feat: bls signature (#216)

* hello bls

* hello bls

* tests added

* tests added

* bls signature refactored

* bls signature refactored

* bls completed

* bls completed

* a little refactoring to adjust hash_tocurve

* a little refactoring to adjust hash_tocurve

* bls basic features test passed

* bls completed

* bls completed

* typo fixed

* review edit added

* review edit added

* generic over galoisfield

* galoisfield generic

* fix : totally generic over fields and ellipticCurve

* additional checks added

* elliminating conflicts

* elliminating conflicts

* refactor: signatures

* additional refactorings

* readmes added

* latex added

* corrections added

* Update src/signatures/bls/README.md

Co-authored-by: Colin Roberts <colin@autoparallel.xyz>

* Update src/signatures/bls/README.md

Co-authored-by: Colin Roberts <colin@autoparallel.xyz>

* Update src/signatures/bls/README.md

Co-authored-by: Colin Roberts <colin@autoparallel.xyz>

* refactorings and additions

* refactorings and additions

* refactorings and additions

* refactorings and additions

* refactorings and additions

* refactorings and additions

* signatures cleanup

* signatures cleanup

---------

Co-authored-by: = <=>
Co-authored-by: Colin Roberts <colin@autoparallel.xyz>

Author: mahmudsudo

README.md

@@ -32,9 +32,11 @@ Ronkathon is a collection of cryptographic primitives implemented in Rust. It is
 
 ### Signatures
 
-- [Digital Signature Algorithms](src/dsa/README.md)
-    - [Elliptic Curve Digital Signature Algorithm(ECDSA)](src/dsa/ecdsa.rs)
-    - [Edwards-Curve Digital Signature Algorithm(EdDSA)](src/dsa/eddsa/mod.rs)
+- [Signature Algorithms](src/signatures/README.md)
+    - [Elliptic Curve Digital Signature Algorithm(ECDSA)](src/signatures/ecdsa.rs)
+    - [Edwards-Curve Digital Signature Algorithm(EdDSA)](src/signatures/eddsa/mod.rs)
+    - [Boneh-Lynn-Shacham SIgnature](src/signatures/bls/mod.rs)
+    - [Lamport Signature](src/signatures/lamport/mod.rs)
 
 ### Encryption
 

SUMMARY.md

@@ -6,7 +6,7 @@
 - [Codes](src/codes/README.md)
 - [Compiler](src/compiler/README.md)
 - [Curve](src/curve/README.md)
-- [Digital Signature Algorithms](src/dsa/README.md)
+- [Signature Algorithms](src/signatures/README.md)
 - [Encryption]()
     - [Asymmetric]()
         - [RSA](src/encryption/asymmetric/rsa/README.md)

examples/eddsa.rs

@@ -1,5 +1,5 @@
 /// Example of Ed25519 digital signature algorithm.
-use ronkathon::dsa::eddsa::Ed25519;
+use ronkathon::signatures::eddsa::Ed25519;
 
 fn main() {
   let ed25519 = Ed25519::new(None);

src/algebra/field/extension/arithmetic.rs

@@ -155,4 +155,60 @@ impl<const N: usize, const P: usize> Mul<GaloisField<N, P>> for PrimeField<P> {
     res
   }
 }
+
+impl FieldExt for GaloisField<2, 101> {
+  /// Computes euler criterion of the field element, i.e. Returns true if the element is a quadratic
+  /// residue (a square number) in the field.
+  fn euler_criterion(&self) -> bool { self.norm().euler_criterion() }
+
+  /// Computes square root of the quadratic field element `(x_0 + x_1*u)` (if it exists) and return
+  /// a tuple of `(r, -r)` where `r` is lower.
+  ///
+  /// - `(a_0 + a_1*u)^2 = a_0^2+2*a_0*a_1*u+βa_1^2 = (x_0 + x_1*u)`. Equating x_0 and x_1 with LHS:
+  /// - `x_0 = a_0^2 + βa_1^2`
+  /// - `x_1 = 2a_0*a_1`
+  fn sqrt(&self) -> Option<(Self, Self)> {
+    let (a0, a1) = (self.coeffs[0], self.coeffs[1]);
+
+    // irreducible poly: F[X]/(X^2+2)
+    let residue = -PlutoBaseFieldExtension::IRREDUCIBLE_POLYNOMIAL_COEFFICIENTS[0];
+
+    // x_0 = a_0^2 + βa_1^2
+    if a1 == PlutoBaseField::ZERO {
+      // if a_1 = 0, then straight away compute sqrt of a_0 as base field element
+      if a0.euler_criterion() {
+        return a0.sqrt().map(|(res0, res1)| (Self::from(res0), Self::from(res1)));
+      } else {
+        // if a_0 is not a square, then compute a_1 = sqrt(x_0 / β)
+        return a0.div(residue).sqrt().map(|(res0, res1)| {
+          (Self::new([PlutoBaseField::ZERO, res0]), Self::new([PlutoBaseField::ZERO, res1]))
+        });
+      }
+    }
+
+    // x_0 = ((a_0 ± (a_0² − βa_1²)^½)/2)^½
+    // x_1 = a_1/(2x_0)
+
+    // α = (a_0² − βa_1²)
+    let alpha = self.norm();
+    let two_inv = PlutoBaseField::new(2).inverse().expect("2 should have an inverse");
+
+    alpha.sqrt().map(|(alpha, _)| {
+      let mut delta = (alpha + a0) * two_inv;
+      if !delta.euler_criterion() {
+        delta -= alpha;
+      }
+
+      let x0 = delta.sqrt().expect("delta must have an square root").0;
+      let x0_inv = x0.inverse().expect("x0 must have an inverse");
+      let x1 = a1 * two_inv * x0_inv;
+      let x = Self::new([x0, x1]);
+      if -x < x {
+        (-x, x)
+      } else {
+        (x, -x)
+      }
+    })
+  }
+}
 ///////////////////////////////////////////////////////////////////////////////////////////////

src/algebra/field/extension/gf_101_2.rs

@@ -18,65 +18,11 @@ impl ExtensionField<2, 101> for PlutoBaseFieldExtension {
 }
 
 impl PlutoBaseFieldExtension {
-  fn norm(&self) -> PlutoBaseField {
+  pub fn norm(&self) -> PlutoBaseField {
     let mut result = self.coeffs[0].pow(2);
     result -= -PlutoBaseField::new(2) * self.coeffs[1].pow(2);
     result
   }
-
-  /// Computes euler criterion of the field element, i.e. Returns true if the element is a quadratic
-  /// residue (a square number) in the field.
-  pub fn euler_criterion(&self) -> bool { self.norm().euler_criterion() }
-
-  /// Computes square root of the quadratic field element `(x_0 + x_1*u)` (if it exists) and return
-  /// a tuple of `(r, -r)` where `r` is lower.
-  ///
-  /// - `(a_0 + a_1*u)^2 = a_0^2+2*a_0*a_1*u+βa_1^2 = (x_0 + x_1*u)`. Equating x_0 and x_1 with LHS:
-  /// - `x_0 = a_0^2 + βa_1^2`
-  /// - `x_1 = 2a_0*a_1`
-  pub fn sqrt(&self) -> Option<(Self, Self)> {
-    let (a0, a1) = (self.coeffs[0], self.coeffs[1]);
-
-    // irreducible poly: F[X]/(X^2+2)
-    let residue = -PlutoBaseFieldExtension::IRREDUCIBLE_POLYNOMIAL_COEFFICIENTS[0];
-
-    // x_0 = a_0^2 + βa_1^2
-    if a1 == PlutoBaseField::ZERO {
-      // if a_1 = 0, then straight away compute sqrt of a_0 as base field element
-      if a0.euler_criterion() {
-        return a0.sqrt().map(|(res0, res1)| (Self::from(res0), Self::from(res1)));
-      } else {
-        // if a_0 is not a square, then compute a_1 = sqrt(x_0 / β)
-        return a0.div(residue).sqrt().map(|(res0, res1)| {
-          (Self::new([PlutoBaseField::ZERO, res0]), Self::new([PlutoBaseField::ZERO, res1]))
-        });
-      }
-    }
-
-    // x_0 = ((a_0 ± (a_0² − βa_1²)^½)/2)^½
-    // x_1 = a_1/(2x_0)
-
-    // α = (a_0² − βa_1²)
-    let alpha = self.norm();
-    let two_inv = PlutoBaseField::new(2).inverse().expect("2 should have an inverse");
-
-    alpha.sqrt().map(|(alpha, _)| {
-      let mut delta = (alpha + a0) * two_inv;
-      if !delta.euler_criterion() {
-        delta -= alpha;
-      }
-
-      let x0 = delta.sqrt().expect("delta must have an square root").0;
-      let x0_inv = x0.inverse().expect("x0 must have an inverse");
-      let x1 = a1 * two_inv * x0_inv;
-      let x = Self::new([x0, x1]);
-      if -x < x {
-        (-x, x)
-      } else {
-        (x, -x)
-      }
-    })
-  }
 }
 
 impl Field for PlutoBaseFieldExtension {
@@ -179,6 +125,9 @@ impl Rem for PlutoBaseFieldExtension {
   fn rem(self, rhs: Self) -> Self::Output { self - (self / rhs) * rhs }
 }
 
+impl From<[PlutoBaseField; 2]> for PlutoBaseFieldExtension {
+  fn from(value: [PlutoBaseField; 2]) -> Self { Self { coeffs: value } }
+}
 #[cfg(test)]
 mod tests {
   use rstest::rstest;

src/algebra/field/mod.rs

@@ -74,3 +74,11 @@ pub trait FiniteField: Finite + Field {
     Self::PRIMITIVE_ELEMENT.pow(pow)
   }
 }
+
+/// traits that define some functions usable in signatures
+pub trait FieldExt: Sized {
+  /// Returns the square root of the field element.
+  fn sqrt(&self) -> Option<(Self, Self)>;
+
+  fn euler_criterion(&self) -> bool;
+}

src/algebra/field/prime/mod.rs

@@ -49,90 +49,6 @@ impl<const P: usize> PrimeField<P> {
     is_prime(P);
     Self { value: value % P }
   }
-
-  /// Computes euler criterion of the field element, i.e. Returns true if the element is a quadratic
-  /// residue (a square number) in the field.
-  ///
-  /// ## NOTES
-  /// By fermat's little theorem, (assume `is_congruent_to` is =)
-  ///     x^(p-1) - 1 = 0 mod P
-  ///
-  /// All primes > 2 are odd, a.k.a P is odd, hence (P-1) is even.
-  /// So, we can split as follows:
-  ///     (x^(p-1)/2 - 1)(x^(p-1)/2 + 1) = 0 mod P
-  /// or       L        *     R          = 0 mod P
-  ///
-  /// All quadratic residues are of the form (g^(2k)) where `g` is the
-  /// multiplicative generator and k is some natural number. All non-residues
-  /// on the other hand are of the form (g^(2k+1)).
-  ///
-  /// In case of QR, substitute x = g^2k
-  ///     g^(2k)((p-1)/2) = 1 mod P
-  ///     g^(p-1) = 1 mod P
-  /// which is true by fermat's little theorem
-  ///
-  /// In the other case, the same doesn't hold.
-  /// Hence, the case `L` should hold for all quadratic residues and is the
-  /// test for quadratic residuosity.
-  ///
-  /// More info here: https://www.youtube.com/watch?v=2IBPOI43jek
-  pub fn euler_criterion(&self) -> bool { self.pow((P - 1) / 2).value == 1 }
-
-  /// Computes the square root of a field element using the [Tonelli-Shanks algorithm](https://en.wikipedia.org/wiki/Tonelli–Shanks_algorithm).
-  pub fn sqrt(&self) -> Option<(Self, Self)> {
-    if *self == Self::ZERO {
-      return Some((Self::ZERO, Self::ZERO));
-    }
-
-    assert!(self.euler_criterion(), "Element is not a quadratic residue");
-
-    // First define the Q and S values for the prime number P.
-    let q: usize;
-    let mut s = 1;
-    loop {
-      let lhs = P - 1;
-      let rhs = 2_usize.pow(s);
-      let check_value = lhs % rhs;
-      if check_value == 0 {
-        s += 1;
-      } else {
-        s -= 1;
-        q = (P - 1) / 2_usize.pow(s);
-        break;
-      }
-    }
-
-    // Find a z that is not a quadratic residue
-    let mut z = Self::new(2);
-    while z.euler_criterion() {
-      z += Self::ONE;
-    }
-    let mut m = s;
-    let mut c = z.pow(q);
-    let mut t = self.pow(q);
-    let mut r = self.pow((q + 1) / 2);
-    loop {
-      if t == Self::ONE {
-        if -r < r {
-          return Some((-r, r));
-        } else {
-          return Some((r, -r));
-        }
-      }
-      // Repeatedly square to find a t^2^i = 1
-      let mut i = 1;
-      let mut t_pow = t.pow(2);
-      while t_pow != Self::ONE {
-        t_pow = t_pow.pow(2);
-        i += 1;
-      }
-      let b = c.pow(2_usize.pow(m - i - 1));
-      m = i;
-      c = b.pow(2);
-      t *= c;
-      r *= b;
-    }
-  }
 }
 
 impl<const P: usize> const Finite for PrimeField<P> {
@@ -223,6 +139,91 @@ impl<const P: usize> Distribution<PrimeField<P>> for Standard {
   }
 }
 
+impl<const P: usize> FieldExt for PrimeField<P> {
+  /// Computes euler criterion of the field element, i.e. Returns true if the element is a quadratic
+  /// residue (a square number) in the field.
+  ///
+  /// ## NOTES
+  /// By fermat's little theorem, (assume `is_congruent_to` is =)
+  ///     x^(p-1) - 1 = 0 mod P
+  ///
+  /// All primes > 2 are odd, a.k.a P is odd, hence (P-1) is even.
+  /// So, we can split as follows:
+  ///     (x^(p-1)/2 - 1)(x^(p-1)/2 + 1) = 0 mod P
+  /// or       L        *     R          = 0 mod P
+  ///
+  /// All quadratic residues are of the form (g^(2k)) where `g` is the
+  /// multiplicative generator and k is some natural number. All non-residues
+  /// on the other hand are of the form (g^(2k+1)).
+  ///
+  /// In case of QR, substitute x = g^2k
+  ///     g^(2k)((p-1)/2) = 1 mod P
+  ///     g^(p-1) = 1 mod P
+  /// which is true by fermat's little theorem
+  ///
+  /// In the other case, the same doesn't hold.
+  /// Hence, the case `L` should hold for all quadratic residues and is the
+  /// test for quadratic residuosity.
+  ///
+  /// More info here: https://www.youtube.com/watch?v=2IBPOI43jek
+  fn euler_criterion(&self) -> bool { self.pow((P - 1) / 2).value == 1 }
+
+  /// Computes the square root of a field element using the [Tonelli-Shanks algorithm](https://en.wikipedia.org/wiki/Tonelli–Shanks_algorithm).
+  fn sqrt(&self) -> Option<(Self, Self)> {
+    if *self == Self::ZERO {
+      return Some((Self::ZERO, Self::ZERO));
+    }
+
+    assert!(self.euler_criterion(), "Element is not a quadratic residue");
+
+    // First define the Q and S values for the prime number P.
+    let q: usize;
+    let mut s = 1;
+    loop {
+      let lhs = P - 1;
+      let rhs = 2_usize.pow(s);
+      let check_value = lhs % rhs;
+      if check_value == 0 {
+        s += 1;
+      } else {
+        s -= 1;
+        q = (P - 1) / 2_usize.pow(s);
+        break;
+      }
+    }
+
+    // Find a z that is not a quadratic residue
+    let mut z = Self::new(2);
+    while z.euler_criterion() {
+      z += Self::ONE;
+    }
+    let mut m = s;
+    let mut c = z.pow(q);
+    let mut t = self.pow(q);
+    let mut r = self.pow((q + 1) / 2);
+    loop {
+      if t == Self::ONE {
+        if -r < r {
+          return Some((-r, r));
+        } else {
+          return Some((r, -r));
+        }
+      }
+      // Repeatedly square to find a t^2^i = 1
+      let mut i = 1;
+      let mut t_pow = t.pow(2);
+      while t_pow != Self::ONE {
+        t_pow = t_pow.pow(2);
+        i += 1;
+      }
+      let b = c.pow(2_usize.pow(m - i - 1));
+      m = i;
+      c = b.pow(2);
+      t *= c;
+      r *= b;
+    }
+  }
+}
 impl<const P: usize> From<u32> for PrimeField<P> {
   fn from(val: u32) -> Self { Self::new(val as usize) }
 }

src/curve/mod.rs

@@ -10,7 +10,10 @@ use algebra::{
 
 use super::*;
 use crate::{
-  algebra::group::{FiniteCyclicGroup, Group},
+  algebra::{
+    field::FieldExt,
+    group::{FiniteCyclicGroup, Group},
+  },
   Field, PlutoScalarField,
 };
 
@@ -26,10 +29,10 @@ pub trait EllipticCurve: Copy + Debug + Eq {
 
   /// curve base field element type
   /// TODO: need to be converted for big integers later
-  type BaseField: FiniteField + Into<usize>;
+  type BaseField: FiniteField + Into<usize> + FieldExt;
 
   /// Curve scalar field type
-  type ScalarField: FiniteField + Into<usize>;
+  type ScalarField: FiniteField + Into<usize> + FieldExt;
 
   /// Order of this elliptic curve, i.e. number of elements in the scalar field.
   const ORDER: usize;

src/curve/pluto_curve.rs

@@ -11,7 +11,7 @@
 use super::*;
 use crate::algebra::field::extension::PlutoExtensions;
 
-/// The [`PlutoBaseCurve`] is an the base field set to the [`PlutoBaseField`]. This is the curve
+/// The [`PlutoBaseCurve`] has the base field set to the [`PlutoBaseField`]. This is the curve
 /// used in the Pluto `ronkathon` system. The curve is defined by the equation `y^2 = x^3 + 3`.
 #[derive(Copy, Clone, Debug, Default, Eq, PartialEq, PartialOrd, Ord)]
 pub struct PlutoBaseCurve;