diff --git a/benchmarks/bls12381_curve.nim b/benchmarks/bls12381_curve.nim index 86225a2..5f40455 100644 --- a/benchmarks/bls12381_curve.nim +++ b/benchmarks/bls12381_curve.nim @@ -38,7 +38,7 @@ proc benchScalarMultG1*(iters: int) = scalar.blst_scalar_from_bendian(scal) bench("Scalar multiplication G1 (255-bit, constant-time)", iters): - x.blst_p1_mult(x, scalar, 255) + x.blst_p1_mult(x, cast[ptr byte](addr scalar), 255) proc benchScalarMultG2*(iters: int) = when BLS_BACKEND == BLST: @@ -53,7 +53,7 @@ proc benchScalarMultG2*(iters: int) = scalar.blst_scalar_from_bendian(scal) bench("Scalar multiplication G2 (255-bit, constant-time)", iters): - x.blst_p2_mult(x, scalar, 255) + x.blst_p2_mult(x, cast[ptr byte](addr scalar), 255) proc benchECAddG1*(iters: int) = when BLS_BACKEND == BLST: @@ -101,17 +101,20 @@ when BLS_BACKEND == BLST: # Verification let ctx = createU(blst_pairing) # Heap to avoid stack smashing - ctx[].blst_pairing_init( + blst_pairing_init( + cast[ptr blst_opaque](ctx), hash_or_encode = kHash, domainSepTag ) - doAssert BLST_SUCCESS == ctx[].blst_pairing_aggregate_pk_in_g1( + doAssert BLST_SUCCESS == blst_pairing_aggregate_pk_in_g1( + cast[ptr blst_opaque](ctx), PK = pubkey.unsafeAddr, signature = nil, msg, aug = "" ) - doAssert BLST_SUCCESS == ctx[].blst_pairing_aggregate_pk_in_g1( + doAssert BLST_SUCCESS == blst_pairing_aggregate_pk_in_g1( + cast[ptr blst_opaque](ctx), PK = nil, signature = sig.unsafeAddr, msg = "", @@ -122,15 +125,15 @@ when BLS_BACKEND == BLST: let ctxSave = createU(blst_pairing) ctxSave[] = ctx[] - ctx[].blst_pairing_commit() # Miller loop - let valid = ctx[].blst_pairing_finalverify(nil) # Final Exponentiation + blst_pairing_commit(cast[ptr blst_opaque](ctx)) # Miller loop + let valid = blst_pairing_finalverify(cast[ptr blst_opaque](ctx), nil) # Final Exponentiation doAssert bool valid # Pairing: e(Q, xP) == e(R, P) bench("Pairing (Miller loop + Final Exponentiation)", iters): ctx[] = ctxSave[] - ctx[].blst_pairing_commit() # Miller loop - let valid = ctx[].blst_pairing_finalverify(nil) # Final Exponentiation + blst_pairing_commit(cast[ptr blst_opaque](ctx)) # Miller loop + let valid = blst_pairing_finalverify(cast[ptr blst_opaque](ctx), nil) # Final Exponentiation # doAssert bool valid when isMainModule: diff --git a/blscurve/blst/blst_abi.nim b/blscurve/blst/blst_abi.nim index 8923a5d..a436481 100644 --- a/blscurve/blst/blst_abi.nim +++ b/blscurve/blst/blst_abi.nim @@ -84,15 +84,15 @@ type limb_t* = uint64 blst_scalar* {.importc: "blst_scalar", completeStruct, blstheader, byref.} = object l* {.importc: "b".}: array[typeof(256)(typeof(256)(256 / typeof(256)(8))), byte] - blst_fr* {.byref.} = object + blst_fr* {.importc: "blst_fr", completeStruct, blstheader, byref.} = object l*: array[typeof(256)(typeof(256)(256 / typeof(256)(8)) / typeof(256)(sizeof((limb_t)))), limb_t] - blst_fp* {.byref.} = object + blst_fp* {.importc: "blst_fp", blstheader, byref.} = object ## 0 is "real" part, 1 is "imaginary" l*: array[typeof(384)(typeof(384)(384 / typeof(384)(8)) / typeof(384)(sizeof((limb_t)))), limb_t] - blst_fp2* {.byref.} = object + blst_fp2* {.importc: "blst_fp2", blstheader, byref.} = object ## 0 is "real" part, 1 is "imaginary" fp*: array[2, blst_fp] @@ -248,6 +248,7 @@ proc blst_p1_add_or_double*(dst: var blst_p1; a: blst_p1; b: blst_p1) proc blst_p1_add_affine*(dst: var blst_p1; a: blst_p1; b: blst_p1_affine) proc blst_p1_add_or_double_affine*(dst: var blst_p1; a: blst_p1; b: blst_p1_affine) proc blst_p1_double*(dst: var blst_p1; a: blst_p1) +proc blst_p1_mult*(dst: var blst_p1; p: blst_p1; scalar: ptr byte; nbits: uint) proc blst_p1_mult*(dst: var blst_p1; p: blst_p1; scalar: blst_scalar; nbits: uint) proc blst_p1_cneg*(p: var blst_p1; cbit: uint) proc blst_p1_to_affine*(dst: var blst_p1_affine; src: blst_p1) @@ -268,6 +269,7 @@ proc blst_p2_add_or_double*(dst: var blst_p2; a: blst_p2; b: blst_p2) proc blst_p2_add_affine*(dst: var blst_p2; a: blst_p2; b: blst_p2_affine) proc blst_p2_add_or_double_affine*(dst: var blst_p2; a: blst_p2; b: blst_p2_affine) proc blst_p2_double*(dst: var blst_p2; a: blst_p2) +proc blst_p2_mult*(dst: var blst_p2; p: blst_p2; scalar: ptr byte; nbits: csize_t) proc blst_p2_mult*(dst: var blst_p2; p: blst_p2; scalar: blst_scalar; nbits: uint) proc blst_p2_cneg*(p: var blst_p2; cbit: uint) proc blst_p2_to_affine*(dst: var blst_p2_affine; src: blst_p2) @@ -410,6 +412,12 @@ proc blst_pairing_chk_n_mul_n_aggr_pk_in_g2*[T,U: byte|char]( msg: openArray[T]; aug: openArray[U] ): BLST_ERROR +proc blst_pairing_aggregate_pk_in_g1*[T,U: byte|char]( + ctx: ptr blst_opaque; + PK: ptr blst_p1_affine; + signature: ptr blst_p2_affine; + msg: openArray[T]; + aug: openArray[U]): BLST_ERROR proc blst_pairing_aggregate_pk_in_g1*[T,U: byte|char]( ctx: var blst_pairing; PK: ptr blst_p1_affine; @@ -443,6 +451,16 @@ proc blst_pairing_mul_n_aggregate_pk_in_g1*[T,U: byte|char]( msg: openArray[T]; aug: openArray[U] ): BLST_ERROR +proc blst_pairing_chk_n_mul_n_aggr_pk_in_g1*[T,U: byte|char]( + ctx: ptr blst_opaque, + PK: ptr blst_p1_affine, + pk_grpchk: bool, + signature: ptr blst_p2_affine, + sig_grpchk: bool, + scalar: ptr byte, nbits: uint, + msg: openArray[T], + aug: openArray[U] + ): BLST_ERROR proc blst_pairing_chk_n_mul_n_aggr_pk_in_g1*[T,U: byte|char]( ctx: var blst_pairing, PK: ptr blst_p1_affine, @@ -453,6 +471,7 @@ proc blst_pairing_chk_n_mul_n_aggr_pk_in_g1*[T,U: byte|char]( msg: openArray[T], aug: openArray[U] ): BLST_ERROR +proc blst_pairing_merge*(ctx: ptr blst_opaque; ctx1: ptr blst_opaque): BLST_ERROR proc blst_pairing_merge*(ctx: var blst_pairing; ctx1: blst_pairing): BLST_ERROR proc blst_pairing_finalverify*(ctx: var blst_pairing; gtsig: ptr blst_fp12): CTbool proc blst_pairing_finalverify*(ctx: ptr blst_opaque; gtsig: ptr blst_fp12): CTbool diff --git a/blscurve/blst/blst_min_pubkey_sig_core.nim b/blscurve/blst/blst_min_pubkey_sig_core.nim index 0af4a4f..3707ddf 100644 --- a/blscurve/blst/blst_min_pubkey_sig_core.nim +++ b/blscurve/blst/blst_min_pubkey_sig_core.nim @@ -475,7 +475,7 @@ func init*[T: char|byte]( ## each thread is seeded with a different state when ## used in a multithreading context blst_pairing_init( - cast[ptr blst_opaque](addr ctx.c) + cast[ptr blst_opaque](addr ctx.c), hash_or_encode = kHash, ctx.DomainSepTag ) # C1 = 1 (identity element) @@ -543,7 +543,7 @@ func update*[T: char|byte]( pk_grpchk = false, # Already grouped checked signature.point.unsafeAddr, sig_grpchk = false, # Already grouped checked - scalar = blindingScalar, + scalar = cast[ptr byte](addr blindingScalar), nbits = blindingBits, # Use only the first 64 bits for blinding message, aug = "" @@ -564,7 +564,9 @@ func merge*( ## This MUST be preceded by "commit" on each ContextMultiAggregateVerify ## There shouldn't be a use-case where ``ctx_from`` is reused afterwards ## hence it is marked as sink. - return BLST_SUCCESS == ctx_into.c.blst_pairing_merge(ctx_from.c) + return BLST_SUCCESS == blst_pairing_merge( + cast[ptr blst_opaque](addr ctx_into.c), + cast[ptr blst_opaque](unsafeAddr ctx_from.c)) {.pop.} # stacktraces and checks off diff --git a/blscurve/blst/blst_recovery.nim b/blscurve/blst/blst_recovery.nim index 4abb06c..7ff51c0 100644 --- a/blscurve/blst/blst_recovery.nim +++ b/blscurve/blst/blst_recovery.nim @@ -39,10 +39,12 @@ func `+`(a: blst_fr, b: blst_fr): blst_fr = result.blst_fr_add(a, b) func `*=`(a: var blst_p2; s: blst_fr) = - a.blst_p2_mult(a, s.toScalar(), 255) + let scalar = s.toScalar() + a.blst_p2_mult(a, cast[ptr byte](unsafeAddr scalar), 255) func `*`(a: blst_p2; s: blst_fr): blst_p2= - result.blst_p2_mult(a, s.toScalar(), 255) + let scalar = s.toScalar() + result.blst_p2_mult(a, cast[ptr byte](unsafeAddr scalar), 255) func `+=`(a: var blst_p2; b: blst_p2) = a.blst_p2_add(a, b)