herumi / mcl-wasm Goto Github PK

View Code? Open in Web Editor NEW

59.0 6.0 17.0 6.79 MB

JavaScript 45.98% HTML 2.19% Makefile 0.90% TypeScript 50.86% C++ 0.06%

mcl-wasm's Introduction

A portable and fast pairing-based cryptography library for Node.js by WebAssembly

Abstract

see mcl

News

2023/Sep/08 improve the performance a little
2023/Aug/17 improve the invMod performance
2023/Jun/10 add share/recover functions of Fr, G1, G2 for secret sharing.
2022/May/08 fix get{X,Y,Z} and get_{a,b}.
2021/Dec/15 rewritten by TypeScript (Thanks to asa-taka)
2021/Nov/11 unify index.js of Node.js and browser (Thanks to Futa HIRAKOBA)
2021/Aug/28 improve performance of {G1,G2}::isValidOrder()
2021/Jun/22 add index.d.ts
2021/Mar/02 improve performance
2020/Nov/10 setup function has changed.
add mulVec(xVec, yVec) where xVec is an array of G1 or G2 and yVec is an array of Fr, which returns sum of xVec[i] yVec[i].
G1.setHashOf is compatible with hash-to-curve-09 BLS12381G1_XMD:SHA-256_SSWU_RO_
support only BN254, ZKSNARK, BLS12-381 to remove mcl_c512.js
add mcl.precomputedMillerLoop2 and mcl.precomputedMillerLoop2mixed

How to use

The version v0.6.0 breaks backward compatibility of the entry point.

Node.js : const mcl = require('mcl-wasm')
React : const mcl = require('mcl-wasm')
HTML : <script src="https://herumi.github.io/mcl-wasm/browser/mcl.js"></script>

for Node.js

node test/test.js

browser demo

ID-based encryption

usages

init

// Ethereum 2.0 spec mode
mcl.init(mcl.BLS12_381)
  .then(() => {
    mcl.setETHserialization(true) // Ethereum serialization
    mcl.setMapToMode(mcl.IRTF) // for G2.setHashOf(msg)
    ...
  })

string conversion

a = new mcl.Fr()
a.setStr('255') // set 255
a.setStr('0xff') // set 0xff = 255
a.setStr('ff', 16) // set ff as hex-string

a.getStr() // '255'
a.getStr(16) // 'ff'

serialization

// byte array serialization
b.deserialize(a.serialize()) // b.isEqualTo(a)
// hex string of serialization()
b.deserializeHexStr(a.serializeToHexStr())

// serialization like Ethereum 2.0 only for BLS12-381
mcl.setETHserialization(true)

deserialization

/*
  it is big cost to to verify the order
  call once after init() if you want to disable it
  cf. sub group problem
*/
mcl.verifyOrderG1(false)
mcl.verifyOrderG2(false)

see test.js

Secret Sharing

shareFr = (cVec: Fr[], id: Fr): Fr
shareG1 = (cVec: G1[], id: Fr): G1
shareG2 = (cVec: G2[], id: Fr): G2

Evaluate the value of the polynomial f(x) whose coefficients cVec[] are vec with x=id. Return f(id).

recoverFr = (idVec: Fr[], yVec: Fr[]): Fr
recoverG1 = (idVec: Fr[], yVec: G1[]): G1
recoverG2 = (idVec: Fr[], yVec: G2[]): G2

Recover the polynomial f(x) through the point (idVec[0], yVec[0]), (idVec[1], yVec[1]), ... and return f(0). Note that the order of arguments is reversed from that of the recover function in bls-eth-wasm.

License

modified new BSD License http://opensource.org/licenses/BSD-3-Clause

History

2019/Jan/31 add Fp.mapToG1

Author

MITSUNARI Shigeo([email protected])

Sponsors welcome

GitHub Sponsor

mcl-wasm's People

Stargazers

Watchers

Forkers

jkawamoto avive genecyber winderica evertonfraga camparijet lk72 kautukkundan holgerd77 chenxyzj yuknight aguycalled korosuke613 asa-taka wyatt-howe kokeshim0chi

mcl-wasm's Issues

run `mcl-wasm` inside SES

hello @herumi, thank you for the incredible work. i wanted to cross-post this issue, as I may believe it may be a mcl-wasm issue.

MetaMask/metamask-extension#17064

the issue is that when mcl-wasm runs inside the SES environment, I get the following error:

➤ YN0000: [snap]: SES_UNHANDLED_REJECTION: [TypeError <Object <Object <[Object: null prototype] {}>>>: scriptDirectory.indexOf is not a function
➤ YN0000: [snap]:   at eval (eval at <anonymous> (eval at makeEvaluateFactory (/Users/firnprotocol/snap/node_modules/ses/dist/ses.cjs:1427:10)), <anonymous>:53750:37)
➤ YN0000: [snap]:   at eval (eval at <anonymous> (eval at makeEvaluateFactory (/Users/firnprotocol/snap/node_modules/ses/dist/ses.cjs:1427:10)), <anonymous>:53598:29)
➤ YN0000: [snap]:   at Generator.next (<anonymous>)
➤ YN0000: [snap]:   at eval (eval at <anonymous> (eval at makeEvaluateFactory (/Users/firnprotocol/snap/node_modules/ses/dist/ses.cjs:1427:10)), <anonymous>:53381:73)
➤ YN0000: [snap]:   at new Promise (<anonymous>)
➤ YN0000: [snap]:   at __awaiter (eval at <anonymous> (eval at makeEvaluateFactory (/Users/firnprotocol/snap/node_modules/ses/dist/ses.cjs:1427:10)), <anonymous>:53360:16)
➤ YN0000: [snap]:   at Object.initializeMcl (eval at <anonymous> (eval at makeEvaluateFactory (/Users/firnprotocol/snap/node_modules/ses/dist/ses.cjs:1427:10)), <anonymous>:53597:74)
➤ YN0000: [snap]:   at 324.ethers (eval at <anonymous> (eval at makeEvaluateFactory (/Users/firnprotocol/snap/node_modules/ses/dist/ses.cjs:1427:10)), <anonymous>:59973:27)
➤ YN0000: [snap]:   at o (eval at <anonymous> (eval at makeEvaluateFactory (/Users/firnprotocol/snap/node_modules/ses/dist/ses.cjs:1427:10)), <anonymous>:38:19)
➤ YN0000: [snap]:   at eval (eval at <anonymous> (eval at makeEvaluateFactory (/Users/firnprotocol/snap/node_modules/ses/dist/ses.cjs:1427:10)), <anonymous>:40:20)]

an MWE is given in firnprotocol-snap-mcl-wasm-mwe.

to reproduce:

clone my MWE
run yarn start
navigate to localhost:8000 in a browser tab with Flask enabled (i needed to install it in a separate chrome profile from the one with regular metamask).
click "connect" and "send message".

huge thanks in advance for your attention.

Beautify mcl_c.js and mcl_c512.js to reduce error size

When a function of this package throws, these mcl_c.js or mcl_c512.js seem to throw aswell. Since these scripts do not seem to be beautified, they throw a gigantic error string. Is it possible to "beautify" (i.e. add newlines) these scripts, so the error size reduces?

Choose curve types like secp256k1 to do operations when not using pairing

In original mcl/test/ec_test.cpp, I can see doing operations like mul in curves like secp224k1 and secp256k1. It will be extremely nice to expose these curves when not using pairing in js.

Right now, if I want to do some custom encryption functions using add,mul on an elliptic curve with no pairing involved, I can only choose from BN and BLS curves.

Expose G1.mapTo and G2.mapTo

Hi, I've tried to add the code changes to expose G1.mapTo and G2.mapTo but I can't get it to work.

Would it be possible to see those methods exposed?

Thanks!

getStr() incorrect result

Hi, it seems getStr() does not return a correct result in this case:

import * as mcl from "mcl-wasm";

async function main() {
    await mcl.init(mcl.BN_SNARK1);
    const x0 = new mcl.Fp();
    const x1 = new mcl.Fp();
    const y0 = new mcl.Fp();
    const y1 = new mcl.Fp();
    const z0 = new mcl.Fp();
    const z1 = new mcl.Fp();

    x0.setInt(2);
    x1.setInt(3);
    y0.setInt(4);
    y1.setInt(5);
    z0.setInt(1);
    z1.setInt(0);

    const x = new mcl.Fp2();
    const y = new mcl.Fp2();
    const z = new mcl.Fp2();

    x.set_a(x0);
    x.set_b(x1);
    y.set_a(y0);
    y.set_b(y1);
    z.set_a(z0);
    z.set_b(z1);

    const P = new mcl.G2();
    P.setX(x);
    P.setY(y);
    P.setZ(z);

    console.log(P.getStr()); // prints 1 2 3 4 5 [correct]

    P.normalize();
    console.log(P.getX().isEqual(P.getY())); // prints false [correct]
    console.log(P.getX().get_a().getStr()); // prints 2 [correct]
    console.log(P.getX().get_b().getStr()); // prints 3 [correct]
    console.log(P.getY().get_a().getStr()); // prints 2 [incorrect, expected 4]
    console.log(P.getY().get_b().getStr()); // prints 3 [incorrect, expected 5]
    console.log(P.getZ().get_a().getStr()); // prints 2 [incorrect, expected 1]
    console.log(P.getZ().get_b().getStr()); // prints 3 [incorrect, expected 0]
}

main();

Use with webpack?

This is a great library, but I struggle to make it work with webpack 4. This is the rule I'm applying:

{
    test: /\.wasm$/,
    exclude: /node_modules/,
    type: 'webassembly/experimental',
}

(Even if I don't think it's necessary as per their official example)

When I try to use the generated bundle in a nodejs project, I get the following error when using the development build:

Error: ENOENT: no such file or directory, open '/mcl_c.wasm'

And this error when using the production build:

On the web, we need the wasm binary to be preloaded and set on Module['wasmBinary']. emcc.py will do that for you when generating HTML (but not JS)

I tried to put that file in the same folder as the bundle, in my nodejs projects, literally everywhere, but nothing worked. Is it that some specific configuration of this library makes it impossible to use it with webpack?

Potentially related: webpack/webpack#7352

How to set the vaule of G?

hi, I'm trying to use mcl-wasm to implement a nizk.
in this picture, Enc is ElGamal Encryption, I want to encrypt "1" of G.

however, this way is not work , means that i can't get "1"of G. How can i solve it?

thanks a lot

Checking if a value is on curve?

We are implementing the BLS12-381 precompile curves for Ethereum at EthereumJS-VM. One of the error cases of these precompiles is if the point is not on the curve.

Is it possible to check this with mcl? I can create a new let p = new mcl.G1() point and then p.setStr(pointStr). Sometimes, this function throws, but it is unclear to me if this is due to the point not being on the curve or some other problem.

Is it possible to explicitly check if a point is on the curve? (Both for G1 and G2 points?)

`ReferenceError: window is not defined` upon import

In a react application using webpack 5.61.0, the import statement

import mcl from "mcl-wasm/browser";

triggers:

ReferenceError: window is not defined

i am happy to provide further diagnostic information, but i am not sure how to attain it because the stack trace is not really decipherable. thanks.

Node.js crypto module dependency breaks browser bundling

Hi @herumi,
Holger from EthereumJS here again (just re-discovered that I opened a PR here alread couple of years ago #17). 👋

I was just playing with some bundler for the web (esbuild) to test browser compatibility for our libraries, especially VM/EVM and realized that there is a dependency (aka: usage) of the native Node.js crypto module in the getRandomValues.ts file which breaks browser bundling:

(so there I trie to create a bundle from our @ethereumjs/vm code)

Is this getRandomValues.ts file even necessary/used or did this just "sneak into the build/release"?

If possible to remove and this could get a small fix (can also submit a PR if this eases things) and bugfix release that would be great! 🙂 This would improve browser UX for several of our libraries a lot!

index.d.ts isn't published with npm module

Also, looking at the packaged npm module, I think many files are included that shouldn't be (tests, demos, others).

Intermittent issue with GT.setStr()

I am using another library to generate a vector in Fp12 using pairing using the BLS12-381 curve. I have verified that the prime number used in MCL and the other library is the same: "1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab"

Sometimes I can import the generated vector into MCL but sometimes I can't.

let T_mcl = new mcl.GT();
T_mcl.setStr("aaa bbb ccc ddd eee fff ggg hhh iii jjj kkk lll", 16);

When it generates an error, I get the following error:

Error: err _wrapInput 024aafb1494c5705191048d6a5a5dbd15c53cefc309b116c18f5249d3d6e7a5adf63f5e4671b9ece8de85fa3e52772fe 08bec5faf7102c80d41a2ecbaed227c66cdc71a280923d10e54e1655861dfacf82195ac85f0b14991f539b7af42ed1fd 1126a2a76e9d0640d1ec7435403f1852ba9ba586c0fbc077ad933f83366a37e0ded6de746476c472037159a05ede4194 0f03d764b62f9fbe5b615ec06c14f85b9cf3757e854ad6bca0d05b2b71aa5568a3f19067a7213665e02c6eaadca65187 13e78998946a4ace985a4af55ad5da899fa6b68d193b05651be4fac94faf9b9225f126bfcbf4d57321b108c5ce162f7c 0d129457d425ecc1974e52d88993f2cc4518e5872dfe450b4741f018e17393cbd84af8fac20aad3d67d35533df5d8f83 1473537ed46ab451960ef0e847c731cdca709ff07f618fe3f2cb34376aa041337648cf503b2e54c82f82e3827c0230a2 095d1ca249729d03f91efeef1d50f0c13bc741c757f1047b5b02518f9a9a39ee2ed070b09005e0fdb821983f90effcaa 1743618588e05954c5dedc20de67c0f0ecb5219b7c8dd5bdb9d0c56cc4d3aa6398ebd7de4b3bf3381c1b1be42d59543a 0bcc1edcfcf91cd4a2ee7b4c3c598c5eff370c403906e4c49fc955cf06a0e5c40f07533b8897c3996b421ed77a88f34b 0feeda626ac7d5d4053ffe3a234937d63e20f62565d5e841131138c8854af6e81ae6cbd4e1d5e7a33f401f32226d223a 09fdb778bbcec71c1d02102e4d9d580e488911a6f3bf7dd6da3b2e0ada58057a1d657052b9696ae18286c0c251f321b0
    at mycode.js:14416
    at e.value (mycode.js:14530)
    at e.value (mycode.js:14918)
    at mycode_wasm.js:formatted:14174
    at a (mycode_wasm.js:formatted:14185)
    at s (mycode_a.js:1)

Here are some examples that work and some that don't. I can't see any pattern. Can you tell me why MCL would accept some of them and not others?

MCL Fp12: (fail)
=================================
0b3e560ab08e86f5e26cc622be8835e0c06fc2d95f1f742727b4145520b396f6a751c8f01cbb4b521d60503f4e5e9aa0
041cbe5d421f1bfd0319be2f9f0e745a079f65ce49c8ce56b6e5842c836ae031a5ee08464aaf5780f6ff64728ee06530
18538ccbfddce4e45e7a841d6b841fbe019111ba2e8100650cb549aee96f35cc84c540e26da06cea3aa0e0469458b517
101d8c53358bdb2dfd3da885f3a20cd6cd8036ea824e1712c6430ee0cb6710e0f01cde640c7394a8732e0f2d428d6e8f
0a9f9c6cded8744161bd07a3070e0d0e2e694cb6656119ad19c7518838c44d7347f3bc31c237b5c42ffedd06f0f9ac85
1394de16798a46954b4aadc6f051dff0c0dfc1cb8fd1155a8964e6c8ed51eeb405d4a9368a64c7291034e6ec77f1292a
0a8dfd2de1208e4543fc7b8be02d7eda56c8c312303083f3bb03a335b36ace6c01be3abfde03ab0fb7dba0318c47a479
15bd6165f36c4273ec342d30abfb3ab52955b20d9db2711dc861638ee2198a04165ac2e0e99d005c35da2f241f64ec34
08457fe07a2101ee07ae99ac731ddaa46c2b6a08fc1760b8d712933670fb290ba05947150da1ab1e5c94c60c29a88d98
173cc1819bb8658b8bf17d13fc0bb466c10234ded92420745316ca8fd77d64bd7b8b20a0a6e6c59bd695a4aef87e8ca0
18ae0ed714ed1e0d45d2116267563017f0a16d0ec1af1296d28720a6d7d1ca8cecc3148a39885517c4a292806fb2c9c0
0910a189e176eaa80b42fde37afaf99f199e4dd6bfa0235b6d138cbe8acd265de05ca5094a60c6a00a7479f443cdf6f0

1829f462f86f3449f2aca26d0b3ff41f1b4704dc236043a6fbf60b6be9438366eb6432ac794611eb011e2bae2aca4833
125995a77f1516ddf578e8e5d15a72039e3031b6c2a04d53a988294164a3e5d1142041941a896faf2e5c5f899f4d4925
10680fe131756d99a27912c8bf94147883fe54f822166d0c1d10b92ef457343c5815475001f58067368983e243c8f773
14792dc0b71218ce19d4b30ef53c8f5201f71f584bad46032e94baa33a329059ad7264a0a45273f70b3868da6f135c5d
042a0b4f59ec290fe622ffbfd9ac3ba57841c92666a8ffd2761b36dfe212d7c1a4e3bcdfe666211708ac7e9b32f4ab36
0b5edf17a6caafb41503e91563dcddb8dcd0dfeacd50eccf73be40679d7f18b7de73da018d61f6ea07aafb0e464c726a
149d3325e1cc8c5ed4feee01be4fac905f3f30560a5124d591ab86e446cbc849cff8435b8e4078ef7ace0fb439a29aa0
06f4ad36efab491bb49f884535de905a3a0273bda9973f1d1bf43bbaaa55495e0add61325bb0cff3f12be626b4b2a688
0421aa872e2c5ba4794423b0f3b7f29a963690cd901f62e8389634351f92fd8b6ea500b899d2fa354bc10fe8c462343a
18c40e7eba316281bc0acd73b94abf7c4d3f905196777a25d7493f2327fcad8e2eb2a17831f0301fb4df008b98983e10
0204187311bdeb973fcb2d22e27bf034c13438e2c5c0956ecf9334f242a24a6ff819b97966fca0f6b2a2f45e99e84ca6
08ff8bf29900b954cec1ca136fc927d4737d85da9064de5fea7cc4388ec251b22fc4ba0b5b70ffa47ef6e806bb4b2825

024aafb1494c5705191048d6a5a5dbd15c53cefc309b116c18f5249d3d6e7a5adf63f5e4671b9ece8de85fa3e52772fe
08bec5faf7102c80d41a2ecbaed227c66cdc71a280923d10e54e1655861dfacf82195ac85f0b14991f539b7af42ed1fd
1126a2a76e9d0640d1ec7435403f1852ba9ba586c0fbc077ad933f83366a37e0ded6de746476c472037159a05ede4194
0f03d764b62f9fbe5b615ec06c14f85b9cf3757e854ad6bca0d05b2b71aa5568a3f19067a7213665e02c6eaadca65187
13e78998946a4ace985a4af55ad5da899fa6b68d193b05651be4fac94faf9b9225f126bfcbf4d57321b108c5ce162f7c
0d129457d425ecc1974e52d88993f2cc4518e5872dfe450b4741f018e17393cbd84af8fac20aad3d67d35533df5d8f83
1473537ed46ab451960ef0e847c731cdca709ff07f618fe3f2cb34376aa041337648cf503b2e54c82f82e3827c0230a2
095d1ca249729d03f91efeef1d50f0c13bc741c757f1047b5b02518f9a9a39ee2ed070b09005e0fdb821983f90effcaa
1743618588e05954c5dedc20de67c0f0ecb5219b7c8dd5bdb9d0c56cc4d3aa6398ebd7de4b3bf3381c1b1be42d59543a
0bcc1edcfcf91cd4a2ee7b4c3c598c5eff370c403906e4c49fc955cf06a0e5c40f07533b8897c3996b421ed77a88f34b
0feeda626ac7d5d4053ffe3a234937d63e20f62565d5e841131138c8854af6e81ae6cbd4e1d5e7a33f401f32226d223a
09fdb778bbcec71c1d02102e4d9d580e488911a6f3bf7dd6da3b2e0ada58057a1d657052b9696ae18286c0c251f321b0

MCL Fp12: (success)
====================================
05cbe955394ac1efcace09c96d9ee1da2346388c44179e23790fb20651dd78303ccdfbd146f7ddc2726f929ef92c7afa
1036beb1b9dc41874746401d198bf391690b9a65aadc57a04629042a05c8dd4ec70effa92e21b0b6e222222dc7b305bc
0e1c5dcd29da32ef1fc2853f3cdfa44e1ef564cdfc8ffee34c4631157704fac9b05f767c531b531f9e422baa099a59f2
050e74d7612deacd6bfa42d4040c50c1ef87d3f3425abb9d9ffc516536e0f4ab984b509fd1e7c433b89a4e9fb6028f74
16a26dae392e7400e811ba4ee37eddd445c29abdc1a4c06d6c027a7b8eed0da30d5e960b1f0c685b78a6482f515244d0
02a6a4fb61f24dc9bc91959c4fe50b43184d587aca8afe41a39d336e416bc5c9af19ede7592915e4d22c19ebc2c2ba92
0388b7968e1917f584d84bb604e7b56e455e409ea8e3e8b6caffc5e8301b94182a119e668c26793a1f7b9015d22a75d4
0252fc5652583acc0605aa8a15eed730837c54d986aaf96675248ccc63276fad62fa2db3d015a65f52c52e6b74c4a9ab
11dd2df486eaf2d99acb6f69cbc3d2e2d4f27e95fb1377239332557e193462baccf90c1a2bb9d9e7dbb1493121b18c71
09bac901d7983cf671a0aec7a0ac67908b4acaa427374ea5fb27f8e7145fc5e5d240b1bbe4cfe89f48a0e5251078555f
09ef30b52b2acdbf9767772bfdc2fffad2c8fe4fa14e9450ffe0c47903a585cf448aeb43796bd4c49dd85e4386514fe4
0651882f8eb779eb18f19730e756ad9660bc33f0e5cb05439e8ef3f3f31f29f60b03bee1002227634de66a6adbd5ebb2

01a9632cfe0668d05e81c352ad7165ffe4123cef8065888684e53c8f111eb6c4d8352163bd7493d89cd79bb6af47c407
06e0b8e3bb55158b180e1f1dbdf520f3cc5f5085ecb9cad4282a0040263e535fe59ad46ad312022594dded7b3d74586a
0c6e67913548940c1b52fe75f86ac39872d64d44fc818900381a5d92ce64d12f9f777bc921b2ffee841f0401375bff94
061551345d26f37a0e8d85f8fd587549b85150f5eba36a56862cb2ee0b1fce272d9bc0d00851ae9248d606bd61c3e3eb
1607fc2eff15b9eb43a57c8de30a06071a15bec7f6e60edf36db4237949348308e638281212c0e27f59e2a5cf5c92e6e
03ac2522cf855bcfd9fc371d722022a0117ce58315b0805f27706e67969958dc1b1edbb8362d87b61a0395ea447c401e
03183612bc8453ebda86e11fc1efc79faa4b6da56edc9903d538cd0f58ff1c437dd0b3b9abf701dd7b2e39ad7b145910
07087560301e6d9679e044aacb198b696ce233c2e571694561b7d18b72e5d78b1bdc16ab93e2e91b980cad75de866fde
03e28c1e37d344596a3c606a5146938579ac065de341996a8a0c97345980d9447a525174d27e20629487a80dea909464
0213270bcf0de1370e20f22aad2576e77a6ca83750c2ecd76336a241b5a34b3048ab94b6bf1468e41fe8be4bdc559203
02cd31cb41518ead8ec8248284f31e0c6ab8742d7fe12dbe35b7c6f43b83c06350fddf25b1867423c0bd8ae75603e365
19a8ab9b0368fd844e925796563e6e796ca90d464b3fd3f6215b0e0dd0ff15815ee2d0b1b71daf037d66e691b1876f03

Can't resolve 'perf_hooks'

getting Module not found: Can't resolve 'perf_hooks' error inside ./node_modules/mcl-wasm/test.js while trying to use the package. Any fix?

Export generator for G1

There is no generator point exported for G1 or G2, if there was it would be simpler to perform scalar base multiplications. Please consider adding it!

Expose mclBnFp_mapToG1 and mclBnFp2_mapToG2

Feature request to add the methods in the title. We would like to include this in the BLS 12-381 implementation of EthereumJS-VM.

Cannot import scalar values from BLS12-381 Ethereum test suite

Hi there. At EthereumJS-VM we are using this library in order to get the EIP 2537 in the VM (the BLS12-381 EIP).

Currently, I am struggling importing the first test case of this EIP. The input value has 128 bytes of G1 point data (i.e. the coordinates, first 64 bytes and second 64 bytes are the coordinate x,y-values) and the final 32 bytes are the scalar value we want to multiply with.

Here is the code:

const mcl = require('mcl-wasm')
mcl.init(mcl.BLS12_381).then(function() {
  const x_1 = "12196c5a43d69224d8713389285f26b98f86ee910ab3dd668e413738282003cc5b7357af9a7af54bb713d62255e80f56"
  const y_1 = "06ba8102bfbeea4416b710c73e8cce3032c31c6269c44906f8ac4f7874ce99fb17559992486528963884ce429a992fee"
  const scalar =   "b3c940fe79b6966489b527955de7599194a9ac69a6ff58b8d99e7b1084f0464e"
  //let scalar2 =  "351376bf068f448c76382a97c33a68f81021f6eff4af9e52080ecee12e5ddccf" // this was generated from setCSPRNG()

  const mcl_str = "1 " + x_1 + " " + y_1

  const point = new mcl.G1()
  point.setStr(mcl_str, 16)

  const r = new mcl.Fr()
  r.setStr(scalar, 16)
  console.log(r.getStr(16))

  result = mcl.mul(point, r)

  console.log(result.getStr(16))
})

Problem: this throws:

Error: err _wrapInput b3c940fe79b6966489b527955de7599194a9ac69a6ff58b8d99e7b1084f0464e

According to the test, this value should be correct. If I try the scalar2 value, which was generated by setCSPRNG then it runs fine.

BLS Fr setHashOf

Hi there. I am working on a BLS12-381 scheme which requires hashing a message to the Fr scalar field.

In some cases the message/pre-image is given (hence setHashOf(preimage) can be used) but in other cases the SHA256 hash is given - which needs to be mapped to Fr by other means. I was relying on the assumption that it was sufficient to call setLittleEndianMod(hash) to obtain the same result produced by setHashOf(preimage). This works in some cases but not in others so I digged up the mcl code to figure out what happens under the hood.

A small test case to illustrate the situation:

   // Helper functions
    const fromHashOf = (m: string) => {
      const fr = new mcl.Fr();
      fr.setHashOf(m);
      return fr;
    };
    const fromSha256 = (sha: Uint8Array) => {
      const fr = new mcl.Fr();
      fr.setLittleEndianMod(sha);
      return fr;
    };

    {
     // This works
      const message_0 = "message-0";
      const sha = sha256(message_0); // ce78e7c740f40722f11a530ebf14d260a9bb51effced715addf98c5a3ecfc23c
      const h1 = fromSha256(sha); // 3cc2cf3e5a8cf9dd5a71edfcef51bba960d214bf0e531af12207f440c7e778ce
      const h2 = fromHashOf(message_0); // 3cc2cf3e5a8cf9dd5a71edfcef51bba960d214bf0e531af12207f440c7e778ce
      expect(h1.isEqual(h2)).toBe(true); // OK!
    }

    {
     // This doesn't
      const message_1 = "message-1";
      const sha = sha256(message_1); // 9deb880b43bdf6f465a0afb130aed71b31cf219626f3637f577d4167cd80e5f2
      const h1 = fromSha256(sha); // 0b0a3227140682c718f0431682de1f26745c662ab1b2e867f4f6bd450b88eb9b
      const h2 = fromHashOf(message_1); // 72e580cd67417d577f63f3269621cf311bd7ae30b1afa065f4f6bd430b88eb9d
      expect(h1.isEqual(h2)).toBe(true); // KO!
    }

Why fr.setLittleEndianMod(hash); does not always behave like fr.setHashOf(preimage)?

As usual, thank you so much for your time and for this great library!!

Possible to mod order?

In ECDSA, it requires x coordinate to mod order (r = x1 mod n). Is it possible to achieve here? It seems setStr in Fr is not working when the argument is larger than the order.

Thanks a lot!

Pairing: check if G1/G2 not in expected subgroup

Hey @herumi! We need to check if G1/G2 points are in the correct subgroup (the actual implementation does not matter at this point).

It seems that this functionality is there, by setting verifyOrderG1 and verifyOrderG2 to 1. In that case, if you import one of the EIPs negative test cases, trying to create such G1/G2 number throws. However, we'd like to explicitly check if they are in the correct subgroup.

Sorry for my ignorance, but is it right that we can use isValidOrder for this? Thanks a lot! 😄

EDIT: actually seems that if we disable verifyOrderG1 and verifyOrderG2 (i.e. don't call them, use the default value) and use isValidOrder() this returns true even if they should not be in the right subgroup (maybe I'm mixing terms here and order/subgroup is not the same?).

Seems like isValidOrder only returns false if above setting is set to 1.

Format for deserializeHexStr

I am attempting to do let s = mcl.deserializeHexStrToFr('263dbd792f5b1be47ed85f8938c0f29586af0d3ac7b977f21c278fe1462040e3') but I get the error:

Error: err _wrapDeserialize
      at /home/elizabeth/bls-js/node_modules/mcl-wasm/mcl.js:111:28

The hex string appears to be of the correct length (64 chars) so I'm not sure what is going wrong. Similarly, what is the correct format for deserializeHexStrToG1 and deserializeHexStrToG2?

err _wrapInput when trying to invoke setStr

Hello,
I have some code like the following for the bn254 curve:

var X=new mcl.Fp();
X.setStr(value,16);

where value is (for example):
2da8ca028125cebef6bc48526cd30b4d617dac593d0cbfa37703b6795d0db846

These strings are computed by other libraries (the noble crypto library so they are valid x points for which there exists a y that satisfies the bn254 equation) so they should be correct. And indeed that number in decimal is 20652302713412539842691404244404811285268574088401948238856379421925240059974 and I verified that is less than the bn254's parameter p=21888242871839275222246405745257275088696311157297823662689037894645226208583.
However, I get the following error:
err _wrapInput

I do not get this error when the hex strings start with 1. Did I miss something?

Typescript types

Would be nice to have Typescript typing for this library, either in this repo or via DefinetlyTyped (@types/mcl-wasm).

Is it possible to make G1=G2?

I'd like to implement the following Proxy Re-Encryption algriothm, is it possible to set e : G1 x G1-> GT ?

Multiply point with scalar value

I'm currently trying to multiply a G2() point with a scalar value but I'm not sure if i do this correct.

const g2 = new mcl.G2();
 g2.setStr( "1 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed 0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa 0x090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b"
  );

let privkey = new mcl.Fr();

privkey.setStr(
    "27342515244433913831915841113162642860753661339514809894050960669014459950989",
    10
  );

let generateV = mcl.mul(g2, privkey);

I always receive the following error:

What am I doing wrong here?

TypeError: invalid_argument

TypeError: invalid_argument sometime occurs while initializing this library.

Since this error came from _wrapInput, I added the logging function:

console.debug(`buf = ${buf}, buf.length = ${buf.length}`)

after L119 of mcl.js and got the output:

console.debug ../../node_modules/mcl-wasm/mcl.js:120
buf = 8762084894755259, buf.length = undefined

console.debug ../../node_modules/mcl-wasm/mcl.js:120
buf = 215,238,14,19,59,68,221,151,138,149,14,154,104,149,241,57,75,99,68,244,112,22,61,137,86,127,251,44,228,93,38,170, buf.length = 32

TypeError: invalid_argument
at Int8Array.set (native)
at ../../node_modules/mcl-wasm/mcl.js:129:21
at exports.G1._setter (../../node_modules/mcl-wasm/mcl.js:227:19)
at exports.G1.setHashOf (../../node_modules/mcl-wasm/mcl.js:360:14)
at Object.exports.hashAndMapToG1.s [as hashAndMapToG1] (../../node_modules/mcl-wasm/mcl.js:588:9)

It seems buf is expected to be an array but sometimes it has a number, and hence Int8Array.set is crashed.

mulVec is not exposed

At EthereumJS-VM we are using this library in order to get the BLS12-381 EIP in our library.

This EIP also needs access to multi scalar multiplication, i.e. the mclBnG1_mulVec and mclBnG2_mulVec functions from mcl. They do not seem to be (directly (?)) exposed. Can this function be exposed?