TrueCloudLab/neo-go
6
0
Fork 0
mirror of https://github.com/nspcc-dev/neo-go.git synced 2024-10-16 15:43:25 +00:00
Code Issues Projects Releases Packages Wiki Activity
neo-go/pkg/core/native/crypto_blspoints.go
Anna Shaleva a2d28272ef native: fix error message on unexpected BLS12-381 curve point 
Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
2023-10-05 13:46:05 +03:00

293 lines
7.9 KiB
Go
Raw Blame History

package native
import (
"errors"
"fmt"
"math/big"
bls12381 "github.com/consensys/gnark-crypto/ecc/bls12-381"
"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
)
// blsPoint is a wrapper around bls12381 point types that must be used as
// stackitem.Interop values and implement stackitem.Equatable interface.
type blsPoint struct {
point any
}
var _ = stackitem.Equatable(blsPoint{})
// Equals implements stackitem.Equatable interface.
func (p blsPoint) Equals(other stackitem.Equatable) bool {
res, err := p.EqualsCheckType(other)
return err == nil && res
}
// EqualsCheckType checks whether other is of the same type as p and returns an error if not.
// It also returns whether other and p are equal.
func (p blsPoint) EqualsCheckType(other stackitem.Equatable) (bool, error) {
b, ok := other.(blsPoint)
if !ok {
return false, errors.New("not a bls12-381 point")
}
var (
res bool
err error
)
switch x := p.point.(type) {
case *bls12381.G1Affine:
y, ok := b.point.(*bls12381.G1Affine)
if !ok {
err = fmt.Errorf("equal: unexpected y bls12381 point type: %T vs G1Affine", y)
break
}
res = x.Equal(y)
case *bls12381.G1Jac:
y, ok := b.point.(*bls12381.G1Jac)
if !ok {
err = fmt.Errorf("equal: unexpected y bls12381 point type: %T vs G1Jac", y)
break
}
res = x.Equal(y)
case *bls12381.G2Affine:
y, ok := b.point.(*bls12381.G2Affine)
if !ok {
err = fmt.Errorf("equal: unexpected y bls12381 point type: %T vs G2Affine", y)
break
}
res = x.Equal(y)
case *bls12381.G2Jac:
y, ok := b.point.(*bls12381.G2Jac)
if !ok {
err = fmt.Errorf("equal: unexpected y bls12381 point type: %T vs G2Jac", y)
break
}
res = x.Equal(y)
case *bls12381.GT:
y, ok := b.point.(*bls12381.GT)
if !ok {
err = fmt.Errorf("equal: unexpected y bls12381 point type: %T vs GT", y)
break
}
res = x.Equal(y)
default:
err = fmt.Errorf("equal: unexpected x bls12381 point type: %T", x)
}
return res, err
}
// Bytes returns serialized representation of the provided point in compressed form.
func (p blsPoint) Bytes() []byte {
switch p := p.point.(type) {
case *bls12381.G1Affine:
compressed := p.Bytes()
return compressed[:]
case *bls12381.G1Jac:
g1Affine := new(bls12381.G1Affine)
g1Affine.FromJacobian(p)
compressed := g1Affine.Bytes()
return compressed[:]
case *bls12381.G2Affine:
compressed := p.Bytes()
return compressed[:]
case *bls12381.G2Jac:
g2Affine := new(bls12381.G2Affine)
g2Affine.FromJacobian(p)
compressed := g2Affine.Bytes()
return compressed[:]
case *bls12381.GT:
compressed := p.Bytes()
return compressed[:]
default:
panic(errors.New("unknown bls12381 point type"))
}
}
// FromBytes deserializes BLS12-381 point from the given byte slice in compressed form.
func (p *blsPoint) FromBytes(buf []byte) error {
switch l := len(buf); l {
case bls12381.SizeOfG1AffineCompressed:
g1Affine := new(bls12381.G1Affine)
_, err := g1Affine.SetBytes(buf)
if err != nil {
return fmt.Errorf("failed to decode bls12381 G1Affine point: %w", err)
}
p.point = g1Affine
case bls12381.SizeOfG2AffineCompressed:
g2Affine := new(bls12381.G2Affine)
_, err := g2Affine.SetBytes(buf)
if err != nil {
return fmt.Errorf("failed to decode bls12381 G2Affine point: %w", err)
}
p.point = g2Affine
case bls12381.SizeOfGT:
gt := new(bls12381.GT)
err := gt.SetBytes(buf)
if err != nil {
return fmt.Errorf("failed to decode GT point: %w", err)
}
p.point = gt
}
return nil
}
// blsPointAdd performs addition of two BLS12-381 points.
func blsPointAdd(a, b blsPoint) (blsPoint, error) {
var (
res any
err error
)
switch x := a.point.(type) {
case *bls12381.G1Affine:
switch y := b.point.(type) {
case *bls12381.G1Affine:
xJac := new(bls12381.G1Jac)
xJac.FromAffine(x)
xJac.AddMixed(y)
res = xJac
case *bls12381.G1Jac:
yJac := new(bls12381.G1Jac)
yJac.Set(y)
yJac.AddMixed(x)
res = yJac
default:
err = fmt.Errorf("add: inconsistent bls12381 point types: %T and %T", x, y)
}
case *bls12381.G1Jac:
resJac := new(bls12381.G1Jac)
resJac.Set(x)
switch y := b.point.(type) {
case *bls12381.G1Affine:
resJac.AddMixed(y)
case *bls12381.G1Jac:
resJac.AddAssign(y)
default:
err = fmt.Errorf("add: inconsistent bls12381 point types: %T and %T", x, y)
}
res = resJac
case *bls12381.G2Affine:
switch y := b.point.(type) {
case *bls12381.G2Affine:
xJac := new(bls12381.G2Jac)
xJac.FromAffine(x)
xJac.AddMixed(y)
res = xJac
case *bls12381.G2Jac:
yJac := new(bls12381.G2Jac)
yJac.Set(y)
yJac.AddMixed(x)
res = yJac
default:
err = fmt.Errorf("add: inconsistent bls12381 point types: %T and %T", x, y)
}
case *bls12381.G2Jac:
resJac := new(bls12381.G2Jac)
resJac.Set(x)
switch y := b.point.(type) {
case *bls12381.G2Affine:
resJac.AddMixed(y)
case *bls12381.G2Jac:
resJac.AddAssign(y)
default:
err = fmt.Errorf("add: inconsistent bls12381 point types: %T and %T", x, y)
}
res = resJac
case *bls12381.GT:
resGT := new(bls12381.GT)
resGT.Set(x)
switch y := b.point.(type) {
case *bls12381.GT:
// It's multiplication, see https://github.com/neo-project/Neo.Cryptography.BLS12_381/issues/4.
resGT.Mul(x, y)
default:
err = fmt.Errorf("add: inconsistent bls12381 point types: %T and %T", x, y)
}
res = resGT
default:
err = fmt.Errorf("add: unexpected bls12381 point type: %T", x)
}
return blsPoint{point: res}, err
}
// blsPointAdd performs scalar multiplication of two BLS12-381 points.
func blsPointMul(a blsPoint, alphaBi *big.Int) (blsPoint, error) {
var (
res any
err error
)
switch x := a.point.(type) {
case *bls12381.G1Affine:
// The result is in Jacobian form in the reference implementation.
g1Jac := new(bls12381.G1Jac)
g1Jac.FromAffine(x)
g1Jac.ScalarMultiplication(g1Jac, alphaBi)
res = g1Jac
case *bls12381.G1Jac:
g1Jac := new(bls12381.G1Jac)
g1Jac.ScalarMultiplication(x, alphaBi)
res = g1Jac
case *bls12381.G2Affine:
// The result is in Jacobian form in the reference implementation.
g2Jac := new(bls12381.G2Jac)
g2Jac.FromAffine(x)
g2Jac.ScalarMultiplication(g2Jac, alphaBi)
res = g2Jac
case *bls12381.G2Jac:
g2Jac := new(bls12381.G2Jac)
g2Jac.ScalarMultiplication(x, alphaBi)
res = g2Jac
case *bls12381.GT:
gt := new(bls12381.GT)
// C# implementation differs a bit from go's. They use double-and-add algorithm, see
// https://github.com/neo-project/Neo.Cryptography.BLS12_381/blob/844bc3a4f7d8ba2c545ace90ca124f8ada4c8d29/src/Neo.Cryptography.BLS12_381/Gt.cs#L102
// and https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Double-and-add,
// Pay attention that C#'s Gt.Double() squares (not doubles!) the initial GT point.
// Thus.C#'s scalar multiplication operation over Gt and Scalar is effectively an exponent.
// Go's exponent algorithm differs a bit from the C#'s double-and-add in that go's one
// uses 2-bits windowed method for multiplication. However, the resulting GT point is
// absolutely the same between two implementations.
gt.Exp(*x, alphaBi)
res = gt
default:
err = fmt.Errorf("mul: unexpected bls12381 point type: %T", x)
}
return blsPoint{point: res}, err
}
func blsPointPairing(a, b blsPoint) (blsPoint, error) {
var (
x *bls12381.G1Affine
y *bls12381.G2Affine
)
switch p := a.point.(type) {
case *bls12381.G1Affine:
x = p
case *bls12381.G1Jac:
x = new(bls12381.G1Affine)
x.FromJacobian(p)
default:
return blsPoint{}, fmt.Errorf("pairing: unexpected bls12381 point type (g1): %T", p)
}
switch p := b.point.(type) {
case *bls12381.G2Affine:
y = p
case *bls12381.G2Jac:
y = new(bls12381.G2Affine)
y.FromJacobian(p)
default:
return blsPoint{}, fmt.Errorf("pairing: unexpected bls12381 point type (g2): %T", p)
}
gt, err := bls12381.Pair([]bls12381.G1Affine{*x}, []bls12381.G2Affine{*y})
if err != nil {
return blsPoint{}, fmt.Errorf("failed to perform pairing operation: %w", err)
}
return blsPoint{&gt}, nil
}
Reference in a new issue View git blame Copy permalink