Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add poseidon/BN254 API #649

Merged
merged 9 commits into from
Oct 31, 2023
Merged

Add poseidon/BN254 API #649

merged 9 commits into from
Oct 31, 2023

Conversation

jonas-lj
Copy link
Contributor

@jonas-lj jonas-lj commented Sep 8, 2023

No description provided.

@jonas-lj jonas-lj requested a review from joyqvq September 10, 2023 17:38
@jonas-lj jonas-lj marked this pull request as ready for review September 11, 2023 11:21
@jonas-lj jonas-lj marked this pull request as draft September 11, 2023 19:01
@jonas-lj jonas-lj closed this Sep 19, 2023
@jonas-lj jonas-lj reopened this Oct 13, 2023
@jonas-lj jonas-lj marked this pull request as ready for review October 13, 2023 15:30
@jonas-lj jonas-lj requested a review from kchalkias October 13, 2023 15:31
/// larger than the field size as an integer), an `FastCryptoError::InvalidInput` is returned.
///
/// If more than 32 bytes is given, an `FastCryptoError::InputTooLong` is returned.
fn from_canonical_le_bytes_to_field_element(bytes: &[u8]) -> Result<Fr, FastCryptoError> {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whats the rationale we use little endian? i think in fc we usually use BE

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's because the u256 type in the sui framework only have a to_le_bytes method, so using LE makes this implementation slightly easier, but I don't have a preference for either.

@jonas-lj jonas-lj merged commit 0bb5391 into main Oct 31, 2023
9 checks passed
@jonas-lj jonas-lj deleted the jonas/poseidon branch October 31, 2023 21:15
jolestar pushed a commit to rooch-network/fastcrypto that referenced this pull request Apr 12, 2024
* DKG: support weights, faster verification (MystenLabs#619)

* Misc fixes of secp256r1 (MystenLabs#618)

* Sample scalars uniformly

* Ensure canonical byte representation

* Fix call to deserialize

* Add reduced x code path

* Simplify y_odd check

* Refactor

* Remove unused imports

* Check for reduction in Fq -> Fr conversion

* Delete vdf.rs

* Fix zeroize implementation

* Check that cache size is a power of two

* Fix window size = 1

* Prevent overflow

* Fix overflow in division

* Check recovery id

* Reduce z before used to generate nonce

* Clippy

* Remove borrow

* Clearer implementation of byte substring

* Fix recovery id

* Update comment

* Use associated types

* Use underlying cmp impl

* Refactor

* Fmt#

* Avoid unwrap

* Clean up zeroize (MystenLabs#621)

* fix: use forked poseidon (MystenLabs#626)

* chore: update toolchain and bump version for release (MystenLabs#627)

* fix: update verifier logic (MystenLabs#615)

* fix: update verifier logic

* api changes

* rework interface changes

* fix tests

* minor documentation change

* address comments

* add utils to fastcrypto

* fix split

* move poseidon and fix bigin bytes parse

* update crates

* use BigUint to convert to Bn254Fr

* changes from 0814

* lint fix

* fix: downgrade ark-ff (MystenLabs#629)

* Minor clean-ups/suggestions (MystenLabs#630)

* Various clean-ups

* Move cast

* SImplify

* Clippy

* Use iterator

* fix: move supported providers outside fastcrypto (MystenLabs#631)

* fix: move supported providers outside fastcrypto

* be explicit to use a wrong vk for env=prod

* Update verification key (MystenLabs#632)

* Update vkey

* fix tests

---------

Co-authored-by: Joy Wang <[email protected]>

* fix: remove openssl dep (MystenLabs#633)

* fix: user JwkId instead of (kid, iss) (MystenLabs#634)

* move get_proof get_salt and style fixes (MystenLabs#635)

* Add Eq to JWK (MystenLabs#636)

* Add VDF (MystenLabs#623)

* Vdf based on classgroup crate and some of class group impl

* Add class group impl

* chiavdf's verify correctly

* Align with previous commit

* Clean up code

* Clean up

* Put class group impl in new file

* Add prover

* Refactor: use non-compressed forms in public interface

* Add constructor like method

* Update tests and simplify docs

* Clean up

* Clippy

* Clean up

* Add experimental flag

* Try to fix workflow

* Try again

* Revert "Try again"

This reverts commit 87436b6.

* Revert changes

* Refactor binaryqf impl

* Make private

* Fix comment

* Remove redundant mul impl

* Clean up

* Refactor parameterized group

* Verify group membership + add vdf from challenge/seed

* Make type for discriminant

* Align interface with Boneh (2018)

* Fix vdf abstraction

* Fix doc

* Add module doc

* Align names

* Fix const names

* Doc

* Refactor

* Clean up imports

* Fix doc

* fmt

* Define difficulty/iterations in the actual vdf construction

* doc

* doc

* doc

* Rename module

* doc

* Align name

* Clean up xgcd impl

* Align notation with paper

* Implement doubling function

* Add quadratic form composition algorithm

* lower case variables

* More tests

* Refactor

* Get rid of class_group dep

* Clippy

* Clean up

* Add test

* Add tests

* Use predicate for group parameter test instead

* Swap inputs

* Add benchmarks and clean up

* Move partial euclidean algorithm into compose method

* Align partial_xgcd impl with paper

* Clippy

* Add reference

* Make multiplication algorithm iterative

* Better naming

* Fix test!

* Use num-bigint

* Avoid abbreviation

* Try to fix Cargo.lock

* Add negative test

* Review comments + todos for optimisation

* DKG nodes - reduce weights given an allowed gap in the threshold (MystenLabs#625)

* Use a single ECIES encryption for all the shares sent to one party. (MystenLabs#637)

Use a single ECIES encryption for all the shares sent to one party.
This saves about 30% communication size (only one DDH element per party), and 50% message creation time for weights > 10 (less exps to compute).

* Upgrade `reqwest` and `rustls-webpki` to patch RUSTSEC-2023-0052 (MystenLabs#639)

* Upgrade rustls-webpki version and ignore webpki warning for now

* Ignore not needed

* Optimise class group impl (MystenLabs#638)

* Add doubling algorithm

* Use euclidean algorithm to compute quotients

* Optimise doubling also

* Optimise and use test from chia blockchain

* Optimise

* Optimise partial xgcd

* Optimise

* Skip first iteration in euclidean algorithm if inputs are out of order

* Uncomment negative test (MystenLabs#640)

* Add Ord to JwkId and JWK (MystenLabs#642)

* DKG - Fix TODOs (MystenLabs#643)

* ZK - Small fixes (MystenLabs#645)

* small changes in Poseidon

* utils

* questions

* some fixes

* clean up circom structs

* more fixes

---------

Co-authored-by: Joy Wang <[email protected]>

* tBLS - batch sign and verify (MystenLabs#644)

* Allow larger discriminants and strong fiat-shamir (MystenLabs#641)

* Allow larger discriminants and strong fiat-shamir

* Move check

* Add discriminant bit length function

* Remove pub modifier

* Clean up

* Fix test

* Add 2048 bit benchmark and clean up

* Simplify

* Expand xgcd output

* Align naming

* Add benchmarks and tests

* Clippy

* Add documentation to fiat-shamir hash

* Move VDF to subcrate (MystenLabs#646)

* Move VDF to subcrate

* License

* Clippy

* fmt

* VDF with rug/gmp (MystenLabs#647)

* Clippy

* fmt

* Add vdf with rug/gmp

* Update benchmarks and clean up

* Clean up

* Clean up

* Clippy

* Optimise

* Refactor

* License

* Encapsulate gmp feature usage

* Clean up gmp impl

* Try to fix windows build

* Clean up

* Fix workflow

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Update rust.yml

* Restore workflow

* Update rust.yml

* Add experimental flag

* Set experimental feature for benchmarks

* NI-DKG V0 (MystenLabs#624)

* fix: Update zkLogin logics (MystenLabs#648)

* fix: update all changes for circuits

* Update vkey and maxHeaderLen

* Modify the right vkey

* update prover api

* use vector instead of fixed size array due to bcs constraint

* address comments

---------

Co-authored-by: Deepak Maram <[email protected]>

* fix: use finalized vk (MystenLabs#651)

* Add verify_zk_login_id function (MystenLabs#650)

* Add verify_zk_login_id function

* Add negative tests

* Return invalid proof instead of false

* zklogin: update prover endpoint for tests (MystenLabs#652)

* chore: update salt server endpoint (MystenLabs#656)

* chore: update salt server endpoint

* use hardcoded google test

* chore: add ToString for OIDCProvider (MystenLabs#654)

* DKG: More benchmarks, faster computation of lagrange coeffs, and msm (MystenLabs#655)

* chore: separate e2e workflow (MystenLabs#662)

* fix: add validations and improve as_arkworks (MystenLabs#663)

* Be able to use BLS keys as ECIES keys (MystenLabs#661)

* Add benchmarks for Poseidon and zklogin verification (MystenLabs#664)

* No parallelisation for zkp verification (MystenLabs#665)

* DKG: use multi-receiver enc with PoK, some refactoring (MystenLabs#660)

* DKG - deduplicate senders in `Party::merge` instead of failing (MystenLabs#666)

* Pull `fastcrypto-tbls` out of `experimental` feature (MystenLabs#667)

Adds `beacon-dkg` flag in `fastcrypto` for dependencies.

* Move modules back to experimental (MystenLabs#669)

* DKG: clean interfaces (MystenLabs#672)

* zklogin: add new provider (MystenLabs#670)

* fix: Apple uri and Slack e2e test (MystenLabs#674)

* fix: oidc url for apple

* fix: slack fetch jwk parsing

* chore: upgrade rust toolchain (MystenLabs#675)

* Groth16 fixes (MystenLabs#673)

* Add length validation

* Align serialize and deserialize functions

* Use From trait for PreparedVerifyingKey in BN254 impl

* Align bls12381 impl with bn254 impl

* Refactor

* Fix build (MystenLabs#679)

* Add debug log output for DKG errors (MystenLabs#678)

* DKG: Add debug logs (MystenLabs#680)

* Add cli tool for VDF (MystenLabs#676)

* Add vdf-cli

* Use seperate cli function to sample discriminant

* Renamve prove -> evaluate

* Revert "Renamve prove -> evaluate"

This reverts commit 452cf6f.

* Try again: Rename Prove -> Evaluate

* Put GMP dependency under feature flag

* Add poseidon/BN254 API (MystenLabs#649)

* zklogin: add a print to e2e (MystenLabs#684)

* Fix bugs in bls12381, and add more logs to DKG (MystenLabs#681)

* Sample class group discriminant faster (MystenLabs#677)

* Renamve prove -> evaluate

* Revert "Renamve prove -> evaluate"

This reverts commit 452cf6f.

* Try again: Rename Prove -> Evaluate

* Sample discriminant with gmp when possible

* fmt

* clippy

* Adding a worklfow to tag local commits for CI (MystenLabs#686)

* removing workflow from repo (MystenLabs#687)

* fix: simplify header parsing (MystenLabs#685)

* BLS 12-381 group ops review (MystenLabs#688)

* Uncompress is safer

* Avoid bias in random sampling

* Review

* More tests

* Docs

* Use neptune implementation of Poseidon (MystenLabs#671)

* Use neptune for poseidon hashing (works)

* Add assertion to test

* Add constants for n=1,..,16

* Move neptune test

* Add comment

* Parameterize test

* Use neptune for poseidon hashing

* Fix comments

* Keep poseidon instances as static

* Clean up

* Use neptune fork

* Works

* Clean up

* Clean up imports

* Get rid of static mutable objects

* More clean ups

* Even more clean ups

* Keep clippy happy

* Try to fix rebase

* Fix tests

* Use actual neptune repo instead of fork

* Clean up after rebase

* Clean up

* Add proptest

* fmt

* Docs

* Clean up proptest

* Move test

* Comment

* More docs

* Fix proptest

* Fix messy imports

* Use new released version of neptune

* Add some clarifying comments

* fmt

* DKG: More tests (nodes, nizk, ro, polynomials, ecies) (MystenLabs#689)

* Safer function (MystenLabs#691)

* Refactor VDF: Move Rug/GMP dependent part to other repo (MystenLabs#690)

* Get rid of rug depenedency

* Clean up

* Refactor discriminant from seed

* Refactor

* Refactor and some docs

* Use ToBytes trait

* Update cli

* Update tests

* fix: accepts alternative iss for Google (MystenLabs#693)

* fix: add alternative iss to Google

* add test

* Use BLS for doctests since Ed25519 aggregate signatures are experimental (MystenLabs#694)

* DKG: many more tests, fix some bugs (MystenLabs#692)

* zklogin: refactor to handle google's alternative iss (MystenLabs#700)

* Revert "fix: accepts alternative iss for Google (MystenLabs#693)" (MystenLabs#701)

This reverts commit 22003f9.

* fix: accepts alternative iss for Google (MystenLabs#693) (MystenLabs#703)

* fix: add alternative iss to Google

* add test

* Change the multi recipient enc to a CCA secure one (MystenLabs#702)

* chore: suppress rsa cve (MystenLabs#704)

* Revert "fix: accepts alternative iss for Google (MystenLabs#693) (MystenLabs#703)" (MystenLabs#705)

This reverts commit 031bef4.

* DKG review (MystenLabs#699)

* Allow more than 32 inputs for Poseidon over BN254 (MystenLabs#698)

* Hash binary inputs with Poseidon

* Reorder

* Ensure uniformity of output

* Clean up

* Remove binary-to-binary hashing from this pr

* Align naming#

* Use slices

Co-authored-by: Joy Wang <[email protected]>

* Revert "Use slices"

This reverts commit 503e9a6.

* Better naming and ensure compatability with zklogin

* Use merkle tree for binary api

---------

Co-authored-by: Joy Wang <[email protected]>

* Optimze VDF (MystenLabs#706)

* Update reduction

* mutable reduction

* Get rid of closure

* Update numbigint

* Use multi-scalar multiplication for VDF verification

* fmt

* clippy

* Clean up

* Clean up benchmark

* Test

* Optimise fs

* Update tests

* Remove unused function

* constant

* comment

* Clean up

* Trait bounds

* align names

* Review

* cleanup

* Refactor hashprime

* Refactor: get rid of scalar_size constant

* Remove complaint function

* Rename test

* fix bench

* DKG: support zero weights, and handle "impossible" edge cases more gracefully  (MystenLabs#708)

* ThresholdBls: accept Iterator directly where possible (MystenLabs#709)

Instead of requiring a slice that we immediately and only call
`iter()` on, accept the Iterator. This can enable clients to avoid
extra copies.

* add more error logs (MystenLabs#710)

* fastcrypto: impl bech32 encoding (MystenLabs#712)

* fastcrypto: impl bech32 encoding

* add examples

* Various clean ups (MystenLabs#715)

* Use prepare_pvk_bytes in API tests (MystenLabs#716)

* BLS12-381 group elements - make the code safer (MystenLabs#714)

- Safer lifetimes
- guarantee a unique bytes representation of GT elements

* Update h2 (MystenLabs#720)

Updates h2 to 0.3.24 in response to security advisory, using:

```
cargo update -p h2
```

* add a benchmark for blst msm (MystenLabs#719)

* add Debug derives for some DKG types (MystenLabs#718)

* Add a simple tlock CLI (MystenLabs#723)

* Update README.md (MystenLabs#724)

* Add citation.cff (MystenLabs#717)

* chore: fix typos (MystenLabs#722)

* Clean up dependencies (MystenLabs#725)

* Update VDF implementation (MystenLabs#721)

* Add qf hash function

* Clean up

* Licenses and clippy

* Use slices + license

* restrict visibility

* Add e2e test and remove unused compression functions

* Refactor + clippy

* Refactor

* license

* rename

* Fix docs

* Check duplicates bound

* fmt

* Fix CLI and address review comments

* Fix doc

* Use Baillie-PSW primality test + trial divisions (MystenLabs#726)

* Use Baillie-PSW primality test + trial divisions

* revert

* revert II

* new line

* revert III

* public fields (MystenLabs#728)

* Ensure size of hash function image (MystenLabs#727)

* Use Baillie-PSW primality test + trial divisions

* revert

* revert II

* new line

* revert III

* Check k

* clippy

* fix tests

* clippy

* update test

* Add default hash function

* Add default hash function

* fix k bound

* fix e2e test

* docs

* stub

* Faster multiplication during interpolation (MystenLabs#729)

* Degrade num-traits crate (MystenLabs#730)

* Add (near) optimal default parameters (MystenLabs#732)

* Introduce UnindexedValues (MystenLabs#735)

* Add total_weight_lower_bound to Nodes::reduce (MystenLabs#733)

* Add mock dkg (MystenLabs#736)

* Update Rust version + clippy + fix deny error (MystenLabs#739)

* BLS12-381: Remove default from, add tests (MystenLabs#738)

* Add the option to deser group elements without checking if they are in the group (MystenLabs#740)

* Reorganize features and clean up dependencies (MystenLabs#741)

* Reorganize features and clean up dependencies

* Remove blaks3 and reorganize deps

* Various clean ups (MystenLabs#742)

* Check subgroup early

* Check sizes on compile time

* Clean up error handling

* Use div_ceil from core::num

* Remove newline

* Error handling

* Remove debug test

* Revert fixed sized arrays

* Align itertools version with sui

* Add test

* More tests

* Docs

* Clippy

* Fix cargo test (MystenLabs#743)

* Fix cargo test

* Clean up

* Fix flags

* fix: derive serde for ZkLoginEnv (MystenLabs#747)

* DKG: Use u16 everywhere + other small fixes (MystenLabs#744)

* DKG: return pub visibility

* fix: add more derive trait for ZkLoginEnv (MystenLabs#749)

* DKG: more pub (MystenLabs#750)

* Use rand for StdRng import instead of re-export from aes (MystenLabs#753)

* fix: add strong typing to Bn254Point (MystenLabs#751)

* fix: Use strong type during deser

* renames and more test

* fix: use schemars for string (MystenLabs#754)

* clean up error description for verify function (MystenLabs#756)

* feat: add test issuers for jwt (MystenLabs#757)

* feat: add test issuers for jwt

* update code coverage

* use proptest

* try publishing fastcrypto and fastcrypto-zkp (MystenLabs#760)

* try publishing fastcrypto and fastcrypto-zkp

* update rust version

* update ci doc publish (MystenLabs#761)

* DKG: more cleanups (MystenLabs#762)

* 1. fix a possible panic in case a message with larger than MAX_U16 polynomial is sent
2. add more comments
3. change Nodes::reduce to new_reduced so it can only be applied once

* Upgrade to blst 3.11 (MystenLabs#764)

* [schnorr] support schnorr signature in secp256k1.

* [schnorr] add example test support.

* [schnorr] refactor functions.

* [schnorr] add sigs cli.

* [rooch-network/rooch/issues/482] add ripemd-160. (#2)

Co-authored-by: Feliciss <[email protected]>

* [lib] add lib tests for schnorr sig. (#3)

* Add bytes rep for Secp256k1RecoverableSignature.

* [recov] add Authenticator Signer and VerifyingKey

---------

Co-authored-by: benr-ml <[email protected]>
Co-authored-by: Jonas Lindstrøm <[email protected]>
Co-authored-by: Joy Wang <[email protected]>
Co-authored-by: Deepak Maram <[email protected]>
Co-authored-by: Mark Logan <[email protected]>
Co-authored-by: Andrew Schran <[email protected]>
Co-authored-by: Eugene Boguslavsky <[email protected]>
Co-authored-by: GoodDaisy <[email protected]>
Co-authored-by: Feliciss <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants