Support multiple BLS implementations (#1335)

## Issue Addressed NA ## Proposed Changes - Refactor the `bls` crate to support multiple BLS "backends" (e.g., milagro, blst, etc). - Removes some duplicate, unused code in `common/rest_types/src/validator.rs`. - Removes the old "upgrade legacy keypairs" functionality (these were unencrypted keys that haven't been supported for a few testnets, no one should be using them anymore). ## Additional Info Most of the files changed are just inconsequential changes to function names. ## TODO - [x] Optimization levels - [x] Infinity point: https://github.com/supranational/blst/issues/11 - [x] Ensure milagro *and* blst are tested via CI - [x] What to do with unsafe code? - [x] Test infinity point in signature sets
2026-04-30 03:03:45 +00:00 · 2020-07-25 02:03:18 +00:00
parent 21bcc8848d
commit b73c497be2
117 changed files with 3009 additions and 2463 deletions
--- a/crypto/bls/src/generic_secret_key.rs
+++ b/crypto/bls/src/generic_secret_key.rs
@@ -0,0 +1,90 @@
+use crate::{
+    generic_public_key::{GenericPublicKey, TPublicKey},
+    generic_signature::{GenericSignature, TSignature},
+    Error, Hash256, ZeroizeHash,
+};
+use std::marker::PhantomData;
+
+/// The byte-length of a BLS secret key.
+pub const SECRET_KEY_BYTES_LEN: usize = 32;
+
+/// Implemented on some struct from a BLS library so it may be used as the `point` in a
+/// `GenericSecretKey`.
+pub trait TSecretKey<SignaturePoint, PublicKeyPoint>: Sized {
+    /// Instantiate `Self` from some secure source of entropy.
+    fn random() -> Self;
+
+    /// Signs `msg`.
+    fn sign(&self, msg: Hash256) -> SignaturePoint;
+
+    /// Returns the public key that corresponds to self.
+    fn public_key(&self) -> PublicKeyPoint;
+
+    /// Serialize `self` as compressed bytes.
+    fn serialize(&self) -> ZeroizeHash;
+
+    /// Deserialize `self` from compressed bytes.
+    fn deserialize(bytes: &[u8]) -> Result<Self, Error>;
+}
+
+#[derive(Clone)]
+pub struct GenericSecretKey<Sig, Pub, Sec> {
+    /// The underlying point which performs *actual* cryptographic operations.
+    point: Sec,
+    _phantom_signature: PhantomData<Sig>,
+    _phantom_public_key: PhantomData<Pub>,
+}
+
+impl<Sig, Pub, Sec> GenericSecretKey<Sig, Pub, Sec>
+where
+    Sig: TSignature<Pub>,
+    Pub: TPublicKey,
+    Sec: TSecretKey<Sig, Pub>,
+{
+    /// Instantiate `Self` from some secure source of entropy.
+    pub fn random() -> Self {
+        Self {
+            point: Sec::random(),
+            _phantom_signature: PhantomData,
+            _phantom_public_key: PhantomData,
+        }
+    }
+
+    /// Signs `msg`.
+    pub fn sign(&self, msg: Hash256) -> GenericSignature<Pub, Sig> {
+        let is_infinity = false;
+        GenericSignature::from_point(self.point.sign(msg), is_infinity)
+    }
+
+    /// Returns the public key that corresponds to self.
+    pub fn public_key(&self) -> GenericPublicKey<Pub> {
+        let is_infinity = false;
+        GenericPublicKey::from_point(self.point.public_key(), is_infinity)
+    }
+
+    /// Serialize `self` as compressed bytes.
+    ///
+    /// ## Note
+    ///
+    /// The bytes that are returned are the unencrypted secret key. This is sensitive cryptographic
+    /// material.
+    pub fn serialize(&self) -> ZeroizeHash {
+        self.point.serialize()
+    }
+
+    /// Deserialize `self` from compressed bytes.
+    pub fn deserialize(bytes: &[u8]) -> Result<Self, Error> {
+        if bytes.len() != SECRET_KEY_BYTES_LEN {
+            Err(Error::InvalidSecretKeyLength {
+                got: bytes.len(),
+                expected: SECRET_KEY_BYTES_LEN,
+            })
+        } else {
+            Ok(Self {
+                point: Sec::deserialize(bytes)?,
+                _phantom_signature: PhantomData,
+                _phantom_public_key: PhantomData,
+            })
+        }
+    }
+}