BLS12-381 bindings

[tdammers]

Implements #302

[iquerejeta]

That's great! 👍

However, as you'll see in the comments below, we should change a few things. The main points are the following:

• We should remove the pairing check (and by consequence the two_miller_one_exp)
• We should change the definition of "equal elements" for GT elements
• We should check points are in the group before computing the miller loop

In a nutshell we will be doing the optimization we did in pairing_check for all operations between GT elements. i.e. we are generalizing it so that, instead of only applying the optimization when checking equality of two pairing evaluations, we can apply the optimization to an arbitrary number of pairing evaluations. Therefore, we only compute the miller loop when "computing the pairing", and when we check for equality, we do the finalcheck, which handles the final exponentiation.

To this end we should include the following test with three pairings to the library:

        (BLS.pairing (BLS.mult p a, q) * BLS.pairing (p, BLS.mult q b))
        ==
        BLS.pairing(BLS.mult p (a + b), q)

[jmhrpr]

Comments on function naming for add vs add_or_double

[arthurgreef]

Hi @tdammers, can we get an update on the PR? Also, is there a branch that exposes these bindings to dapps via Plutus?

[iquerejeta]

Hi @arthurgreef . This PR is still in draft, as we are waiting for benchmarks to determine whether these primitives will be usable in practice (due to the execution budget). The use-case we are currently considering is that of ATMS signatures. What are you planning on using them for?
And regarding your question, there is no branch that exposes these bindings via Plutus yet, and that most probably won't happen until we have not concluded that they can be used in practice.

btw, did you manage to solve the problem with nix you had?

[arthurgreef]

Hi @iquerejeta I still have the problem with nix-shell.

cardano-base$ nix-shell
trace: Not using IOHK default nixpkgs (use 'niv drop nixpkgs' to use default for better sharing)
building '/nix/store/mli2m3sw8jkc15pgjmxagjqxxw5rii45-git-ls-files.drv'...
error: The Nixpkgs package set does not contain the package: blst (system dependency).
       You may need to augment the system package mapping in haskell.nix so that it can be found.
(use '--show-trace' to show detailed location information)

[arthurgreef]

Hi @iquerejeta my use case is DKG.
Here is the paper. https://eprint.iacr.org/2019/985.pdf
Here is the ETH smart contract I wanted to convert to Plutus. https://github.com/PhilippSchindler/EthDKG/blob/master/contracts/ETHDKG.sol

[iquerejeta]

Thanks @arthurgreef . I will try to look into the nix issue soon (we've been building it directly with cabal so far). And regarding DKG, that's cool. And the intention of using pairing friendly curve is because you want to generate a key for a pairing friendly primitive? or simply because BLS curve is what is closer to be available in Plutus?

[arthurgreef]

@iquerejeta we need BLS12-381 so that organizations can issue verifiable credentials using signatures that comply with the BBS+ selective disclosure protocol. https://w3c-ccg.github.io/ldp-bbs2020/

[arthurgreef]

Hi @iquerejeta - we are need BLS12-381 for organizations that sign verifiable credentials compliant with BBS+ https://w3c-ccg.github.io/ldp-bbs2020/

[jhofp]

Hi @tdammers , thanks for all the great works from you and your team on bring BLS12-381 to Plutus.
Is there any timeline that i could expect for this to be on Plutus? thanks!

[iquerejeta]

@arthurgreef you should be able to make it work with nix. Let me know if that is not the case.

[iquerejeta]

@arthurgreef , nix should work now. If that's not the case, please let me know.

[arthurgreef]

nix-shell works for me now. thank you.