-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathkyber_group.go
182 lines (150 loc) · 4.54 KB
/
kyber_group.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
package bls
import (
"crypto/cipher"
"crypto/sha256"
"hash"
"io"
"reflect"
"github.com/drand/kyber"
"github.com/drand/kyber/pairing"
"github.com/drand/kyber/util/random"
"github.com/drand/kyber/xof/blake2xb"
bls12381 "github.com/kilic/bls12-381"
)
// GroupChecker allows to verify if a Point is in the correct group or not. For
// curves which don't have a prime order, we need to only consider the points
// lying in the subgroup of prime order. That check returns true if the point is
// correct or not.
type GroupChecker interface {
kyber.Point
IsInCorrectGroup() bool
}
type groupBls struct {
str string
newPoint func() kyber.Point
isPrime bool
}
func (g *groupBls) String() string {
return g.str
}
func (g *groupBls) Scalar() kyber.Scalar {
return NewKyberScalar()
}
func (g *groupBls) ScalarLen() int {
return g.Scalar().MarshalSize()
}
func (g *groupBls) PointLen() int {
return g.Point().MarshalSize()
}
func (g *groupBls) Point() kyber.Point {
return g.newPoint()
}
func (g *groupBls) IsPrimeOrder() bool {
return g.isPrime
}
func (g *groupBls) Hash() hash.Hash {
return sha256.New()
}
// XOF returns a newly instantiated blake2xb XOF function.
func (g *groupBls) XOF(seed []byte) kyber.XOF {
return blake2xb.New(seed)
}
// RandomStream returns a cipher.Stream which corresponds to a key stream from
// crypto/rand.
func (g *groupBls) RandomStream() cipher.Stream {
return random.New()
}
func NewGroupG1(dst ...byte) kyber.Group {
return &groupBls{
str: "bls12-381.G1",
newPoint: func() kyber.Point { return NullKyberG1(dst...) },
isPrime: true,
}
}
func NewGroupG2(dst ...byte) kyber.Group {
return &groupBls{
str: "bls12-381.G2",
newPoint: func() kyber.Point { return NullKyberG2(dst...) },
isPrime: false,
}
}
func NewGroupGT() kyber.Group {
return &groupBls{
str: "bls12-381.GT",
newPoint: func() kyber.Point { return newEmptyGT() },
isPrime: false,
}
}
type Suite struct {
domainG1 []byte
domainG2 []byte
}
// NewBLS12381Suite is the same as calling NewBLS12381SuiteWithDST(nil, nil): it uses the default domain separation
// tags for its Hash To Curve functions.
func NewBLS12381Suite() pairing.Suite {
return &Suite{}
}
// NewBLS12381SuiteWithDST allows you to set your own domain separation tags to be used by the Hash To Curve functions.
// Since the DST shouldn't be 0 len, if you provide nil or a 0 len byte array, it will use the RFC default values.
func NewBLS12381SuiteWithDST(DomainG1, DomainG2 []byte) pairing.Suite {
return &Suite{domainG1: DomainG1, domainG2: DomainG2}
}
func (s *Suite) SetDomainG1(dst []byte) {
s.domainG1 = dst
}
func (s *Suite) G1() kyber.Group {
return NewGroupG1(s.domainG1...)
}
func (s *Suite) SetDomainG2(dst []byte) {
s.domainG2 = dst
}
func (s *Suite) G2() kyber.Group {
return NewGroupG2(s.domainG2...)
}
func (s *Suite) GT() kyber.Group {
return NewGroupGT()
}
// ValidatePairing implements the `pairing.Suite` interface
func (s *Suite) ValidatePairing(p1, p2, p3, p4 kyber.Point) bool {
e := bls12381.NewEngine()
// we need to clone the point because of https://github.com/kilic/bls12-381/issues/37
// in order to avoid risks of race conditions.
g1point := new(bls12381.PointG1).Set(p1.(*KyberG1).p)
g2point := new(bls12381.PointG2).Set(p2.(*KyberG2).p)
g1point2 := new(bls12381.PointG1).Set(p3.(*KyberG1).p)
g2point2 := new(bls12381.PointG2).Set(p4.(*KyberG2).p)
e.AddPair(g1point, g2point)
e.AddPairInv(g1point2, g2point2)
return e.Check()
}
func (s *Suite) Pair(p1, p2 kyber.Point) kyber.Point {
e := bls12381.NewEngine()
g1point := p1.(*KyberG1).p
g2point := p2.(*KyberG2).p
return newKyberGT(e.AddPair(g1point, g2point).Result())
}
// New implements the kyber.Encoding interface.
func (s *Suite) New(t reflect.Type) interface{} {
panic("Suite.Encoding: deprecated in drand")
}
// Read is the default implementation of kyber.Encoding interface Read.
func (s *Suite) Read(r io.Reader, objs ...interface{}) error {
panic("Suite.Read(): deprecated in drand")
}
// Write is the default implementation of kyber.Encoding interface Write.
func (s *Suite) Write(w io.Writer, objs ...interface{}) error {
panic("Suite.Write(): deprecated in drand")
}
// Hash returns a newly instantiated sha256 hash function.
func (s *Suite) Hash() hash.Hash {
return sha256.New()
}
// XOF returns a newly instantiated blake2xb XOF function.
func (s *Suite) XOF(seed []byte) kyber.XOF {
return blake2xb.New(seed)
}
// RandomStream returns a cipher.Stream which corresponds to a key stream from
// crypto/rand.
func (s *Suite) RandomStream() cipher.Stream {
return random.New()
}