near · karim-en · Nov 1, 2022 · Nov 3, 2022 · Nov 3, 2022 · Nov 4, 2022
@@ -85,6 +85,7 @@ base64 = "0.13"
 bencher = "0.1.5"
 bitflags = "1.2"
 blake2 = "0.9.1"
+blst = "0.3.10"
 bn = { package = "zeropool-bn", version = "0.5.11" }
 bolero = "0.6.2"
 borsh = { version = "0.9", features = ["rc"] }

@@ -302,6 +302,9 @@ impl ExtCostsConfig {
             ExtCosts::ed25519_verify_base => SAFETY_MULTIPLIER * 1513656750,
             #[cfg(feature = "protocol_feature_ed25519_verify")]
             ExtCosts::ed25519_verify_byte => SAFETY_MULTIPLIER * 7157035,
+            ExtCosts::bls12381_verify_base => SAFETY_MULTIPLIER * 1091654528810,
+            ExtCosts::bls12381_verify_byte => SAFETY_MULTIPLIER * 123267560,
+            ExtCosts::bls12381_verify_elements =>  SAFETY_MULTIPLIER * 58289091437,
             ExtCosts::ripemd160_block => SAFETY_MULTIPLIER * 226702528,
             ExtCosts::ecrecover_base => SAFETY_MULTIPLIER * 1121789875000,
             ExtCosts::log_base => SAFETY_MULTIPLIER * 1181104350,
@@ -395,6 +398,9 @@ pub enum ExtCosts {
     ed25519_verify_base,
     #[cfg(feature = "protocol_feature_ed25519_verify")]
     ed25519_verify_byte,
+    bls12381_verify_base,
+    bls12381_verify_byte,
+    bls12381_verify_elements,
     ecrecover_base,
     log_base,
     log_byte,
@@ -501,6 +507,9 @@ impl ExtCosts {
             ExtCosts::ed25519_verify_base => Parameter::WasmEd25519VerifyBase,
             #[cfg(feature = "protocol_feature_ed25519_verify")]
             ExtCosts::ed25519_verify_byte => Parameter::WasmEd25519VerifyByte,
+            ExtCosts::bls12381_verify_base => Parameter::WasmBls12381VerifyBase,
+            ExtCosts::bls12381_verify_byte => Parameter::WasmBls12381VerifyByte,
+            ExtCosts::bls12381_verify_elements => Parameter::WasmBls12381VerifyElements,
             ExtCosts::log_base => Parameter::WasmLogBase,
             ExtCosts::log_byte => Parameter::WasmLogByte,
             ExtCosts::storage_write_base => Parameter::WasmStorageWriteBase,

@@ -112,6 +112,9 @@ pub enum Parameter {
     WasmEcrecoverBase,
     WasmEd25519VerifyBase,
     WasmEd25519VerifyByte,
+    WasmBls12381VerifyBase,
+    WasmBls12381VerifyByte,
+    WasmBls12381VerifyElements,
     WasmLogBase,
     WasmLogByte,
     WasmStorageWriteBase,

@@ -12,7 +12,7 @@ use strum::IntoEnumIterator;
 pub struct DataArray(Box<[u64; Self::LEN]>);
 
 impl DataArray {
-    pub const LEN: usize = if cfg!(feature = "protocol_feature_ed25519_verify") { 72 } else { 70 };
+    pub const LEN: usize = if cfg!(feature = "protocol_feature_ed25519_verify") { 75 } else { 73 };
 }
 
 impl Index<usize> for DataArray {
@@ -256,10 +256,13 @@ impl Cost {
             Cost::ExtCost { ext_cost_kind: ExtCosts::alt_bn128_pairing_check_element } => 67,
             Cost::ExtCost { ext_cost_kind: ExtCosts::alt_bn128_g1_sum_base } => 68,
             Cost::ExtCost { ext_cost_kind: ExtCosts::alt_bn128_g1_sum_element } => 69,
+            Cost::ExtCost { ext_cost_kind: ExtCosts::bls12381_verify_base } => 70,
+            Cost::ExtCost { ext_cost_kind: ExtCosts::bls12381_verify_byte } => 71,
+            Cost::ExtCost { ext_cost_kind: ExtCosts::bls12381_verify_elements } => 72,
             #[cfg(feature = "protocol_feature_ed25519_verify")]
-            Cost::ExtCost { ext_cost_kind: ExtCosts::ed25519_verify_base } => 70,
+            Cost::ExtCost { ext_cost_kind: ExtCosts::ed25519_verify_base } => 73,
             #[cfg(feature = "protocol_feature_ed25519_verify")]
-            Cost::ExtCost { ext_cost_kind: ExtCosts::ed25519_verify_byte } => 71,
+            Cost::ExtCost { ext_cost_kind: ExtCosts::ed25519_verify_byte } => 74,
         }
     }
 }

@@ -96,6 +96,9 @@ wasm_ripemd160_block: 680_107_584
 wasm_ecrecover_base: 3_365_369_625_000
 wasm_ed25519_verify_base: 210_000_000_000
 wasm_ed25519_verify_byte: 9_000_000
+wasm_bls12381_verify_base: 1_215_592_468_049
+wasm_bls12381_verify_byte: 123_267_560
+wasm_bls12381_verify_elements: 58_289_091_437
 wasm_log_base: 3_543_313_050
 wasm_log_byte: 13_198_791
 wasm_storage_write_base: 64_196_736_000

@@ -92,6 +92,9 @@ wasm_ripemd160_block: 680_107_584
 wasm_ecrecover_base: 3_365_369_625_000
 wasm_ed25519_verify_base: 210_000_000_000
 wasm_ed25519_verify_byte: 9_000_000
+wasm_bls12381_verify_base: 1_215_592_468_049
+wasm_bls12381_verify_byte: 123_267_560
+wasm_bls12381_verify_elements: 58_289_091_437
 wasm_log_base: 3_543_313_050
 wasm_log_byte: 13_198_791
 wasm_storage_write_base: 64_196_736_000

@@ -2323,6 +2323,13 @@ pub struct ExtCostsConfigView {
     #[cfg(feature = "protocol_feature_ed25519_verify")]
     pub ed25519_verify_byte: Gas,
 
+    /// Cost of getting bls12381 base
+    pub bls12381_verify_base: Gas,
+    /// Cost of getting bls12381 per byte
+    pub bls12381_verify_byte: Gas,
+    /// Cost of getting bls12381 elements
+    pub bls12381_verify_elements: Gas,
+
     /// Cost of calling ecrecover
     pub ecrecover_base: Gas,
 
@@ -2455,6 +2462,9 @@ impl From<near_primitives_core::config::ExtCostsConfig> for ExtCostsConfigView {
             ed25519_verify_base: config.cost(ExtCosts::ed25519_verify_base),
             #[cfg(feature = "protocol_feature_ed25519_verify")]
             ed25519_verify_byte: config.cost(ExtCosts::ed25519_verify_byte),
+            bls12381_verify_base: config.cost(ExtCosts::bls12381_verify_base),
+            bls12381_verify_byte: config.cost(ExtCosts::bls12381_verify_byte),
+            bls12381_verify_elements: config.cost(ExtCosts::bls12381_verify_elements),
             ecrecover_base: config.cost(ExtCosts::ecrecover_base),
             log_base: config.cost(ExtCosts::log_base),
             log_byte: config.cost(ExtCosts::log_byte),
@@ -2528,6 +2538,9 @@ impl From<ExtCostsConfigView> for near_primitives_core::config::ExtCostsConfig {
                 ExtCosts::ed25519_verify_base => view.ed25519_verify_base,
                 #[cfg(feature = "protocol_feature_ed25519_verify")]
                 ExtCosts::ed25519_verify_byte => view.ed25519_verify_byte,
+                ExtCosts::bls12381_verify_base => view.bls12381_verify_base,
+                ExtCosts::bls12381_verify_byte => view.bls12381_verify_byte,
+                ExtCosts::bls12381_verify_elements => view.bls12381_verify_elements,
                 ExtCosts::ecrecover_base => view.ecrecover_base,
                 ExtCosts::log_base => view.log_base,
                 ExtCosts::log_byte => view.log_byte,

@@ -62,6 +62,15 @@ extern "C" {
         pub_key_len: u64,
         pub_key_ptr: u64,
     ) -> u64;
+
+    fn bls12_381_aggregate_verify(
+        aggregate_signature_ptr: u64,
+        aggregate_signature_len: u64,
+        msg_ptr: u64,
+        msg_len: u64,
+        pubkeys_ptr: u64,
+        pubkeys_len: u64,
+    ) -> u64;
     // #####################
     // # Miscellaneous API #
     // #####################
@@ -553,6 +562,106 @@ pub unsafe fn ed25519_verify_16kib_64() {
     }
 }
 
+#[no_mangle]
+pub unsafe fn bls12_381_verify_basic_100() {
+    let signature_raw: [u8; 96] = [
+        143, 150, 139, 210, 67, 144, 143, 243, 229, 250, 26, 179, 243, 30, 7, 129, 151, 229, 138,
+        206, 86, 43, 190, 139, 90, 39, 29, 95, 186, 80, 35, 125, 160, 200, 254, 101, 231, 181, 119,
+        28, 192, 168, 111, 213, 127, 50, 52, 126, 21, 162, 109, 31, 93, 86, 196, 114, 208, 25, 238,
+        162, 83, 158, 88, 219, 0, 196, 154, 165, 208, 169, 102, 56, 56, 144, 63, 221, 190, 67, 107,
+        91, 21, 126, 131, 179, 93, 26, 78, 95, 137, 247, 129, 39, 243, 93, 172, 240,
+    ];
+    let message: [u8; 32] = [
+        62, 175, 124, 77, 209, 116, 6, 205, 248, 82, 51, 106, 86, 184, 46, 98, 158, 115, 11, 183,
+        176, 204, 135, 26, 230, 163, 133, 209, 31, 80, 158, 49,
+    ];
+    let public_key_raw: [u8; 48] = [
+        136, 95, 173, 134, 150, 18, 44, 138, 66, 16, 51, 22, 78, 106, 113, 217, 173, 179, 136, 41,
+        51, 190, 186, 44, 20, 220, 173, 155, 253, 75, 173, 179, 11, 73, 48, 108, 89, 167, 167, 131,
+        123, 114, 224, 41, 147, 245, 164, 173,
+    ];
+
+    for _ in 0..100 {
+        let result = bls12_381_aggregate_verify(
+            signature_raw.as_ptr() as _,
+            signature_raw.len() as _,
+            message.as_ptr() as _,
+            message.len() as _,
+            public_key_raw.as_ptr() as _,
+            public_key_raw.len() as _,
+        );
+
+        assert!(result == 1);
+    }
+}
+
+#[no_mangle]
+pub unsafe fn bls12_381_verify_elements_1000_10() {
+    const PUBKEY_LEN: usize = 48;
+    const NUM_OF_PUB_KEYS: usize = 1000;
+    let message: [u8; 32] = [0u8; 32];
+    let public_key: [u8; 48] = [
+        166, 149, 173, 50, 93, 252, 126, 17, 145, 251, 201, 241, 134, 245, 142, 255, 66, 166, 52,
+        2, 151, 49, 177, 131, 128, 255, 137, 191, 66, 196, 100, 164, 44, 184, 202, 85, 178, 0, 240,
+        81, 245, 127, 30, 24, 147, 198, 135, 89,
+    ];
+    let aggregate_signature: [u8; 96] = [
+        130, 27, 206, 219, 194, 70, 81, 231, 14, 103, 140, 167, 143, 17, 90, 140, 229, 51, 156, 66,
+        180, 17, 40, 58, 182, 222, 150, 250, 237, 56, 202, 183, 114, 77, 254, 55, 140, 163, 195,
+        179, 214, 43, 239, 22, 242, 178, 203, 190, 23, 212, 45, 104, 22, 138, 251, 188, 176, 20,
+        137, 246, 242, 92, 163, 33, 142, 96, 247, 53, 143, 140, 173, 244, 148, 8, 23, 57, 132, 48,
+        179, 252, 58, 86, 191, 133, 121, 159, 154, 21, 127, 185, 67, 232, 178, 226, 137, 189,
+    ];
+    let mut public_keys_raw: [u8; PUBKEY_LEN * NUM_OF_PUB_KEYS] = [0; PUBKEY_LEN * NUM_OF_PUB_KEYS];
+    for i in 0..NUM_OF_PUB_KEYS {
+        let index_to_insert = i * PUBKEY_LEN;
+        public_keys_raw[index_to_insert..index_to_insert + PUBKEY_LEN].clone_from_slice(&public_key);
+    }
+
+    for _ in 0..10 {
+        let result = bls12_381_aggregate_verify(
+            aggregate_signature.as_ptr() as _,
+            aggregate_signature.len() as _,
+            message.as_ptr() as _,
+            message.len() as _,
+            public_keys_raw.as_ptr() as _,
+            public_keys_raw.len() as _,
+        );
+
+        assert!(result == 1);
+    }
+}
+
+#[no_mangle]
+pub unsafe fn bls12_381_verify_bytes_10k_100() {
+    let message: [u8; 10_000] = [0u8; 10_000];
+    let public_key: [u8; 48] = [
+        166, 149, 173, 50, 93, 252, 126, 17, 145, 251, 201, 241, 134, 245, 142, 255, 66, 166, 52,
+        2, 151, 49, 177, 131, 128, 255, 137, 191, 66, 196, 100, 164, 44, 184, 202, 85, 178, 0, 240,
+        81, 245, 127, 30, 24, 147, 198, 135, 89,
+    ];
+    let aggregate_signature: [u8; 96] = [
+        183, 122, 244, 212, 141, 224, 103, 62, 142, 101, 53, 117, 106, 114, 106, 158, 28, 34, 157,
+        5, 29, 202, 198, 96, 225, 73, 61, 183, 9, 241, 210, 54, 176, 187, 43, 6, 254, 200, 169,
+        135, 88, 32, 105, 199, 105, 145, 119, 178, 16, 165, 49, 177, 79, 1, 12, 100, 168, 93, 197,
+        15, 240, 139, 174, 91, 103, 229, 145, 95, 165, 183, 119, 40, 43, 158, 230, 235, 45, 38,
+        226, 5, 158, 232, 29, 2, 119, 217, 158, 84, 2, 117, 2, 180, 125, 213, 51, 68,
+    ];
+
+    for _ in 0..100 {
+        let result = bls12_381_aggregate_verify(
+            aggregate_signature.as_ptr() as _,
+            aggregate_signature.len() as _,
+            message.as_ptr() as _,
+            message.len() as _,
+            public_key.as_ptr() as _,
+            public_key.len() as _,
+        );
+
+        assert!(result == 1);
+    }
+}
+
 #[repr(C)]
 struct MultiexpElem([u8; 64], [u8; 32]);
 

@@ -15,6 +15,7 @@ Error that can occur inside Near Runtime encapsulated in a separate crate. Might
 """
 
 [dependencies]
+blst.workspace = true
 borsh.workspace = true
 serde.workspace = true
 strum.workspace = true

@@ -1,5 +1,10 @@
 #![doc = include_str!("../README.md")]
 
+use crate::Bls12381Error::{
+    AggrTypeMismatch, BadEncoding, BadScalar, PkIsInfinity, PointNotInGroup, PointNotOnCurve,
+    Success, VerifyFail,
+};
+use blst::BLST_ERROR;
 use borsh::{BorshDeserialize, BorshSerialize};
 use near_account_id::AccountId;
 use near_rpc_error_macro::RpcError;
@@ -206,6 +211,37 @@ pub enum PrepareError {
     TooManyLocals,
 }
 
+#[derive(
+    Debug, Clone, PartialEq, Eq, BorshDeserialize, BorshSerialize, Deserialize, Serialize, RpcError,
+)]
+/// Errors that can occur while working with BLS12-381 curve
+pub enum Bls12381Error {
+    Success,
+    BadEncoding,
+    PointNotOnCurve,
+    PointNotInGroup,
+    AggrTypeMismatch,
+    VerifyFail,
+    PkIsInfinity,
+    BadScalar,
+    IncorrectPubKeysLen
+}
+
+impl From<BLST_ERROR> for Bls12381Error {
+    fn from(err: BLST_ERROR) -> Self {
+        match err {
+            BLST_ERROR::BLST_SUCCESS => Success,
+            BLST_ERROR::BLST_BAD_ENCODING => BadEncoding,
+            BLST_ERROR::BLST_POINT_NOT_ON_CURVE => PointNotOnCurve,
+            BLST_ERROR::BLST_POINT_NOT_IN_GROUP => PointNotInGroup,
+            BLST_ERROR::BLST_AGGR_TYPE_MISMATCH => AggrTypeMismatch,
+            BLST_ERROR::BLST_VERIFY_FAIL => VerifyFail,
+            BLST_ERROR::BLST_PK_IS_INFINITY => PkIsInfinity,
+            BLST_ERROR::BLST_BAD_SCALAR => BadScalar,
+        }
+    }
+}
+
 #[derive(
     Debug,
     Clone,
@@ -287,6 +323,8 @@ pub enum HostError {
     /// Invalid input to ed25519 signature verification function (e.g. signature cannot be
     /// derived from bytes).
     Ed25519VerifyInvalidInput { msg: String },
+    /// Invalid input to BLS12-381 family of functions (e.g. point which isn't on the curve).
+    Bls1238VerifyError(Bls12381Error),
 }
 
 #[derive(Debug, PartialEq)]
@@ -492,6 +530,7 @@ impl std::fmt::Display for HostError {
             AltBn128InvalidInput { msg } => write!(f, "AltBn128 invalid input: {}", msg),
             ECRecoverError { msg } => write!(f, "ECDSA recover error: {}", msg),
             Ed25519VerifyInvalidInput { msg } => write!(f, "ED25519 signature verification error: {}", msg),
+            Bls1238VerifyError(bls12_381_error) => write!(f, "BLS12-381 signature verification error: {:?}", bls12_381_error)
         }
     }
 }

@@ -15,6 +15,7 @@ This crate implements the specification of the interface that Near blockchain ex
 """
 
 [dependencies]
+blst.workspace = true
 bn.workspace = true
 borsh.workspace = true
 byteorder.workspace = true