Alrighty a few updates after spending some days in the BLS mines
Problems with Zondax library
I ran into some difficulty with the @zondax/filecoin-signing-tools library:
- the library is not signing the correct data when it comes to BLS signatures. Specifically, it appears to be signing the serialized message data instead of the message CID
- I’m currently using a fork of the library to address this issue (Address incorrect BLS signing (issue #350) by Karrq · Pull Request #354 · Zondax/filecoin-signing-tools · GitHub)
- I was getting errors when attempting to compile the library myself. I was able to fix this by updating
v0.3.0. Filed issue here: Build not working: missing Cid Serialize implementation · Issue #358 · Zondax/filecoin-signing-tools · GitHub
With both of those issues addressed, I was able to successfully submit messages signed with BLS keys.
Next step is aggregating public keys & signatures
The Zondax libary does not have aggregation functions. However, the underlying bls-signatures library does have a signature aggregation function.
I added a function to my local fork of the zondax library that calls into that aggregation function. It compiles fine, but fails at runtime. I believe this to be because
bls-signatures does signature aggregation in parallel which is not support with WASM. I tried doing this not in parallel, but can’t get it to compile at the moment. We can chalk that one up to being a Rust newbie
From what I can tell, the
bls-signatures library also does not support public key aggregation, which is also necessary for us.
There are two options:
- updating the zondax library
- I can attempt to do this myself, but I feel that it’s getting dangerously close to “rolling your own crypto”, especially seeing as I’m very new to Rust
- Would be great to get a hand from the Filecoin/Zondax team!
- using another library
- really the only JS/WASM library that I’ve found that seems to support both signature & key aggregation is noble-bls12-381
- However, it calculates different public keys than Lotus does
- I’m guessing that they’re using slightly different curve params. I have verified that both libraries use G1 for public keys and G2 for signatures
- or worse, that library is just broken
- I’ve opened an issue in the hopes of getting some clarity: Compatibility with Filecoin · Issue #24 · paulmillr/noble-bls12-381 · GitHub