/* * Copyright (c) 2012-2020 MIRACL UK Ltd. * * This file is part of MIRACL Core * (see https://github.com/miracl/core). * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* Boneh-Lynn-Shacham signature 192-bit API */ /* Loosely (for now) following https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-02 */ // Minimal-signature-size variant #include #include #include #include "bls192_ZZZ.h" using namespace XXX; using namespace YYY; #ifndef CORE_ARDUINO static FP8 G2_TAB[G2_TABLE_ZZZ]; // space for precomputation on fixed G2 parameter #endif #define CEIL(a,b) (((a)-1)/(b)+1) /* output u[i] \in F_p */ /* https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/ */ static void hash_to_field(int hash,int hlen,FP *u,octet *DST,octet *M, int ctr) { int i,j,L,nbq; BIG q,w; DBIG dx; char okm[256],fd[128]; octet OKM = {0,sizeof(okm),okm}; BIG_rcopy(q, Modulus); nbq=BIG_nbits(q); L=CEIL(nbq+CURVE_SECURITY_ZZZ,8); XMD_Expand(hash,hlen,&OKM,L*ctr,DST,M); for (i=0;ival, s); S->len = MODBYTES_XXX; // SkToPk PAIR_G2mul(&G, s); ECP4_toOctet(W, &G, true); return BLS_OK; } /* Sign message m using private key S to produce signature SIG */ int ZZZ::BLS_CORE_SIGN(octet *SIG, octet *M, octet *S) { BIG s; ECP D; BLS_HASH_TO_POINT(&D, M); BIG_fromBytes(s, S->val); PAIR_G1mul(&D, s); ECP_toOctet(SIG, &D, true); /* compress output */ return BLS_OK; } /* Verify signature given message M, the signature SIG, and the public key W */ int ZZZ::BLS_CORE_VERIFY(octet *SIG, octet *M, octet *W) { FP24 v; ECP4 G, PK; ECP D, HM; BLS_HASH_TO_POINT(&HM, M); ECP_fromOctet(&D, SIG); if (!PAIR_G1member(&D)) return BLS_FAIL; ECP_neg(&D); ECP4_fromOctet(&PK, W); if (!PAIR_G2member(&PK)) return BLS_FAIL; // Use new multi-pairing mechanism #ifndef CORE_ARDUINO FP24 r[ATE_BITS_ZZZ]; PAIR_initmp(r); PAIR_another_pc(r, G2_TAB, &D); PAIR_another(r, &PK, &HM); PAIR_miller(&v, r); #else //.. or alternatively if (!ECP4_generator(&G)) return BLS_FAIL; PAIR_double_ate(&v, &G, &D, &PK, &HM); #endif PAIR_fexp(&v); if (FP24_isunity(&v)) return BLS_OK; return BLS_FAIL; }