
|
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
|
|
|
|
|
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
|
|
|
|
|
## at your option.
|
|
|
|
|
## This file may not be copied, modified, or distributed except according to
|
|
|
|
|
## those terms.
|
|
|
|
|
|
|
|
|
|
# Implementation of the BLS-based public PoS scheme from
|
|
|
|
|
# Shacham H., Waters B., "Compact Proofs of Retrievability"
|
|
|
|
|
# using pairing over BLS12-381 ECC
|
|
|
|
|
#
|
|
|
|
|
# Notation from the paper
|
|
|
|
|
# In Z:
|
|
|
|
|
# - n: number of blocks
|
|
|
|
|
# - s: number of sectors per block
|
|
|
|
|
#
|
|
|
|
|
# In Z_p: modulo curve order
|
|
|
|
|
# - m_{ij}: sectors of the file i:0..n-1 j:0..s-1
|
|
|
|
|
# - α: PoS secret key
|
|
|
|
|
# - name: random string
|
|
|
|
|
# - μ_j: part of proof, j:0..s-1
|
|
|
|
|
#
|
|
|
|
|
# In G_1: multiplicative cyclic group
|
|
|
|
|
# - H: {0,1}∗ →G_1 : hash function
|
|
|
|
|
# - u_1,…,u_s ←R G_1 : random coefficients
|
|
|
|
|
# - σ_i: authenticators
|
|
|
|
|
# - σ: part of proof
|
|
|
|
|
#
|
|
|
|
|
# In G_2: multiplicative cyclic group
|
|
|
|
|
# - g: generator of G_2
|
|
|
|
|
# - v ← g^α: PoS public key
|
|
|
|
|
#
|
|
|
|
|
# In G_T:
|
|
|
|
|
# - used only to calculate the two pairings during validation
|
|
|
|
|
#
|
|
|
|
|
# Implementation:
|
|
|
|
|
# Our implementation uses additive cyclic groups instead of the multiplicative
|
2022-05-12 15:52:03 -06:00
|
|
|
|
# cyclic group in the paper, thus changing the name of the group operation as in
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
# blscurve and blst. Thus, point multiplication becomes point addition, and scalar
|
2022-05-23 23:24:15 -06:00
|
|
|
|
# exponentiation becomes scalar multiplicaiton.
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
#
|
|
|
|
|
# Number of operations:
|
|
|
|
|
# The following table summarizes the number of operations in different phases
|
|
|
|
|
# using the following notation:
|
|
|
|
|
# - f: file size expressed in units of 31 bytes
|
|
|
|
|
# - n: number of blocks
|
|
|
|
|
# - s: number of sectors per block
|
|
|
|
|
# - q: number of query items
|
|
|
|
|
#
|
|
|
|
|
# Since f = n * s and s is a parameter of the scheme, it is better to express
|
|
|
|
|
# the cost as a function of f and s. This only matters for Setup, all other
|
|
|
|
|
# phases are independent of the file size assuming a given q.
|
|
|
|
|
#
|
|
|
|
|
# | | Setup | Challenge | Proof | Verify |
|
|
|
|
|
# |----------------|-----------|---------------|-----------|-----------|-----------|
|
|
|
|
|
# | G1 random | s = s | q | | |
|
|
|
|
|
# | G1 scalar mult | n * (s+1) = f * (1 + 1/s) | | q | q + s |
|
|
|
|
|
# | G1 add | n * s = f | | q-1 | q-1 + s-1 |
|
|
|
|
|
# | Hash to G1 | n = f / s | | | q |
|
|
|
|
|
# | Z_p mult | = | | s * q | |
|
|
|
|
|
# | Z_p add | = | | s * (q-1) | |
|
|
|
|
|
# | pairing | = | | | 2 |
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
# Storage and communication cost:
|
|
|
|
|
# The storage overhead for a file of f_b bytes is given by the n authenticators
|
|
|
|
|
# calculated in the setup phase.
|
|
|
|
|
# f_b = f * 31 = n * s * 31
|
|
|
|
|
# Each authenticator is a point on G_1, which occupies 48 bytes in compressed form.
|
|
|
|
|
# Thus, the overall sorage size in bytes is:
|
|
|
|
|
# f_pos = fb + n * 48 = fb * (1 + (48/31) * (1/s))
|
|
|
|
|
#
|
|
|
|
|
# Communicaiton cost in the Setup phase is simply related to the storage cost.
|
|
|
|
|
# The size of the challenge is
|
|
|
|
|
# q * (8 + 48) bytes
|
|
|
|
|
# The size of the proof is instead
|
|
|
|
|
# s * 32 + 48 bytes
|
2022-05-23 23:24:15 -06:00
|
|
|
|
import std/endians
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
import pkg/chronos
|
|
|
|
|
import pkg/blscurve
|
|
|
|
|
import pkg/blscurve/blst/blst_abi
|
|
|
|
|
|
|
|
|
|
import ../../rng
|
|
|
|
|
import ../../streams
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# sector size in bytes. Must be smaller than the subgroup order r
|
|
|
|
|
# which is 255 bits long for BLS12-381
|
2022-05-23 23:24:15 -06:00
|
|
|
|
const
|
|
|
|
|
BytesPerSector* = 31
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
# length in bytes of the unique (random) name
|
|
|
|
|
Namelen = 512
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
type
|
|
|
|
|
# a single sector
|
2022-05-23 23:24:15 -06:00
|
|
|
|
ZChar* = array[BytesPerSector, byte]
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# secret key combining the metadata signing key and the POR generation key
|
2022-05-23 23:24:15 -06:00
|
|
|
|
SecretKey* = object
|
|
|
|
|
signkey*: blscurve.SecretKey
|
|
|
|
|
key*: blst_scalar
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# public key combining the metadata signing key and the POR validation key
|
2022-05-23 23:24:15 -06:00
|
|
|
|
PublicKey* = object
|
|
|
|
|
signkey*: blscurve.PublicKey
|
|
|
|
|
key*: blst_p2
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# POR metadata (called "file tag t_0" in the original paper)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
TauZero* = object
|
|
|
|
|
name*: array[Namelen, byte]
|
|
|
|
|
n*: int64
|
|
|
|
|
u*: seq[blst_p1]
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# signed POR metadata (called "signed file tag t" in the original paper)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
Tau* = object
|
|
|
|
|
t*: TauZero
|
|
|
|
|
signature*: array[96, byte]
|
|
|
|
|
|
|
|
|
|
Proof* = object
|
|
|
|
|
mu*: seq[blst_scalar]
|
|
|
|
|
sigma*: blst_p1
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# PoR query element
|
2022-05-23 23:24:15 -06:00
|
|
|
|
QElement* = object
|
|
|
|
|
I*: int64
|
|
|
|
|
V*: blst_scalar
|
|
|
|
|
|
|
|
|
|
PoR* = object
|
|
|
|
|
ssk*: SecretKey
|
|
|
|
|
spk*: PublicKey
|
|
|
|
|
tau*: Tau
|
|
|
|
|
authenticators*: seq[blst_p1]
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
proc fromBytesBE(a: array[32, byte]): blst_scalar =
|
|
|
|
|
## Convert data to blst native form
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
blst_scalar_from_bendian(result, a)
|
|
|
|
|
doAssert(blst_scalar_fr_check(result).bool)
|
|
|
|
|
|
|
|
|
|
proc fromBytesBE(a: openArray[byte]): blst_scalar =
|
|
|
|
|
## Convert data to blst native form
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var b: array[32, byte]
|
|
|
|
|
doAssert(a.len <= b.len)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
let d = b.len - a.len
|
2022-05-23 23:24:15 -06:00
|
|
|
|
for i in 0..<a.len:
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
b[i+d] = a[i]
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
blst_scalar_from_bendian(result, b)
|
|
|
|
|
doAssert(blst_scalar_fr_check(result).bool)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc getSector(
|
|
|
|
|
stream: SeekableStream,
|
|
|
|
|
blockId: int64,
|
|
|
|
|
sectorId: int64,
|
|
|
|
|
spb: int64): Future[ZChar] {.async.} =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Read file sector at given <blockid, sectorid> postion
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
var res: ZChar
|
|
|
|
|
stream.setPos(((blockid * spb + sectorid) * ZChar.len).int)
|
|
|
|
|
discard await stream.readOnce(addr res[0], ZChar.len)
|
|
|
|
|
return res
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
proc rndScalar(): blst_scalar =
|
|
|
|
|
## Generate random scalar within the subroup order r
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
var scal {.noInit.}: array[32, byte]
|
|
|
|
|
var scalar {.noInit.}: blst_scalar
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
while true:
|
|
|
|
|
for val in scal.mitems:
|
|
|
|
|
val = byte Rng.instance.rand(0xFF)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
scalar.blst_scalar_from_bendian(scal)
|
|
|
|
|
if blst_scalar_fr_check(scalar).bool:
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
return scalar
|
|
|
|
|
|
|
|
|
|
proc rndP2(): (blst_p2, blst_scalar) =
|
|
|
|
|
## Generate random point on G2
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
var
|
|
|
|
|
x {.noInit.}: blst_p2
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
x.blst_p2_from_affine(BLS12_381_G2) # init from generator
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
scalar = rndScalar()
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
x.blst_p2_mult(x, scalar, 255)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
return (x, scalar)
|
|
|
|
|
|
|
|
|
|
proc rndP1(): (blst_p1, blst_scalar) =
|
|
|
|
|
## Generate random point on G1
|
2022-05-23 23:24:15 -06:00
|
|
|
|
var
|
|
|
|
|
x {.noInit.}: blst_p1
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
x.blst_p1_from_affine(BLS12_381_G1) # init from generator
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
scalar = rndScalar()
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
x.blst_p1_mult(x, scalar, 255)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
return (x, scalar)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
template posKeygen(): (blst_p2, blst_scalar) =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Generate POS key pair
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
rndP2()
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc keyGen*(): (PublicKey, SecretKey) =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Generate key pair for signing metadata and for POS tags
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
var
|
|
|
|
|
pk: PublicKey
|
|
|
|
|
sk: SecretKey
|
|
|
|
|
ikm: array[32, byte]
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
for b in ikm.mitems:
|
|
|
|
|
b = byte Rng.instance.rand(0xFF)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
doAssert ikm.keyGen(pk.signkey, sk.signkey)
|
|
|
|
|
|
|
|
|
|
(pk.key, sk.key) = posKeygen()
|
|
|
|
|
return (pk, sk)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc sectorsCount(stream: SeekableStream, s: int64): int64 =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Calculate number of blocks for a file
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
size = stream.size()
|
|
|
|
|
n = ((size - 1) div (s * sizeof(ZChar))) + 1
|
|
|
|
|
# debugEcho "File size=", size, " bytes",
|
|
|
|
|
# ", blocks=", n,
|
|
|
|
|
# ", sectors/block=", $s,
|
|
|
|
|
# ", sectorsize=", $sizeof(ZChar), " bytes"
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
return n
|
|
|
|
|
|
|
|
|
|
proc hashToG1[T: byte|char](msg: openArray[T]): blst_p1 =
|
2022-05-23 23:24:15 -06:00
|
|
|
|
## Hash to curve with Dagger specific domain separation
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
const dst = "DAGGER-PROOF-OF-CONCEPT"
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
result.blst_hash_to_g1(msg, dst, aug = "")
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc hashNameI(name: array[Namelen, byte], i: int64): blst_p1 =
|
|
|
|
|
## Calculate unique filename and block index based hash
|
|
|
|
|
##
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# # naive implementation, hashing a long string representation
|
|
|
|
|
# # such as "[255, 242, 23]1"
|
|
|
|
|
# return hashToG1($name & $i)
|
|
|
|
|
|
|
|
|
|
# more compact and faster implementation
|
|
|
|
|
var namei: array[sizeof(name) + sizeof(int64), byte]
|
|
|
|
|
namei[0..sizeof(name)-1] = name
|
|
|
|
|
bigEndian64(addr(namei[sizeof(name)]), unsafeAddr(i))
|
|
|
|
|
return hashToG1(namei)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc generateAuthenticatorNaive(
|
|
|
|
|
stream: SeekableStream,
|
|
|
|
|
ssk: SecretKey,
|
|
|
|
|
i: int64,
|
|
|
|
|
s: int64,
|
|
|
|
|
t: TauZero): Future[blst_p1] {.async.} =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Naive implementation of authenticator as in the S&W paper.
|
|
|
|
|
## With the paper's multiplicative notation:
|
|
|
|
|
## \sigmai=\(H(file||i)\cdot\prod{j=0}^{s-1}{uj^{m[i][j]}})^{\alpha}
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var sum: blst_p1
|
2022-05-23 23:24:15 -06:00
|
|
|
|
for j in 0..<s:
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var prod: blst_p1
|
2022-05-23 23:24:15 -06:00
|
|
|
|
prod.blst_p1_mult(t.u[j], fromBytesBE((await stream.getSector(i, j, s))), 255)
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
sum.blst_p1_add_or_double(sum, prod)
|
|
|
|
|
|
|
|
|
|
blst_p1_add_or_double(result, hashNameI(t.name, i), sum)
|
|
|
|
|
result.blst_p1_mult(result, ssk.key, 255)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc generateAuthenticatorOpt(
|
|
|
|
|
stream: SeekableStream,
|
|
|
|
|
ssk: SecretKey,
|
|
|
|
|
i: int64,
|
|
|
|
|
s: int64,
|
|
|
|
|
t: TauZero,
|
|
|
|
|
ubase: seq[blst_scalar]): Future[blst_p1] {.async.} =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Optimized implementation of authenticator generation
|
|
|
|
|
## This implementation is reduces the number of scalar multiplications
|
|
|
|
|
## from s+1 to 1+1 , using knowledge about the scalars (r_j)
|
|
|
|
|
## used to generate u_j as u_j = g^{r_j}
|
|
|
|
|
##
|
|
|
|
|
## With the paper's multiplicative notation, we use:
|
|
|
|
|
## (H(file||i)\cdot g^{\sum{j=0}^{s-1}{r_j \cdot m[i][j]}})^{\alpha}
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var sum: blst_fr
|
|
|
|
|
var sums: blst_scalar
|
2022-05-23 23:24:15 -06:00
|
|
|
|
for j in 0..<s:
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var a, b, x: blst_fr
|
|
|
|
|
a.blst_fr_from_scalar(ubase[j])
|
2022-05-23 23:24:15 -06:00
|
|
|
|
b.blst_fr_from_scalar(fromBytesBE((await stream.getSector(i, j, s))))
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
x.blst_fr_mul(a, b)
|
|
|
|
|
sum.blst_fr_add(sum, x)
|
|
|
|
|
sums.blst_scalar_from_fr(sum)
|
|
|
|
|
|
|
|
|
|
result.blst_p1_from_affine(BLS12_381_G1)
|
|
|
|
|
result.blst_p1_mult(result, sums, 255)
|
|
|
|
|
|
|
|
|
|
result.blst_p1_add_or_double(result, hashNameI(t.name, i))
|
|
|
|
|
result.blst_p1_mult(result, ssk.key, 255)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc generateAuthenticator(
|
|
|
|
|
stream: SeekableStream,
|
|
|
|
|
ssk: SecretKey,
|
|
|
|
|
i: int64,
|
|
|
|
|
s: int64,
|
|
|
|
|
t: TauZero,
|
|
|
|
|
ubase: seq[blst_scalar]): Future[blst_p1] =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Wrapper to select tag generator implementation
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# let a = generateAuthenticatorNaive(i, s, t, f, ssk)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
return generateAuthenticatorOpt(stream, ssk, i, s, t, ubase)
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
# doAssert(a.blst_p1_is_equal(b).bool)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc generateQuery*(tau: Tau, l: int): seq[QElement] =
|
|
|
|
|
## Generata a random BLS query of given size
|
|
|
|
|
##
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
let n = tau.t.n # number of blocks
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
for i in 0..<l:
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var q: QElement
|
|
|
|
|
q.I = Rng.instance.rand(n-1) #TODO: dedup
|
|
|
|
|
q.V = rndScalar() #TODO: fix range
|
|
|
|
|
result.add(q)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc generateProof*(
|
|
|
|
|
stream: SeekableStream,
|
|
|
|
|
q: seq[QElement],
|
|
|
|
|
authenticators: seq[blst_p1],
|
|
|
|
|
s: int64): Future[Proof] {.async.} =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Generata BLS proofs for a given query
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
var
|
|
|
|
|
mu: seq[blst_scalar]
|
|
|
|
|
|
|
|
|
|
for j in 0..<s:
|
|
|
|
|
var
|
|
|
|
|
muj: blst_fr
|
|
|
|
|
|
|
|
|
|
for qelem in q:
|
|
|
|
|
let
|
|
|
|
|
sect = fromBytesBE((await stream.getSector(qelem.I, j, s)))
|
|
|
|
|
|
|
|
|
|
var
|
|
|
|
|
x, v, sector: blst_fr
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
sector.blst_fr_from_scalar(sect)
|
|
|
|
|
v.blst_fr_from_scalar(qelem.V)
|
|
|
|
|
x.blst_fr_mul(v, sector)
|
|
|
|
|
muj.blst_fr_add(muj, x)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
|
|
|
|
var
|
|
|
|
|
mujs: blst_scalar
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
mujs.blst_scalar_from_fr(muj)
|
|
|
|
|
mu.add(mujs)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
var
|
|
|
|
|
sigma: blst_p1
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
for qelem in q:
|
2022-05-23 23:24:15 -06:00
|
|
|
|
var
|
|
|
|
|
prod: blst_p1
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
prod.blst_p1_mult(authenticators[qelem.I], qelem.V, 255)
|
|
|
|
|
sigma.blst_p1_add_or_double(sigma, prod)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
return Proof(mu: mu, sigma: sigma)
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
proc pairing(a: blst_p1, b: blst_p2): blst_fp12 =
|
|
|
|
|
## Calculate pairing G_1,G_2 -> G_T
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
var
|
|
|
|
|
aa: blst_p1_affine
|
|
|
|
|
bb: blst_p2_affine
|
|
|
|
|
l: blst_fp12
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
blst_p1_to_affine(aa, a)
|
|
|
|
|
blst_p2_to_affine(bb, b)
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
blst_miller_loop(l, bb, aa)
|
|
|
|
|
blst_final_exp(result, l)
|
|
|
|
|
|
|
|
|
|
proc verifyPairingsNaive(a1: blst_p1, a2: blst_p2, b1: blst_p1, b2: blst_p2) : bool =
|
|
|
|
|
let e1 = pairing(a1, a2)
|
|
|
|
|
let e2 = pairing(b1, b2)
|
|
|
|
|
return e1 == e2
|
|
|
|
|
|
|
|
|
|
proc verifyPairingsNeg(a1: blst_p1, a2: blst_p2, b1: blst_p1, b2: blst_p2) : bool =
|
|
|
|
|
## Faster pairing verification using 2 miller loops but ony one final exponentiation
|
|
|
|
|
## based on https://github.com/benjaminion/c-kzg/blob/main/src/bls12_381.c
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var
|
|
|
|
|
loop0, loop1, gt_point: blst_fp12
|
|
|
|
|
aa1, bb1: blst_p1_affine
|
|
|
|
|
aa2, bb2: blst_p2_affine
|
|
|
|
|
|
|
|
|
|
var a1neg = a1
|
|
|
|
|
blst_p1_cneg(a1neg, 1)
|
|
|
|
|
|
|
|
|
|
blst_p1_to_affine(aa1, a1neg)
|
|
|
|
|
blst_p1_to_affine(bb1, b1)
|
|
|
|
|
blst_p2_to_affine(aa2, a2)
|
|
|
|
|
blst_p2_to_affine(bb2, b2)
|
|
|
|
|
|
|
|
|
|
blst_miller_loop(loop0, aa2, aa1)
|
|
|
|
|
blst_miller_loop(loop1, bb2, bb1)
|
|
|
|
|
|
|
|
|
|
blst_fp12_mul(gt_point, loop0, loop1)
|
|
|
|
|
blst_final_exp(gt_point, gt_point)
|
|
|
|
|
|
|
|
|
|
return blst_fp12_is_one(gt_point).bool
|
|
|
|
|
|
|
|
|
|
proc verifyPairings(a1: blst_p1, a2: blst_p2, b1: blst_p1, b2: blst_p2) : bool =
|
|
|
|
|
## Wrapper to select verify pairings implementation
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
|
|
|
|
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
verifyPairingsNaive(a1, a2, b1, b2)
|
|
|
|
|
#verifyPairingsNeg(a1, a2, b1, b2)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
proc verifyProof*(
|
|
|
|
|
self: PoR,
|
|
|
|
|
q: seq[QElement],
|
|
|
|
|
mus: seq[blst_scalar],
|
|
|
|
|
sigma: blst_p1): bool =
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
## Verify a BLS proof given a query
|
2022-05-23 23:24:15 -06:00
|
|
|
|
##
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
|
|
|
|
|
# verify signature on Tau
|
2022-05-23 23:24:15 -06:00
|
|
|
|
var signature: blscurve.Signature
|
|
|
|
|
if not signature.fromBytes(self.tau.signature):
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
return false
|
2022-05-23 23:24:15 -06:00
|
|
|
|
|
|
|
|
|
if not verify(self.spk.signkey, $self.tau.t, signature):
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
return false
|
|
|
|
|
|
|
|
|
|
var first: blst_p1
|
2022-05-23 23:24:15 -06:00
|
|
|
|
for qelem in q:
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var prod: blst_p1
|
2022-05-23 23:24:15 -06:00
|
|
|
|
prod.blst_p1_mult(hashNameI(self.tau.t.name, qelem.I), qelem.V, 255)
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
first.blst_p1_add_or_double(first, prod)
|
|
|
|
|
doAssert(blst_p1_on_curve(first).bool)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
let us = self.tau.t.u
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var second: blst_p1
|
2022-05-23 23:24:15 -06:00
|
|
|
|
for j in 0..<len(us):
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
var prod: blst_p1
|
|
|
|
|
prod.blst_p1_mult(us[j], mus[j], 255)
|
|
|
|
|
second.blst_p1_add_or_double(second, prod)
|
|
|
|
|
doAssert(blst_p1_on_curve(second).bool)
|
|
|
|
|
|
|
|
|
|
var sum: blst_p1
|
|
|
|
|
sum.blst_p1_add_or_double(first, second)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
var g {.noInit.}: blst_p2
|
initial commit of the Shacham BLS-based and RSA-based public schemes (#26)
* initial commit of the Shacham RSA-based public scheme
Minimal working version with lots of error checks and corrections
still needed.
- using Bearssl RSA code through libp2p
- with selecteble BigInt library for experimentation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* better proc names
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* separating demo code from library
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* using normal file io instead of memfiles
mmap has serveral potential issues and we do not really need it, so
changing to use the normal system file interface is better.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft version of bls proofs
Implementation of the BLS-based public PoS scheme from
Shacham H., Waters B., "Compact Proofs of Retrievability"
using pairing over BLS12-381 ECC
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* draft test and benchmark code for BLS PoS
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improve documentation of BLS scheme
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix getSector
* fixing DST tag in hashToG1
The DST tag should be unique to achieve domain separation
of hash functions as defined in:
https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation
Changed DST tag to one that indicates the PoC status of this code.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add verifyPairings abstraction
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* change random number generator to a secure one
Use Rng based on BrHmacDrbgContext
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* fix benchmark template
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* exchange parameter order in pairing
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* add optimized verifyPairing implementation
When verifying two pairings, one final exponentiation
can be spared through the use of cneg.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* speed up tag generation by a factor of s
Scalar multiplications in tag generation can be rearranged
to benefit from the way random points are being generated.
Since random points are themselves generated using scalar
multiplication and the base is common, the sum of multiplications
becomes a single multiplication with the scalar sum, resulting in
a nice speedup.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* use blst_p1_add_or_double instead of blst_p1_add
blst exposes two add functions: one that works for the corner case
of doubling, and one that isn't. It seems safer to use the one that
works, even if it is highly improbable in these cases that doubling
would occur.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sectorsperblock should be an external parameter
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* parametrize sectorsblock and querylen
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* improving benchmark messages
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* rebasing main
* generateAuthenticator: remove unused ubase parameter from naive impl
No need to have the same interface on the two implementations, so
we can remove this parameter.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generateAuthenticator: add some more explanation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* renaming pos.nim to rsa.nim
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* sign and verify metadata in Tau
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* adding more comments
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* remove code of slow RSA based version
Removed RSA-based version to ease maintenance, as it is
highly unlikely we would use it.
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* formatting: use just one type section
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* more comments added
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* make `namelen` a const
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* generalize hashToG1
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
* hashNameI: switch to faster implementation
Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Tanguy <tanguy@status.im>
Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 22:04:42 +01:00
|
|
|
|
g.blst_p2_from_affine(BLS12_381_G2)
|
|
|
|
|
|
2022-05-23 23:24:15 -06:00
|
|
|
|
return verifyPairings(sum, self.spk.key, sigma, g)
|
|
|
|
|
|
|
|
|
|
proc init*(
|
|
|
|
|
T: type PoR,
|
|
|
|
|
stream: SeekableStream,
|
|
|
|
|
ssk: SecretKey,
|
|
|
|
|
spk: PublicKey,
|
|
|
|
|
blockSize: int64): Future[PoR] {.async.} =
|
|
|
|
|
## Set up the POR scheme by generating tags and metadata
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
doAssert(
|
|
|
|
|
(blockSize mod BytesPerSector) == 0,
|
|
|
|
|
"Block size should be divisible by `BytesPerSector`")
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
s = blockSize div BytesPerSector
|
|
|
|
|
n = stream.sectorsCount(s)
|
|
|
|
|
|
|
|
|
|
# generate a random name
|
|
|
|
|
var t = TauZero(n: n)
|
|
|
|
|
for i in 0..<Namelen:
|
|
|
|
|
t.name[i] = byte Rng.instance.rand(0xFF)
|
|
|
|
|
|
|
|
|
|
# generate the coefficient vector for combining sectors of a block: U
|
|
|
|
|
var ubase: seq[blst_scalar]
|
|
|
|
|
for i in 0..<s:
|
|
|
|
|
let (u, ub) = rndP1()
|
|
|
|
|
t.u.add(u)
|
|
|
|
|
ubase.add(ub)
|
|
|
|
|
|
|
|
|
|
#TODO: a better bytearray conversion of TauZero for the signature might be needed
|
|
|
|
|
# the current conversion using $t might be architecture dependent and not unique
|
|
|
|
|
let
|
|
|
|
|
signature = sign(ssk.signkey, $t)
|
|
|
|
|
tau = Tau(t: t, signature: signature.exportRaw())
|
|
|
|
|
|
|
|
|
|
# generate sigmas
|
|
|
|
|
var
|
|
|
|
|
sigmas: seq[blst_p1]
|
|
|
|
|
|
|
|
|
|
for i in 0..<n:
|
|
|
|
|
sigmas.add((await stream.generateAuthenticator(ssk, i, s, t, ubase)))
|
|
|
|
|
|
|
|
|
|
return PoR(
|
|
|
|
|
ssk: ssk,
|
|
|
|
|
spk: spk,
|
|
|
|
|
tau: tau,
|
|
|
|
|
authenticators: sigmas)
|