Kayos
32f0057700
Key findings from upstream: - Mithril's BLS msg is NOT signed_message alone — it's msgp = signed_message_ascii_bytes || mt_commitment_root_32_bytes - Mithril uses EMPTY DST for hash-to-G1 (not the IETF BLS suite string) - Aggregation is NOT plain summation — it's MuSig-style weighted: t_i = Blake2b-128(Blake2b-128(sigs_concat) || be_u64(i)) aggr_sig = Σ t_i · sig_i (in G1) aggr_vk = Σ t_i · vk_i (in G2) This blocks rogue-key attacks. Shipped: - internal/stm/types.go: MultiSig + AVK decoders (hex-of-ASCII-JSON wrapping, polymorphic tuple JSON handling via ByteArray + custom UnmarshalJSON) - internal/stm/bls.go: BlsVerify (pairing check with gnark-crypto) - internal/stm/aggregate.go: MuSig-style AggregateBLS + BlsAggregateVerify - synthetic test + live test (build tag 'live') both green Live preprod head cert (epoch 284, cert 175051cf…): - 2 signers, 11 total lottery wins - aggregate verify: PASS ✓ - single-signer verify: PASS ✓ Next: lottery threshold check, Merkle batch-proof verification, glue into top-level Verify(msg, multi_sig, avk, params) + wire to 'verify' subcommand.
12 lines
304 B
Modula-2
12 lines
304 B
Modula-2
module git.sulkta.coop/Sulkta-Coop/mithril-go
|
|
|
|
go 1.26
|
|
|
|
require github.com/klauspost/compress v1.18.5
|
|
|
|
require (
|
|
github.com/bits-and-blooms/bitset v1.24.4 // indirect
|
|
github.com/consensys/gnark-crypto v0.20.1 // indirect
|
|
golang.org/x/crypto v0.50.0 // indirect
|
|
golang.org/x/sys v0.43.0 // indirect
|
|
)
|