BM-17: Add basic functianalities of bls crypto

[gitferry]

Fixes https://babylon-chain.atlassian.net/browse/BM-17

This PR adds a wrapper of blst's go binding: https://github.com/supranational/blst/tree/1bd5899e4af46375d58fdfcb21c5ccf74181a35c/bindings/go

It implements basic functionalities around bls crypto as follows:

• GenerateBlsKeyPair
• SignMsg
• VerifyBlsSig
• AggregateBlsSigs
• AggregateBlsPubKeys
• VerifyBlsMultiSig

[SebastianElvis]

Great work! Two quick comments:

1. Perhaps we need to ignore .idea/ stuff
2. Can we have shorter API names such as Gen, Sign, Verify, AggSigs, AggPKs, and VerifyMulti?
3. Since we have VerifyBlsMultiSig and do not invoke AggregateBlsPubKeys from outsides, can we make AggregateBlsPubKeys a private function (eg something like aggregateBlsPubKeys)?

[gitferry]

Great work! Two quick comments:

1. Perhaps we need to ignore .idea/ stuff
2. Can we have shorter API names such as Gen, Sign, Verify, AggSigs, AggPKs, and VerifyMulti?
3. Since we have VerifyBlsMultiSig and do not invoke AggregateBlsPubKeys from outsides, can we make AggregateBlsPubKeys a private function (eg something like aggregateBlsPubKeys)?

Thanks, @SebastianElvis! Re

1. Absolutely! Nice catch.
2. I'm not sure shorter API name is better since it may confuse with other crypto APIs that we might use in the future.
3. Actually, we might use AggregateBlsPubKeys to cache aggregated pubkeys or to shorten the pubkey size. This API can also be used along with VerifyBlsSig. This is because, with an aggregated bls sig and an aggregated pub key, the verification of the sig is no different from the verification of an individual bls sig.

[SebastianElvis]

• I'm not sure shorter API name is better since it may confuse with other crypto APIs that we might use in the future.

When we use these APIs we need to write stuff like bls.Sign anyway. I don't have strong objection in this though.

[gitferry]

• I'm not sure shorter API name is better since it may confuse with other crypto APIs that we might use in the future.

When we use these APIs we need to write stuff like bls.Sign anyway. I don't have strong objection in this though.

Ah, you are right. Let's hear opinions from others.

[aakoshh]

Regarding naming, here's some advice: https://go.dev/doc/effective_go#names

As I understand you always evoke functions through the package name, so in this case it would be bls_multisig.AggregateBlsPubKeys. I reckon there's no need to have "BLS" twice in there, bls.AggrPubKeys would be enough, so I would remove Bls from all methods (SignMsg didn't have it anyway).

I don't know if it should be bls_multisig or bls; the former is a bit long, but it can always be renamed during import.
Also don't mind Generate or Gen - I think both Gen and Aggr are easy to recognise.

[aakoshh]

Shouldn't dst be the name of the return value? I can't see how this works.

[gitferry]

It is the Domain Separation Tag for signatures on G1 (minimal-signature-size). See https://github.com/apache/incubator-milagro-crypto-rust/blob/develop/src/bls381/basic.rs.

[aakoshh]

It might help to have a struct to wrap the compressed public key, to track the type later.

[aakoshh]

Wrapping signatures and public keys could help make sure we're not mixing them up.

[aakoshh]

So it would be something like

type Signature []byte 
type PublicKey []byte 

func VerifySig(sig Signature, pk PublicKey, msg []byte) bool

[aakoshh]

Would it make sense to differentiate a type Sig []byte from a type MultiSig []byte ? Same for the public key types?

[aakoshh]

Can it be used to add individual signatures to an already aggregated signature? It should, right?

[gitferry]

Can it be used to add individual signatures to an already aggregated signature? It should, right?

Yes. Do I need to add a function like AggrSig(existingSig Signature, newSig Signature)? I think it relates to our previous discussion about accumulating options, right?

[gitferry]

Would it make sense to differentiate a type Sig []byte from a type MultiSig []byte ? Same for the public key types?

Would it be better if MultiSig and Sig are both represented as type Signature []byte? They are essentially points on a curve. Also, we can use Verify() to verify both a single bls sig or an aggregated bls sig.

[aakoshh]

Can this aggregate an already aggregated key plus a non-aggregated key?

[gitferry]

@aakoshh Yes, a public key and a sig are essentially points on the curve. Do I need to add a function like AggrPK(existingPK PublicKey, newPK PublicKey)?

[gitferry]

@SebastianElvis @aakoshh, thanks for your review. I changed the API names to a shorter version and added a wrapper for the signature and public key. Please review it again. Thanks!

[SebastianElvis]

Suggested change

	func (sig Signature) ToByte() []byte {
	func (sig Signature) Bytes() []byte {

[SebastianElvis]

This seems to be more consistent with existing Go functions like String(). Not strong objection though.

[gitferry]

Agreed. Thanks!

[SebastianElvis]

Suggested change

	func (pk PublicKey) ToByte() []byte {
	func (pk PublicKey) Bytes() []byte {

[SebastianElvis]

LGTM except for the above two minor comments without strong objection.

[vitsalis]

Nice work! Some minor comments:

[vitsalis]

Suggested change

	func GeneKeyPair(seed []byte) (*blst.SecretKey, PublicKey) {
	func GenKeyPair(seed []byte) (*blst.SecretKey, PublicKey) {

[gitferry]

Nice catch! Thanks.

[vitsalis]

Maybe it would be better if an error was returned.

[vitsalis]

or an explanation why we are returning a boolean value.

[gitferry]

Agreed. Thanks!

[vitsalis]

Maybe an error is appropriate here as well.

[vitsalis]

Can this be a constant? Also, upper case letters might separate the confusion from the common variable name dst referring to destination.

[gitferry]

Nice point. Thanks!

I just found that we may not be able to have this as a constant because Go does not support const array. See https://stackoverflow.com/questions/13137463/declare-a-constant-array

[gitferry]

@SebastianElvis @vitsalis Thanks for your comments. I added error return and addressed naming issues.

[vitsalis]

Thanks for resolving! Some extra very minor comments mostly related to capitalization of BLS across the codebase.

[gitferry]

Thanks @vitsalis for the follow-up comments. I capitalized "bls" in comments but when I changed DST to const, an error occurred. Please see it in the reply. Thanks!

[vitsalis]

Thanks for the changes! LGTM 🚀

[aakoshh]

@gitferry when you merge a PR, please use the "Squash" functionality of Github so main ends up with one commit for your whole PR.

Look, your individual commits are all visible in the main history, versus the other PRs that have a nice commit message pointing at the PR

It's this button you want to click, you can switch to it with the drop down: