nim-dagger/dagger/storageproofs/testbls.nim

38 lines
1.1 KiB
Nim
Raw Normal View History

initial commit of the Shacham BLS-based and RSA-based public schemes (#26) * initial commit of the Shacham RSA-based public scheme Minimal working version with lots of error checks and corrections still needed. - using Bearssl RSA code through libp2p - with selecteble BigInt library for experimentation Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * better proc names Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * separating demo code from library Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * using normal file io instead of memfiles mmap has serveral potential issues and we do not really need it, so changing to use the normal system file interface is better. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * draft version of bls proofs Implementation of the BLS-based public PoS scheme from Shacham H., Waters B., "Compact Proofs of Retrievability" using pairing over BLS12-381 ECC Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * draft test and benchmark code for BLS PoS Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * improve documentation of BLS scheme Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * fix getSector * fixing DST tag in hashToG1 The DST tag should be unique to achieve domain separation of hash functions as defined in: https://tools.ietf.org/id/draft-irtf-cfrg-hash-to-curve-06.html#domain-separation Changed DST tag to one that indicates the PoC status of this code. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * add verifyPairings abstraction Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * change random number generator to a secure one Use Rng based on BrHmacDrbgContext Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * fix benchmark template Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * exchange parameter order in pairing Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * add optimized verifyPairing implementation When verifying two pairings, one final exponentiation can be spared through the use of cneg. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * speed up tag generation by a factor of s Scalar multiplications in tag generation can be rearranged to benefit from the way random points are being generated. Since random points are themselves generated using scalar multiplication and the base is common, the sum of multiplications becomes a single multiplication with the scalar sum, resulting in a nice speedup. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * use blst_p1_add_or_double instead of blst_p1_add blst exposes two add functions: one that works for the corner case of doubling, and one that isn't. It seems safer to use the one that works, even if it is highly improbable in these cases that doubling would occur. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * sectorsperblock should be an external parameter Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * parametrize sectorsblock and querylen Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * improving benchmark messages Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * rebasing main * generateAuthenticator: remove unused ubase parameter from naive impl No need to have the same interface on the two implementations, so we can remove this parameter. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * generateAuthenticator: add some more explanation Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * renaming pos.nim to rsa.nim Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * sign and verify metadata in Tau Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * adding more comments Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * remove code of slow RSA based version Removed RSA-based version to ease maintenance, as it is highly unlikely we would use it. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * formatting: use just one type section Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * more comments added Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * make `namelen` a const Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * generalize hashToG1 Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * hashNameI: switch to faster implementation Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> Co-authored-by: Tanguy <tanguy@status.im> Co-authored-by: Dmitriy Ryajov <dryajov@gmail.com>
2022-03-08 21:04:42 +00:00
## Nim-POS
## Copyright (c) 2021 Status Research & Development GmbH
## Licensed under either of
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
## at your option.
## This file may not be copied, modified, or distributed except according to
## those terms.
import bls
import benchmark
import strutils
const sectorsperblock = 1024.int64
const querylen = 22
proc testbls() : bool =
benchmark "Key generation":
let (spk, ssk) = bls.keygen()
benchmark "Auth generation (s=" & $sectorsperblock & ")":
let (tau, authenticators) = bls.setup(ssk, sectorsperblock, "example.txt")
#echo "Auth: ", authenticators
benchmark "Generating challenge (q=" & $querylen & ")":
let q = bls.generateQuery(tau, spk, querylen)
#echo "Generated!" #, " q:", q
benchmark "Issuing proof":
let (mu, sigma) = bls.generateProof(q, authenticators, spk, sectorsperblock, "example.txt")
#echo "Issued!" #, " mu:", mu, " sigma:", sigma
benchmark "Verifying proof":
result = bls.verifyProof(tau, q, mu, sigma, spk)
echo "Result: ", result
let r = testbls()