diff --git a/.gitignore b/.gitignore
index a9a20e83c..d2d8f18f7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,8 @@
# Package Manager
## cargo
target
+# nix
+shell.nix
## npm
node_modules
diff --git a/Cargo.lock b/Cargo.lock
index cf266bf44..fc220bcbc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -233,6 +233,124 @@ version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6"
+[[package]]
+name = "ark-bls12-381"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c775f0d12169cba7aae4caeb547bb6a50781c7449a8aa53793827c9ec4abf488"
+dependencies = [
+ "ark-ec",
+ "ark-ff",
+ "ark-serialize",
+ "ark-std",
+]
+
+[[package]]
+name = "ark-ec"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3c60370a92f8e1a5f053cad73a862e1b99bc642333cd676fa11c0c39f80f4ac2"
+dependencies = [
+ "ark-ff",
+ "ark-poly",
+ "ark-serialize",
+ "ark-std",
+ "derivative",
+ "hashbrown 0.13.2",
+ "itertools",
+ "num-traits",
+ "zeroize",
+]
+
+[[package]]
+name = "ark-ff"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c2d42532524bee1da5a4f6f733eb4907301baa480829557adcff5dfaeee1d9a"
+dependencies = [
+ "ark-ff-asm",
+ "ark-ff-macros",
+ "ark-serialize",
+ "ark-std",
+ "derivative",
+ "digest 0.10.6",
+ "itertools",
+ "num-bigint",
+ "num-traits",
+ "paste",
+ "rustc_version",
+ "zeroize",
+]
+
+[[package]]
+name = "ark-ff-asm"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9d6873aaba7959593d89babed381d33e2329453368f1bf3c67e07686a1c1056f"
+dependencies = [
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "ark-ff-macros"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3c2e7d0f2d67cc7fc925355c74d36e7eda19073639be4a0a233d4611b8c959d"
+dependencies = [
+ "num-bigint",
+ "num-traits",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "ark-poly"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f6ec811462cabe265cfe1b102fcfe3df79d7d2929c2425673648ee9abfd0272"
+dependencies = [
+ "ark-ff",
+ "ark-serialize",
+ "ark-std",
+ "derivative",
+ "hashbrown 0.13.2",
+]
+
+[[package]]
+name = "ark-serialize"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7e735959bc173ea4baf13327b19c22d452b8e9e8e8f7b7fc34e6bf0e316c33e"
+dependencies = [
+ "ark-serialize-derive",
+ "ark-std",
+ "digest 0.10.6",
+ "num-bigint",
+]
+
+[[package]]
+name = "ark-serialize-derive"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fd34f0920d995d2c932f38861c416f70de89a6de9875876b012557079603e6cc"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "ark-std"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94893f1e0c6eeab764ade8dc4c0db24caf4fe7cbbaafc0eba0a9030f447b5185"
+dependencies = [
+ "num-traits",
+ "rand 0.8.5",
+]
+
[[package]]
name = "array-bytes"
version = "4.2.0"
@@ -2537,17 +2655,16 @@ dependencies = [
name = "darwinia-precompile-bls12-381"
version = "6.0.0"
dependencies = [
+ "ark-bls12-381",
+ "ark-ec",
+ "ark-ff",
+ "ark-serialize",
+ "ark-std",
"fp-evm",
- "frame-system",
- "pallet-balances",
"pallet-evm",
- "pallet-timestamp",
- "parity-scale-codec",
"precompile-utils",
- "scale-info",
- "sp-core",
- "sp-io",
- "sp-runtime",
+ "rand 0.8.5",
+ "sha2 0.10.6",
"sp-std",
]
diff --git a/precompile/bls12-381/Cargo.toml b/precompile/bls12-381/Cargo.toml
index 1bbb86b3e..423b45c1a 100644
--- a/precompile/bls12-381/Cargo.toml
+++ b/precompile/bls12-381/Cargo.toml
@@ -1,12 +1,19 @@
[package]
authors.workspace = true
-description = "BLS12-381 implementation for EVM pallet."
+description = "Arkworks BLS12-381 based precompile for EVM pallet."
edition.workspace = true
name = "darwinia-precompile-bls12-381"
readme = "README.md"
version.workspace = true
[dependencies]
+# crates.io
+ark-bls12-381 = { version = "0.4.0", default-features = false, features = ["curve"] }
+ark-ec = { version = "0.4.1", default-features = false }
+ark-ff = { version = "0.4.1", default-features = false }
+ark-serialize = { version = "0.4.1", default-features = false, features = ["derive"] }
+sha2 = { version = "0.10.6", default-features = false }
+
# frontier
fp-evm = { workspace = true }
pallet-evm = { workspace = true }
@@ -18,27 +25,22 @@ precompile-utils = { workspace = true }
sp-std = { workspace = true }
[dev-dependencies]
-# crates.io
-codec = { package = "parity-scale-codec", workspace = true }
-scale-info = { workspace = true }
-
-# moonbeam
-precompile-utils = { workspace = true, features = ["testing"] }
-
-# substrate
-frame-system = { workspace = true }
-pallet-balances = { workspace = true, features = ["std"] }
-pallet-timestamp = { workspace = true, features = ["std"] }
-sp-core = { workspace = true }
-sp-io = { workspace = true }
-sp-runtime = { workspace = true }
+rand = { version = "0.8.5" }
+ark-std = { version = "0.4.0" }
[features]
default = ["std"]
std = [
+ # crates.io
+ "ark-bls12-381/std",
+ "ark-serialize/std",
+ "ark-ec/std",
+ "ark-ff/std",
+ "sha2/std",
+
# frontier
- "fp-evm/std",
"pallet-evm/std",
+ "fp-evm/std",
# moonbeam
"precompile-utils/std",
diff --git a/precompile/bls12-381/src/bls/mod.rs b/precompile/bls12-381/src/bls/mod.rs
new file mode 100644
index 000000000..2566f3007
--- /dev/null
+++ b/precompile/bls12-381/src/bls/mod.rs
@@ -0,0 +1,180 @@
+// This file is part of Darwinia.
+//
+// Copyright (C) 2018-2023 Darwinia Network
+// SPDX-License-Identifier: GPL-3.0
+//
+// Darwinia is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Darwinia is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Darwinia. If not, see .
+//
+// Inspired from https://github.com/w3f/apk-proofs/blob/main/bw6/src/bls/mod.rs
+
+// core
+use core::{borrow::Borrow, ops::Neg};
+// crates.io
+use ark_bls12_381::{
+ g2::Config as G2Config, Bls12_381, G1Affine, G1Projective, G2Affine, G2Projective,
+};
+use ark_ec::{
+ hashing::{
+ curve_maps::wb::WBMap, map_to_curve_hasher::MapToCurveBasedHasher, HashToCurve,
+ HashToCurveError,
+ },
+ models::short_weierstrass::Projective,
+ pairing::Pairing,
+ AffineRepr, CurveGroup,
+};
+use ark_ff::{field_hashers::DefaultFieldHasher, Zero};
+use ark_serialize::*;
+use sha2::Sha256;
+// substrate
+use sp_std::prelude::Vec;
+
+/// Domain Separation Tag for signatures on G2
+pub const DST_G2: &[u8] = b"BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_";
+
+#[derive(Clone, Debug)]
+pub struct Signature(G2Projective);
+impl From for Signature {
+ fn from(sig: G2Projective) -> Signature {
+ Signature(sig)
+ }
+}
+impl AsRef for Signature {
+ fn as_ref(&self) -> &G2Projective {
+ &self.0
+ }
+}
+impl Signature {
+ pub fn from_bytes(bytes: &[u8]) -> Result {
+ let p = G2Affine::deserialize_compressed(bytes)?;
+ Ok(Self(p.into()))
+ }
+
+ #[allow(dead_code)]
+ pub fn aggregate>(signatures: impl IntoIterator- ) -> Signature {
+ signatures.into_iter().map(|s| s.borrow().0).sum::().into()
+ }
+}
+
+#[derive(Clone, Debug, Eq, PartialEq, Hash, CanonicalSerialize, CanonicalDeserialize)]
+pub struct PublicKey(pub G1Projective);
+impl From for PublicKey {
+ fn from(pk: G1Projective) -> PublicKey {
+ PublicKey(pk)
+ }
+}
+impl PublicKey {
+ pub fn from_bytes(bytes: &[u8]) -> Result {
+ let p = G1Affine::deserialize_compressed(bytes)?;
+ Ok(Self(p.into()))
+ }
+
+ pub fn aggregate>(public_keys: impl IntoIterator
- ) -> PublicKey {
+ public_keys.into_iter().map(|s| s.borrow().0).sum::().into()
+ }
+
+ pub fn verify(&self, signature: &Signature, message: &G2Projective) -> bool {
+ Bls12_381::multi_pairing(
+ [G1Affine::generator().neg(), self.0.into_affine()],
+ [signature.as_ref().into_affine(), message.into_affine()],
+ )
+ .is_zero()
+ }
+}
+
+pub fn hash_to_curve_g2(message: &[u8]) -> Result {
+ let wb_to_curve_hasher = MapToCurveBasedHasher::<
+ Projective,
+ DefaultFieldHasher,
+ WBMap,
+ >::new(DST_G2)?;
+ Ok(wb_to_curve_hasher.hash(message)?.into())
+}
+
+#[cfg(test)]
+mod tests {
+ // crates.io
+ use rand::Rng;
+ use ark_std::test_rng;
+ use ark_bls12_381::Fr;
+ use ark_ec::Group;
+ use ark_ff::UniformRand;
+ // darwinia
+ use super::*;
+
+ #[derive(Clone, Debug, CanonicalSerialize, CanonicalDeserialize)]
+ pub struct SecretKey(Fr);
+
+ impl From for SecretKey {
+ fn from(sk: Fr) -> SecretKey {
+ SecretKey(sk)
+ }
+ }
+
+ impl From<&SecretKey> for PublicKey {
+ fn from(sk: &SecretKey) -> PublicKey {
+ (G1Projective::generator() * sk.as_ref()).into()
+ }
+ }
+
+ impl AsRef for SecretKey {
+ fn as_ref(&self) -> &Fr {
+ &self.0
+ }
+ }
+
+ impl SecretKey {
+ pub fn new(rng: &mut R) -> SecretKey {
+ SecretKey(Fr::rand(rng))
+ }
+
+ pub fn sign(&self, message: &G2Projective) -> Signature {
+ (*message * self.as_ref()).into()
+ }
+ }
+
+ #[test]
+ fn test_apk() {
+ let rng = &mut test_rng();
+ let message = G2Projective::rand(rng);
+
+ let sks = (0..10).map(|_| SecretKey::new(rng)).collect::>();
+ let pks = sks.iter().map(PublicKey::from).collect::>();
+ let sigs = sks.iter().map(|sk| sk.sign(&message)).collect::>();
+ pks.iter().zip(sigs.iter()).for_each(|(pk, sig)| assert!(pk.verify(sig, &message)));
+
+ let apk = PublicKey::aggregate(pks);
+ let asig = Signature::aggregate(sigs);
+ assert!(apk.verify(&asig, &message));
+ }
+
+ #[test]
+ fn test_h2c() {
+ let message = vec![
+ 58, 137, 108, 164, 181, 219, 16, 43, 157, 253, 71, 82, 139, 6, 34, 10, 145, 189, 18,
+ 70, 29, 204, 134, 121, 60, 226, 213, 145, 244, 30, 164, 248,
+ ];
+ let e = vec![
+ 178, 18, 44, 225, 215, 170, 68, 228, 52, 151, 40, 113, 171, 202, 76, 203, 156, 112,
+ 105, 249, 147, 210, 132, 79, 69, 117, 109, 151, 35, 71, 117, 21, 119, 179, 181, 81, 92,
+ 22, 22, 88, 190, 243, 147, 248, 3, 210, 87, 98, 0, 84, 201, 248, 182, 249, 99, 59, 86,
+ 60, 71, 244, 250, 189, 134, 232, 18, 82, 72, 76, 83, 155, 46, 113, 128, 107, 49, 67,
+ 174, 100, 244, 181, 33, 174, 14, 151, 112, 62, 141, 100, 173, 191, 103, 178, 205, 17,
+ 237, 147,
+ ];
+ let p: G2Affine = hash_to_curve_g2(&message).unwrap().into();
+ let mut c = Vec::new();
+ p.serialize_compressed(&mut c).unwrap();
+ assert_eq!(e, c);
+ }
+}
diff --git a/precompile/bls12-381/src/lib.rs b/precompile/bls12-381/src/lib.rs
index 04a03bad6..12697e1b8 100644
--- a/precompile/bls12-381/src/lib.rs
+++ b/precompile/bls12-381/src/lib.rs
@@ -18,6 +18,9 @@
#![cfg_attr(not(feature = "std"), no_std)]
+mod bls;
+use bls::{hash_to_curve_g2, PublicKey, Signature};
+
// core
use core::marker::PhantomData;
// moonbeam
@@ -25,18 +28,31 @@ use precompile_utils::prelude::*;
// substrate
use sp_std::prelude::*;
+pub(crate) const BLS_ESTIMATED_COST: u64 = 100_000;
pub struct BLS12381(PhantomData);
#[precompile_utils::precompile]
impl BLS12381 {
#[precompile::public("fast_aggregate_verify(bytes[],bytes,bytes)")]
#[precompile::view]
- fn state_storage_at(
- _handle: &mut impl PrecompileHandle,
- _pubkeys: Vec,
- _message: UnboundedBytes,
- _signature: UnboundedBytes,
+ fn fast_aggregate_verify(
+ handle: &mut impl PrecompileHandle,
+ pubkeys: Vec,
+ message: UnboundedBytes,
+ signature: UnboundedBytes,
) -> EvmResult {
- return Err(revert("Unavailable now"));
+ handle.record_cost(BLS_ESTIMATED_COST)?;
+
+ let asig =
+ Signature::from_bytes(signature.as_bytes()).map_err(|_| revert("Invalid signature"))?;
+ let public_keys: Result, _> =
+ pubkeys.into_iter().map(|k| PublicKey::from_bytes(k.as_bytes())).collect();
+ let Ok(pks) = public_keys else {
+ return Err(revert("Invalid pubkeys"));
+ };
+
+ let apk = PublicKey::aggregate(pks);
+ let msg = hash_to_curve_g2(message.as_bytes()).map_err(|_| revert("Invalid message"))?;
+ Ok(apk.verify(&asig, &msg))
}
}
diff --git a/runtime/crab/src/pallets/evm.rs b/runtime/crab/src/pallets/evm.rs
index 2e28a9ff1..950984e3b 100644
--- a/runtime/crab/src/pallets/evm.rs
+++ b/runtime/crab/src/pallets/evm.rs
@@ -49,7 +49,7 @@ where
Self(Default::default())
}
- pub fn used_addresses() -> [sp_core::H160; 15] {
+ pub fn used_addresses() -> [sp_core::H160; 14] {
[
addr(1),
addr(2),
@@ -66,7 +66,7 @@ where
addr(1026),
addr(1536),
addr(1537),
- addr(2048),
+ // addr(2048),
]
}
}
@@ -118,8 +118,8 @@ where
a if a == addr(1537) =>
Some(>::execute(handle)),
// [2048..) reserved for the experimental precompiles.
- a if a == addr(2048) =>
- Some(>::execute(handle)),
+ // a if a == addr(2048) =>
+ // Some(>::execute(handle)),
_ => None,
}
}
diff --git a/runtime/darwinia/src/pallets/evm.rs b/runtime/darwinia/src/pallets/evm.rs
index 49ba628dd..258dde402 100644
--- a/runtime/darwinia/src/pallets/evm.rs
+++ b/runtime/darwinia/src/pallets/evm.rs
@@ -49,7 +49,7 @@ where
Self(Default::default())
}
- pub fn used_addresses() -> [sp_core::H160; 15] {
+ pub fn used_addresses() -> [sp_core::H160; 14] {
[
addr(1),
addr(2),
@@ -66,7 +66,7 @@ where
addr(1026),
addr(1536),
addr(1537),
- addr(2048),
+ // addr(2048),
]
}
}
@@ -118,8 +118,8 @@ where
a if a == addr(1537) =>
Some(>::execute(handle)),
// [2048..) reserved for the experimental precompiles.
- a if a == addr(2048) =>
- Some(>::execute(handle)),
+ // a if a == addr(2048) =>
+ // Some(>::execute(handle)),
_ => None,
}
}