diff --git a/README.md b/README.md index 254e8dc..a117819 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/ChainSafe/lodestar.svg?branch=master)](https://travis-ci.org/ChainSafe/lodestar) [![codecov](https://codecov.io/gh/ChainSafe/lodestar/branch/master/graph/badge.svg)](https://codecov.io/gh/ChainSafe/lodestar) -![ETH2.0_Spec_Version 0.9.4](https://img.shields.io/badge/ETH2.0_Spec_Version-0.9.4-2e86c1.svg) +![ETH2.0_Spec_Version 0.10.1](https://img.shields.io/badge/ETH2.0_Spec_Version-0.10.1-2e86c1.svg) This is a Javascript library that implements BLS (Boneh-Lynn-Shacham) signatures and supports signature aggregation. diff --git a/package.json b/package.json index bf9b286..cf15d98 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ }, "dependencies": { "@chainsafe/bls-keygen": "^0.0.2", - "@chainsafe/eth2-bls-wasm": "^0.2.1", + "@chainsafe/eth2-bls-wasm": "^0.4.0", "assert": "^1.4.1" }, "devDependencies": { diff --git a/src/index.ts b/src/index.ts index e07080a..9ce9534 100644 --- a/src/index.ts +++ b/src/index.ts @@ -34,17 +34,12 @@ export function generatePublicKey(secretKey: Uint8Array): Buffer { * Signs given message using secret key. * @param secretKey * @param messageHash - * @param domain */ -export function sign(secretKey: Uint8Array, messageHash: Uint8Array, domain: Uint8Array): Buffer { +export function sign(secretKey: Uint8Array, messageHash: Uint8Array): Buffer { assert(secretKey, "secretKey is null or undefined"); assert(messageHash, "messageHash is null or undefined"); - assert(domain, "domain is null or undefined"); const privateKey = PrivateKey.fromBytes(toBuffer(secretKey)); - return privateKey.signMessage( - toBuffer(messageHash), - toBuffer(domain), - ).toBytesCompressed(); + return privateKey.signMessage(toBuffer(messageHash)).toBytesCompressed(); } /** @@ -53,11 +48,11 @@ export function sign(secretKey: Uint8Array, messageHash: Uint8Array, domain: Uin */ export function aggregateSignatures(signatures: Uint8Array[]): Buffer { assert(signatures, "signatures is null or undefined"); - return signatures.map((signature): Signature => { - return Signature.fromCompressedBytes(toBuffer(signature)); - }).reduce((previousValue, currentValue): Signature => { - return previousValue.add(currentValue); - }).toBytesCompressed(); + return Signature.aggregate( + signatures.map((signature): Signature => { + return Signature.fromCompressedBytes(signature); + }) + ).toBytesCompressed(); } /** @@ -80,26 +75,34 @@ export function aggregatePubkeys(publicKeys: Uint8Array[]): Buffer { * @param publicKey * @param messageHash * @param signature - * @param domain */ -export function verify( - publicKey: Uint8Array, - messageHash: Uint8Array, - signature: Uint8Array, - domain: Uint8Array -): boolean { +export function verify(publicKey: Uint8Array, messageHash: Uint8Array, signature: Uint8Array): boolean { assert(publicKey, "publicKey is null or undefined"); assert(messageHash, "messageHash is null or undefined"); assert(signature, "signature is null or undefined"); - assert(domain, "domain is null or undefined"); try { return PublicKey - .fromBytes(toBuffer(publicKey)) - .verifyMessage( - Signature.fromCompressedBytes(toBuffer(signature)), - toBuffer(messageHash), - toBuffer(domain) - ); + .fromBytes(publicKey) + .verifyMessage(Signature.fromCompressedBytes(toBuffer(signature)), toBuffer(messageHash)); + } catch (e) { + return false; + } +} + +/** + * Verifies if aggregated signature is same message signed with given public keys. + * @param publicKeys + * @param messageHash + * @param signature + */ +export function verifyAggregate(publicKeys: Uint8Array[], messageHash: Uint8Array, signature: Uint8Array): boolean { + assert(publicKeys, "publicKey is null or undefined"); + assert(messageHash, "messageHash is null or undefined"); + assert(signature, "signature is null or undefined"); + try { + return Signature + .fromCompressedBytes(signature) + .verifyAggregate(publicKeys, messageHash); } catch (e) { return false; } @@ -110,18 +113,17 @@ export function verify( * @param publicKeys * @param messageHashes * @param signature - * @param domain + * @param fast Check if all messages are different */ export function verifyMultiple( publicKeys: Uint8Array[], messageHashes: Uint8Array[], signature: Uint8Array, - domain: Uint8Array + fast = false ): boolean { assert(publicKeys, "publicKey is null or undefined"); assert(messageHashes, "messageHash is null or undefined"); assert(signature, "signature is null or undefined"); - assert(domain, "domain is null or undefined"); if(publicKeys.length === 0 || publicKeys.length != messageHashes.length) { return false; @@ -132,7 +134,7 @@ export function verifyMultiple( .verifyMultiple( publicKeys.map((key) => PublicKey.fromBytes(toBuffer(key))), messageHashes.map((m) => toBuffer(m)), - toBuffer(domain), + fast ); } catch (e) { return false; @@ -146,5 +148,6 @@ export default { aggregateSignatures, aggregatePubkeys, verify, + verifyAggregate, verifyMultiple }; diff --git a/src/privateKey.ts b/src/privateKey.ts index d4e5051..fb46531 100644 --- a/src/privateKey.ts +++ b/src/privateKey.ts @@ -5,7 +5,6 @@ import {generateRandomSecretKey} from "@chainsafe/bls-keygen"; import {getContext} from "./context"; import {PublicKey} from "./publicKey"; import {Signature} from "./signature"; -import {padLeft} from "./helpers/utils"; export class PrivateKey { @@ -50,9 +49,8 @@ export class PrivateKey { // return Signature.fromValue(this.value.sign(message)); // } - public signMessage(message: Uint8Array, domain: Uint8Array): Signature { - domain = padLeft(domain, 8); - return Signature.fromValue(this.value.signHashWithDomain(Buffer.concat([message, domain]))); + public signMessage(message: Uint8Array): Signature { + return Signature.fromValue(this.value.sign(message)); } public toPublicKey(): PublicKey { diff --git a/src/publicKey.ts b/src/publicKey.ts index c072ac8..039880a 100644 --- a/src/publicKey.ts +++ b/src/publicKey.ts @@ -48,8 +48,8 @@ export class PublicKey { return agg; } - public verifyMessage(signature: Signature, messageHash: Uint8Array, domain: Uint8Array): boolean { - return this.value.verifyHashWithDomain(signature.getValue(), Buffer.concat([messageHash, domain])); + public verifyMessage(signature: Signature, messageHash: Uint8Array): boolean { + return this.value.verify(signature.getValue(), messageHash); } public toBytesCompressed(): Buffer { diff --git a/src/signature.ts b/src/signature.ts index ef97998..dbe1e01 100644 --- a/src/signature.ts +++ b/src/signature.ts @@ -3,7 +3,7 @@ import {FP_POINT_LENGTH} from "./constants"; import {SignatureType} from "@chainsafe/eth2-bls-wasm"; import {getContext} from "./context"; import {PublicKey} from "./publicKey"; -import {EMPTY_SIGNATURE, padLeft} from "./helpers/utils"; +import {EMPTY_SIGNATURE} from "./helpers/utils"; export class Signature { @@ -11,6 +11,7 @@ export class Signature { protected constructor(value: SignatureType) { this.value = value; + assert(this.value.isValidOrder()); } public static fromCompressedBytes(value: Uint8Array): Signature { @@ -30,6 +31,15 @@ export class Signature { return new Signature(signature); } + public static aggregate(signatures: Signature[]): Signature { + const context = getContext(); + const signature = new context.Signature(); + signature.aggregate(signatures.map((sig) => sig.getValue())); + return new Signature( + signature + ); + } + public add(other: Signature): Signature { const agg = this.value.clone(); agg.add(other.value); @@ -42,16 +52,21 @@ export class Signature { return this.value; } - public verify(publicKey: PublicKey, message: Uint8Array, domain: Uint8Array): boolean { - domain = padLeft(domain, 8); - return publicKey.verifyMessage(this, message, domain); + public verifyAggregate(publicKey: Uint8Array[], message: Uint8Array): boolean { + return this.value.fastAggregateVerify( + publicKey.map((bytes) => PublicKey.fromBytes(bytes).getValue()), + message + ); } - public verifyMultiple(publicKeys: PublicKey[], messages: Uint8Array[], domain: Uint8Array): boolean { - domain = padLeft(domain, 8); - return this.value.verifyAggregatedHashWithDomain( + public verifyMultiple(publicKeys: PublicKey[], messages: Uint8Array[], fast = false): boolean { + const msgs = Buffer.concat(messages); + if(!fast && !getContext().areAllMsgDifferent(msgs)) { + return false; + } + return this.value.aggregateVerifyNoCheck( publicKeys.map((key) => key.getValue()), - messages.map((message) => Buffer.concat([message, domain])) + msgs ); } diff --git a/test/unit/index.test.ts b/test/unit/index.test.ts index c9460fd..be19531 100644 --- a/test/unit/index.test.ts +++ b/test/unit/index.test.ts @@ -24,16 +24,13 @@ describe("test bls", function () { it("should verify signature", () => { const keypair = Keypair.generate(); const messageHash = Buffer.from(SHA256.digest(Buffer.from("Test"))); - const domain = Buffer.alloc(8, 1); const signature = keypair.privateKey.signMessage( messageHash, - domain ); const result = verify( keypair.publicKey.toBytesCompressed(), messageHash, signature.toBytesCompressed(), - domain ); expect(result).to.be.true; }); @@ -42,17 +39,14 @@ describe("test bls", function () { it("should not modify original pubkey when verifying", () => { const keypair = Keypair.generate(); const messageHash = Buffer.from(SHA256.digest(Buffer.from("Test"))); - const domain = Buffer.alloc(8, 1); const signature = keypair.privateKey.signMessage( messageHash, - domain ); const pubKey = keypair.publicKey.toBytesCompressed(); verify( pubKey, messageHash, signature.toBytesCompressed(), - domain ); expect("0x" + pubKey.toString("hex")).to.be.equal(keypair.publicKey.toHexString()); }); @@ -61,13 +55,11 @@ describe("test bls", function () { it("should fail verify empty signature", () => { const keypair = Keypair.generate(); const messageHash2 = Buffer.from(SHA256.digest(Buffer.from("Test message2"))); - const domain = Buffer.from("01", "hex"); const signature = Buffer.alloc(96); const result = verify( keypair.publicKey.toBytesCompressed(), messageHash2, signature, - domain ); expect(result).to.be.false; }); @@ -76,34 +68,13 @@ describe("test bls", function () { const keypair = Keypair.generate(); const messageHash = Buffer.from(SHA256.digest(Buffer.from("Test message"))); const messageHash2 = Buffer.from(SHA256.digest(Buffer.from("Test message2"))); - const domain = padLeft(Buffer.from("01", "hex"), 8); const signature = keypair.privateKey.signMessage( messageHash, - domain ); const result = verify( keypair.publicKey.toBytesCompressed(), messageHash2, signature.toBytesCompressed(), - domain - ); - expect(result).to.be.false; - }); - - it("should fail verify signature of different domain", () => { - const keypair = Keypair.generate(); - const messageHash = Buffer.from(SHA256.digest(Buffer.from("Test message"))); - const domain = padLeft(Buffer.from("01", "hex"), 8); - const domain2 = padLeft(Buffer.from("02", "hex"), 8); - const signature = keypair.privateKey.signMessage( - messageHash, - domain - ); - const result = verify( - keypair.publicKey.toBytesCompressed(), - messageHash, - signature.toBytesCompressed(), - domain2 ); expect(result).to.be.false; }); @@ -112,16 +83,13 @@ describe("test bls", function () { const keypair = Keypair.generate(); const keypair2 = Keypair.generate(); const messageHash = Buffer.from(SHA256.digest(Buffer.from("Test message"))); - const domain = Buffer.from("01", "hex"); const signature = keypair.privateKey.signMessage( messageHash, - domain ); const result = verify( keypair2.publicKey.toBytesCompressed(), messageHash, signature.toBytesCompressed(), - domain ); expect(result).to.be.false; }); @@ -133,7 +101,6 @@ describe("test bls", function () { this.timeout(5000); - const domain = Buffer.alloc(8, 0); const keypair1 = Keypair.generate(); const keypair2 = Keypair.generate(); @@ -143,10 +110,10 @@ describe("test bls", function () { const message1 = Buffer.from(SHA256.digest(Buffer.from("Test1"))); const message2 = Buffer.from(SHA256.digest(Buffer.from("Test2"))); - const signature1 = keypair1.privateKey.signMessage(message1, domain); - const signature2 = keypair2.privateKey.signMessage(message1, domain); - const signature3 = keypair3.privateKey.signMessage(message2, domain); - const signature4 = keypair4.privateKey.signMessage(message2, domain); + const signature1 = keypair1.privateKey.signMessage(message1); + const signature2 = keypair2.privateKey.signMessage(message1); + const signature3 = keypair3.privateKey.signMessage(message2); + const signature4 = keypair4.privateKey.signMessage(message2); const aggregatePubKey12 = aggregatePubkeys([ keypair1.publicKey.toBytesCompressed(), @@ -169,7 +136,6 @@ describe("test bls", function () { [aggregatePubKey12, aggregatePubKey34], [message1, message2], aggregateSignature, - domain ); expect(result).to.be.true; @@ -179,7 +145,6 @@ describe("test bls", function () { this.timeout(5000); - const domain = Buffer.alloc(8, 0); const keypair1 = Keypair.generate(); const keypair2 = Keypair.generate(); @@ -188,10 +153,10 @@ describe("test bls", function () { const message = Buffer.from(SHA256.digest(Buffer.from("Test1"))); - const signature1 = keypair1.privateKey.signMessage(message, domain); - const signature2 = keypair2.privateKey.signMessage(message, domain); - const signature3 = keypair3.privateKey.signMessage(message, domain); - const signature4 = keypair4.privateKey.signMessage(message, domain); + const signature1 = keypair1.privateKey.signMessage(message); + const signature2 = keypair2.privateKey.signMessage(message); + const signature3 = keypair3.privateKey.signMessage(message); + const signature4 = keypair4.privateKey.signMessage(message); const aggregateSignature = aggregateSignatures([ signature1.toBytesCompressed(), @@ -209,7 +174,7 @@ describe("test bls", function () { ], [message, message, message, message], aggregateSignature, - domain + true, ); expect(result).to.be.true; @@ -218,7 +183,6 @@ describe("test bls", function () { it("should fail to verify aggregated signatures - swapped messages", function () { this.timeout(5000); - const domain = Buffer.alloc(8, 0); const keypair1 = Keypair.generate(); const keypair2 = Keypair.generate(); @@ -228,10 +192,10 @@ describe("test bls", function () { const message1 = Buffer.from(SHA256.digest(Buffer.from("Test1"))); const message2 = Buffer.from(SHA256.digest(Buffer.from("Test2"))); - const signature1 = keypair1.privateKey.signMessage(message1, domain); - const signature2 = keypair2.privateKey.signMessage(message1, domain); - const signature3 = keypair3.privateKey.signMessage(message2, domain); - const signature4 = keypair4.privateKey.signMessage(message2, domain); + const signature1 = keypair1.privateKey.signMessage(message1); + const signature2 = keypair2.privateKey.signMessage(message1); + const signature3 = keypair3.privateKey.signMessage(message2); + const signature4 = keypair4.privateKey.signMessage(message2); const aggregatePubKey12 = bls.aggregatePubkeys([ keypair1.publicKey.toBytesCompressed(), @@ -254,7 +218,6 @@ describe("test bls", function () { [aggregatePubKey12, aggregatePubKey34], [message2, message1], aggregateSignature, - domain ); expect(result).to.be.false; @@ -262,7 +225,6 @@ describe("test bls", function () { it("should fail to verify aggregated signatures - different pubkeys and messsages", () => { - const domain = Buffer.alloc(8, 0); const keypair1 = Keypair.generate(); const keypair2 = Keypair.generate(); @@ -272,10 +234,10 @@ describe("test bls", function () { const message1 = Buffer.from(SHA256.digest(Buffer.from("Test1"))); const message2 = Buffer.from(SHA256.digest(Buffer.from("Test2"))); - const signature1 = keypair1.privateKey.signMessage(message1, domain); - const signature2 = keypair2.privateKey.signMessage(message1, domain); - const signature3 = keypair3.privateKey.signMessage(message2, domain); - const signature4 = keypair4.privateKey.signMessage(message2, domain); + const signature1 = keypair1.privateKey.signMessage(message1); + const signature2 = keypair2.privateKey.signMessage(message1); + const signature3 = keypair3.privateKey.signMessage(message2); + const signature4 = keypair4.privateKey.signMessage(message2); const aggregatePubKey12 = bls.aggregatePubkeys([ keypair1.publicKey.toBytesCompressed(), @@ -294,57 +256,13 @@ describe("test bls", function () { [aggregatePubKey12], [message2, message1], aggregateSignature, - domain ); expect(result).to.be.false; }); - it("should fail to verify aggregated signatures - different domain", () => { - - const domain = Buffer.alloc(8, 0); - const domain2 = Buffer.alloc(8, 1); - - const keypair1 = Keypair.generate(); - const keypair2 = Keypair.generate(); - const keypair3 = Keypair.generate(); - const keypair4 = Keypair.generate(); - - const message1 = Buffer.from(SHA256.digest(Buffer.from("Test1"))); - const message2 = Buffer.from(SHA256.digest(Buffer.from("Test2"))); - - const signature1 = keypair1.privateKey.signMessage(message1, domain); - const signature2 = keypair2.privateKey.signMessage(message1, domain); - const signature3 = keypair3.privateKey.signMessage(message2, domain2); - const signature4 = keypair4.privateKey.signMessage(message2, domain2); - - const aggregatePubKey12 = bls.aggregatePubkeys([ - keypair1.publicKey.toBytesCompressed(), - keypair2.publicKey.toBytesCompressed(), - ]); - - - const aggregateSignature = bls.aggregateSignatures([ - signature1.toBytesCompressed(), - signature2.toBytesCompressed(), - signature3.toBytesCompressed(), - signature4.toBytesCompressed(), - ]); - - const result = bls.verifyMultiple( - [aggregatePubKey12], - [message2, message1], - aggregateSignature, - domain - ); - - expect(result).to.be.false; - }); - - it("should fail to verify aggregated signatures - no public keys", () => { - const domain = Buffer.alloc(8, 0); const signature = Buffer.alloc(96); @@ -355,7 +273,6 @@ describe("test bls", function () { [], [message2, message1], signature, - domain ); expect(result).to.be.false; diff --git a/yarn.lock b/yarn.lock index 05d144d..4b03cad 100644 --- a/yarn.lock +++ b/yarn.lock @@ -820,10 +820,10 @@ bip39 "^3.0.2" buffer "^5.4.3" -"@chainsafe/eth2-bls-wasm@^0.2.1": - version "0.2.1" - resolved "https://registry.yarnpkg.com/@chainsafe/eth2-bls-wasm/-/eth2-bls-wasm-0.2.1.tgz#82710c4b81676eb8a2940394efffc0e59216e731" - integrity sha512-optSPu5Ez8tT0iEeCsLhjhMJYyXAZRyPFT2k4q+WrQxr82or5+IVQx4jHdy/uQwMvGB0rlvFYlwsyBrkioTCVw== +"@chainsafe/eth2-bls-wasm@^0.4.0": + version "0.4.0" + resolved "https://registry.yarnpkg.com/@chainsafe/eth2-bls-wasm/-/eth2-bls-wasm-0.4.0.tgz#94e89e4e53ec6cdcc07178dbfeb0b80215550d2f" + integrity sha512-4BGktOKmUyyYJNCio5Zn1LdxaGWLhPqdUoZXokrfCLW3SKhw4E6MlnpAHwPtvnDuGSkmdF/GLhYeyjQYTtovqg== dependencies: buffer "^5.4.3"