Update BLS test suite to BLS standard draft v2 format

tests/core/pyspec/eth2spec/utils/bls.py

@@ -25,17 +25,32 @@ def entry(*args, **kw):
 
 @only_with_bls(alt_return=True)
 def Verify(PK, message, signature):
-    return bls.Verify(PK, message, signature)
+    try:
+        result = bls.Verify(PK, message, signature)
+    except Exception:
+        result = False
+    finally:
+        return result
 
 
 @only_with_bls(alt_return=True)
 def AggregateVerify(pubkeys, messages, signature):
-    return bls.AggregateVerify(pubkeys, messages, signature)
+    try:
+        result = bls.AggregateVerify(pubkeys, messages, signature)
+    except Exception:
+        result = False
+    finally:
+        return result
 
 
 @only_with_bls(alt_return=True)
 def FastAggregateVerify(pubkeys, message, signature):
-    return bls.FastAggregateVerify(pubkeys, message, signature)
+    try:
+        result = bls.FastAggregateVerify(pubkeys, message, signature)
+    except Exception:
+        result = False
+    finally:
+        return result
 
 
 @only_with_bls(alt_return=STUB_SIGNATURE)
@@ -56,3 +71,8 @@ def signature_to_G2(signature):
 @only_with_bls(alt_return=STUB_PUBKEY)
 def AggregatePKs(pubkeys):
     return bls._AggregatePKs(pubkeys)
+
+
+@only_with_bls(alt_return=STUB_SIGNATURE)
+def SkToPk(SK):
+    return bls.SkToPk(SK)

tests/formats/bls/README.md

@@ -5,11 +5,10 @@ We do not recommend rolling your own crypto or using an untested BLS library.
 
 The BLS test suite runner has the following handlers:
 
-- [`aggregate_pubkeys`](./aggregate_pubkeys.md)
-- [`aggregate_sigs`](./aggregate_sigs.md)
-- [`msg_hash_g2_compressed`](./msg_hash_g2_compressed.md)
-- [`msg_hash_g2_uncompressed`](./msg_hash_g2_uncompressed.md)
-- [`priv_to_pub`](./priv_to_pub.md)
-- [`sign_msg`](./sign_msg.md)
+- [`aggregate_verify`](./aggregate_verify.md)
+- [`aggregate`](./aggregate.md)
+- [`fast_aggregate_verify`](./fast_aggregate_verify.md)
+- [`sign`](./sign.md)
+- [`verify`](./verify.md)
 
 *Note*: Signature-verification and aggregate-verify test cases are not yet supported.

tests/formats/bls/aggregate.md

@@ -0,0 +1,19 @@
+# Test format: BLS signature aggregation
+
+A BLS signature aggregation combines a series of signatures into a single signature.
+
+## Test case format
+
+The test data is declared in a `data.yaml` file:
+
+```yaml
+input: List[BLS Signature] -- list of input BLS signatures
+output: BLS Signature -- expected output, single BLS signature or empty.
+```
+
+- `BLS Signature` here is encoded as a string: hexadecimal encoding of 96 bytes (192 nibbles), prefixed with `0x`.
+- No output value if the input is invalid.
+
+## Condition
+
+The `aggregate` handler should aggregate the signatures in the `input`, and the result should match the expected `output`.

tests/formats/bls/aggregate_verify.md

@@ -0,0 +1,17 @@
+# Test format: BLS sign message
+
+Verify the signature against the given pubkeys and one messages.
+
+## Test case format
+
+The test data is declared in a `data.yaml` file:
+
+```yaml
+input:
+  pubkeys: List[bytes48] -- the pubkeys
+  messages: List[bytes32] -- the messages
+  signature: bytes96 -- the signature to verify against pubkeys and messages
+output: bool  -- VALID or INVALID
+```
+
+All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`.

tests/formats/bls/fast_aggregate_verify.md

@@ -0,0 +1,17 @@
+# Test format: BLS sign message
+
+Verify the signature against the given pubkeys and one message.
+
+## Test case format
+
+The test data is declared in a `data.yaml` file:
+
+```yaml
+input:
+  pubkeys: List[bytes48] -- the pubkey
+  message: bytes32 -- the message
+  signature: bytes96 -- the signature to verify against pubkeys and message
+output: bool  -- VALID or INVALID
+```
+
+All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`.

tests/formats/bls/sign_msg.md → tests/formats/bls/sign.md

@@ -10,13 +10,7 @@ The test data is declared in a `data.yaml` file:
 input:
   privkey: bytes32 -- the private key used for signing
   message: bytes32 -- input message to sign (a hash)
-  domain: bytes8   -- the BLS domain
 output: bytes96    -- expected signature
 ```
 
 All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`.
-
-
-## Condition
-
-The `sign_msg` handler should sign the given `message`, with `domain`, using the given `privkey`, and the result should match the expected `output`.

tests/formats/bls/verify.md

@@ -0,0 +1,17 @@
+# Test format: BLS sign message
+
+Verify the signature against the given one pubkey and one message.
+
+## Test case format
+
+The test data is declared in a `data.yaml` file:
+
+```yaml
+input:
+  pubkey: bytes48 -- the pubkey
+  message: bytes32 -- the message
+  signature: bytes96 -- the signature to verify against pubkey and message
+output: bool  -- VALID or INVALID
+```
+
+All byte(s) fields are encoded as strings, hexadecimal encoding, prefixed with `0x`.

tests/generators/bls/README.md

@@ -1,21 +1,11 @@
 # BLS Test Generator
 
-Explanation of BLS12-381 type hierarchy
-The base unit is bytes48 of which only 381 bits are used
+The [BLS Signature APIs](../../../specs/phase0/beacon-chain.md#bls-signatures)
 
-- FQ: uint381 modulo field modulus
-- FQ2: (FQ, FQ)
-- G2: (FQ2, FQ2, FQ2)
+Information on the format of the tests can be found in the [BLS test formats documentation](../../formats/bls/README.md).
 
 ## Resources
 
-- [Eth2 spec](../../../specs/phase0/beacon-chain.md#bls-signatures)
+- [IETF BLS Signature Scheme](https://datatracker.ietf.org/doc/draft-irtf-cfrg-bls-signature/)
 - [Finite Field Arithmetic](http://www.springeronline.com/sgw/cda/pageitems/document/cda_downloaddocument/0,11996,0-0-45-110359-0,00.pdf)
-- Chapter 2 of [Elliptic Curve Cryptography](http://cacr.uwaterloo.ca/ecc/). Darrel Hankerson, Alfred Menezes, and Scott Vanstone 
-- [Zcash BLS parameters](https://github.com/zkcrypto/pairing/tree/master/src/bls12_381)
-- [Trinity implementation](https://github.com/ethereum/trinity/blob/master/eth2/_utils/bls.py)
-
-## Comments
-
-Compared to Zcash, Ethereum specs always requires the compressed form (c_flag / most significant bit always set).
-Also note that pubkeys and privkeys are reversed.
+- Chapter 2 of [Elliptic Curve Cryptography](http://cacr.uwaterloo.ca/ecc/). Darrel Hankerson, Alfred Menezes, and Scott Vanstone