Add route path bls sign function

75766a0f · suyanlong · ffb576dd · 75766a0f · 75766a0f · 75766a0f
Commit 75766a0f authored Nov 12, 2021 by suyanlong
7 changed files
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -235,7 +235,7 @@ func (r *router) getHub() (port.Port, bool) {
 }

 func (r *router) isSign(ibtpx *pb.IBTPX) bool {
-	return ibtpx.RecursiveVerify(r.privateKey.PublicKey().Verify)
+	return ibtpx.Verify(r.privateKey.PublicKey().Verify)
 }

 func (r *router) sign(ibtpx *pb.IBTPX) error {
@@ -250,7 +250,7 @@ func (r *router) sign(ibtpx *pb.IBTPX) error {

 // hub endorse
 func (r *router) isEndorse(ibtpx *pb.IBTPX) bool {
-	return ibtpx.RecursiveVerify(r.hubPublicKey.Verify)
+	return ibtpx.Verify(r.hubPublicKey.Verify)
 }

 func (r *router) HandlerMethod() {}

--- a/model/pb/ibtpx.go
+++ b/model/pb/ibtpx.go
@@ -40,7 +40,11 @@ func (m *IBTPX) digest(part []byte, signs []string) *types.Hash {
 	return types.NewHash(s[:])
 }

-func (m *IBTPX) RecursiveVerify(verify func(digest []byte, sig []byte) (bool, error)) bool {
+func (m *IBTPX) Verify(verify func(digest []byte, sig []byte) (bool, error)) bool {
+	return m.recursiveVerify(verify)
+}
+
+func (m *IBTPX) recursiveVerify(verify func(digest []byte, sig []byte) (bool, error)) bool {
 	part := m.frontPart()
 	for i, currentSig := range m.RouteSign {
 		var d, dig []byte

--- a/model/pb/ibtpx.pb.go
+++ b/model/pb/ibtpx.pb.go
@@ -29,10 +29,12 @@ type IBTPX struct {
 	Ibtp *IBTP `protobuf:"bytes,1,opt,name=ibtp,proto3" json:"ibtp,omitempty"`
 	// route mode
 	Mode string `protobuf:"bytes,2,opt,name=mode,proto3" json:"mode,omitempty"`
+	// 路由节点签名路径，主要是对data hash签名，主要是相互校验。sidecar节点之间相互校验。sidecar 节点需要注册到中继连上。还可以过滤已经发送过的交易、也可以作恶惩罚。使用bls签名算法，聚合签名。
 	RouteSign      []string `protobuf:"bytes,3,rep,name=routeSign,proto3" json:"routeSign,omitempty"`
 	RouteMethod    string   `protobuf:"bytes,4,opt,name=routeMethod,proto3" json:"routeMethod,omitempty"`
 	RouteMethodArg []string `protobuf:"bytes,5,rep,name=routeMethodArg,proto3" json:"routeMethodArg,omitempty"`
 	IsValid        bool     `protobuf:"varint,6,opt,name=IsValid,proto3" json:"IsValid,omitempty"`
+	Count          int32    `protobuf:"varint,7,opt,name=count,proto3" json:"count,omitempty"`
 }

 func (m *IBTPX) Reset() { *m = IBTPX{} }
@@ -118,6 +120,13 @@ func (m *IBTPX) GetIsValid() bool {
 	return false
 }

+func (m *IBTPX) GetCount() int32 {
+	if m != nil {
+		return m.Count
+	}
+	return 0
+}
+
 func init() {
 	proto.RegisterType((*IBTPX)(nil), "pb.IBTPX")
 }
@@ -125,20 +134,21 @@ func init() {
 func init() { proto.RegisterFile("ibtpx.proto", fileDescriptor_8402d80e061d514a) }

 var fileDescriptor_8402d80e061d514a = []byte{
-	// 203 bytes of a gzipped FileDescriptorProto
+	// 221 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0xce, 0x4c, 0x2a, 0x29,
 	0xa8, 0xd0, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x2a, 0x48, 0x92, 0xe2, 0x02, 0x09, 0x40,
-	0xf8, 0x4a, 0xbb, 0x19, 0xb9, 0x58, 0x3d, 0x9d, 0x42, 0x02, 0x22, 0x84, 0x64, 0xb8, 0x58, 0x40,
+	0xf8, 0x4a, 0x17, 0x19, 0xb9, 0x58, 0x3d, 0x9d, 0x42, 0x02, 0x22, 0x84, 0x64, 0xb8, 0x58, 0x40,
 	0xe2, 0x12, 0x8c, 0x0a, 0x8c, 0x1a, 0xdc, 0x46, 0x1c, 0x7a, 0x05, 0x49, 0x7a, 0x20, 0x89, 0x20,
 	0xb0, 0xa8, 0x90, 0x10, 0x17, 0x4b, 0x6e, 0x7e, 0x4a, 0xaa, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x67,
 	0x10, 0x98, 0x2d, 0x24, 0xc3, 0xc5, 0x59, 0x94, 0x5f, 0x5a, 0x92, 0x1a, 0x9c, 0x99, 0x9e, 0x27,
 	0xc1, 0xac, 0xc0, 0xac, 0xc1, 0x19, 0x84, 0x10, 0x10, 0x52, 0xe0, 0xe2, 0x06, 0x73, 0x7c, 0x53,
 	0x4b, 0x32, 0xf2, 0x53, 0x24, 0x58, 0xc0, 0x1a, 0x91, 0x85, 0x84, 0xd4, 0xb8, 0xf8, 0x90, 0xb8,
 	0x8e, 0x45, 0xe9, 0x12, 0xac, 0x60, 0x43, 0xd0, 0x44, 0x85, 0x24, 0xb8, 0xd8, 0x3d, 0x8b, 0xc3,
-	0x12, 0x73, 0x32, 0x53, 0x24, 0xd8, 0x14, 0x18, 0x35, 0x38, 0x82, 0x60, 0x5c, 0x27, 0x89, 0x13,
-	0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, 0xc2, 0x63, 0x39, 0x86,
-	0x0b, 0x8f, 0xe5, 0x18, 0x6e, 0x3c, 0x96, 0x63, 0x48, 0x62, 0x03, 0x7b, 0xcf, 0x18, 0x10, 0x00,
-	0x00, 0xff, 0xff, 0x30, 0xe4, 0x04, 0x14, 0xfd, 0x00, 0x00, 0x00,
+	0x12, 0x73, 0x32, 0x53, 0x24, 0xd8, 0x14, 0x18, 0x35, 0x38, 0x82, 0x60, 0x5c, 0x21, 0x11, 0x2e,
+	0xd6, 0xe4, 0xfc, 0xd2, 0xbc, 0x12, 0x09, 0x76, 0x05, 0x46, 0x0d, 0xd6, 0x20, 0x08, 0xc7, 0x49,
+	0xe2, 0xc4, 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x1f, 0x3c, 0x92, 0x63, 0x9c, 0xf0, 0x58,
+	0x8e, 0xe1, 0xc2, 0x63, 0x39, 0x86, 0x1b, 0x8f, 0xe5, 0x18, 0x92, 0xd8, 0xc0, 0x9e, 0x36, 0x06,
+	0x04, 0x00, 0x00, 0xff, 0xff, 0x3b, 0xda, 0x87, 0xb3, 0x13, 0x01, 0x00, 0x00,
 }

 func (m *IBTPX) Marshal() (dAtA []byte, err error) {
@@ -161,6 +171,11 @@ func (m *IBTPX) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if m.Count != 0 {
+		i = encodeVarintIbtpx(dAtA, i, uint64(m.Count))
+		i--
+		dAtA[i] = 0x38
+	}
 	if m.IsValid {
 		i--
 		if m.IsValid {
@@ -263,6 +278,9 @@ func (m *IBTPX) Size() (n int) {
 	if m.IsValid {
 		n += 2
 	}
+	if m.Count != 0 {
+		n += 1 + sovIbtpx(uint64(m.Count))
+	}
 	return n
 }

@@ -487,6 +505,25 @@ func (m *IBTPX) Unmarshal(dAtA []byte) error {
 				}
 			}
 			m.IsValid = bool(v != 0)
+		case 7:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Count", wireType)
+			}
+			m.Count = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowIbtpx
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.Count |= int32(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
 		default:
 			iNdEx = preIndex
 			skippy, err := skipIbtpx(dAtA[iNdEx:])

--- a/model/pb/ibtpx.proto
+++ b/model/pb/ibtpx.proto
@@ -9,11 +9,12 @@ message IBTPX {
    IBTP ibtp = 1;
    // route mode
    string mode = 2; // dirct、relay
-    repeated string routeSign =
-        3; //路由节点签名路径，主要是对data hash签名，主要是相互校验。sidecar节点之间相互校验。sidecar 节点需要注册到中继连上。还可以过滤已经发送过的交易、也可以作恶惩罚。使用bls签名算法，聚合签名。
+    // 路由节点签名路径，主要是对data hash签名，主要是相互校验。sidecar节点之间相互校验。sidecar 节点需要注册到中继连上。还可以过滤已经发送过的交易、也可以作恶惩罚。使用bls签名算法，聚合签名。
+    repeated string routeSign      = 3;
    string          routeMethod    = 4; // single、multicast、broadcast、
    repeated string routeMethodArg = 5; //路由节点，默认第一个节点。或者转发消息。
    bool            IsValid        = 6;
+    int32           count          = 7;
 }
 // 若目的地址to不在路由表中，则使用如下规则，即routeRule如下值时。
 // method：single、multicast、broadcast、随机选择、最快速度、官方节点、开源节点、nat节点。

--- a/pkg/crypto/bls/bls.go
+++ b/pkg/crypto/bls/bls.go
@@ -2,14 +2,73 @@ package bls

 import (
 	"github.com/herumi/bls-eth-go-binary/bls"
+	"github.com/meshplus/bitxhub-kit/crypto"
+	"github.com/meshplus/bitxhub-kit/types"
 )

-type Sign = bls.Sign
+type Sign bls.Sign

-type SecretKey = bls.SecretKey
+var BLS_ETH crypto.KeyType = 9

-type PublicKey = bls.PublicKey
+func GenerateKeyPair(opt crypto.KeyType) (crypto.PrivateKey, error){
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	return &PrivateKey{
+		curve:     BLS_ETH,
+		SecretKey: &sec,
+	},nil
+}

-type PublicKeys = bls.PublicKeys
+type PrivateKey struct {
+	curve crypto.KeyType
+	*bls.SecretKey
+}

-type ID = bls.ID
+func (p *PrivateKey) Bytes() ([]byte, error) {
+	return p.Serialize(), nil
+}
+
+func (p *PrivateKey) Type() crypto.KeyType {
+	return p.curve
+}
+
+func (p *PrivateKey) Sign(digest []byte) ([]byte, error) {
+	panic("implement me")
+}
+
+func (p *PrivateKey) PublicKey() crypto.PublicKey {
+	return &PublicKey{
+		curve:     p.curve,
+		PublicKey: p.GetPublicKey(),
+	}
+}
+
+type PublicKey struct {
+	curve crypto.KeyType
+	*bls.PublicKey
+}
+
+func (p *PublicKey) Bytes() ([]byte, error) {
+	return p.Serialize(), nil
+}
+
+func (p *PublicKey) Type() crypto.KeyType {
+	return p.curve
+}
+
+func (p *PublicKey) Address() (*types.Address, error) {
+	panic("implement me")
+}
+
+func (p *PublicKey) Verify(digest []byte, sig []byte) (bool, error) {
+	var sign bls.Sign
+	err := sign.DeserializeHexStr(string(sig))
+	if err != nil {
+		return false, err
+	}
+	return sign.VerifyHash(p.PublicKey, digest), nil
+}
+
+func IsSign(aggSign *bls.Sign, aggDataSign *bls.Sign, selfKey *bls.PublicKey) bool {
+	return bls.VerifyPairing(aggSign, aggDataSign, selfKey)
+}
--- a/pkg/crypto/bls/bls_test.go
+++ b/pkg/crypto/bls/bls_test.go
 package bls

 import (
+	"crypto/ed25519"
+	"crypto/sha256"
+	"crypto/sha512"
 	"encoding/hex"
+	"fmt"
 	"testing"
+	"unsafe"

 	"github.com/herumi/bls-eth-go-binary/bls"
+	"github.com/stretchr/testify/assert"
 )

 func TestGetSafePublicKey(t *testing.T) {
@@ -12,7 +18,7 @@ func TestGetSafePublicKey(t *testing.T) {
 		t.Fatalf("Init")
 	}

-	var sec SecretKey
+	var sec bls.SecretKey
 	pub, err := sec.GetSafePublicKey()
 	if pub != nil || err == nil {
 		t.Fatalf("sec must be zero")
@@ -32,11 +38,11 @@ func TestEthDraft07(t *testing.T) {
 }

 func ethSignOneTest(t *testing.T, secHex string, msgHex string, sigHex string) {
-	var sec SecretKey
+	var sec bls.SecretKey
 	if sec.DeserializeHexStr(secHex) != nil {
 		t.Fatalf("bad sec")
 	}
-	var sig Sign
+	var sig bls.Sign
 	if sig.DeserializeHexStr(sigHex) != nil {
 		t.Logf("bad sig %v\n", sigHex)
 		return
@@ -66,7 +72,7 @@ func blsAggregateVerifyNoCheckTestOne(t *testing.T, n int) {
 	if !bls.AreAllMsgDifferent(msgs) {
 		t.Fatalf("bad msgs")
 	}
-	var aggSig Sign
+	var aggSig bls.Sign
 	aggSig.Aggregate(sigs)
 	if !aggSig.AggregateVerifyNoCheck(pubs, msgs) {
 		t.Fatalf("bad AggregateVerifyNoCheck 1")
@@ -77,13 +83,13 @@ func blsAggregateVerifyNoCheckTestOne(t *testing.T, n int) {
 	}
 }

-func makeMultiSig(n int) (pubs []PublicKey, sigs []Sign, msgs []byte) {
+func makeMultiSig(n int) (pubs []bls.PublicKey, sigs []bls.Sign, msgs []byte) {
 	msgSize := 32
-	pubs = make([]PublicKey, n)
-	sigs = make([]Sign, n)
+	pubs = make([]bls.PublicKey, n)
+	sigs = make([]bls.Sign, n)
 	msgs = make([]byte, n*msgSize)
 	for i := 0; i < n; i++ {
-		var sec SecretKey
+		var sec bls.SecretKey
 		sec.SetByCSPRNG()
 		pubs[i] = *sec.GetPublicKey()
 		msgs[msgSize*i] = byte(i)
@@ -91,3 +97,292 @@ func makeMultiSig(n int) (pubs []PublicKey, sigs []Sign, msgs []byte) {
 	}
 	return pubs, sigs, msgs
 }
+
+func TestMultiVerify(t *testing.T) {
+	pubs, sigs, msgs := makeMultiSig(5)
+	t.Log(msgs)
+
+	for _, pub := range pubs {
+		t.Log(pub.SerializeToHexStr())
+	}
+	for _, sig := range sigs {
+		t.Log(sig.SerializeToHexStr())
+	}
+	assert.True(t, bls.MultiVerify(sigs, pubs, msgs))
+}
+
+func TestBlsAggregateVerify(t *testing.T) {
+	m := "test"
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+
+	t.Log(sec.GetPop().SerializeToHexStr())
+	pub := sec.GetPublicKey()
+	sign := sec.Sign(m)
+
+	t.Log(sec.SerializeToHexStr())
+	t.Log(pub.SerializeToHexStr())
+	t.Log(sign.SerializeToHexStr())
+	assert.True(t, sign.Verify(pub, m))
+	t.Log(sec.GetPop().SerializeToHexStr())
+
+	var sec1 bls.SecretKey
+	sec1.SetByCSPRNG()
+	pub1 := sec1.GetPublicKey()
+	sign1 := sec1.Sign(m)
+
+	t.Log(sec1.SerializeToHexStr())
+	t.Log(pub1.SerializeToHexStr())
+	t.Log(sign1.SerializeToHexStr())
+	assert.True(t, sign1.Verify(pub1, m))
+
+	sign.Add(sign1)
+	pub.Add(pub1)
+
+	t.Log(pub.SerializeToHexStr())
+	t.Log(sign.SerializeToHexStr())
+
+	pub.Add(pub1)
+	t.Log(pub.SerializeToHexStr())
+
+	sign.Add(sign1)
+	t.Log(sign.SerializeToHexStr())
+
+	var sec3 bls.SecretKey
+	sec3.SetByCSPRNG()
+	pub3 := sec3.GetPublicKey()
+	sign3 := sec3.GetPop()
+	t.Log(sign.VerifyPop(pub))
+	t.Log(sign.VerifyPop(pub1))
+	t.Log(sign.VerifyPop(pub3))
+	t.Log(sign1.VerifyPop(pub1))
+	t.Log(sign3.VerifyPop(pub3))
+
+	assert.True(t, sign.Verify(pub, m))
+	//assert.True(t, 	sign.VerifyPop(pub1))
+
+	t.Log(sec.GetPop().SerializeToHexStr())
+	t.Log(sec.GetPop().SerializeToHexStr())
+
+	assert.False(t, sec.GetPop().VerifyPop(pub1))
+	assert.False(t, sec.GetPop().VerifyPop(pub))
+	//assert.True(t,sec.GetPop().VerifyPop(pub))
+	assert.True(t, sec1.GetPop().VerifyPop(pub1)) //Verify self public key
+
+	assert.False(t, sign.Verify(pub1, m))
+	assert.False(t, sign.Verify(sec.GetPublicKey(), m))
+
+	t.Log("=========: ", sign1.VerifyPop(pub1))
+
+	t.Log(bls.HashAndMapToSignature([]byte(m)).SerializeToHexStr())
+	t.Log(bls.HashAndMapToSignature([]byte(m)).SerializeToHexStr())
+
+	pub33 := bls.DHKeyExchange(&sec3, pub3)
+	t.Log(pub33.SerializeToHexStr())
+	t.Log(pub3.SerializeToHexStr())
+	assert.False(t, pub33.IsEqual(pub3))
+}
+
+func TestDHKeyExchange(t *testing.T) {
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	pub := sec.GetPublicKey()
+	var sec1 bls.SecretKey
+	sec1.SetByCSPRNG()
+	pub1 := sec1.GetPublicKey()
+
+	out := bls.DHKeyExchange(&sec1, pub)
+	out1 := bls.DHKeyExchange(&sec, pub1)
+	assert.True(t, out1.IsEqual(&out))
+}
+
+func TestRead(t *testing.T) {
+	pk := ed25519.NewKeyFromSeed([]byte("test1231231321122222222221212121"))
+	t.Log(string(pk.Seed()))
+	t.Log(string(pk))
+}
+
+func TestPop(t *testing.T) {
+	t.Log("testPop")
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	pop := sec.GetPop()
+	if !pop.VerifyPop(sec.GetPublicKey()) {
+		t.Errorf("Valid Pop does not verify")
+	}
+
+	sec.SetByCSPRNG()
+	if pop.VerifyPop(sec.GetPublicKey()) {
+		t.Errorf("Invalid Pop verifies")
+	}
+}
+
+func TestPairing(t *testing.T) {
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	pub := sec.GetPublicKey()
+	m := "abc"
+	sig1 := sec.Sign(m)
+	sig2 := bls.HashAndMapToSignature([]byte(m))
+	if !bls.VerifyPairing(sig1, sig2, pub) {
+		t.Errorf("VerifyPairing")
+	}
+}
+
+func TestAggregate(t *testing.T) {
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	pub := sec.GetPublicKey()
+	msgTbl := []string{"abc", "def", "123"}
+	n := len(msgTbl)
+	sigVec := make([]*bls.Sign, n)
+	for i := 0; i < n; i++ {
+		m := msgTbl[i]
+		sigVec[i] = sec.Sign(m)
+	}
+	aggSign := sigVec[0]
+	for i := 1; i < n; i++ {
+		aggSign.Add(sigVec[i])
+	}
+	hashPt := bls.HashAndMapToSignature([]byte(msgTbl[0]))
+	for i := 1; i < n; i++ {
+		hashPt.Add(bls.HashAndMapToSignature([]byte(msgTbl[i])))
+	}
+	if !bls.VerifyPairing(aggSign, hashPt, pub) {
+		t.Errorf("aggregate2")
+	}
+
+}
+
+func TestIsSign(t *testing.T) {
+	m := "test"
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	pub := sec.GetPublicKey()
+	sign := sec.Sign(m)
+
+	var sec1 bls.SecretKey
+	sec1.SetByCSPRNG()
+	//pub1 := sec1.GetPublicKey()
+	sign1 := sec.Sign(m)
+
+	sign.Add(sign1)
+	hashPt := bls.HashAndMapToSignature([]byte(m))
+	hashPt.Add(bls.HashAndMapToSignature([]byte(m)))
+
+	assert.True(t, IsSign(sign, hashPt, pub))
+}
+
+func TestAggregateHashes(t *testing.T) {
+	n := 1000
+	pubVec := make([]bls.PublicKey, n)
+	sigVec := make([]*bls.Sign, n)
+	h := make([][]byte, n)
+	for i := 0; i < n; i++ {
+		sec := new(bls.SecretKey)
+		sec.SetByCSPRNG()
+		pubVec[i] = *sec.GetPublicKey()
+		m := fmt.Sprintf("abc-%d", i)
+		h[i] = Hash([]byte(m))
+		sigVec[i] = sec.SignHash(h[i])
+	}
+	// aggregate sig
+	sig := sigVec[0]
+	for i := 1; i < n; i++ {
+		sig.Add(sigVec[i])
+	}
+	if !sig.VerifyAggregateHashes(pubVec, h) {
+		t.Errorf("sig.VerifyAggregateHashes")
+	}
+}
+
+func Hash(buf []byte) []byte {
+	if bls.GetOpUnitSize() == 4 {
+		d := sha256.Sum256([]byte(buf))
+		return d[:]
+	}
+	// use SHA512 if bitSize > 256
+	d := sha512.Sum512([]byte(buf))
+	return d[:]
+}
+
+func TestHash(t *testing.T) {
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	pub := sec.GetPublicKey()
+	m := "abc"
+	h := Hash([]byte(m))
+	sig1 := sec.Sign(m)
+	sig2 := sec.SignHash(h)
+	t.Log(sig1.SerializeToHexStr())
+	t.Log(sig2.SerializeToHexStr())
+	//TODO fix bug?
+	if sig1.IsEqual(sig2) {
+		t.Errorf("SignHash")
+	}
+	if !sig1.Verify(pub, m) {
+		t.Errorf("sig1.Verify")
+	}
+	if !sig2.VerifyHash(pub, h) {
+		t.Errorf("sig2.VerifyHash")
+	}
+}
+
+func TestCast(t *testing.T) {
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	{
+		x := *bls.CastFromSecretKey(&sec)
+		sec2 := *bls.CastToSecretKey(&x)
+		if !sec.IsEqual(&sec2) {
+			t.Error("sec is not equal")
+		}
+	}
+	var pub bls.Sign
+	var g2 bls.G2
+	if unsafe.Sizeof(pub) != unsafe.Sizeof(g2) {
+		return
+	}
+	pub = *sec.GetPop()
+	g2 = *bls.CastFromSign(&pub)
+	bls.G2Add(&g2, &g2, &g2)
+	pub.Add(&pub)
+	if !pub.IsEqual(bls.CastToSign(&g2)) {
+		t.Error("pub not equal")
+	}
+	sig := sec.Sign("abc")
+	g2 = *bls.CastFromSign(sig)
+	bls.G2Add(&g2, &g2, &g2)
+	sig.Add(sig)
+	if !sig.IsEqual(bls.CastToSign(&g2)) {
+		t.Error("sig not equal")
+	}
+}
+
+func TestZero(t *testing.T) {
+	var sec bls.SecretKey
+	sec.SetByCSPRNG()
+	pub := sec.GetPublicKey()
+	sig := sec.Sign("abc")
+	if sec.IsZero() {
+		t.Fatal("sec is zero")
+	}
+	if pub.IsZero() {
+		t.Fatal("pub is zero")
+	}
+	if sig.IsZero() {
+		t.Fatal("sig is zero")
+	}
+	sec.SetDecString("0")
+	pub = sec.GetPublicKey()
+	sig = sec.Sign("abc")
+	if !sec.IsZero() {
+		t.Fatal("sec is not zero")
+	}
+	if !pub.IsZero() {
+		t.Fatal("pub is not zero")
+	}
+	if !sig.IsZero() {
+		t.Fatal("sig is not zero")
+	}
+}
--- a/pkg/crypto/crypto.go
+++ b/pkg/crypto/crypto.go
+package crypto
+
+// PrivateKey represents a private key that can be used to
+// generate a public key and sign data
+type PrivateKey interface {
+	// Sign signs digest using key k.
+	Sign(digest []byte) ([]byte, error)
+
+	// Return a public key paired with this private key
+	PublicKey() PublicKey
+}
+
+// PublicKey is a public key that can be used to verify data
+// signed with the corresponding private key
+type PublicKey interface {
+	// Verify that 'sig' is the signed hash of 'data'
+	Verify(digest []byte, sig []byte) (bool, error)
+}