Vrf Audit (#156)

* zeroize ikm, add docs and doctest to bls sig

* conform with CipherSuite standard

* add test to canonical serde for bls sig

* upgrade to latest tagged, auto-derive serde on bls sig structs

* fix rustdoc failure

* minor doc language adjustment

* address Marti's PR comments

* update CHANGELOG

CHANGELOG.md

@@ -38,7 +38,10 @@ and follow [semantic versioning](https://semver.org/) for our releases.
 - [#144](https://github.com/EspressoSystems/jellyfish/pull/144) (`jf-primitives`) Updated append-only merkle tree gadget with the latest MT API
 - [#119](https://github.com/EspressoSystems/jellyfish/pull/119) (all) Updated dependencies
   - Upgraded `criterion` from `0.3.1` to `0.4.0`
-
+- [#148](https://github.com/EspressoSystems/jellyfish/pull/148), [#156](https://github.com/EspressoSystems/jellyfish/pull/156) (`jf-primitives`) Refactored BLS Signature implementation
+  - #148 Added trait bounds on associated types of `trait SignatureScheme`
+  - #156 Improved BLS correctness and API compliance with IRTF standard with better doc
+
 ### Fixed
 
 - [#76](https://github.com/EspressoSystems/jellyfish/pull/76) (`jf-plonk`) Splitting polynomials are masked to ensure zero-knowledge of Plonk

primitives/Cargo.toml

@@ -53,6 +53,7 @@ bincode = "1.0"
 criterion = "0.4.0"
 hashbrown = "0.13.1"
 quickcheck = "1.0.0"
+rand_core = { version = "^0.6.0", features = ["getrandom"] }
 
 [[bench]]
 name = "merkle_path"

primitives/src/constants.rs

@@ -9,12 +9,17 @@
 /// ciphersuite identifier for schnorr signature
 pub const CS_ID_SCHNORR: &str = "SCHNORR_WITH_RESCUE_HASH_v01";
 
-/// ciphersuite identifier for BLS signature
-pub const CS_ID_BLS_SIG_NAIVE: &str = "BLS_SIG_WITH_NAIVE_HtG_v01";
+/// ciphersuite identifier for BLS signature, see:
+/// <https://www.ietf.org/archive/id/draft-irtf-cfrg-bls-signature-05.html#name-ciphersuite-format>
+pub const CS_ID_BLS_MIN_SIG: &str = "BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_RO_NUL_";
 
 /// Size in bytes of a secret key in our BLS signature scheme.
-pub const BLS_SIG_KEY_SIZE: usize = 32;
+pub const BLS_SIG_SK_SIZE: usize = 32;
 /// Size in bytes of a signature in our BLS signature scheme.
 pub const BLS_SIG_SIGNATURE_SIZE: usize = 96;
+/// Size in bytes of a compressed signature in our BLS signature scheme.
+pub const BLS_SIG_COMPRESSED_SIGNATURE_SIZE: usize = 48;
 /// Size in bytes of a verification key in our BLS signature scheme.
-pub const BLS_SIG_VERKEY_SIZE: usize = 192;
+pub const BLS_SIG_PK_SIZE: usize = 192;
+/// Size in bytes of a compressed verification key in our BLS signature scheme.
+pub const BLS_SIG_COMPRESSED_PK_SIZE: usize = 96;

primitives/src/errors.rs

@@ -8,7 +8,11 @@
 
 use crate::rescue::errors::RescueError;
 use ark_serialize::SerializationError;
-use ark_std::string::String;
+use ark_std::{
+    format,
+    string::{String, ToString},
+};
+use blst::BLST_ERROR;
 use displaydoc::Display;
 
 /// A `enum` specifying the possible failure modes of the primitives.
@@ -43,5 +47,16 @@ impl From<SerializationError> for PrimitivesError {
     }
 }
 
-#[cfg(feature = "std")]
-impl std::error::Error for PrimitivesError {}
+impl From<BLST_ERROR> for PrimitivesError {
+    fn from(e: BLST_ERROR) -> Self {
+        match e {
+            BLST_ERROR::BLST_SUCCESS => {
+                Self::InternalError("Expecting an error, but got a sucess.".to_string())
+            },
+            BLST_ERROR::BLST_VERIFY_FAIL => Self::VerificationError(format!("{:?}", e)),
+            _ => Self::ParameterError(format!("{:?}", e)),
+        }
+    }
+}
+
+impl ark_std::error::Error for PrimitivesError {}