Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Example - Centralized Telescope with BLS Signatures #114

Open
wants to merge 38 commits into
base: main
Choose a base branch
from

Conversation

curiecrypt
Copy link
Collaborator

@curiecrypt curiecrypt commented Dec 18, 2024

Content

This PR aims to provide a use case of the centralized_telescope scheme.

It includes a threshold signature scheme to be used to create a centralized telescope proof.

  • /examples is to directory to store examples we implement for the implemented schemes.
  • /examples/thresholdsignature: A basic functionality for the threshold signature scheme is implemented.
    • /examples/thresholdsignature/signer: A signer candidate is created. The candidate creates a signer after registration. A registered signer can generate a signature by signing the hash of the check sum of the closed registration and the message.
    • /examples/thresholdsignature/registration: Key registration is done by using a simple hash map. Registration is closed by generating the checksum of the registered keys.
    • /examples/thresholdsignature/signature: An individual signature is verified if its signer is registered. Furthermore, a valid individual signature can be converted to an element of the prover_set by hashing it.
    • /examples/thresholdsignature/ aggregate: Creates an aggregate signature by validating given individual signatures. It also creates the prover_set by converting all valid signatures to elements.
  • /examples/centralized_telescope.rs is the use case example for the centralized telescope.
    • The struct AlbaThresholdProof stores the aggregate signature and the Alba proof.
    • The proof is generated by first aggregating the individual signatures. The aggregate signature (the valid ones in it) is used to create the prover_set.
    • AlbaThresholdProof is verified by first verifying the aggregate signature. If all checks are passed, the Alba proof is verified.

The threshold signature scheme implemented for the centralized telescope can also be used for the latter Alba settings that we implement.

Pre-submit checklist

  • Branch
    • Commit sequence broadly makes sense
    • Key commits have useful messages
  • PR
    • No clippy warnings in the CI
    • Self-reviewed the diff
    • Useful pull request description
    • Reviewer requested

Comments

Only the working scheme is tested.
The cases where the threshold signature generation/verification fails could also be tested if needed.

Issue(s)

Closes #78

@curiecrypt curiecrypt marked this pull request as ready for review December 23, 2024 20:09
return false;
}

for sig in self.aggregate.valid_signatures.clone() {
Copy link
Collaborator

@djetchev djetchev Dec 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since you are not modifying the valid_signatures during iteration, it is more efficient and more idiomatic to use iter() instead of clone(), that is

if !self.aggregate.valid_signatures
    .iter()
    .all(|sig| sig.verify::<N>(&commitment, closed_registration))
{
    return false;
}

This way, you are avoiding unnecessary cloning (better memory efficiency).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since all these signatures are BLS signatures you could batch verify them!

You could implement this in aggregate.rs using blst's function

pub fn aggregate_verify(
                &self,
                sig_groupcheck: bool,
                msgs: &[&[u8]],
                dst: &[u8],
                pks: &[&PublicKey],
                pks_validate: bool,
            ) -> BLST_ERROR 

Copy link
Collaborator

@rrtoledo rrtoledo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work!

Some suggestions here and there to simplify the code (usnig type alias instead of struct, merging impl block potentially...) and make it more efficient (not using maps but sets, batching the verification).

I think the example would improve in clarity if you rename the folder "threshold_signature" "aggregate_signature" as we are only using these signature list (from registered signers) to create a threshold signature in centralized_telescope.rs. Perhaps renaming centralized_telescope.rs "centralized_threshold.rs" also?

examples/centralized_telescope.rs Outdated Show resolved Hide resolved
examples/centralized_telescope.rs Outdated Show resolved Hide resolved
examples/centralized_telescope.rs Outdated Show resolved Hide resolved
examples/centralized_telescope.rs Outdated Show resolved Hide resolved
examples/threshold_signature/aggregate.rs Outdated Show resolved Hide resolved
examples/threshold_signature/aggregate.rs Outdated Show resolved Hide resolved
examples/centralized_telescope.rs Outdated Show resolved Hide resolved
return false;
}

for sig in self.aggregate.valid_signatures.clone() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since all these signatures are BLS signatures you could batch verify them!

You could implement this in aggregate.rs using blst's function

pub fn aggregate_verify(
                &self,
                sig_groupcheck: bool,
                msgs: &[&[u8]],
                dst: &[u8],
                pks: &[&PublicKey],
                pks_validate: bool,
            ) -> BLST_ERROR 

examples/threshold_signature/signature.rs Outdated Show resolved Hide resolved
examples/threshold_signature/registration.rs Outdated Show resolved Hide resolved
@tolikzinovyev
Copy link
Member

Thanks for working on this @curiecrypt! Do you need my review or @rrtoledo and @djetchev will be enough?

Copy link
Member

@tolikzinovyev tolikzinovyev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this example is heavily inspired by Mithril which nice. The problem is, it is too advanced. I spent 30 minutes looking at it and I still don't have a good understanding. For people not familiar with alba, this would be even more difficult.

Some of the things that make it complicated are registration and commitments. I know it would be a big overhaul, but I think we could consider something simpler for the demo example. One idea is to implement a multisignature scheme defined in alba-definitions.pdf that I shared yesterday on slack, Definition 3. There is no registration or commitments there and we would just implement four functions: KeyGen, Sign, Aggregate, Verify. Such an implementation would be under 100 lines of code.

What do you think?

@tolikzinovyev
Copy link
Member

Also, I definitely support changing the element size to 48 bytes to fit the signature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Example - Threshold signature
4 participants