Merge pull request #846 from huitseeker/update-relic

[crypto] Update relic to 9206ae5

crypto/bls.go

@@ -171,10 +171,7 @@ func (a *blsBLS12381Algo) generatePrivateKey(seed []byte) (PrivateKey, error) {
 			KeyGenSeedMaxLenBLSBLS12381)
 	}
 
-	sk := &PrKeyBLSBLS12381{
-		// public key is only computed when needed
-		pk: nil,
-	}
+	sk := newPrKeyBLSBLS12381(nil)
 
 	// maps the seed to a private key
 	// error is not checked as it is guaranteed to be nil
@@ -190,9 +187,8 @@ func (a *blsBLS12381Algo) decodePrivateKey(privateKeyBytes []byte) (PrivateKey,
 			"the input length has to be equal to %d",
 			prKeyLengthBLSBLS12381)
 	}
-	sk := &PrKeyBLSBLS12381{
-		pk: nil,
-	}
+	sk := newPrKeyBLSBLS12381(nil)
+
 	readScalar(&sk.scalar, privateKeyBytes)
 	if C.check_membership_Zr((*C.bn_st)(&sk.scalar)) == valid {
 		return sk, nil
@@ -231,6 +227,22 @@ type PrKeyBLSBLS12381 struct {
 	scalar scalar
 }
 
+// newPrKeyBLSBLS12381 creates a new BLS private key with the given scalar.
+// If no scalar is provided, the function allocates an
+// empty scalar.
+func newPrKeyBLSBLS12381(x *scalar) *PrKeyBLSBLS12381 {
+	var sk PrKeyBLSBLS12381
+	if x == nil {
+		// initialize the scalar
+		C.bn_new_wrapper((*C.bn_st)(&sk.scalar))
+	} else {
+		// set the scalar
+		sk.scalar = *x
+	}
+	// the embedded public key is only computed when needed
+	return &sk
+}
+
 // Algorithm returns the Signing Algorithm
 func (sk *PrKeyBLSBLS12381) Algorithm() SigningAlgorithm {
 	return BLSBLS12381
@@ -289,6 +301,18 @@ type PubKeyBLSBLS12381 struct {
 	point pointG2
 }
 
+// newPubKeyBLSBLS12381 creates a new BLS public key with the given point.
+// If no scalar is provided, the function allocates an
+// empty scalar.
+func newPubKeyBLSBLS12381(p *pointG2) *PubKeyBLSBLS12381 {
+	if p != nil {
+		return &PubKeyBLSBLS12381{
+			point: *p,
+		}
+	}
+	return &PubKeyBLSBLS12381{}
+}
+
 // Algorithm returns the Signing Algorithm
 func (pk *PubKeyBLSBLS12381) Algorithm() SigningAlgorithm {
 	return BLSBLS12381

crypto/bls12381_utils.c

@@ -18,6 +18,10 @@ int get_invalid() {
     return INVALID;
 }
 
+void bn_new_wrapper(bn_t a) {
+    bn_new(a);
+}
+
 // global variable of the pre-computed data
 prec_st bls_prec_st;
 prec_st* bls_prec = NULL;
@@ -45,8 +49,8 @@ const uint64_t p_1div2_data[Fp_DIGITS] = {
 
 
 // sets the global variable to input
-void precomputed_data_set(prec_st* p) {
-    bls_prec = p;
+void precomputed_data_set(const prec_st* p) {
+    bls_prec = (prec_st*)p;
 }
 
 // Reads a prime field element from a digit vector in big endian format.
@@ -58,9 +62,11 @@ prec_st* init_precomputed_data_BLS12_381() {
     bls_prec = &bls_prec_st;
 
     #if (hashToPoint == OPSWU)
+
     fp_read_raw(bls_prec->a1, a1_data);
     fp_read_raw(bls_prec->b1, b1_data);
     // (p-3)/4
+    bn_new(&bls_prec->p_3div4);
     bn_read_raw(&bls_prec->p_3div4, p_3div4_data, Fp_DIGITS);
     // (p-1)/2
     fp_read_raw(bls_prec->fp_p_1div2, fp_p_1div2_data);
@@ -75,10 +81,13 @@ prec_st* init_precomputed_data_BLS12_381() {
     #endif
 
     #if (MEMBERSHIP_CHECK_G1 == BOWE)
+    bn_new(&bls_prec->beta);
     bn_read_raw(&bls_prec->beta, beta_data, Fp_DIGITS);
+    bn_new(&bls_prec->z2_1_by3);
     bn_read_raw(&bls_prec->z2_1_by3, z2_1_by3_data, 2);
     #endif
 
+    bn_new(&bls_prec->p_1div2);
     bn_read_raw(&bls_prec->p_1div2, p_1div2_data, Fp_DIGITS);
     return bls_prec;
 }
@@ -222,7 +231,7 @@ void bn_map_to_Zr_star(bn_t a, const uint8_t* bin, int len) {
 
 // returns the sign of y.
 // 1 if y > (p - 1)/2 and 0 otherwise.
-static int fp_get_sign(fp_t y) {
+static int fp_get_sign(const fp_t y) {
     bn_t bn_y;
     bn_new(bn_y);
     fp_prime_back(bn_y, y);

crypto/bls12381_utils.h

@@ -74,10 +74,11 @@ typedef struct prec_ {
 // Utility functions
 int      get_valid();
 int      get_invalid();
+void     bn_new_wrapper(bn_t a);
 
 ctx_t*   relic_init_BLS12_381();
 prec_st* init_precomputed_data_BLS12_381();
-void     precomputed_data_set(prec_st* p);
+void     precomputed_data_set(const prec_st* p);
 void     seed_relic(byte*, int);
 
 int      ep_read_bin_compact(ep_t, const byte *, const int);

crypto/bls_multisig.go

@@ -133,12 +133,10 @@ func AggregateBLSPrivateKeys(keys []PrivateKey) (PrivateKey, error) {
 	}
 
 	var sum scalar
+	C.bn_new_wrapper((*C.bn_st)(&sum))
 	C.bn_sum_vector((*C.bn_st)(&sum), (*C.bn_st)(&scalars[0]),
 		(C.int)(len(scalars)))
-	return &PrKeyBLSBLS12381{
-		pk:     nil,
-		scalar: sum,
-	}, nil
+	return newPrKeyBLSBLS12381(&sum), nil
 }
 
 // AggregateBLSPublicKeys aggregate multiple BLS public keys into one.
@@ -167,16 +165,14 @@ func AggregateBLSPublicKeys(keys []PublicKey) (PublicKey, error) {
 	var sum pointG2
 	C.ep2_sum_vector((*C.ep2_st)(&sum), (*C.ep2_st)(&points[0]),
 		(C.int)(len(points)))
-	return &PubKeyBLSBLS12381{
-		point: sum,
-	}, nil
+	return newPubKeyBLSBLS12381(&sum), nil
 }
 
 func NeutralBLSPublicKey() PublicKey {
 	// set BLS context
 	blsInstance.reInit()
 
-	var neutralPk PubKeyBLSBLS12381
+	neutralPk := *newPubKeyBLSBLS12381(nil)
 	// set the point to infinity
 	C.ep2_set_infty((*C.ep2_st)(&neutralPk.point))
 	return &neutralPk
@@ -217,9 +213,7 @@ func RemoveBLSPublicKeys(aggKey PublicKey, keysToRemove []PublicKey) (PublicKey,
 	C.ep2_subtract_vector((*C.ep2_st)(&resultKey), (*C.ep2_st)(&aggPKBLS.point),
 		(*C.ep2_st)(&pointsToSubtract[0]), (C.int)(len(pointsToSubtract)))
 
-	return &PubKeyBLSBLS12381{
-		point: resultKey,
-	}, nil
+	return newPubKeyBLSBLS12381(&resultKey), nil
 }
 
 // VerifyBLSSignatureOneMessage is a multi-signature verification that verifies a

crypto/build_dependency.sh

@@ -3,7 +3,7 @@
 set -euo pipefail
 
 # relic version or tag
-relic_version="7a9bba7f"
+relic_version="9206ae50"
 
 rm -rf relic
 

crypto/dkg_feldmanvss.go

@@ -73,6 +73,7 @@ func (s *feldmanVSSstate) init() {
 	s.y = nil
 	s.xReceived = false
 	s.vAReceived = false
+	C.bn_new_wrapper((*C.bn_st)(&s.x))
 }
 
 // Start starts running the protocol in the current node
@@ -107,21 +108,15 @@ func (s *feldmanVSSstate) End() (PrivateKey, PublicKey, []PublicKey, error) {
 		return nil, nil, nil, errors.New("keys are not correct")
 	}
 	// private key of the current node
-	x := &PrKeyBLSBLS12381{
-		scalar: s.x, // the private share
-	}
+	x := newPrKeyBLSBLS12381(&s.x)
 
 	// Group public key
-	Y := &PubKeyBLSBLS12381{
-		point: s.vA[0],
-	}
+	Y := newPubKeyBLSBLS12381(&s.vA[0])
 
 	// The nodes public keys
 	y := make([]PublicKey, s.size)
 	for i, p := range s.y {
-		y[i] = &PubKeyBLSBLS12381{
-			point: p,
-		}
+		y[i] = newPubKeyBLSBLS12381(&p)
 	}
 	return x, Y, y, nil
 }
@@ -242,6 +237,7 @@ func (s *feldmanVSSstate) generateShares(seed []byte) error {
 	randZrStar(&s.a[0]) // non zero a[0]
 	genScalarMultG2(&s.vA[0], &s.a[0])
 	for i := 1; i < s.threshold+1; i++ {
+		C.bn_new_wrapper((*C.bn_st)(&s.a[i]))
 		randZr(&s.a[i])
 		genScalarMultG2(&s.vA[i], &s.a[i])
 	}

crypto/dkg_feldmanvssq.go

@@ -155,19 +155,14 @@ func (s *feldmanVSSQualState) End() (PrivateKey, PublicKey, []PublicKey, error)
 	}
 
 	// private key of the current node
-	x := &PrKeyBLSBLS12381{
-		scalar: s.x, // the private share
-	}
+	x := newPrKeyBLSBLS12381(&s.x)
+
 	// Group public key
-	Y := &PubKeyBLSBLS12381{
-		point: s.vA[0],
-	}
+	Y := newPubKeyBLSBLS12381(&s.vA[0])
 	// The nodes public keys
 	y := make([]PublicKey, s.size)
 	for i, p := range s.y {
-		y[i] = &PubKeyBLSBLS12381{
-			point: p,
-		}
+		y[i] = newPubKeyBLSBLS12381(&p)
 	}
 	return x, Y, y, nil
 }
@@ -562,6 +557,7 @@ func (s *feldmanVSSQualState) receiveComplaintAnswer(origin index, data []byte)
 		}
 
 		// read the complainer private share
+		C.bn_new_wrapper((*C.bn_st)(&s.complaints[complainer].answer))
 		if C.bn_read_Zr_bin((*C.bn_st)(&s.complaints[complainer].answer),
 			(*C.uchar)(&data[1]),
 			PrKeyLenBLSBLS12381,
@@ -582,9 +578,10 @@ func (s *feldmanVSSQualState) receiveComplaintAnswer(origin index, data []byte)
 	}
 	c.answerReceived = true
 
-	// first flag check is a sanity check
+	// flag check is a sanity check
 	if c.received {
 		// read the complainer private share
+		C.bn_new_wrapper((*C.bn_st)(&c.answer))
 		if C.bn_read_Zr_bin((*C.bn_st)(&c.answer),
 			(*C.uchar)(&data[1]),
 			PrKeyLenBLSBLS12381,

crypto/dkg_jointfeldman.go

@@ -180,19 +180,15 @@ func (s *JointFeldmanState) End() (PrivateKey, PublicKey, []PublicKey, error) {
 	jointx, jointPublicKey, jointy := s.sumUpQualifiedKeys(s.size - disqualifiedTotal)
 
 	// private key of the current node
-	x := &PrKeyBLSBLS12381{
-		scalar: *jointx, // the private share
-	}
+	x := newPrKeyBLSBLS12381(jointx)
+
 	// Group public key
-	Y := &PubKeyBLSBLS12381{
-		point: *jointPublicKey,
-	}
+	Y := newPubKeyBLSBLS12381(jointPublicKey)
+
 	// The nodes public keys
 	y := make([]PublicKey, s.size)
 	for i, p := range jointy {
-		y[i] = &PubKeyBLSBLS12381{
-			point: p,
-		}
+		y[i] = newPubKeyBLSBLS12381(&p)
 	}
 	return x, Y, y, nil
 }
@@ -264,6 +260,7 @@ func (s *JointFeldmanState) sumUpQualifiedKeys(qualified int) (*scalar, *pointG2
 
 	// sum up x
 	var jointx scalar
+	C.bn_new_wrapper((*C.bn_st)(&jointx))
 	C.bn_sum_vector((*C.bn_st)(&jointx), (*C.bn_st)(&qualifiedx[0]),
 		(C.int)(qualified))
 	// sum up Y

crypto/relic_build.sh

@@ -46,7 +46,7 @@ else
 fi
 
 # Set RELIC config for Flow
-COMP=(-DCOMP="-O3 -funroll-loops -fomit-frame-pointer ${MARCH} -mtune=native")
+COMP=(-DCFLAGS="-O3 -funroll-loops -fomit-frame-pointer ${MARCH} -mtune=native")
 GENERAL=(-DTIMER=CYCLE -DCHECK=OFF -DVERBS=OFF)
 LIBS=(-DSHLIB=OFF -DSTLIB=ON)
 RAND=(-DRAND=HASHD -DSEED=)

crypto/thresholdsign.go

@@ -499,15 +499,9 @@ func ThresholdSignKeyGen(size int, threshold int, seed []byte) ([]PrivateKey,
 	pkShares := make([]PublicKey, size)
 	var pkGroup PublicKey
 	for i := 0; i < size; i++ {
-		skShares[i] = &PrKeyBLSBLS12381{
-			scalar: x[i],
-		}
-		pkShares[i] = &PubKeyBLSBLS12381{
-			point: y[i],
-		}
-	}
-	pkGroup = &PubKeyBLSBLS12381{
-		point: X0,
+		skShares[i] = newPrKeyBLSBLS12381(&x[i])
+		pkShares[i] = newPubKeyBLSBLS12381(&y[i])
 	}
+	pkGroup = newPubKeyBLSBLS12381(&X0)
 	return skShares, pkShares, pkGroup, nil
 }