-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IF: Ensure all serialization of g1/g2 uses serialization form #2334
Comments
heifner
added a commit
that referenced
this issue
Mar 26, 2024
heifner
added a commit
that referenced
this issue
Mar 26, 2024
heifner
added a commit
that referenced
this issue
Mar 26, 2024
…ignature to be affine non-montgomery little-endian
heifner
added a commit
that referenced
this issue
Mar 27, 2024
heifner
added a commit
that referenced
this issue
Mar 27, 2024
heifner
added a commit
that referenced
this issue
Mar 27, 2024
heifner
added a commit
that referenced
this issue
Mar 28, 2024
heifner
added a commit
that referenced
this issue
Mar 28, 2024
IF: Change bls_public_key & bls_signature serialization
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Serialization form is defined to be:
All network messages that use the serialized form of g1/g2.
All files written to disk should used the serialized form of g1/g2.
Logs will need to use the base64url encoding of the serialized form of the g1/g2 logged.
The
bls_public_key
andbls_signature
should be updated to store the binary data for the serialized form. That waypack
andunpack
can automatically serialize the data in the correct form. When constructing abls_public_key
(orbls_signature
) either using a constructor that takesg1
(org2
) or whenunpack
ing (in which case this code should be inreflector_init
), the class must validate the serialized data and construct theg1
(org2
) as a cached private field in the class. Thatg1
(org2
) should be in Montgomery Jacobian little-endian form so that it can be used efficiently in BLS math.Keeping the serialized data in
bls_public_key
andbls_signature
allows for quickly writing out the serialized form when needed, e.g. in a vote message or in a QC attached to the block, and it also allows for relatively fast conversion to the base64url encoding for logging purposes.There are some places in ephemeral memory where it makes sense to store the
g1
(org2
) directly rather than storebls_public_key
(orbls_signature
).One case is when a temporary value is being mutated in a function for some use in the function to then be thrown away. For example, computing the
g1
aggregation of the public keys of the finalizers who are indicated as participating in a QC which is used to validate the aggregatedg2
signature. In that case, theg2
can be pulled from the cache of thebls_signature
recovered from the valid QC attached to the block. But there is no need to build up abls_public_key
as the accumulator when aggregating over the participating finalizers since that would require converting to serialized form for each addition, which is expensive.Another case is when storing the aggregated signature
g2
in the pending QC within ablock_state
. For similar reasons as above, it is more efficient to store this as a rawg2
rather than as abls_signature
. However, when choosing the best QC to include in a new block that is pulled from the pending QC, that accumulating rawg2
must first be used to construct abls_signature
and store that as the valid QC in theblock_state
. Then that constructedbls_signature
, which already has the serialized form within it, can be used to quickly create the QC that is attached to the block in a block extension.The text was updated successfully, but these errors were encountered: