Merge branch 'master' into lighthouse-246

eth2/utils/bls/Cargo.toml

@@ -5,7 +5,7 @@ authors = ["Paul Hauner <paul@paulhauner.com>"]
 edition = "2018"
 
 [dependencies]
-bls-aggregates = { git = "https://github.com/sigp/signature-schemes", tag = "v0.3.0" }
+bls-aggregates = { git = "https://github.com/sigp/signature-schemes", tag = "0.5.2" }
 hashing = { path = "../hashing" }
 hex = "0.3"
 serde = "1.0"

eth2/utils/bls/src/aggregate_signature.rs

@@ -27,8 +27,13 @@ impl AggregateSignature {
     ///
     /// Only returns `true` if the set of keys in the `AggregatePublicKey` match the set of keys
     /// that signed the `AggregateSignature`.
-    pub fn verify(&self, msg: &[u8], aggregate_public_key: &AggregatePublicKey) -> bool {
-        self.0.verify(msg, aggregate_public_key)
+    pub fn verify(
+        &self,
+        msg: &[u8],
+        domain: u64,
+        aggregate_public_key: &AggregatePublicKey,
+    ) -> bool {
+        self.0.verify(msg, domain, aggregate_public_key)
     }
 }
 
@@ -73,7 +78,7 @@ mod tests {
         let keypair = Keypair::random();
 
         let mut original = AggregateSignature::new();
-        original.add(&Signature::new(&[42, 42], &keypair.sk));
+        original.add(&Signature::new(&[42, 42], 0, &keypair.sk));
 
         let bytes = ssz_encode(&original);
         let (decoded, _) = AggregateSignature::ssz_decode(&bytes, 0).unwrap();

eth2/utils/bls/src/lib.rs

@@ -1,5 +1,4 @@
 extern crate bls_aggregates;
-extern crate hashing;
 extern crate ssz;
 
 mod aggregate_signature;
@@ -16,37 +15,29 @@ pub use crate::signature::Signature;
 
 pub use self::bls_aggregates::AggregatePublicKey;
 
-pub const BLS_AGG_SIG_BYTE_SIZE: usize = 97;
+pub const BLS_AGG_SIG_BYTE_SIZE: usize = 96;
 
-use hashing::hash;
 use ssz::ssz_encode;
-use std::default::Default;
-
-fn extend_if_needed(hash: &mut Vec<u8>) {
-    // NOTE: bls_aggregates crate demands 48 bytes, this may be removed as we get closer to production
-    hash.resize(48, Default::default())
-}
 
 /// For some signature and public key, ensure that the signature message was the public key and it
 /// was signed by the secret key that corresponds to that public key.
 pub fn verify_proof_of_possession(sig: &Signature, pubkey: &PublicKey) -> bool {
-    let mut hash = hash(&ssz_encode(pubkey));
-    extend_if_needed(&mut hash);
-    sig.verify_hashed(&hash, &pubkey)
+    // TODO: replace this function with state.validate_proof_of_possession
+    // https://github.com/sigp/lighthouse/issues/239
+    sig.verify(&ssz_encode(pubkey), 0, &pubkey)
 }
 
+// TODO: Update this method
+// https://github.com/sigp/lighthouse/issues/239
 pub fn create_proof_of_possession(keypair: &Keypair) -> Signature {
-    let mut hash = hash(&ssz_encode(&keypair.pk));
-    extend_if_needed(&mut hash);
-    Signature::new_hashed(&hash, &keypair.sk)
+    Signature::new(&ssz_encode(&keypair.pk), 0, &keypair.sk)
 }
 
 pub fn bls_verify_aggregate(
     pubkey: &AggregatePublicKey,
     message: &[u8],
     signature: &AggregateSignature,
-    _domain: u64,
+    domain: u64,
 ) -> bool {
-    // TODO: add domain
-    signature.verify(message, pubkey)
+    signature.verify(message, domain, pubkey)
 }

eth2/utils/bls/src/signature.rs

@@ -14,24 +14,34 @@ pub struct Signature(RawSignature);
 
 impl Signature {
     /// Instantiate a new Signature from a message and a SecretKey.
-    pub fn new(msg: &[u8], sk: &SecretKey) -> Self {
-        Signature(RawSignature::new(msg, sk.as_raw()))
+    pub fn new(msg: &[u8], domain: u64, sk: &SecretKey) -> Self {
+        Signature(RawSignature::new(msg, domain, sk.as_raw()))
     }
 
     /// Instantiate a new Signature from a message and a SecretKey, where the message has already
     /// been hashed.
-    pub fn new_hashed(msg_hashed: &[u8], sk: &SecretKey) -> Self {
-        Signature(RawSignature::new_hashed(msg_hashed, sk.as_raw()))
+    pub fn new_hashed(x_real_hashed: &[u8], x_imaginary_hashed: &[u8], sk: &SecretKey) -> Self {
+        Signature(RawSignature::new_hashed(
+            x_real_hashed,
+            x_imaginary_hashed,
+            sk.as_raw(),
+        ))
     }
 
     /// Verify the Signature against a PublicKey.
-    pub fn verify(&self, msg: &[u8], pk: &PublicKey) -> bool {
-        self.0.verify(msg, pk.as_raw())
+    pub fn verify(&self, msg: &[u8], domain: u64, pk: &PublicKey) -> bool {
+        self.0.verify(msg, domain, pk.as_raw())
     }
 
     /// Verify the Signature against a PublicKey, where the message has already been hashed.
-    pub fn verify_hashed(&self, msg_hash: &[u8], pk: &PublicKey) -> bool {
-        self.0.verify_hashed(msg_hash, pk.as_raw())
+    pub fn verify_hashed(
+        &self,
+        x_real_hashed: &[u8],
+        x_imaginary_hashed: &[u8],
+        pk: &PublicKey,
+    ) -> bool {
+        self.0
+            .verify_hashed(x_real_hashed, x_imaginary_hashed, pk.as_raw())
     }
 
     /// Returns the underlying signature.
@@ -41,7 +51,9 @@ impl Signature {
 
     /// Returns a new empty signature.
     pub fn empty_signature() -> Self {
-        let empty: Vec<u8> = vec![0; 97];
+        let mut empty: Vec<u8> = vec![0; 96];
+        // TODO: Modify the way flags are used (b_flag should not be used for empty_signature in the future)
+        empty[0] += u8::pow(2, 6);
         Signature(RawSignature::from_bytes(&empty).unwrap())
     }
 }
@@ -85,7 +97,7 @@ mod tests {
     pub fn test_ssz_round_trip() {
         let keypair = Keypair::random();
 
-        let original = Signature::new(&[42, 42], &keypair.sk);
+        let original = Signature::new(&[42, 42], 0, &keypair.sk);
 
         let bytes = ssz_encode(&original);
         let (decoded, _) = Signature::ssz_decode(&bytes, 0).unwrap();
@@ -99,9 +111,13 @@ mod tests {
 
         let sig_as_bytes: Vec<u8> = sig.as_raw().as_bytes();
 
-        assert_eq!(sig_as_bytes.len(), 97);
-        for one_byte in sig_as_bytes.iter() {
-            assert_eq!(*one_byte, 0);
+        assert_eq!(sig_as_bytes.len(), 96);
+        for (i, one_byte) in sig_as_bytes.iter().enumerate() {
+            if i == 0 {
+                assert_eq!(*one_byte, u8::pow(2, 6));
+            } else {
+                assert_eq!(*one_byte, 0);
+            }
         }
     }
 }