Bandersnatch VRF (#14412)

* Introduce bandersnatch vrf * Some documentation * Fix tests * Fix docs refs * Some more docs * Comments about key derivation * Make clippy happy * Fix ring context enc/dec test * Fix docs * Switch to upstream ring-vrf * Use sub-domains to construct VrfInput * Bandersnatch VRF experimental feature * Restore upstream dep * Fix feature flags * Apply typo fix Co-authored-by: Anton <anton.kalyaev@gmail.com> * Bump bandersnatch-vrfs * Weiestrass form has been selected * Rename bandersnatch testing app crypto id * Support for seed recovery * Clarified domain size <-> key size relationship * cargo fmt * Trigger CI * Some required tweaks to crypto types * Remove leftovers from Cargo.toml * Remove some TODO notes * Simplification of structs construction * Trigger CI * Apply review suggestion Co-authored-by: Koute <koute@users.noreply.github.com> * Docs typo * Fix keystore tests * Consistence * Add ref to git rependency * Static check of MAX_VRF_IOS value * Clarify behavior for out of ring keys signatures * Add test for ring-vrf to the keystore * Fix docs --------- Co-authored-by: Anton <anton.kalyaev@gmail.com> Co-authored-by: Koute <koute@users.noreply.github.com>
2026-06-13 18:41:05 +00:00 · 2023-08-09 17:09:47 +02:00
parent 8321cee4f5
commit 314109d87b
23 changed files with 1900 additions and 59 deletions
@@ -13,6 +13,7 @@ documentation = "https://docs.rs/sp-core"
 targets = ["x86_64-unknown-linux-gnu"]

 [dependencies]
+arrayvec = { version = "0.7.2", default-features = false }
 codec = { package = "parity-scale-codec", version = "3.6.1", default-features = false, features = ["derive","max-encoded-len"] }
 scale-info = { version = "2.5.0", default-features = false, features = ["derive"] }
 log = { version = "0.4.17", default-features = false }
@@ -53,8 +54,11 @@ merlin = { version = "2.0", default-features = false }
 secp256k1 = { version = "0.24.0", default-features = false, features = ["recovery", "alloc"], optional = true }
 sp-core-hashing = { version = "9.0.0", path = "./hashing", default-features = false, optional = true }
 sp-runtime-interface = { version = "17.0.0", default-features = false, path = "../runtime-interface" }
+
 # bls crypto
 w3f-bls = { version = "0.1.3", default-features = false, optional = true}
+# bandersnatch crypto
+bandersnatch_vrfs = { git = "https://github.com/w3f/ring-vrf", rev = "c86ebd4", default-features = false, optional = true }

 [dev-dependencies]
 criterion = "0.4.0"
@@ -71,12 +75,14 @@ bench = false
 [features]
 default = ["std"]
 std = [
+	"arrayvec/std",
 	"merlin/std",
 	"full_crypto",
 	"log/std",
 	"thiserror",
 	"lazy_static",
 	"parking_lot",
+	"bandersnatch_vrfs/getrandom",
 	"bounded-collections/std",
 	"primitive-types/std",
 	"primitive-types/serde",
@@ -143,6 +149,12 @@ full_crypto = [
 	"sp-runtime-interface/disable_target_static_assertions",
 ]

-# This feature adds BLS crypto primitives. It should not be used in production since
-# the BLS implementation and interface may still be subject to significant change.
+# This feature adds BLS crypto primitives.
+# It should not be used in production since the implementation and interface may still
+# be subject to significant changes.
 bls-experimental = ["w3f-bls"]
+
+# This feature adds Bandersnatch crypto primitives.
+# It should not be used in production since the implementation and interface may still
+# be subject to significant changes.
+bandersnatch-experimental = ["bandersnatch_vrfs"]
@@ -15,9 +15,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-// tag::description[]
 //! Cryptographic utilities.
-// end::description[]

 use crate::{ed25519, sr25519};
 #[cfg(feature = "std")]
@@ -486,7 +484,7 @@ pub trait ByteArray: AsRef<[u8]> + AsMut<[u8]> + for<'a> TryFrom<&'a [u8], Error
 }

 /// Trait suitable for typical cryptographic key public type.
-pub trait Public: CryptoType + ByteArray + Derive + PartialEq + Eq + Clone + Send {}
+pub trait Public: CryptoType + ByteArray + Derive + PartialEq + Eq + Clone + Send + Sync {}

 /// An opaque 32-byte cryptographic identifier.
 #[derive(Clone, Eq, PartialEq, Ord, PartialOrd, Encode, Decode, MaxEncodedLen, TypeInfo)]
@@ -417,7 +417,7 @@ impl TraitPair for Pair {
 	}

 	/// Verify a signature on a message. Returns true if the signature is good.
-	fn verify<M: AsRef<[u8]>>(sig: &Self::Signature, message: M, public: &Self::Public) -> bool {
+	fn verify<M: AsRef<[u8]>>(sig: &Signature, message: M, public: &Public) -> bool {
 		sig.recover(message).map(|actual| actual == *public).unwrap_or_default()
 	}

@@ -421,7 +421,7 @@ impl TraitPair for Pair {
 	/// Verify a signature on a message.
 	///
 	/// Returns true if the signature is good.
-	fn verify<M: AsRef<[u8]>>(sig: &Self::Signature, message: M, public: &Self::Public) -> bool {
+	fn verify<M: AsRef<[u8]>>(sig: &Signature, message: M, public: &Public) -> bool {
 		let Ok(public) = VerificationKey::try_from(public.as_slice()) else { return false };
 		let Ok(signature) = ed25519_zebra::Signature::try_from(sig.as_ref()) else { return false };
 		public.verify(&signature, message.as_ref()).is_ok()
@@ -55,6 +55,8 @@ pub mod crypto;
 pub mod hexdisplay;
 pub use paste;

+#[cfg(feature = "bandersnatch-experimental")]
+pub mod bandersnatch;
 #[cfg(feature = "bls-experimental")]
 pub mod bls;
 pub mod defer;
@@ -504,7 +504,7 @@ impl TraitPair for Pair {
 		self.0.sign(context.bytes(message)).into()
 	}

-	fn verify<M: AsRef<[u8]>>(sig: &Self::Signature, message: M, pubkey: &Self::Public) -> bool {
+	fn verify<M: AsRef<[u8]>>(sig: &Signature, message: M, pubkey: &Public) -> bool {
 		let Ok(signature) = schnorrkel::Signature::from_bytes(sig.as_ref()) else { return false };
 		let Ok(public) = PublicKey::from_bytes(pubkey.as_ref()) else { return false };
 		public.verify_simple(SIGNING_CTX, message.as_ref(), &signature).is_ok()
@@ -568,7 +568,7 @@ pub mod vrf {
 	impl VrfTranscript {
 		/// Build a new transcript instance.
 		///
-		/// Each `data` element is a tuple `(domain, message)` composing the transcipt.
+		/// Each `data` element is a tuple `(domain, message)` used to build the transcript.
 		pub fn new(label: &'static [u8], data: &[(&'static [u8], &[u8])]) -> Self {
 			let mut transcript = merlin::Transcript::new(label);
 			data.iter().for_each(|(l, b)| transcript.append_message(l, b));
@@ -21,10 +21,12 @@ use crate::crypto::KeyTypeId;

 /// Key type for generic Ed25519 key.
 pub const ED25519: KeyTypeId = KeyTypeId(*b"ed25");
-/// Key type for generic Sr 25519 key.
+/// Key type for generic Sr25519 key.
 pub const SR25519: KeyTypeId = KeyTypeId(*b"sr25");
 /// Key type for generic ECDSA key.
 pub const ECDSA: KeyTypeId = KeyTypeId(*b"ecds");
+/// Key type for generic Bandersnatch key.
+pub const BANDERSNATCH: KeyTypeId = KeyTypeId(*b"band");
 /// Key type for generic BLS12-377 key.
 pub const BLS377: KeyTypeId = KeyTypeId(*b"bls7");
 /// Key type for generic BLS12-381 key.