Add gnark as bls-12-381 backend (#551)

* Add gnark as bls-12-381 backend
* Fix lint issues and disable errcheck in bls12381
   Errcheck was already not checking other impls
* Add equiality check
* Fix the test function name
* remove gomnd config from golangcilint
* Fix comment in gnark/gt.go
* Perform correct invocation to appease linter gods

---------

Signed-off-by: Jakub Sztandera <[email protected]>

Author: Kubuxu

.golangci.yml

@@ -11,7 +11,7 @@ linters-settings:
   staticcheck:
     checks:
       - all
-      - '-SA1019' # Ignore deprecated for now
+      - "-SA1019" # Ignore deprecated for now
   cyclop:
     # The maximal code complexity to report.
     # Default: 10
@@ -42,23 +42,6 @@ linters-settings:
     # Default: 30 (but we recommend 10-20)
     min-complexity: 20
 
-  gomnd:
-    # List of function patterns to exclude from analysis.
-    # Values always ignored: `time.Date`
-    # Default: []
-    ignored-functions:
-      - os.Chmod
-      - os.Mkdir
-      - os.MkdirAll
-      - os.OpenFile
-      - os.WriteFile
-      - strconv.FormatFloat
-      - strconv.FormatInt
-      - strconv.FormatUint
-      - strconv.ParseFloat
-      - strconv.ParseInt
-      - strconv.ParseUint
-
   govet:
     # Enable all analyzers.
     # Default: false
@@ -78,7 +61,7 @@ linters-settings:
   nolintlint:
     # Exclude following linters from requiring an explanation.
     # Default: []
-    allow-no-explanation: [ funlen, gocognit, lll ]
+    allow-no-explanation: [funlen, gocognit, lll]
     # Enable to require an explanation of nonzero length after each nolint directive.
     # Default: false
     require-explanation: true
@@ -212,7 +195,6 @@ linters:
     #- structcheck # [deprecated, replaced by unused] finds unused struct fields
     #- varcheck # [deprecated, replaced by unused] finds unused global variables and constants
 
-
 issues:
   # Maximum count of issues with the same text.
   # Set to 0 to disable.
@@ -221,13 +203,13 @@ issues:
 
   exclude-rules:
     - source: "^//\\s*go:generate\\s"
-      linters: [ lll ]
+      linters: [lll]
     - source: "(noinspection|TODO)"
-      linters: [ godot ]
+      linters: [godot]
     - source: "//noinspection"
-      linters: [ gocritic ]
+      linters: [gocritic]
     - source: "^\\s+if _, ok := err\\.\\([^.]+\\.InternalError\\); ok {"
-      linters: [ errorlint ]
+      linters: [errorlint]
     - path: ".skeleton"
       linters:
         - unused
@@ -254,18 +236,18 @@ issues:
       text: "unexported-return:"
     - linters:
         - govet
-      text: "shadow: declaration of \"err\" shadows declaration"
-    - path: 'group.go'
+      text: 'shadow: declaration of "err" shadows declaration'
+    - path: "group.go"
       linters:
         - interfacebloat
-    - path: 'group/edwards25519/scalar.go'
+    - path: "group/edwards25519/scalar.go"
       linters:
         - ineffassign
         - funlen
-    - path: 'group/edwards25519/const.go'
+    - path: "group/edwards25519/const.go"
       linters:
         - lll
-    - path: 'group/edwards25519/fe.go'
+    - path: "group/edwards25519/fe.go"
       linters:
         - funlen
     - path: "share/dkg/pedersen"
@@ -277,7 +259,7 @@ issues:
     - path: "group/edwards25519/scalar.go"
       linters:
         - ineffassign
-    - path: "pairing/(circl_bls12381|bn254)/."
+    - path: "pairing/(bls12381|bn254)/."
       linters:
         - errcheck #TODO: proper error handling
       text: "Error return value is not checked"

pairing/bls12381/bls12381_test.go

@@ -18,6 +18,7 @@ import (
 	"go.dedis.ch/kyber/v4/internal/test"
 	"go.dedis.ch/kyber/v4/pairing"
 	circl "go.dedis.ch/kyber/v4/pairing/bls12381/circl"
+	"go.dedis.ch/kyber/v4/pairing/bls12381/gnark"
 	kilic "go.dedis.ch/kyber/v4/pairing/bls12381/kilic"
 	"go.dedis.ch/kyber/v4/sign/bdn"
 	"go.dedis.ch/kyber/v4/sign/bls"
@@ -39,6 +40,7 @@ func TestScalarEndianess(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	seed := "TestScalarEndianess"
@@ -110,6 +112,16 @@ func TestZKCryptoVectorsG1Compressed(t *testing.T) {
 			if err != nil && testCaseValid {
 				panic("Circl: err should be nil")
 			}
+
+			// Test gnark
+			g3 := gnark.G1Elt{}
+			err = g3.UnmarshalBinary(byts)
+			if err == nil && !testCaseValid {
+				panic("Gnark: err should not be nil")
+			}
+			if err != nil && testCaseValid {
+				panic("Gnark: err should be nil")
+			}
 		})
 	}
 }
@@ -157,6 +169,16 @@ func TestZKCryptoVectorsG2Compressed(t *testing.T) {
 			if err != nil && testCaseValid {
 				panic("Circl: err should be nil")
 			}
+
+			// Test gnark
+			g3 := gnark.G2Elt{}
+			err = g3.UnmarshalBinary(byts)
+			if err == nil && !testCaseValid {
+				panic("Gnark: err should not be nil")
+			}
+			if err != nil && testCaseValid {
+				panic("Gnark: err should be nil")
+			}
 		})
 	}
 }
@@ -401,6 +423,7 @@ func TestKyberG1(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -412,6 +435,7 @@ func TestKyberG2(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -423,6 +447,7 @@ func TestKyberPairingG2(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, s := range suites {
@@ -450,6 +475,7 @@ func TestRacePairings(_ *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, s := range suites {
@@ -474,6 +500,7 @@ func TestKyberBLSG2(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -486,6 +513,7 @@ func TestKyberBLSG1(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -498,6 +526,7 @@ func TestKyberThresholdG2(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -510,6 +539,7 @@ func TestKyberThresholdG1(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -522,6 +552,7 @@ func TestIsValidGroup(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -550,6 +581,7 @@ func TestBasicPairing(t *testing.T) {
 	suites := []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, suite := range suites {
@@ -602,6 +634,7 @@ func BenchmarkPairingSeparate(bb *testing.B) {
 	var suites = []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, s := range suites {
@@ -631,6 +664,7 @@ func BenchmarkPairingInv(bb *testing.B) {
 	var suites = []pairing.Suite{
 		kilic.NewBLS12381Suite(),
 		circl.NewSuiteBLS12381(),
+		gnark.NewSuiteBLS12381(),
 	}
 
 	for _, s := range suites {
@@ -658,7 +692,7 @@ func BenchmarkPairingInv(bb *testing.B) {
 var (
 	dataSize     = 32
 	numSigs      = []int{1, 10, 100, 1000, 10000}
-	curveOptions = []string{"kilic", "circl"}
+	curveOptions = []string{"kilic", "circl", "gnark"}
 )
 
 // Used to avoid compiler optimizations
@@ -672,9 +706,12 @@ func BenchmarkKilic(b *testing.B) {
 func BenchmarkCircl(b *testing.B) {
 	BDNBenchmark(b, "circl")
 }
+func BenchmarkGnark(b *testing.B) {
+	BDNBenchmark(b, "gnark")
+}
+
+func BDNBenchmark(b *testing.B, curveOption string) { //nolint: gocyclo,cyclop // breaking this down doesn't make sense
 
-//nolint: gocyclo,cyclop // breaking this down doesn't make sense
-func BDNBenchmark(b *testing.B, curveOption string) {
 	b.Logf("----------------------")
 	b.Logf("Payload to sign: %d bytes\n", dataSize)
 	b.Logf("Numbers of signatures: %v\n", numSigs)
@@ -698,6 +735,8 @@ func BDNBenchmark(b *testing.B, curveOption string) {
 		suite = kilic.NewBLS12381Suite()
 	case "circl":
 		suite = circl.NewSuiteBLS12381()
+	case "gnark":
+		suite = gnark.NewSuiteBLS12381()
 	default:
 		panic(fmt.Errorf("invalid curve option: %s", curveOption))
 	}

pairing/bls12381/gnark/adapter.go

@@ -0,0 +1,48 @@
+package gnark
+
+import (
+	"go.dedis.ch/kyber/v4"
+)
+
+// SuiteBLS12381 is an adapter that implements the suites.Suite interface so that
+// bls12381 can be used as a common suite to generate key pairs for instance but
+// still preserves the properties of the pairing (e.g. the Pair function).
+//
+// It's important to note that the Point function will generate a point
+// compatible with public keys only (group G2) where the signature must be
+// used as a point from the group G1.
+type SuiteBLS12381 struct {
+	Suite
+	kyber.Group
+}
+
+// NewSuiteBLS12381 makes a new BN256 suite
+func NewSuiteBLS12381() *SuiteBLS12381 {
+	return &SuiteBLS12381{}
+}
+
+// Point generates a point from the G2 group that can only be used
+// for public keys
+func (s *SuiteBLS12381) Point() kyber.Point {
+	return s.G2().Point()
+}
+
+// PointLen returns the length of a G2 point
+func (s *SuiteBLS12381) PointLen() int {
+	return s.G2().PointLen()
+}
+
+// Scalar generates a scalar
+func (s *SuiteBLS12381) Scalar() kyber.Scalar {
+	return s.G1().Scalar()
+}
+
+// ScalarLen returns the length of a scalar
+func (s *SuiteBLS12381) ScalarLen() int {
+	return s.G1().ScalarLen()
+}
+
+// String returns the name of the suite
+func (s *SuiteBLS12381) String() string {
+	return "gnark.adapter"
+}

pairing/bls12381/gnark/adapter_test.go

@@ -0,0 +1,30 @@
+package gnark
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"go.dedis.ch/kyber/v4/util/key"
+)
+
+func TestAdapter_SuiteBLS12381(t *testing.T) {
+	suite := NewSuiteBLS12381()
+
+	pair := key.NewKeyPair(suite)
+	pubkey, err := pair.Public.MarshalBinary()
+	require.Nil(t, err)
+	privkey, err := pair.Private.MarshalBinary()
+	require.Nil(t, err)
+
+	pubhex := suite.Point()
+	err = pubhex.UnmarshalBinary(pubkey)
+	require.Nil(t, err)
+	require.True(t, pair.Public.Equal(pubhex))
+
+	privhex := suite.Scalar()
+	err = privhex.UnmarshalBinary(privkey)
+	require.Nil(t, err)
+	require.True(t, pair.Private.Equal(privhex))
+
+	require.Equal(t, "gnark.adapter", suite.String())
+}