Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SecretKey -> PublicKey preconditions docs + fixes. #115

Merged
merged 5 commits into from
Jul 3, 2021
+82 −4
Merged

SecretKey -> PublicKey preconditions docs + fixes. #115

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a248885
Add test to confirm that the SecretKey type implies < curve order (ht…
mratsim Jul 3, 2021
408220c
fix MIRACL backend
mratsim Jul 3, 2021
794e1f1
[Doc] clarify that `SecretKey` type are always instantiated < BLS12-3…
mratsim Jul 3, 2021
9b7366c
Document the SecretKey -> PublicKey validation flow and guarantees. h…
mratsim Jul 3, 2021
6a4c55f
typo
mratsim Jul 3, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
[Doc] clarify that SecretKey type are always instantiated < BLS12-3… 
…81 curve order.
@mratsim
mratsim committed Jul 3, 2021
commit 794e1f10213638364627bfd8735a81b2da0626ba
9 changes: 9 additions & 0 deletions blscurve/blst/blst_min_pubkey_sig_core.nim
View file
Original file line number Diff line number Diff line change
@@ -60,6 +60,10 @@ type
## Long-term storage of this key also requires adequate protection.
##
## At the moment, the nim-blscurve library does not guarantee such protections
##
## Guarantees:
## - SecretKeys are always created (via hkdf_mod_r) or deserialized (via `fromBytes`)
## so that SK < BLS12-381 curve order.
scalar: blst_scalar

PublicKey* = object
@@ -124,6 +128,11 @@ func publicFromSecret*(pubkey: var PublicKey, seckey: SecretKey): bool =
## This requires some -O3 compiler optimizations to be off
## as such {.passC: "-fno-tree-vectorize".}
## is automatically added to the compiler flags in blst_lowlevel
##
## Assumptions:
## - On creation or deserialization of the `SecretKey` type
## there was a check to ensure that SK < CurveOrder.
## see `fromBytes` and `blst_sk_check`
if seckey.vec_is_zero():
return false
var pk {.noInit.}: blst_p1
12 changes: 10 additions & 2 deletions blscurve/miracl/miracl_min_pubkey_sig_core.nim
View file
Original file line number Diff line number Diff line change
@@ -60,6 +60,10 @@ type
## Long-term storage of this key also requires adequate protection.
##
## At the moment, the nim-blscurve library does not guarantee such protections
##
## Guarantees:
## - SecretKeys are always created (via hkdf_mod_r) or deserialized (via `fromBytes`)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can probably slap a requiresInit on it to catch any zero-initialized stragglers

## so that SK < BLS12-381 curve order
intVal: BIG_384

PublicKey* = object
@@ -116,13 +120,17 @@ func publicFromSecret*(pubkey: var PublicKey, seckey: SecretKey): bool =
## Side-channel/Constant-time considerations:
## The SK content is not revealed unless its value
## is exactly 0
##
## Assumptions:
## - On creation or deserialization of the `SecretKey` type
## there was a check to ensure that SK < CurveOrder.
## see `fromBytes`/`fromHex`.
#
# Procedure:
# 1. xP = SK * P
# 2. PK = point_to_pubkey(xP)
# 3. return PK


#
# Always != 0:
# keyGen, deriveChild_secretKey, fromHex, fromBytes guarantee that.
if seckey.intVal.isZilch():