Merging master

Author: AnomalRoil

go.mod

@@ -3,13 +3,14 @@ module github.com/drand/kyber
 go 1.18
 
 require (
+	github.com/cloudflare/circl v1.3.7
 	github.com/drand/kyber-bls12381 v0.3.1
-	github.com/jonboulle/clockwork v0.3.0
-	github.com/stretchr/testify v1.8.2
+	github.com/jonboulle/clockwork v0.4.0
+	github.com/stretchr/testify v1.9.0
 	go.dedis.ch/fixbuf v1.0.3
 	go.dedis.ch/protobuf v1.0.11
-	golang.org/x/crypto v0.7.0
-	golang.org/x/sys v0.6.0
+	golang.org/x/crypto v0.21.0
+	golang.org/x/sys v0.18.0
 )
 
 require (

go.sum

@@ -1,24 +1,20 @@
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/drand/kyber-bls12381 v0.2.5 h1:4ugiCmXQsvgAuylSk929rK49WGFxCxT/7ArH2vw6Tlg=
-github.com/drand/kyber-bls12381 v0.2.5/go.mod h1:8fm2tmRaAdYRGMTh5tjF7qrGHywC+rmM5hrUFL+9fCI=
 github.com/drand/kyber-bls12381 v0.3.1 h1:KWb8l/zYTP5yrvKTgvhOrk2eNPscbMiUOIeWBnmUxGo=
 github.com/drand/kyber-bls12381 v0.3.1/go.mod h1:H4y9bLPu7KZA/1efDg+jtJ7emKx+ro3PU7/jWUVt140=
-github.com/jonboulle/clockwork v0.3.0 h1:9BSCMi8C+0qdApAp4auwX0RkLGUjs956h0EkuQymUhg=
-github.com/jonboulle/clockwork v0.3.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
+github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4=
+github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc=
 github.com/kilic/bls12-381 v0.1.0 h1:encrdjqKMEvabVQ7qYOKu1OvhqpK4s47wDYtNiPtlp4=
 github.com/kilic/bls12-381 v0.1.0/go.mod h1:vDTTHJONJ6G+P2R74EhnyotQDTliQDnFEwhdmfzw1ig=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 go.dedis.ch/fixbuf v1.0.3 h1:hGcV9Cd/znUxlusJ64eAlExS+5cJDIyTyEG+otu5wQs=
 go.dedis.ch/fixbuf v1.0.3/go.mod h1:yzJMt34Wa5xD37V5RTdmp38cz3QhMagdGoem9anUalw=
 go.dedis.ch/kyber/v3 v3.0.4/go.mod h1:OzvaEnPvKlyrWyp3kGXlFdp7ap1VC6RkZDTaPikqhsQ=
@@ -29,14 +25,13 @@ go.dedis.ch/protobuf v1.0.7/go.mod h1:pv5ysfkDX/EawiPqcW3ikOxsL5t+BqnV6xHSmE79KI
 go.dedis.ch/protobuf v1.0.11 h1:FTYVIEzY/bfl37lu3pR4lIj+F9Vp1jE8oh91VmxKgLo=
 go.dedis.ch/protobuf v1.0.11/go.mod h1:97QR256dnkimeNdfmURz0wAMNVbd1VmLXhG1CrTYrJ4=
 golang.org/x/crypto v0.0.0-20190123085648-057139ce5d2b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

pairing/circl_bls12381/adapter.go

@@ -0,0 +1,48 @@
+package circl_bls12381
+
+import (
+	"github.com/drand/kyber"
+)
+
+// SuiteBLS12381 is an adapter that implements the suites.Suite interface so that
+// bls12381 can be used as a common suite to generate key pairs for instance but
+// still preserves the properties of the pairing (e.g. the Pair function).
+//
+// It's important to note that the Point function will generate a point
+// compatible with public keys only (group G2) where the signature must be
+// used as a point from the group G1.
+type SuiteBLS12381 struct {
+	Suite
+	kyber.Group
+}
+
+// NewSuiteBLS12381 makes a new BN256 suite
+func NewSuiteBLS12381() *SuiteBLS12381 {
+	return &SuiteBLS12381{}
+}
+
+// Point generates a point from the G2 group that can only be used
+// for public keys
+func (s *SuiteBLS12381) Point() kyber.Point {
+	return s.G2().Point()
+}
+
+// PointLen returns the length of a G2 point
+func (s *SuiteBLS12381) PointLen() int {
+	return s.G2().PointLen()
+}
+
+// Scalar generates a scalar
+func (s *SuiteBLS12381) Scalar() kyber.Scalar {
+	return s.G1().Scalar()
+}
+
+// ScalarLen returns the lenght of a scalar
+func (s *SuiteBLS12381) ScalarLen() int {
+	return s.G1().ScalarLen()
+}
+
+// String returns the name of the suite
+func (s *SuiteBLS12381) String() string {
+	return "bls12381.adapter"
+}

pairing/circl_bls12381/adapter_test.go

@@ -0,0 +1,28 @@
+package circl_bls12381
+
+import (
+	"testing"
+
+	"github.com/drand/kyber/util/key"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAdapter_SuiteBLS12381(t *testing.T) {
+	suite := NewSuiteBLS12381()
+
+	pair := key.NewKeyPair(suite)
+	pubkey, err := pair.Public.MarshalBinary()
+	require.Nil(t, err)
+	privkey, err := pair.Private.MarshalBinary()
+	require.Nil(t, err)
+
+	pubhex := suite.Point()
+	err = pubhex.UnmarshalBinary(pubkey)
+	require.Nil(t, err)
+
+	privhex := suite.Scalar()
+	err = privhex.UnmarshalBinary(privkey)
+	require.Nil(t, err)
+
+	require.Equal(t, "bls12381.adapter", suite.String())
+}

pairing/circl_bls12381/g1.go

@@ -0,0 +1,95 @@
+package circl_bls12381
+
+import (
+	"crypto/cipher"
+	"io"
+
+	circl "github.com/cloudflare/circl/ecc/bls12381"
+	"github.com/drand/kyber"
+)
+
+var _ kyber.SubGroupElement = &G1Elt{}
+
+type G1Elt struct{ inner circl.G1 }
+
+func (p *G1Elt) MarshalBinary() (data []byte, err error) { return p.inner.BytesCompressed(), nil }
+
+func (p *G1Elt) UnmarshalBinary(data []byte) error { return p.inner.SetBytes(data) }
+
+func (p *G1Elt) String() string { return p.inner.String() }
+
+func (p *G1Elt) MarshalSize() int { return circl.G1SizeCompressed }
+
+func (p *G1Elt) MarshalTo(w io.Writer) (int, error) {
+	buf, err := p.MarshalBinary()
+	if err != nil {
+		return 0, err
+	}
+	return w.Write(buf)
+}
+
+func (p *G1Elt) UnmarshalFrom(r io.Reader) (int, error) {
+	buf := make([]byte, p.MarshalSize())
+	n, err := io.ReadFull(r, buf)
+	if err != nil {
+		return n, err
+	}
+	return n, p.UnmarshalBinary(buf)
+}
+
+func (p *G1Elt) Equal(p2 kyber.Point) bool { x := p2.(*G1Elt); return p.inner.IsEqual(&x.inner) }
+
+func (p *G1Elt) Null() kyber.Point { p.inner.SetIdentity(); return p }
+
+func (p *G1Elt) Base() kyber.Point { p.inner = *circl.G1Generator(); return p }
+
+func (p *G1Elt) Pick(rand cipher.Stream) kyber.Point {
+	var buf [32]byte
+	rand.XORKeyStream(buf[:], buf[:])
+	p.inner.Hash(buf[:], nil)
+	return p
+}
+
+func (p *G1Elt) Set(p2 kyber.Point) kyber.Point { p.inner = p2.(*G1Elt).inner; return p }
+
+func (p *G1Elt) Clone() kyber.Point { return new(G1Elt).Set(p) }
+
+func (p *G1Elt) EmbedLen() int {
+	panic("bls12-381: unsupported operation")
+}
+
+func (p *G1Elt) Embed(data []byte, r cipher.Stream) kyber.Point {
+	panic("bls12-381: unsupported operation")
+}
+
+func (p *G1Elt) Data() ([]byte, error) {
+	panic("bls12-381: unsupported operation")
+}
+
+func (p *G1Elt) Add(a, b kyber.Point) kyber.Point {
+	aa, bb := a.(*G1Elt), b.(*G1Elt)
+	p.inner.Add(&aa.inner, &bb.inner)
+	return p
+}
+
+func (p *G1Elt) Sub(a, b kyber.Point) kyber.Point { return p.Add(a, new(G1Elt).Neg(b)) }
+
+func (p *G1Elt) Neg(a kyber.Point) kyber.Point {
+	p.Set(a)
+	p.inner.Neg()
+	return p
+}
+
+func (p *G1Elt) Mul(s kyber.Scalar, q kyber.Point) kyber.Point {
+	if q == nil {
+		q = new(G1Elt).Base()
+	}
+	ss, qq := s.(*Scalar), q.(*G1Elt)
+	p.inner.ScalarMult(&ss.inner, &qq.inner)
+	return p
+}
+
+func (p *G1Elt) IsInCorrectGroup() bool { return p.inner.IsOnG1() }
+
+func (p *G1Elt) Hash(msg []byte) kyber.Point       { p.inner.Hash(msg, nil); return p }
+func (p *G1Elt) Hash2(msg, dst []byte) kyber.Point { p.inner.Hash(msg, dst); return p }

pairing/circl_bls12381/g2.go

@@ -0,0 +1,95 @@
+package circl_bls12381
+
+import (
+	"crypto/cipher"
+	"io"
+
+	circl "github.com/cloudflare/circl/ecc/bls12381"
+	"github.com/drand/kyber"
+)
+
+var _ kyber.SubGroupElement = &G2Elt{}
+
+type G2Elt struct{ inner circl.G2 }
+
+func (p *G2Elt) MarshalBinary() (data []byte, err error) { return p.inner.BytesCompressed(), nil }
+
+func (p *G2Elt) UnmarshalBinary(data []byte) error { return p.inner.SetBytes(data) }
+
+func (p *G2Elt) String() string { return p.inner.String() }
+
+func (p *G2Elt) MarshalSize() int { return circl.G2SizeCompressed }
+
+func (p *G2Elt) MarshalTo(w io.Writer) (int, error) {
+	buf, err := p.MarshalBinary()
+	if err != nil {
+		return 0, err
+	}
+	return w.Write(buf)
+}
+
+func (p *G2Elt) UnmarshalFrom(r io.Reader) (int, error) {
+	buf := make([]byte, p.MarshalSize())
+	n, err := io.ReadFull(r, buf)
+	if err != nil {
+		return n, err
+	}
+	return n, p.UnmarshalBinary(buf)
+}
+
+func (p *G2Elt) Equal(p2 kyber.Point) bool { x := p2.(*G2Elt); return p.inner.IsEqual(&x.inner) }
+
+func (p *G2Elt) Null() kyber.Point { p.inner.SetIdentity(); return p }
+
+func (p *G2Elt) Base() kyber.Point { p.inner = *circl.G2Generator(); return p }
+
+func (p *G2Elt) Pick(rand cipher.Stream) kyber.Point {
+	var buf [32]byte
+	rand.XORKeyStream(buf[:], buf[:])
+	p.inner.Hash(buf[:], nil)
+	return p
+}
+
+func (p *G2Elt) Set(p2 kyber.Point) kyber.Point { p.inner = p2.(*G2Elt).inner; return p }
+
+func (p *G2Elt) Clone() kyber.Point { return new(G2Elt).Set(p) }
+
+func (p *G2Elt) EmbedLen() int {
+	panic("bls12-381: unsupported operation")
+}
+
+func (p *G2Elt) Embed(data []byte, r cipher.Stream) kyber.Point {
+	panic("bls12-381: unsupported operation")
+}
+
+func (p *G2Elt) Data() ([]byte, error) {
+	panic("bls12-381: unsupported operation")
+}
+
+func (p *G2Elt) Add(a, b kyber.Point) kyber.Point {
+	aa, bb := a.(*G2Elt), b.(*G2Elt)
+	p.inner.Add(&aa.inner, &bb.inner)
+	return p
+}
+
+func (p *G2Elt) Sub(a, b kyber.Point) kyber.Point { return p.Add(a, new(G2Elt).Neg(b)) }
+
+func (p *G2Elt) Neg(a kyber.Point) kyber.Point {
+	p.Set(a)
+	p.inner.Neg()
+	return p
+}
+
+func (p *G2Elt) Mul(s kyber.Scalar, q kyber.Point) kyber.Point {
+	if q == nil {
+		q = new(G2Elt).Base()
+	}
+	ss, qq := s.(*Scalar), q.(*G2Elt)
+	p.inner.ScalarMult(&ss.inner, &qq.inner)
+	return p
+}
+
+func (p *G2Elt) IsInCorrectGroup() bool { return p.inner.IsOnG2() }
+
+func (p *G2Elt) Hash(msg []byte) kyber.Point       { p.inner.Hash(msg, nil); return p }
+func (p *G2Elt) Hash2(msg, dst []byte) kyber.Point { p.inner.Hash(msg, dst); return p }

pairing/circl_bls12381/group.go

@@ -0,0 +1,23 @@
+package circl_bls12381
+
+import (
+	circl "github.com/cloudflare/circl/ecc/bls12381"
+	"github.com/drand/kyber"
+)
+
+var (
+	G1 kyber.Group = &groupBls{name: "bls12-381.G1", newPoint: func() kyber.Point { return new(G1Elt).Null() }}
+	G2 kyber.Group = &groupBls{name: "bls12-381.G2", newPoint: func() kyber.Point { return new(G2Elt).Null() }}
+	GT kyber.Group = &groupBls{name: "bls12-381.GT", newPoint: func() kyber.Point { return new(GTElt).Null() }}
+)
+
+type groupBls struct {
+	name     string
+	newPoint func() kyber.Point
+}
+
+func (g groupBls) String() string       { return g.name }
+func (g groupBls) ScalarLen() int       { return circl.ScalarSize }
+func (g groupBls) Scalar() kyber.Scalar { return new(Scalar).SetInt64(0) }
+func (g groupBls) PointLen() int        { return g.newPoint().MarshalSize() }
+func (g groupBls) Point() kyber.Point   { return g.newPoint() }