BLS12-381 Crypto Primitives

.gitmodules

@@ -31,3 +31,6 @@
 [submodule "libraries/cli11/cli11"]
 	path = libraries/cli11/cli11
 	url = https://github.com/AntelopeIO/CLI11.git
+[submodule "libraries/libfc/libraries/bls12-381"]
+	path = libraries/libfc/libraries/bls12-381
+	url = https://github.com/mschoenebeck/bls12-381.git

CMakeModules/EosioTester.cmake.in

@@ -55,6 +55,7 @@ find_library(libchain eosio_chain @CMAKE_INSTALL_FULL_LIBDIR@ NO_DEFAULT_PATH)
 find_library(libfc fc @CMAKE_INSTALL_FULL_LIBDIR@ NO_DEFAULT_PATH)
 find_library(libsecp256k1 secp256k1 @CMAKE_INSTALL_FULL_LIBDIR@ NO_DEFAULT_PATH)
 find_library(libbn256 bn256 @CMAKE_INSTALL_FULL_LIBDIR@ NO_DEFAULT_PATH)
+find_library(libbls12-381 bls12-381 @CMAKE_INSTALL_FULL_LIBDIR@ NO_DEFAULT_PATH)
 
 find_library(libwasm WASM @CMAKE_INSTALL_FULL_LIBDIR@ NO_DEFAULT_PATH)
 find_library(libwast WAST @CMAKE_INSTALL_FULL_LIBDIR@ NO_DEFAULT_PATH)
@@ -92,6 +93,7 @@ macro(add_eosio_test_executable test_name)
        ${libbuiltins}
        ${libsecp256k1}
        ${libbn256}
+       ${libbls12-381}
        @GMP_LIBRARY@
 
        ${Boost_FILESYSTEM_LIBRARY}

CMakeModules/EosioTesterBuild.cmake.in

@@ -52,6 +52,7 @@ find_library(libchain eosio_chain @CMAKE_BINARY_DIR@/libraries/chain NO_DEFAULT_
 find_library(libfc fc @CMAKE_BINARY_DIR@/libraries/libfc NO_DEFAULT_PATH)
 find_library(libsecp256k1 secp256k1 @CMAKE_BINARY_DIR@/libraries/libfc/secp256k1 NO_DEFAULT_PATH)
 find_library(libbn256 bn256 @CMAKE_BINARY_DIR@/libraries/libfc/libraries/bn256/src NO_DEFAULT_PATH)
+find_library(libbls12-381 bls12-381 @CMAKE_BINARY_DIR@/libraries/libfc/libraries/bls12-381/src NO_DEFAULT_PATH)
 
 find_library(libwasm WASM @CMAKE_BINARY_DIR@/libraries/wasm-jit/Source/WASM NO_DEFAULT_PATH)
 find_library(libwast WAST @CMAKE_BINARY_DIR@/libraries/wasm-jit/Source/WAST NO_DEFAULT_PATH)
@@ -89,6 +90,7 @@ macro(add_eosio_test_executable test_name)
        ${libbuiltins}
        ${libsecp256k1}
        ${libbn256}
+       ${libbls12-381}
        @GMP_LIBRARY@
 
        ${Boost_FILESYSTEM_LIBRARY}

libraries/chain/controller.cpp

@@ -34,6 +34,7 @@
 #include <fc/log/logger_config.hpp>
 #include <fc/scoped_exit.hpp>
 #include <fc/variant_object.hpp>
+#include <bls12-381.hpp>
 
 #include <new>
 #include <shared_mutex>
@@ -338,6 +339,8 @@ struct controller_impl {
       set_activation_handler<builtin_protocol_feature_t::get_code_hash>();
       set_activation_handler<builtin_protocol_feature_t::get_block_num>();
       set_activation_handler<builtin_protocol_feature_t::crypto_primitives>();
+      set_activation_handler<builtin_protocol_feature_t::bls_primitives>();
+      bls12_381::init();
 
       self.irreversible_block.connect([this](const block_state_ptr& bsp) {
          wasm_if_collect.current_lib(bsp->block_num);
@@ -3824,6 +3827,22 @@ void controller_impl::on_activation<builtin_protocol_feature_t::crypto_primitive
    } );
 }
 
+template<>
+void controller_impl::on_activation<builtin_protocol_feature_t::bls_primitives>() {
+   db.modify( db.get<protocol_state_object>(), [&]( auto& ps ) {
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_g1_add" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_g2_add" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_g1_mul" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_g2_mul" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_g1_exp" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_g2_exp" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_pairing" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_g1_map" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_g2_map" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "bls_fp_mod" );
+   } );
+}
+
 /// End of protocol feature activation handlers
 
 } } /// eosio::chain

libraries/chain/include/eosio/chain/protocol_feature_manager.hpp

@@ -35,6 +35,7 @@ enum class builtin_protocol_feature_t : uint32_t {
    configurable_wasm_limits = 18, // configurable_wasm_limits2,
    crypto_primitives = 19,
    get_block_num = 20,
+   bls_primitives = 21,
    reserved_private_fork_protocol_features = 500000,
 };
 

libraries/chain/include/eosio/chain/webassembly/eos-vm-oc/intrinsic_mapping.hpp

@@ -267,7 +267,17 @@ inline constexpr auto get_intrinsic_table() {
       "env.sha3",
       "env.blake2_f",
       "env.k1_recover",
-      "env.get_block_num"
+      "env.get_block_num",
+      "env.bls_g1_add",
+      "env.bls_g2_add",
+      "env.bls_g1_mul",
+      "env.bls_g2_mul",
+      "env.bls_g1_exp",
+      "env.bls_g2_exp",
+      "env.bls_g1_pairing",
+      "env.bls_g1_map",
+      "env.bls_g2_map",
+      "env.bls_fp_mod"
    );
 }
 inline constexpr std::size_t find_intrinsic_index(std::string_view hf) {

libraries/chain/include/eosio/chain/webassembly/interface.hpp

@@ -1785,6 +1785,117 @@ namespace webassembly {
          */
          int32_t k1_recover( span<const char> signature, span<const char> digest, span<char> pub) const;
 
+         /**
+          * Host function for G1 addition on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param op1 - a span containing the first operand G1 point.
+          * @param op2 - a span containing the second operand G1 point.
+          * @param[out] result - the result op1 + op2.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_g1_add(span<const char> op1, span<const char> op2, span<char> result) const;
+
+         /**
+          * Host function for G2 addition on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param op1 - a span containing the first operand G2 point.
+          * @param op2 - a span containing the second operand G2 point.
+          * @param[out] result - the result op1 + op2.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_g2_add(span<const char> op1, span<const char> op2, span<char> result) const;
+
+         /**
+          * Host function for G1 scalar multiplication on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param point - a span containing the G1 point operand.
+          * @param scalar - a span containing the scalar operand.
+          * @param[out] result - the result: scalar * point.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_g1_mul(span<const char> point, span<const char> scalar, span<char> result) const;
+
+         /**
+          * Host function for G2 scalar multiplication on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param point - a span containing the G2 point operand.
+          * @param scalar - a span containing the scalar operand.
+          * @param[out] result - the result op1 * op2.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_g2_mul(span<const char> point, span<const char> scalar, span<char> result) const;
+
+         /**
+          * Host function for G1 multi-exponentiation on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param points - a span containing a list of G1 points (P0, P1, P2... Pn).
+          * @param scalars - a span containing a list of scalars (s0, s1, s2... sn).
+          * @param n - the number of elements in the lists.
+          * @param[out] result - the result s0 * P0 + s1 * P1 + ... + sn * Pn.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_g1_exp(span<const char> points, span<const char> scalars, const uint32_t n, span<char> result) const;
+
+         /**
+          * Host function for G2 multi-exponentiation on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param points - a span containing a list of G2 points (P0, P1, P2... Pn).
+          * @param scalars - a span containing a list of scalars (s0, s1, s2... sn).
+          * @param n - the number of elements in the lists.
+          * @param[out] result - the result s0 * P0 + s1 * P1 + ... + sn * Pn.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_g2_exp(span<const char> points, span<const char> scalars, const uint32_t n, span<char> result) const;
+
+         /**
+          * Host function to calculate the pairing of (G1, G2) pairs on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param g1_points - a span containing a list of G1 points (P0, P1, P2... Pn).
+          * @param g2_points - a span containing a list of G2 points (P0, P1, P2... Pn).
+          * @param n - the number of elements in the lists.
+          * @param[out] result - the result e(g1_0, g2_0) * e(g1_1, g2_1) * ... * e(g1_n, g2_n)
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_pairing(span<const char> g1_points, span<const char> g2_points, const uint32_t n, span<char> result) const;
+
+         /**
+          * Host function for mapping fp to G1 on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param e - a span containing the field element fp to be mapped.
+          * @param[out] result - the resulting element in G1.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_g1_map(span<const char> e, span<char> result) const;
+
+         /**
+          * Host function for mapping fp2 to G2 on the elliptic curve bls12-381
+          *
+          * @ingroup crypto
+          * @param e - a span containing the field element fp2 to be mapped.
+          * @param[out] result - the resulting element in G2.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_g2_map(span<const char> e, span<char> result) const;
+
+         /**
+          * Host function for modular reduction of 64 bytes wide scalar to a field element (fp, 48 bytes) of the elliptic curve bls12-381
+          * Involves Montgomery conversion on the resulting field element.
+          *
+          * @ingroup crypto
+          * @param s - a span containing the 64 bytes wide scalar to be reduced.
+          * @param[out] result - the resulting field element fp in Montogomery form.
+          * @return -1 if there was an error 0 otherwise
+         */
+         int32_t bls_fp_mod(span<const char> s, span<char> result) const;
+
          // compiler builtins api
          void __ashlti3(legacy_ptr<int128_t>, uint64_t, uint64_t, uint32_t) const;
          void __ashrti3(legacy_ptr<int128_t>, uint64_t, uint64_t, uint32_t) const;

libraries/chain/protocol_feature_manager.cpp

@@ -258,6 +258,17 @@ Adds new cryptographic host functions
 Builtin protocol feature: GET_BLOCK_NUM
 
 Enables new `get_block_num` intrinsic which returns the current block number.
+*/
+            {}
+         } )
+         (  builtin_protocol_feature_t::bls_primitives, builtin_protocol_feature_spec{
+            "BLS_PRIMITIVES",
+            fc::variant("01969c44de35999b924095ae7f50081a7f274409fdbccb9fc54fa7836c76089c").as<digest_type>(),
+            // SHA256 hash of the raw message below within the comment delimiters (do not modify message below).
+/*
+Builtin protocol feature: BLS_PRIMITIVES
+Adds new cryptographic host functions
+- Add, multiply, multi-exponentiation and pairing functions for the bls12-381 elliptic curve.
 */
             {}
          } )