perf(crypto): CRP-1559 Use affine points in multi_sig

Author: randombit

rs/crypto/internal/crypto_lib/bls12_381/type/src/lib.rs

@@ -1302,6 +1302,15 @@ macro_rules! define_affine_and_projective_types {
                 let v = scalars.clone().map(|s| self * s);
                 $projective::batch_normalize_array(&v)
             }
+
+            /// Sum some points
+            pub fn sum(pts: &[Self]) -> $projective {
+                let mut sum = ic_bls12_381::$projective::identity();
+                for pt in pts {
+                    sum += pt.inner();
+                }
+                $projective::new(sum)
+            }
         }
 
         paste! {

rs/crypto/internal/crypto_lib/multi_sig/bls12_381/src/crypto.rs

@@ -7,7 +7,7 @@ use crate::types::{
 };
 
 use ic_crypto_internal_bls12_381_type::{
-    G1Projective, G2Affine, G2Projective, Scalar, verify_bls_signature,
+    G1Affine, G1Projective, G2Affine, Scalar, verify_bls_signature,
 };
 
 use ic_crypto_sha2::DomainSeparationContext;
@@ -56,12 +56,12 @@ pub fn keypair_from_seed(seed: [u64; 4]) -> (SecretKey, PublicKey) {
 
 pub fn keypair_from_rng<R: Rng + CryptoRng>(rng: &mut R) -> (SecretKey, PublicKey) {
     let secret_key = Scalar::random(rng);
-    let public_key = G2Affine::generator() * &secret_key;
+    let public_key = (G2Affine::generator() * &secret_key).to_affine();
     (secret_key, public_key)
 }
 
 pub fn sign_point(point: &G1Projective, secret_key: &SecretKey) -> IndividualSignature {
-    point * secret_key
+    (point * secret_key).to_affine()
 }
 pub fn sign_message(message: &[u8], secret_key: &SecretKey) -> IndividualSignature {
     sign_point(&hash_message_to_g1(message), secret_key)
@@ -80,22 +80,23 @@ pub fn create_pop(public_key: &PublicKey, secret_key: &SecretKey) -> Pop {
 }
 
 pub fn combine_signatures(signatures: &[IndividualSignature]) -> CombinedSignature {
-    G1Projective::sum(signatures)
+    G1Affine::sum(signatures).to_affine()
 }
 pub fn combine_public_keys(public_keys: &[PublicKey]) -> CombinedPublicKey {
-    G2Projective::sum(public_keys)
+    G2Affine::sum(public_keys).to_affine()
 }
 
-pub fn verify_point(hash: &G1Projective, signature: &G1Projective, public_key: &PublicKey) -> bool {
-    verify_bls_signature(&signature.into(), &public_key.into(), &hash.into())
+pub fn verify_point(hash: &G1Affine, signature: &G1Affine, public_key: &PublicKey) -> bool {
+    verify_bls_signature(signature, public_key, hash)
 }
+
 pub fn verify_individual_message_signature(
     message: &[u8],
     signature: &IndividualSignature,
     public_key: &PublicKey,
 ) -> bool {
     let hash = hash_message_to_g1(message);
-    verify_point(&hash, signature, public_key)
+    verify_point(&hash.to_affine(), signature, public_key)
 }
 pub fn verify_pop(pop: &Pop, public_key: &PublicKey) -> bool {
     let public_key_bytes = PublicKeyBytes::from(public_key);
@@ -104,7 +105,7 @@ pub fn verify_pop(pop: &Pop, public_key: &PublicKey) -> bool {
         .extend(DomainSeparationContext::new(DOMAIN_MULTI_SIG_BLS12_381_POP).as_bytes());
     domain_separated_public_key.extend(&public_key_bytes.0[..]);
     let hash = hash_public_key_to_g1(&domain_separated_public_key);
-    verify_point(&hash, pop, public_key)
+    verify_point(&hash.to_affine(), pop, public_key)
 }
 
 pub fn verify_combined_message_signature(
@@ -114,5 +115,5 @@ pub fn verify_combined_message_signature(
 ) -> bool {
     let hash = hash_message_to_g1(message);
     let public_key = combine_public_keys(public_keys);
-    verify_point(&hash, signature, &public_key)
+    verify_point(&hash.to_affine(), signature, &public_key)
 }

rs/crypto/internal/crypto_lib/multi_sig/bls12_381/src/tests.rs

@@ -5,29 +5,8 @@ use crate::{
     types::IndividualSignature, types::PublicKey, types::SecretKey, types::SecretKeyBytes,
     types::arbitrary,
 };
-use ic_crypto_internal_bls12_381_type::G1Projective;
 use ic_crypto_test_utils_reproducible_rng::reproducible_rng;
 
-fn check_single_point_signature_verifies(
-    secret_key: &SecretKey,
-    public_key: &PublicKey,
-    point: &G1Projective,
-) {
-    let signature = multi_crypto::sign_point(point, secret_key);
-    assert!(multi_crypto::verify_point(point, &signature, public_key));
-}
-
-fn check_individual_multi_signature_contribution_verifies(
-    secret_key: &SecretKey,
-    public_key: &PublicKey,
-    message: &[u8],
-) {
-    let signature = multi_crypto::sign_message(message, secret_key);
-    assert!(multi_crypto::verify_individual_message_signature(
-        message, &signature, public_key
-    ));
-}
-
 fn check_multi_signature_verifies(keys: &[(SecretKey, PublicKey)], message: &[u8]) {
     let signatures: Vec<IndividualSignature> = keys
         .iter()
@@ -177,14 +156,20 @@ mod advanced_functionality {
     fn single_point_signature_verifies() {
         let (secret_key, public_key) = multi_crypto::keypair_from_seed([1, 2, 3, 4]);
         let point = multi_crypto::hash_message_to_g1(b"abba");
-        check_single_point_signature_verifies(&secret_key, &public_key, &point);
+        let signature = multi_crypto::sign_point(&point, &secret_key);
+        assert!(multi_crypto::verify_point(&point.to_affine(), &signature, &public_key));
     }
 
     #[test]
     fn individual_multi_signature_contribution_verifies() {
         let (secret_key, public_key) = multi_crypto::keypair_from_seed([1, 2, 3, 4]);
-        check_individual_multi_signature_contribution_verifies(&secret_key, &public_key, b"abba");
+        let message = b"bjork";
+        let signature = multi_crypto::sign_message(message, &secret_key);
+        assert!(multi_crypto::verify_individual_message_signature(
+            message, &signature, &public_key
+        ));
     }
+
     #[test]
     fn pop_verifies() {
         let (secret_key, public_key) = multi_crypto::keypair_from_seed([1, 2, 3, 4]);

rs/crypto/internal/crypto_lib/multi_sig/bls12_381/src/types.rs

@@ -1,6 +1,6 @@
 //! BLS12-381 multisignature types.
 #![allow(clippy::unit_arg)] // Arbitrary is a unit arg in: derive(proptest_derive::Arbitrary)
-use ic_crypto_internal_bls12_381_type::{G1Projective, G2Projective, Scalar};
+use ic_crypto_internal_bls12_381_type::{G1Affine, G2Affine, Scalar};
 use ic_crypto_secrets_containers::SecretArray;
 use serde::{Deserialize, Serialize};
 use zeroize::{Zeroize, ZeroizeOnDrop};
@@ -15,20 +15,20 @@ mod generic_traits;
 pub type SecretKey = Scalar;
 
 /// A BLS public key is a curve point in the G2 group.
-pub type PublicKey = G2Projective;
+pub type PublicKey = G2Affine;
 
 /// A BLS combined public key is a curve point in the G2 group.
-pub type CombinedPublicKey = G2Projective;
+pub type CombinedPublicKey = G2Affine;
 
 /// A BLS signature is a curve point in the G1 group.
-pub type IndividualSignature = G1Projective;
+pub type IndividualSignature = G1Affine;
 
 /// A BLS Proof of Possession is a curve point in the G1 group (a
 /// domain-separated signature on the public key).
-pub type Pop = G1Projective;
+pub type Pop = G1Affine;
 
 /// A BLS multisignature is a curve point in the G1 group.
-pub type CombinedSignature = G1Projective;
+pub type CombinedSignature = G1Affine;
 
 /// Wrapper for a serialized secret key.
 #[derive(Clone, Eq, PartialEq, Deserialize, Serialize, Zeroize, ZeroizeOnDrop)]
@@ -46,29 +46,29 @@ impl SecretKeyBytes {
 pub struct IndividualSignatureBytes(pub [u8; IndividualSignatureBytes::SIZE]);
 ic_crypto_internal_types::derive_serde!(IndividualSignatureBytes, IndividualSignatureBytes::SIZE);
 impl IndividualSignatureBytes {
-    pub const SIZE: usize = G1Projective::BYTES;
+    pub const SIZE: usize = G1Affine::BYTES;
 }
 
 /// Wrapper for a serialized proof of possession.
 #[derive(Copy, Clone)]
 pub struct PopBytes(pub [u8; PopBytes::SIZE]);
 ic_crypto_internal_types::derive_serde!(PopBytes, PopBytes::SIZE);
 impl PopBytes {
-    pub const SIZE: usize = G1Projective::BYTES;
+    pub const SIZE: usize = G1Affine::BYTES;
 }
 
 /// Wrapper for a serialized combined signature.
 #[derive(Copy, Clone)]
 pub struct CombinedSignatureBytes(pub [u8; CombinedSignatureBytes::SIZE]);
 ic_crypto_internal_types::derive_serde!(CombinedSignatureBytes, CombinedSignatureBytes::SIZE);
 impl CombinedSignatureBytes {
-    pub const SIZE: usize = G1Projective::BYTES;
+    pub const SIZE: usize = G1Affine::BYTES;
 }
 
 /// Wrapper for a serialized public key.
 #[derive(Copy, Clone)]
 pub struct PublicKeyBytes(pub [u8; PublicKeyBytes::SIZE]);
 ic_crypto_internal_types::derive_serde!(PublicKeyBytes, PublicKeyBytes::SIZE);
 impl PublicKeyBytes {
-    pub const SIZE: usize = G2Projective::BYTES;
+    pub const SIZE: usize = G2Affine::BYTES;
 }

rs/crypto/internal/crypto_lib/multi_sig/bls12_381/src/types/conversions.rs

@@ -26,7 +26,7 @@ impl TryFrom<&PublicKeyBytes> for PublicKey {
     type Error = CryptoError;
 
     fn try_from(public_key_bytes: &PublicKeyBytes) -> Result<Self, Self::Error> {
-        G2Projective::deserialize(&public_key_bytes.0).map_err(|_| {
+        G2Affine::deserialize(&public_key_bytes.0).map_err(|_| {
             CryptoError::MalformedPublicKey {
                 algorithm: AlgorithmId::MultiBls12_381,
                 key_bytes: Some(public_key_bytes.0.to_vec()),
@@ -44,7 +44,7 @@ impl From<&PublicKey> for PublicKeyBytes {
 impl TryFrom<&IndividualSignatureBytes> for IndividualSignature {
     type Error = CryptoError;
     fn try_from(signature: &IndividualSignatureBytes) -> Result<Self, Self::Error> {
-        G1Projective::deserialize(&signature.0).map_err(|_| CryptoError::MalformedSignature {
+        G1Affine::deserialize(&signature.0).map_err(|_| CryptoError::MalformedSignature {
             algorithm: AlgorithmId::MultiBls12_381,
             sig_bytes: signature.0.to_vec(),
             internal_error: "Point decoding failed".to_string(),
@@ -62,7 +62,7 @@ impl TryFrom<&PopBytes> for Pop {
     type Error = CryptoError;
 
     fn try_from(pop_bytes: &PopBytes) -> Result<Self, Self::Error> {
-        G1Projective::deserialize(&pop_bytes.0).map_err(|_| CryptoError::MalformedPop {
+        G1Affine::deserialize(&pop_bytes.0).map_err(|_| CryptoError::MalformedPop {
             algorithm: AlgorithmId::MultiBls12_381,
             pop_bytes: pop_bytes.0.to_vec(),
             internal_error: "Point decoding failed".to_string(),
@@ -78,7 +78,7 @@ impl From<&Pop> for PopBytes {
 impl TryFrom<&CombinedSignatureBytes> for CombinedSignature {
     type Error = CryptoError;
     fn try_from(signature: &CombinedSignatureBytes) -> Result<Self, Self::Error> {
-        G1Projective::deserialize(&signature.0).map_err(|_| CryptoError::MalformedSignature {
+        G1Affine::deserialize(&signature.0).map_err(|_| CryptoError::MalformedSignature {
             algorithm: AlgorithmId::MultiBls12_381,
             sig_bytes: signature.0.to_vec(),
             internal_error: "Point decoding failed".to_string(),