Add gnark as bls-12-381 backend

Signed-off-by: Jakub Sztandera <[email protected]>
dedis · Sep 18, 2024 · 9628c92 · 9628c92
1 parent b283c0c
commit 9628c92
Show file tree

Hide file tree

Showing 12 changed files with 790 additions and 2 deletions.
diff --git a/pairing/bls12381/bls12381_test.go b/pairing/bls12381/bls12381_test.go
@@ -18,6 +18,7 @@ import (
 	"go.dedis.ch/kyber/v4/internal/test"
 	"go.dedis.ch/kyber/v4/pairing"
 	circl "go.dedis.ch/kyber/v4/pairing/bls12381/circl"
+	"go.dedis.ch/kyber/v4/pairing/bls12381/gnark"
 	kilic "go.dedis.ch/kyber/v4/pairing/bls12381/kilic"
 	"go.dedis.ch/kyber/v4/sign/bls"
 	"go.dedis.ch/kyber/v4/sign/tbls"
@@ -38,6 +39,7 @@ func TestScalarEndianess(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	seed := "TestScalarEndianess"
@@ -109,6 +111,16 @@ func TestZKCryptoVectorsG1Compressed(t *testing.T) {
 			if err != nil && testCaseValid {
 				panic("Circl: err should be nil")
 			}
+
+			// Test gnark
+			g3 := gnark.G1Elt{}
+			err = g3.UnmarshalBinary(byts)
+			if err == nil && !testCaseValid {
+				panic("Gnark: err should not be nil")
+			}
+			if err != nil && testCaseValid {
+				panic("Gnark: err should be nil")
+			}
 		})
 	}
 }
@@ -156,6 +168,16 @@ func TestZKCryptoVectorsG2Compressed(t *testing.T) {
 			if err != nil && testCaseValid {
 				panic("Circl: err should be nil")
 			}
+
+			// Test gnark
+			g3 := gnark.G2Elt{}
+			err = g3.UnmarshalBinary(byts)
+			if err == nil && !testCaseValid {
+				panic("Gnark: err should not be nil")
+			}
+			if err != nil && testCaseValid {
+				panic("Gnark: err should be nil")
+			}
 		})
 	}
 }
@@ -400,6 +422,7 @@ func TestKyberG1(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -411,6 +434,7 @@ func TestKyberG2(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -422,6 +446,7 @@ func TestKyberPairingG2(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, s := range suites {
@@ -449,6 +474,7 @@ func TestRacePairings(_ *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, s := range suites {
@@ -473,6 +499,7 @@ func TestKyberBLSG2(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -485,6 +512,7 @@ func TestKyberBLSG1(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -497,6 +525,7 @@ func TestKyberThresholdG2(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -509,6 +538,7 @@ func TestKyberThresholdG1(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -521,6 +551,7 @@ func TestIsValidGroup(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -549,6 +580,7 @@ func TestBasicPairing(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -601,6 +633,7 @@ func BenchmarkPairingSeparate(bb *testing.B) {
 	var suites = []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, s := range suites {
@@ -630,6 +663,7 @@ func BenchmarkPairingInv(bb *testing.B) {
 	var suites = []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, s := range suites {
@@ -657,7 +691,7 @@ func BenchmarkPairingInv(bb *testing.B) {
 var (
 	dataSize     = 32
 	numSigs      = []int{1, 10, 100, 1000, 10000}
-	curveOptions = []string{"kilic", "circl"}
+	curveOptions = []string{"kilic", "circl", "gnark"}
 )
 
 // Used to avoid compiler optimizations
@@ -671,6 +705,9 @@ func BenchmarkKilic(b *testing.B) {
 func BenchmarkCircl(b *testing.B) {
 	BLSBenchmark(b, "circl")
 }
+func BenchmarkGnark(b *testing.B) {
+	BLSBenchmark(b, "gnark")
+}
 
 func BLSBenchmark(b *testing.B, curveOption string) {
 	b.Logf("----------------------")
@@ -696,6 +733,8 @@ func BLSBenchmark(b *testing.B, curveOption string) {
 		suite = kilic.NewBLS12381Suite()
 	case "circl":
 		suite = circl.NewSuiteBLS12381()
+	case "gnark":
+		suite = gnark.NewSuiteBLS12381()
 	default:
 		panic(fmt.Errorf("invalid curve option: %s", curveOption))
 	}
@@ -752,7 +791,7 @@ func BLSBenchmark(b *testing.B, curveOption string) {
 				}
 			}
 		})
-		b.Run(fmt.Sprintf("AggregateSign-G1 on %d signs", n), func(bb *testing.B) {
+		b.Run(fmt.Sprintf("AggregateSign-G2 on %d signs", n), func(bb *testing.B) {
 			for j := 0; j < bb.N; j++ {
 				result, err = schemeOnG2.AggregateSignatures(sigsOnG2[:n]...)
 				if err != nil {

diff --git a/pairing/bls12381/gnark/adapter.go b/pairing/bls12381/gnark/adapter.go
@@ -0,0 +1,48 @@
+package gnark
+
+import (
+	"go.dedis.ch/kyber/v4"
+)
+
+// SuiteBLS12381 is an adapter that implements the suites.Suite interface so that
+// bls12381 can be used as a common suite to generate key pairs for instance but
+// still preserves the properties of the pairing (e.g. the Pair function).
+//
+// It's important to note that the Point function will generate a point
+// compatible with public keys only (group G2) where the signature must be
+// used as a point from the group G1.
+type SuiteBLS12381 struct {
+	Suite
+	kyber.Group
+}
+
+// NewSuiteBLS12381 makes a new BN256 suite
+func NewSuiteBLS12381() *SuiteBLS12381 {
+	return &SuiteBLS12381{}
+}
+
+// Point generates a point from the G2 group that can only be used
+// for public keys
+func (s *SuiteBLS12381) Point() kyber.Point {
+	return s.G2().Point()
+}
+
+// PointLen returns the length of a G2 point
+func (s *SuiteBLS12381) PointLen() int {
+	return s.G2().PointLen()
+}
+
+// Scalar generates a scalar
+func (s *SuiteBLS12381) Scalar() kyber.Scalar {
+	return s.G1().Scalar()
+}
+
+// ScalarLen returns the length of a scalar
+func (s *SuiteBLS12381) ScalarLen() int {
+	return s.G1().ScalarLen()
+}
+
+// String returns the name of the suite
+func (s *SuiteBLS12381) String() string {
+	return "gnark.adapter"
+}
diff --git a/pairing/bls12381/gnark/adapter_test.go b/pairing/bls12381/gnark/adapter_test.go
@@ -0,0 +1,28 @@
+package gnark
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"go.dedis.ch/kyber/v4/util/key"
+)
+
+func TestAdapter_SuiteBLS12381(t *testing.T) {
+	suite := NewSuiteBLS12381()
+
+	pair := key.NewKeyPair(suite)
+	pubkey, err := pair.Public.MarshalBinary()
+	require.Nil(t, err)
+	privkey, err := pair.Private.MarshalBinary()
+	require.Nil(t, err)
+
+	pubhex := suite.Point()
+	err = pubhex.UnmarshalBinary(pubkey)
+	require.Nil(t, err)
+
+	privhex := suite.Scalar()
+	err = privhex.UnmarshalBinary(privkey)
+	require.Nil(t, err)
+
+	require.Equal(t, "gnark.adapter", suite.String())
+}