Trait EngineBLS

pub trait EngineBLS {
    type Engine: Pairing;
    type Scalar: PrimeField;
    type PublicKeyGroupBaseField: Field;
    type PublicKeyGroupAffine: AffineRepr<ScalarField = Self::Scalar, Group = Self::PublicKeyGroup> + From<Self::PublicKeyGroup> + Into<Self::PublicKeyGroup> + Into<Self::PublicKeyPrepared>;
    type PublicKeyGroup: CurveGroup<Affine = Self::PublicKeyGroupAffine, ScalarField = Self::Scalar, BaseField = Self::PublicKeyGroupBaseField> + From<Self::PublicKeyGroupAffine> + Into<Self::PublicKeyGroupAffine> + MulAssign<Self::Scalar>;
    type PublicKeyPrepared: Default + Clone + Send + Sync + Debug + From<Self::PublicKeyGroupAffine>;
    type SignatureGroupBaseField: Field;
    type SignatureGroupAffine: AffineRepr<ScalarField = Self::Scalar, Group = Self::SignatureGroup> + From<Self::SignatureGroup> + Into<Self::SignatureGroup> + Into<Self::SignaturePrepared>;
    type SignatureGroup: CurveGroup<Affine = Self::SignatureGroupAffine, ScalarField = Self::Scalar, BaseField = Self::SignatureGroupBaseField> + Into<Self::SignatureGroupAffine> + From<Self::SignatureGroupAffine> + MulAssign<Self::Scalar>;
    type SignaturePrepared: Default + Clone + Send + Sync + Debug + From<Self::SignatureGroupAffine>;
    type HashToSignatureField: HashToField<Self::SignatureGroupBaseField>;
    type MapToSignatureCurve: MapToCurve<Self::SignatureGroup>;

    const PUBLICKEY_SERIALIZED_SIZE: usize;
    const SECRET_KEY_SIZE: usize;
    const CURVE_NAME: &'static [u8];
    const SIG_GROUP_NAME: &'static [u8];
    const CIPHER_SUIT_DOMAIN_SEPARATION: &'static [u8];
    const SIGNATURE_SERIALIZED_SIZE: usize;

    // Required methods
    fn hash_to_curve_map(    ) -> MapToCurveBasedHasher<Self::SignatureGroup, Self::HashToSignatureField, Self::MapToSignatureCurve>;
    fn miller_loop<'a, I>(i: I) -> MillerLoopOutput<Self::Engine>
       where Self::PublicKeyPrepared: 'a,
             Self::SignaturePrepared: 'a,
             I: IntoIterator<Item = &'a (<Self as EngineBLS>::PublicKeyPrepared, Self::SignaturePrepared)>;
    fn pairing<G1, G2>(p: G1, q: G2) -> <Self::Engine as Pairing>::TargetField
       where G1: Into<<Self::PublicKeyGroup as CurveGroup>::Affine>,
             G2: Into<<Self::SignatureGroup as CurveGroup>::Affine>;
    fn minus_generator_of_public_key_group_prepared() -> Self::PublicKeyPrepared;

    // Provided methods
    fn generate<R: Rng + RngCore>(rng: &mut R) -> Self::Scalar { ... }
    fn hash_to_signature_curve<M: Borrow<[u8]>>(
        message: M,
    ) -> Self::SignatureGroup { ... }
    fn final_exponentiation(
        e: MillerLoopOutput<Self::Engine>,
    ) -> Option<PairingOutput<Self::Engine>> { ... }
    fn verify_prepared<'a, I>(
        signature: Self::SignaturePrepared,
        inputs: I,
    ) -> bool
       where Self::PublicKeyPrepared: 'a,
             Self::SignaturePrepared: 'a,
             I: IntoIterator<Item = &'a (Self::PublicKeyPrepared, Self::SignaturePrepared)> { ... }
    fn generator_of_signature_group() -> Self::SignatureGroup { ... }
    fn prepare_public_key(
        g: impl Into<Self::PublicKeyGroupAffine>,
    ) -> Self::PublicKeyPrepared { ... }
    fn prepare_signature(
        g: impl Into<Self::SignatureGroupAffine>,
    ) -> Self::SignaturePrepared { ... }
    fn signature_point_to_byte(point: &Self::SignatureGroup) -> Vec<u8>  { ... }
    fn public_key_point_to_byte(point: &Self::PublicKeyGroup) -> Vec<u8>  { ... }
}

A weakening of pairing::Engine to permit transposing the groups.

You cannot transpose the two groups in a pairing::Engine without first providing panicing implementations of pairing::PrimeField for Engine::Fqe, which is not a prime field, and second, providing wrapper types for the projective and affine group representations, which makes interacting with the original pairing::Engine annoying. This trait merely replicates transposable functionality from pairing::Engine by removing the fields of definition, but leaves the actual BLS signature scheme to wrapper types.

We also extract two functions users may with to override: random scalar generation and hashing to the singature curve.

Required Associated Constants

const PUBLICKEY_SERIALIZED_SIZE: usize

const SECRET_KEY_SIZE: usize

const CURVE_NAME: &'static [u8]

const SIG_GROUP_NAME: &'static [u8]

const CIPHER_SUIT_DOMAIN_SEPARATION: &'static [u8]

const SIGNATURE_SERIALIZED_SIZE: usize

Required Associated Types

type Engine: Pairing

type Scalar: PrimeField

type PublicKeyGroupBaseField: Field

Group where BLS public keys live

You should take this to be the Engine::G1 curve usually becuase all verifiers perform additions on this curve, or even scalar multiplicaitons with delinearization.

type PublicKeyGroupAffine: AffineRepr<ScalarField = Self::Scalar, Group = Self::PublicKeyGroup> + From<Self::PublicKeyGroup> + Into<Self::PublicKeyGroup> + Into<Self::PublicKeyPrepared>

type PublicKeyGroup: CurveGroup<Affine = Self::PublicKeyGroupAffine, ScalarField = Self::Scalar, BaseField = Self::PublicKeyGroupBaseField> + From<Self::PublicKeyGroupAffine> + Into<Self::PublicKeyGroupAffine> + MulAssign<Self::Scalar>

type PublicKeyPrepared: Default + Clone + Send + Sync + Debug + From<Self::PublicKeyGroupAffine>

type SignatureGroupBaseField: Field

Group where BLS signatures live

You should take this to be the Engine::G2 curve usually becuase only aggregators perform additions on this curve, or scalar multiplicaitons with delinearization.

type SignatureGroupAffine: AffineRepr<ScalarField = Self::Scalar, Group = Self::SignatureGroup> + From<Self::SignatureGroup> + Into<Self::SignatureGroup> + Into<Self::SignaturePrepared>

type SignatureGroup: CurveGroup<Affine = Self::SignatureGroupAffine, ScalarField = Self::Scalar, BaseField = Self::SignatureGroupBaseField> + Into<Self::SignatureGroupAffine> + From<Self::SignatureGroupAffine> + MulAssign<Self::Scalar>

type SignaturePrepared: Default + Clone + Send + Sync + Debug + From<Self::SignatureGroupAffine>

type HashToSignatureField: HashToField<Self::SignatureGroupBaseField>

type MapToSignatureCurve: MapToCurve<Self::SignatureGroup>

Required Methods

fn hash_to_curve_map() -> MapToCurveBasedHasher<Self::SignatureGroup, Self::HashToSignatureField, Self::MapToSignatureCurve>

getter function for the hash to curve map

fn miller_loop<'a, I>(i: I) -> MillerLoopOutput<Self::Engine>

where Self::PublicKeyPrepared: 'a, Self::SignaturePrepared: 'a, I: IntoIterator<Item = &'a (<Self as EngineBLS>::PublicKeyPrepared, Self::SignaturePrepared)>,

Run the Miller loop from Engine but orients its arguments to be a SignatureGroup and PublicKeyGroup.

fn pairing<G1, G2>(p: G1, q: G2) -> <Self::Engine as Pairing>::TargetField

where G1: Into<<Self::PublicKeyGroup as CurveGroup>::Affine>, G2: Into<<Self::SignatureGroup as CurveGroup>::Affine>,

Performs a pairing operation e(p, q) by calling Engine::pairing but orients its arguments to be a PublicKeyGroup and SignatureGroup.

fn minus_generator_of_public_key_group_prepared() -> Self::PublicKeyPrepared

Prepared negative of the generator of the public key curve.

Provided Methods

fn generate<R: Rng + RngCore>(rng: &mut R) -> Self::Scalar

Generate a random scalar for use as a secret key.

fn hash_to_signature_curve<M: Borrow<[u8]>>(message: M) -> Self::SignatureGroup

Hash one message to the signature curve.

fn final_exponentiation( e: MillerLoopOutput<Self::Engine>, ) -> Option<PairingOutput<Self::Engine>>

Perform final exponentiation on the result of a Miller loop.

fn verify_prepared<'a, I>(signature: Self::SignaturePrepared, inputs: I) -> bool

where Self::PublicKeyPrepared: 'a, Self::SignaturePrepared: 'a, I: IntoIterator<Item = &'a (Self::PublicKeyPrepared, Self::SignaturePrepared)>,

Implement verification equation for aggregate BLS signatures provided as prepared points

This low-level routine does no verification of critical security properties like message distinctness. It exists purely to simplify replacing mid-level routines with optimized variants, like versions that cache public key preperation or use fewer pairings.

fn generator_of_signature_group() -> Self::SignatureGroup

return the generator of signature group

fn prepare_public_key( g: impl Into<Self::PublicKeyGroupAffine>, ) -> Self::PublicKeyPrepared

Process the public key to be use in pairing. This has to be implemented by the type of BLS system implementing the engine by calling either prepare_g1 or prepare_g2 based on which group is used by the signature system to host the public key

fn prepare_signature( g: impl Into<Self::SignatureGroupAffine>, ) -> Self::SignaturePrepared

Process the signature to be use in pairing. This has to be implemented by the type of BLS system implementing the engine by calling either prepare_g1 or prepare_g2 based on which group is used by the signature system to host the public key

fn signature_point_to_byte(point: &Self::SignatureGroup) -> Vec<u8>

Serialization helper for various sigma protocols

fn public_key_point_to_byte(point: &Self::PublicKeyGroup) -> Vec<u8>

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors

impl<E: Pairing, P: Bls12Config + CurveExtraConfig> EngineBLS for TinyBLS<E, P>

where <P as Bls12Config>::G1Config: WBConfig, WBMap<<P as Bls12Config>::G1Config>: MapToCurve<<E as Pairing>::G1>,

const SIGNATURE_SERIALIZED_SIZE: usize = 48usize

const PUBLICKEY_SERIALIZED_SIZE: usize = 96usize

const SECRET_KEY_SIZE: usize = 32usize

const CURVE_NAME: &'static [u8] = P::CURVE_NAME

const SIG_GROUP_NAME: &'static [u8] = b"G1"

const CIPHER_SUIT_DOMAIN_SEPARATION: &'static [u8] = b"_XMD:SHA-256_SSWU_RO_"

type Engine = E

type Scalar = <<TinyBLS<E, P> as EngineBLS>::Engine as Pairing>::ScalarField

type SignatureGroup = <E as Pairing>::G1

type SignatureGroupAffine = <E as Pairing>::G1Affine

type SignaturePrepared = <E as Pairing>::G1Prepared

type SignatureGroupBaseField = <<E as Pairing>::G1 as CurveGroup>::BaseField

type PublicKeyGroup = <E as Pairing>::G2

type PublicKeyGroupAffine = <E as Pairing>::G2Affine

type PublicKeyPrepared = <E as Pairing>::G2Prepared

type PublicKeyGroupBaseField = <<E as Pairing>::G2 as CurveGroup>::BaseField

type HashToSignatureField = DefaultFieldHasher<CoreWrapper<CtVariableCoreWrapper<Sha256VarCore, UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, OidSha256>>>

type MapToSignatureCurve = WBMap<<P as Bls12Config>::G1Config>

impl<E: Pairing, P: Bls12Config + CurveExtraConfig> EngineBLS for UsualBLS<E, P>

where <P as Bls12Config>::G2Config: WBConfig, WBMap<<P as Bls12Config>::G2Config>: MapToCurve<<E as Pairing>::G2>,

const PUBLICKEY_SERIALIZED_SIZE: usize = 48usize

const SECRET_KEY_SIZE: usize = 32usize

const CURVE_NAME: &'static [u8] = P::CURVE_NAME

const SIG_GROUP_NAME: &'static [u8] = b"G2"

const CIPHER_SUIT_DOMAIN_SEPARATION: &'static [u8] = b"_XMD:SHA-256_SSWU_RO_"

const SIGNATURE_SERIALIZED_SIZE: usize = 96usize

type Engine = E

type Scalar = <<UsualBLS<E, P> as EngineBLS>::Engine as Pairing>::ScalarField

type PublicKeyGroup = <E as Pairing>::G1

type PublicKeyGroupAffine = <E as Pairing>::G1Affine

type PublicKeyPrepared = <E as Pairing>::G1Prepared

type PublicKeyGroupBaseField = <<E as Pairing>::G1 as CurveGroup>::BaseField

type SignatureGroup = <E as Pairing>::G2

type SignatureGroupAffine = <E as Pairing>::G2Affine

type SignaturePrepared = <E as Pairing>::G2Prepared

type SignatureGroupBaseField = <<E as Pairing>::G2 as CurveGroup>::BaseField

type HashToSignatureField = DefaultFieldHasher<CoreWrapper<CtVariableCoreWrapper<Sha256VarCore, UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, OidSha256>>>

type MapToSignatureCurve = WBMap<<P as Bls12Config>::G2Config>