diff --git a/go.mod b/go.mod index d1de4067c..0972ae9e9 100644 --- a/go.mod +++ b/go.mod @@ -4,13 +4,13 @@ go 1.18 require ( github.com/cloudflare/circl v1.3.7 - github.com/drand/kyber-bls12381 v0.2.5 - github.com/jonboulle/clockwork v0.3.0 - github.com/stretchr/testify v1.8.2 + github.com/drand/kyber-bls12381 v0.3.1 + github.com/jonboulle/clockwork v0.4.0 + github.com/stretchr/testify v1.9.0 go.dedis.ch/fixbuf v1.0.3 go.dedis.ch/protobuf v1.0.11 - golang.org/x/crypto v0.17.0 - golang.org/x/sys v0.15.0 + golang.org/x/crypto v0.21.0 + golang.org/x/sys v0.18.0 ) require ( diff --git a/go.sum b/go.sum index 65ddd42ca..f46d2e94b 100644 --- a/go.sum +++ b/go.sum @@ -3,22 +3,18 @@ github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBS github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/drand/kyber-bls12381 v0.2.5 h1:4ugiCmXQsvgAuylSk929rK49WGFxCxT/7ArH2vw6Tlg= -github.com/drand/kyber-bls12381 v0.2.5/go.mod h1:8fm2tmRaAdYRGMTh5tjF7qrGHywC+rmM5hrUFL+9fCI= -github.com/jonboulle/clockwork v0.3.0 h1:9BSCMi8C+0qdApAp4auwX0RkLGUjs956h0EkuQymUhg= -github.com/jonboulle/clockwork v0.3.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= +github.com/drand/kyber-bls12381 v0.3.1 h1:KWb8l/zYTP5yrvKTgvhOrk2eNPscbMiUOIeWBnmUxGo= +github.com/drand/kyber-bls12381 v0.3.1/go.mod h1:H4y9bLPu7KZA/1efDg+jtJ7emKx+ro3PU7/jWUVt140= +github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= +github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= github.com/kilic/bls12-381 v0.1.0 h1:encrdjqKMEvabVQ7qYOKu1OvhqpK4s47wDYtNiPtlp4= github.com/kilic/bls12-381 v0.1.0/go.mod h1:vDTTHJONJ6G+P2R74EhnyotQDTliQDnFEwhdmfzw1ig= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= go.dedis.ch/fixbuf v1.0.3 h1:hGcV9Cd/znUxlusJ64eAlExS+5cJDIyTyEG+otu5wQs= go.dedis.ch/fixbuf v1.0.3/go.mod h1:yzJMt34Wa5xD37V5RTdmp38cz3QhMagdGoem9anUalw= go.dedis.ch/kyber/v3 v3.0.4/go.mod h1:OzvaEnPvKlyrWyp3kGXlFdp7ap1VC6RkZDTaPikqhsQ= @@ -29,14 +25,13 @@ go.dedis.ch/protobuf v1.0.7/go.mod h1:pv5ysfkDX/EawiPqcW3ikOxsL5t+BqnV6xHSmE79KI go.dedis.ch/protobuf v1.0.11 h1:FTYVIEzY/bfl37lu3pR4lIj+F9Vp1jE8oh91VmxKgLo= go.dedis.ch/protobuf v1.0.11/go.mod h1:97QR256dnkimeNdfmURz0wAMNVbd1VmLXhG1CrTYrJ4= golang.org/x/crypto v0.0.0-20190123085648-057139ce5d2b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/sign/bdn/bdn.go b/sign/bdn/bdn.go index e6d2bb3ec..4b1ab1b9c 100644 --- a/sign/bdn/bdn.go +++ b/sign/bdn/bdn.go @@ -67,29 +67,68 @@ func hashPointToR(pubs []kyber.Point) ([]kyber.Scalar, error) { return coefs, nil } +type Scheme struct { + blsScheme sign.AggregatableScheme + sigGroup kyber.Group + keyGroup kyber.Group + pairing func(signature, public, hashedPoint kyber.Point) bool +} + +// NewSchemeOnG1 returns a sign.Scheme that uses G1 for its signature space and G2 +// for its public keys +func NewSchemeOnG1(suite pairing.Suite) *Scheme { + sigGroup := suite.G1() + keyGroup := suite.G2() + pairing := func(public, hashedMsg, sigPoint kyber.Point) bool { + return suite.ValidatePairing(hashedMsg, public, sigPoint, keyGroup.Point().Base()) + } + return &Scheme{ + blsScheme: bls.NewSchemeOnG1(suite), + sigGroup: sigGroup, + keyGroup: keyGroup, + pairing: pairing, + } +} + +// NewSchemeOnG2 returns a sign.Scheme that uses G2 for its signature space and +// G1 for its public key +func NewSchemeOnG2(suite pairing.Suite) *Scheme { + sigGroup := suite.G2() + keyGroup := suite.G1() + pairing := func(public, hashedMsg, sigPoint kyber.Point) bool { + return suite.ValidatePairing(public, hashedMsg, keyGroup.Point().Base(), sigPoint) + } + return &Scheme{ + blsScheme: bls.NewSchemeOnG2(suite), + sigGroup: sigGroup, + keyGroup: keyGroup, + pairing: pairing, + } +} + // NewKeyPair creates a new BLS signing key pair. The private key x is a scalar -// and the public key X is a point on curve G2. -func NewKeyPair(suite pairing.Suite, random cipher.Stream) (kyber.Scalar, kyber.Point) { - return bls.NewSchemeOnG1(suite).NewKeyPair(random) +// and the public key X is a point on the scheme's key group. +func (scheme *Scheme) NewKeyPair(random cipher.Stream) (kyber.Scalar, kyber.Point) { + return scheme.blsScheme.NewKeyPair(random) } // Sign creates a BLS signature S = x * H(m) on a message m using the private -// key x. The signature S is a point on curve G1. -func Sign(suite pairing.Suite, x kyber.Scalar, msg []byte) ([]byte, error) { - return bls.NewSchemeOnG1(suite).Sign(x, msg) +// key x. The signature S is a point on the scheme's signature group. +func (scheme *Scheme) Sign(x kyber.Scalar, msg []byte) ([]byte, error) { + return scheme.blsScheme.Sign(x, msg) } // Verify checks the given BLS signature S on the message m using the public // key X by verifying that the equality e(H(m), X) == e(H(m), x*B2) == // e(x*H(m), B2) == e(S, B2) holds where e is the pairing operation and B2 is -// the base point from curve G2. -func Verify(suite pairing.Suite, x kyber.Point, msg, sig []byte) error { - return bls.NewSchemeOnG1(suite).Verify(x, msg, sig) +// the base point from the scheme's key group. +func (scheme *Scheme) Verify(x kyber.Point, msg, sig []byte) error { + return scheme.blsScheme.Verify(x, msg, sig) } // AggregateSignatures aggregates the signatures using a coefficient for each -// one of them where c = H(pk) and H: G2 -> R with R = {1, ..., 2^128} -func AggregateSignatures(suite pairing.Suite, sigs [][]byte, mask *sign.Mask) (kyber.Point, error) { +// one of them where c = H(pk) and H: keyGroup -> R with R = {1, ..., 2^128} +func (scheme *Scheme) AggregateSignatures(sigs [][]byte, mask *sign.Mask) (kyber.Point, error) { if len(sigs) != mask.CountEnabled() { return nil, errors.New("length of signatures and public keys must match") } @@ -99,7 +138,7 @@ func AggregateSignatures(suite pairing.Suite, sigs [][]byte, mask *sign.Mask) (k return nil, err } - agg := suite.G1().Point() + agg := scheme.sigGroup.Point() for i, buf := range sigs { peerIndex := mask.IndexOfNthEnabled(i) if peerIndex < 0 { @@ -108,7 +147,7 @@ func AggregateSignatures(suite pairing.Suite, sigs [][]byte, mask *sign.Mask) (k return nil, errors.New("couldn't find the index") } - sig := suite.G1().Point() + sig := scheme.sigGroup.Point() err = sig.UnmarshalBinary(buf) if err != nil { return nil, err @@ -125,14 +164,14 @@ func AggregateSignatures(suite pairing.Suite, sigs [][]byte, mask *sign.Mask) (k // AggregatePublicKeys aggregates a set of public keys (similarly to // AggregateSignatures for signatures) using the hash function -// H: G2 -> R with R = {1, ..., 2^128}. -func AggregatePublicKeys(suite pairing.Suite, mask *sign.Mask) (kyber.Point, error) { +// H: keyGroup -> R with R = {1, ..., 2^128}. +func (scheme *Scheme) AggregatePublicKeys(mask *sign.Mask) (kyber.Point, error) { coefs, err := hashPointToR(mask.Publics()) if err != nil { return nil, err } - agg := suite.G2().Point() + agg := scheme.keyGroup.Point() for i := 0; i < mask.CountEnabled(); i++ { peerIndex := mask.IndexOfNthEnabled(i) if peerIndex < 0 { @@ -149,3 +188,43 @@ func AggregatePublicKeys(suite pairing.Suite, mask *sign.Mask) (kyber.Point, err return agg, nil } + +// v1 API Deprecated ---------------------------------- + +// NewKeyPair creates a new BLS signing key pair. The private key x is a scalar +// and the public key X is a point on curve G2. +// Deprecated: use the new scheme methods instead. +func NewKeyPair(suite pairing.Suite, random cipher.Stream) (kyber.Scalar, kyber.Point) { + return NewSchemeOnG1(suite).NewKeyPair(random) +} + +// Sign creates a BLS signature S = x * H(m) on a message m using the private +// key x. The signature S is a point on curve G1. +// Deprecated: use the new scheme methods instead. +func Sign(suite pairing.Suite, x kyber.Scalar, msg []byte) ([]byte, error) { + return NewSchemeOnG1(suite).Sign(x, msg) +} + +// Verify checks the given BLS signature S on the message m using the public +// key X by verifying that the equality e(H(m), X) == e(H(m), x*B2) == +// e(x*H(m), B2) == e(S, B2) holds where e is the pairing operation and B2 is +// the base point from curve G2. +// Deprecated: use the new scheme methods instead. +func Verify(suite pairing.Suite, x kyber.Point, msg, sig []byte) error { + return NewSchemeOnG1(suite).Verify(x, msg, sig) +} + +// AggregateSignatures aggregates the signatures using a coefficient for each +// one of them where c = H(pk) and H: G2 -> R with R = {1, ..., 2^128} +// Deprecated: use the new scheme methods instead. +func AggregateSignatures(suite pairing.Suite, sigs [][]byte, mask *sign.Mask) (kyber.Point, error) { + return NewSchemeOnG1(suite).AggregateSignatures(sigs, mask) +} + +// AggregatePublicKeys aggregates a set of public keys (similarly to +// AggregateSignatures for signatures) using the hash function +// H: G2 -> R with R = {1, ..., 2^128}. +// Deprecated: use the new scheme methods instead. +func AggregatePublicKeys(suite pairing.Suite, mask *sign.Mask) (kyber.Point, error) { + return NewSchemeOnG1(suite).AggregatePublicKeys(mask) +} diff --git a/sign/bdn/bdn_test.go b/sign/bdn/bdn_test.go index e30bb853e..db80d4706 100644 --- a/sign/bdn/bdn_test.go +++ b/sign/bdn/bdn_test.go @@ -5,19 +5,21 @@ import ( "testing" "github.com/drand/kyber" + bls12381 "github.com/drand/kyber-bls12381" + "github.com/drand/kyber/pairing" "github.com/drand/kyber/pairing/bn256" "github.com/drand/kyber/sign" - "github.com/drand/kyber/sign/bls" "github.com/drand/kyber/util/random" "github.com/stretchr/testify/require" ) -var suite = bn256.NewSuiteBn256() -var two = suite.Scalar().Add(suite.Scalar().One(), suite.Scalar().One()) -var three = suite.Scalar().Add(two, suite.Scalar().One()) - // Reference test for other languages func TestBDN_HashPointToR_BN256(t *testing.T) { + suite := bn256.NewSuiteBn256() + schemeOnG1 := NewSchemeOnG1(suite) + two := suite.Scalar().Add(suite.Scalar().One(), suite.Scalar().One()) + three := suite.Scalar().Add(two, suite.Scalar().One()) + p1 := suite.Point().Base() p2 := suite.Point().Mul(two, suite.Point().Base()) p3 := suite.Point().Mul(three, suite.Point().Base()) @@ -35,7 +37,7 @@ func TestBDN_HashPointToR_BN256(t *testing.T) { mask.SetBit(1, true) mask.SetBit(2, true) - agg, err := AggregatePublicKeys(suite, mask) + agg, err := schemeOnG1.AggregatePublicKeys(mask) require.NoError(t, err) buf, err := agg.MarshalBinary() @@ -44,72 +46,96 @@ func TestBDN_HashPointToR_BN256(t *testing.T) { require.Equal(t, ref, fmt.Sprintf("%x", buf)) } -func TestBDN_AggregateSignatures(t *testing.T) { +var testsOnSchemes = []struct { + name string + test func(t *testing.T, suite pairing.Suite, scheme *Scheme) +}{ + {"aggregateSignatures", aggregateSignatures}, + {"subsetSignature", subsetSignature}, + {"rogueAttack", rogueAttack}, +} + +func TestBDN(t *testing.T) { + run := func(name string, suite pairing.Suite, schemeGen func(pairing.Suite) *Scheme) { + for _, ts := range testsOnSchemes { + t.Run(name+"/"+ts.name, func(t *testing.T) { + ts.test(t, suite, schemeGen(suite)) + }) + } + } + + run("bn256/G1", bn256.NewSuite(), NewSchemeOnG1) + //run("bn256/G2", bn256.NewSuite(), NewSchemeOnG2) // G2 does not support hash to point https://github.com/dedis/kyber/pull/428 + run("bls12/G1", bls12381.NewBLS12381Suite(), NewSchemeOnG1) + run("bls12/G2", bls12381.NewBLS12381Suite(), NewSchemeOnG2) + +} + +func aggregateSignatures(t *testing.T, suite pairing.Suite, scheme *Scheme) { msg := []byte("Hello Boneh-Lynn-Shacham") - suite := bn256.NewSuite() - private1, public1 := NewKeyPair(suite, random.New()) - private2, public2 := NewKeyPair(suite, random.New()) - sig1, err := Sign(suite, private1, msg) + private1, public1 := scheme.NewKeyPair(random.New()) + private2, public2 := scheme.NewKeyPair(random.New()) + sig1, err := scheme.Sign(private1, msg) require.NoError(t, err) - sig2, err := Sign(suite, private2, msg) + sig2, err := scheme.Sign(private2, msg) require.NoError(t, err) mask, _ := sign.NewMask(suite, []kyber.Point{public1, public2}, nil) mask.SetBit(0, true) mask.SetBit(1, true) - _, err = AggregateSignatures(suite, [][]byte{sig1}, mask) + _, err = scheme.AggregateSignatures([][]byte{sig1}, mask) require.Error(t, err) - aggregatedSig, err := AggregateSignatures(suite, [][]byte{sig1, sig2}, mask) + aggregatedSig, err := scheme.AggregateSignatures([][]byte{sig1, sig2}, mask) require.NoError(t, err) - aggregatedKey, err := AggregatePublicKeys(suite, mask) + aggregatedKey, err := scheme.AggregatePublicKeys(mask) + require.NoError(t, err) sig, err := aggregatedSig.MarshalBinary() require.NoError(t, err) - err = Verify(suite, aggregatedKey, msg, sig) + err = scheme.Verify(aggregatedKey, msg, sig) require.NoError(t, err) mask.SetBit(1, false) - aggregatedKey, err = AggregatePublicKeys(suite, mask) + aggregatedKey, err = scheme.AggregatePublicKeys(mask) + require.NoError(t, err) - err = Verify(suite, aggregatedKey, msg, sig) + err = scheme.Verify(aggregatedKey, msg, sig) require.Error(t, err) } -func TestBDN_SubsetSignature(t *testing.T) { +func subsetSignature(t *testing.T, suite pairing.Suite, scheme *Scheme) { msg := []byte("Hello Boneh-Lynn-Shacham") - suite := bn256.NewSuite() - private1, public1 := NewKeyPair(suite, random.New()) - private2, public2 := NewKeyPair(suite, random.New()) - _, public3 := NewKeyPair(suite, random.New()) - sig1, err := Sign(suite, private1, msg) + private1, public1 := scheme.NewKeyPair(random.New()) + private2, public2 := scheme.NewKeyPair(random.New()) + _, public3 := scheme.NewKeyPair(random.New()) + sig1, err := scheme.Sign(private1, msg) require.NoError(t, err) - sig2, err := Sign(suite, private2, msg) + sig2, err := scheme.Sign(private2, msg) require.NoError(t, err) mask, _ := sign.NewMask(suite, []kyber.Point{public1, public3, public2}, nil) mask.SetBit(0, true) mask.SetBit(2, true) - aggregatedSig, err := AggregateSignatures(suite, [][]byte{sig1, sig2}, mask) + aggregatedSig, err := scheme.AggregateSignatures([][]byte{sig1, sig2}, mask) require.NoError(t, err) - aggregatedKey, err := AggregatePublicKeys(suite, mask) + aggregatedKey, err := scheme.AggregatePublicKeys(mask) + require.NoError(t, err) sig, err := aggregatedSig.MarshalBinary() require.NoError(t, err) - err = Verify(suite, aggregatedKey, msg, sig) + err = scheme.Verify(aggregatedKey, msg, sig) require.NoError(t, err) } -func TestBDN_RogueAttack(t *testing.T) { +func rogueAttack(t *testing.T, suite pairing.Suite, scheme *Scheme) { msg := []byte("Hello Boneh-Lynn-Shacham") - suite := bn256.NewSuite() - scheme := bls.NewSchemeOnG1(suite) // honest _, public1 := scheme.NewKeyPair(random.New()) // attacker @@ -120,30 +146,31 @@ func TestBDN_RogueAttack(t *testing.T) { pubs := []kyber.Point{public1, rogue} - sig, err := Sign(suite, private2, msg) + sig, err := scheme.Sign(private2, msg) require.NoError(t, err) // Old scheme not resistant to the attack - agg := scheme.AggregatePublicKeys(pubs...) + agg := scheme.blsScheme.AggregatePublicKeys(pubs...) require.NoError(t, scheme.Verify(agg, msg, sig)) // New scheme that should detect mask, _ := sign.NewMask(suite, pubs, nil) mask.SetBit(0, true) mask.SetBit(1, true) - agg, err = AggregatePublicKeys(suite, mask) + agg, err = scheme.AggregatePublicKeys(mask) require.NoError(t, err) - require.Error(t, Verify(suite, agg, msg, sig)) + require.Error(t, scheme.Verify(agg, msg, sig)) } func Benchmark_BDN_AggregateSigs(b *testing.B) { suite := bn256.NewSuite() - private1, public1 := NewKeyPair(suite, random.New()) - private2, public2 := NewKeyPair(suite, random.New()) + schemeOnG1 := NewSchemeOnG1(suite) + private1, public1 := schemeOnG1.NewKeyPair(random.New()) + private2, public2 := schemeOnG1.NewKeyPair(random.New()) msg := []byte("Hello many times Boneh-Lynn-Shacham") - sig1, err := Sign(suite, private1, msg) + sig1, err := schemeOnG1.Sign(private1, msg) require.Nil(b, err) - sig2, err := Sign(suite, private2, msg) + sig2, err := schemeOnG1.Sign(private2, msg) require.Nil(b, err) mask, _ := sign.NewMask(suite, []kyber.Point{public1, public2}, nil) @@ -152,6 +179,43 @@ func Benchmark_BDN_AggregateSigs(b *testing.B) { b.ResetTimer() for i := 0; i < b.N; i++ { - AggregateSignatures(suite, [][]byte{sig1, sig2}, mask) + schemeOnG1.AggregateSignatures([][]byte{sig1, sig2}, mask) } } + +func TestBDNDeprecatedAPIs(t *testing.T) { + msg := []byte("Hello Boneh-Lynn-Shacham") + suite := bn256.NewSuite() + private1, public1 := NewKeyPair(suite, random.New()) + private2, public2 := NewKeyPair(suite, random.New()) + sig1, err := Sign(suite, private1, msg) + require.NoError(t, err) + sig2, err := Sign(suite, private2, msg) + require.NoError(t, err) + + mask, _ := sign.NewMask(suite, []kyber.Point{public1, public2}, nil) + mask.SetBit(0, true) + mask.SetBit(1, true) + + _, err = AggregateSignatures(suite, [][]byte{sig1}, mask) + require.Error(t, err) + + aggregatedSig, err := AggregateSignatures(suite, [][]byte{sig1, sig2}, mask) + require.NoError(t, err) + + aggregatedKey, err := AggregatePublicKeys(suite, mask) + require.NoError(t, err) + + sig, err := aggregatedSig.MarshalBinary() + require.NoError(t, err) + + err = Verify(suite, aggregatedKey, msg, sig) + require.NoError(t, err) + + mask.SetBit(1, false) + aggregatedKey, err = AggregatePublicKeys(suite, mask) + require.NoError(t, err) + + err = Verify(suite, aggregatedKey, msg, sig) + require.Error(t, err) +}