Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merging the drand fork #509

Merged
merged 180 commits into from
Apr 29, 2024
Merged

Merging the drand fork #509

merged 180 commits into from
Apr 29, 2024

Conversation

Robingoumaz
Copy link
Contributor

This PR is about merging the drand fork back into the dedis dyber.

Many files only got minimal changes, (comments, typos, moved to another folder) and some had bigger changes applied to them.

AnomalRoil and others added 19 commits April 4, 2024 13:45
* Implementing IBE on G2 & adapting tests for it
* Adding CPA on G1 
* Removing exposed insecure hash function from mod Int
* Use iterative hashing also avoid loosing a bit before rehashing
* Closes #43 that was actually already fixed in #45, but this also fixes the issue from #374

* Adding table tests for MinimumT
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.7.0 to 0.17.0.
- [Commits](golang/crypto@v0.7.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* bounds check when comparing polynomials
* added extra check of threshold
* fixing comment on PubPoly Equal being constant time

---------

Co-authored-by: Yolan Romailler <[email protected]>
* Adding support for BLS12381 using CIRCL.
* Register suite for bls12381.
* Renaming to circl_bls12381

---------

Co-authored-by: Yolan Romailler <[email protected]>
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.2 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.3.2...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add support for signatures on G2 to bdn
* Adapt bdn_test.go to new BDN interface
* Make API functions methods of the Scheme type
* Generalize G1- and G2-related comments
* Fixing bdn tests
* Make the BDN test suite generic over suite and scheme
* Keeping public APIs from v1

---------

Co-authored-by: Yolan Romailler <[email protected]>
Co-authored-by: Jakub Sztandera <[email protected]>
* implement ethereum bn254
* pull in missing changes from geth
* make G2 points affine in ValidatePairing
* move bn254 to own dir
* fix bn254 GT Base and Null
* test G1 suite against gnark-crypto
* adapt G2 test to gnark-crypto, fix bn254 marshal ids
* fix G1 hashToPoint reference tests
* fix pairing/bn254/gfp_amd64.s
* use keccak256 instead of sha256 in bn254
* implement TestGT for bn254
* implement hashToField, expandMsgXmd
* implement mapToPoint
* implement hashToPoint
* rename toPointG1 -> fromBigInt
* add comments on mapToPoint, cleanup
* fix TestPointG1_HashToPoint with new keccak256 impl
* use ref implementation of expand_message_xmd
* panic if DST length > 255
* remove unnecessary iteration in expandMsgXmd
* update tests to use full length DSTs
* set DST in group instead of suite
* fix: actually write bytes in zeroPadBytes
* fix: leftpad intermediate prb in expandMsgXmd
* fix: leftpad intermediate xored hashes in expandMsgXmd
* add instructions to create hash-to-point reference values, remove old TODO
* remove irrelevant issue400 test for bn254
* use CX instead of R15 in amd64

replaying fix from geth, see: ethereum/go-ethereum@ec64358

When using -buildmode=shared, R15 is clobbered by a global variable
access; use a different register instead.

* remove gfp.h in bn254
* use geth's Unmarshal func: error out on invalid coordinates
* make constants z0 and z1 private
* check that random points are different in TestG1Ops
* implement Stringer interface for bn254 groups
* remove irrelevant benchmarks
* implement SVDW from RFC9380 for bn254 G1 map-to-point
* encode the right variable in hashToField
* borrow expand_message_xmd implementation from kilic-bls12381
* update test vectors in TestPointG1_HashToPoint, TestHashToField
* test expandMsgXmd against a copy of gnark's
* fix default DST for hash-to-curve
* remove unused fromBigInt func
* add sources for gfp exp/sqrt functions
* use curveB constant in g(x)
* create new DST buffers instead of passing refs
Still has an error in the ibe_test.go file
Corrected some of the comments that still mentioned wrong paths
Copy link

sonarqubecloud bot commented Apr 4, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
41.1% Duplication on New Code (required ≤ 10%)

See analysis details on SonarCloud

@@ -1,5 +1,6 @@
package ibe

/*
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why comment out the entire IBE tests code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I uncommented them and used the circl bls12381 instead but there is a difference between the scalar of circl bls and the one of the other pairing curve which makes it not pass the tests. I am trying to change the circl implementation so that it uses mod.Int

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conversion is not needed if rejection sampling is updated as in:
https://github.com/Robingoumaz/kyber-drand/pull/1

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure why we would want to delete this file?

sign/test/bls_test.go Outdated Show resolved Hide resolved

// HashablePoint is an interface implemented by n
type HashablePoint interface {
Hash([]byte) Point
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we're doing a V4, one thing worth discussing is probably this:
drand#50


var hasBMI2 = cpu.X86.HasBMI2

// go:noescape
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you could disable this linter for this file in the ./.golangci.yml config file since it seems to apply to the whole file

xof/blake2xs/blake.go Outdated Show resolved Hide resolved
xof/keccak/keccak.go Outdated Show resolved Hide resolved
@ineiti
Copy link
Member

ineiti commented Apr 15, 2024

This is a huge PR. Unless you want to keep up with the drand branch of kyber, I propose to split it in different PRs:

  • one for changes in comments / typos
  • one PR per existing and new module

This would make it more manageable, but would also make it difficult for future exchanges between the drand fork and dedis/kyber.

@AnomalRoil
Copy link
Contributor

@ineiti the goal is to get rid of the drand/kyber fork and only have one unique kyber repo :D

@ineiti
Copy link
Member

ineiti commented Apr 15, 2024

@ineiti the goal is to get rid of the drand/kyber fork and only have one unique kyber repo :D

Then I would definitely pack this up in several easy-to-digest PRs.

share/dkg/dkg.go Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here I think you should stick with the file structure from dedis/kyber and keep both Pedersen and Rabin subfolders in share/dkg/ instead of deleting Rabin and replacing everything with drand implementation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, so @nikkolasg told me actually that the Pedersen dedis/kyber is not the same implementation as the drand/kyber, the latter being the secure one, while the former might be somewhat faulty.

So I think we should 100% replace the dedis/kyber/share/dkg/pedersen with the drand/kyber/share/dkg code.
I don't have strong opinion about keeping or not the Rabin one, but he told me that one is very slow, which means it's inferior to Pedersen.
We could either:

  • keep both and make sure to benchmark them to warn users cc @matteosz
  • remove Rabin and keep only the drand one, which is what this PR is currently doing.

Preferences @pierluca ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I vote for having both, and adding a benchmark is a good idea. Except if keeping the kyber dkg is a lot of work.

Thinking of kyber as a research library, so it's nice to have various algorithms for comparisons, or in case somebody has a brilliant idea to update one of the algorithms.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comment about keeping both pedersen and rabin packages, but having the drand dkg move to the pedersen folder rather than deleting and replacing with drand version

sign/dss/dss.go Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why deleting it?

buff := make([]byte, readerBytes)
for _, reader := range r.Readers {
n, err := io.ReadFull(reader, buff)
if err != nil {
nerr++
errors = append(errors, err.Error())
}
b.Write(buff[:n])
}

// we are ok with few sources being insecure (i.e., providing less than
// readerBytes bytes), but not all of them
if nerr == len(r.Readers) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you could get rid of nerr and use len(errors) instead here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't seem to conform to the _test nomenclature for Go tests and functions in it also don't use the proper TestXYZ format.

Please replace to use the proper Go test framework.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To do in a next PR

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same remark about it not being a proper test package as per the Go test nomenclature. Need _test.go in file name and TestName functions

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To do in a next PR

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why commenting it all?

@pierluca
Copy link
Contributor

I see that the tests failed, which means Sonar wasn't run.
It might be worth it to bypass the tests once (in the CI) to let Sonar run and gather some feedback.
Sonar might be able to make a first pass to spot problematic issues.
Alternatively, you could also setup Sonar to analyze your own repo and provide a pointer here :)

@AnomalRoil AnomalRoil changed the base branch from master to drandmerge April 29, 2024 12:17
@AnomalRoil AnomalRoil merged commit 16a0920 into dedis:drandmerge Apr 29, 2024
5 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.