Re: [CFRG] Status of BLS Signatures CFRG Internet draft

Jeff Burdges <burdges@gnunet.org> Sun, 01 August 2021 07:02 UTC

Return-Path: <burdges@gnunet.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2589A3A2EC0 for <cfrg@ietfa.amsl.com>; Sun, 1 Aug 2021 00:02:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h5YA4Ms31SDT for <cfrg@ietfa.amsl.com>; Sun, 1 Aug 2021 00:02:04 -0700 (PDT)
Received: from mail-out2.informatik.tu-muenchen.de (mail-out2.in.tum.de [131.159.0.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 220BB3A2EBE for <cfrg@irtf.org>; Sun, 1 Aug 2021 00:02:03 -0700 (PDT)
Received: from mailrelay1.rbg.tum.de (mailrelay1.in.tum.de [131.159.254.14]) by mail-out2.informatik.tu-muenchen.de (Postfix) with ESMTP id 06656240120 for <cfrg@irtf.org>; Sun, 1 Aug 2021 09:01:59 +0200 (CEST)
Received: by mailrelay1.rbg.tum.de (Postfix, from userid 112) id 0364818C; Sun, 1 Aug 2021 09:01:59 +0200 (CEST)
Received: from mailrelay1.rbg.tum.de (localhost [127.0.0.1]) by mailrelay1.rbg.tum.de (Postfix) with ESMTP id B1351188 for <cfrg@irtf.org>; Sun, 1 Aug 2021 09:01:58 +0200 (CEST)
Received: from sam.net.in.tum.de (sam.net.in.tum.de [IPv6:2001:4ca0:2001:42:225:90ff:fe6b:d60]) by mailrelay1.rbg.tum.de (Postfix) with ESMTP id AFC29182 for <cfrg@irtf.org>; Sun, 1 Aug 2021 09:01:58 +0200 (CEST)
Received: from [127.0.0.1] (sam.net.in.tum.de [IPv6:2001:4ca0:2001:42:225:90ff:fe6b:d60]) by sam.net.in.tum.de (Postfix) with ESMTP id 847691C006D for <cfrg@irtf.org>; Sun, 1 Aug 2021 09:05:16 +0200 (CEST)
From: Jeff Burdges <burdges@gnunet.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Date: Sun, 1 Aug 2021 09:01:57 +0200
References: <CABPapSGitrjc0YRLKiSVTKQLzvPZBRK2Se-AvZS9-7nyoQpsgA@mail.gmail.com> <1e6bbac4-cb1d-7f07-a945-ddfb6c39faf2@isode.com>
To: IRTF CFRG <cfrg@irtf.org>
In-Reply-To: <1e6bbac4-cb1d-7f07-a945-ddfb6c39faf2@isode.com>
Message-Id: <F91C36C4-1FDA-4AFA-8A6F-48622000B7BE@gnunet.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/hbtlC7IExmcUJvWUCyZuyEDUQcM>
Subject: Re: [CFRG] Status of BLS Signatures CFRG Internet draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Aug 2021 07:02:06 -0000

Appears someone believed the BLS signature draft's flawed suggestion of actually doing multiplications in the target group.
https://github.com/zkcrypto/bls12_381/issues/68

It’s obvious one should never do multiplications in the target group, and instead always use a multi-miller loop, so not sure why the draft proposes doing target group multiplications. 

There are numerous other optimizations without which BLS signatures look fairly useless, but omitting multi-miller loops really stands out.  

Jeff