Revert "Reverts the Revert (#4011)" (#4026)

This reverts commit c4ca8a47b3.

WORKSPACE

@@ -169,13 +169,6 @@ http_archive(
     url = "https://github.com/bazelbuild/buildtools/archive/bf564b4925ab5876a3f64d8b90fab7f769013d42.zip",
 )
 
-http_archive(
-    name = "com_github_herumi_bls_eth_go_binary",
-    sha256 = "7e00d57869645a6e6ed90004bef0717627597ed8d93ab3e3426240c0122c4d54",
-    strip_prefix = "bls-go-binary-ae02584f5db9279fb0b2d95214d2179c65c74544",
-    url = "https://github.com/nisdas/bls-go-binary/archive/ae02584f5db9279fb0b2d95214d2179c65c74544.zip",
-)
-
 load("@com_github_bazelbuild_buildtools//buildifier:deps.bzl", "buildifier_dependencies")
 
 buildifier_dependencies()
@@ -1243,6 +1236,13 @@ go_repository(
     version = "v0.0.0-20161005185022-dfcf01d20ee9",
 )
 
+go_repository(
+    name = "com_github_kilic_bls12-381",
+    importpath = "github.com/kilic/bls12-381",
+    sum = "h1:hCD4IWWYsETkACK7U+isYppKfB/6d54sBkCDk3k+w2U=",
+    version = "v0.0.0-20191005202515-c798d6202457",
+)
+
 go_repository(
     name = "com_github_minio_highwayhash",
     importpath = "github.com/minio/highwayhash",

beacon-chain/BUILD.bazel

@@ -40,7 +40,7 @@ go_image(
     goos = "linux",
     importpath = "github.com/prysmaticlabs/prysm/beacon-chain",
     race = "off",
-    static = "on",  # Static enabled binary seems to cause issues with DNS lookup with cgo.
+    static = "off",  # Static enabled binary seems to cause issues with DNS lookup with cgo.
     tags = ["manual"],
     visibility = ["//visibility:private"],
     deps = [

beacon-chain/core/blocks/block_operations_test.go

@@ -3,6 +3,7 @@ package blocks_test
 import (
 	"bytes"
 	"context"
+	"crypto/rand"
 	"encoding/binary"
 	"fmt"
 	"io/ioutil"
@@ -100,7 +101,10 @@ func TestProcessBlockHeader_DifferentSlots(t *testing.T) {
 	}
 	currentEpoch := helpers.CurrentEpoch(state)
 	dt := helpers.Domain(state.Fork, currentEpoch, params.BeaconConfig().DomainBeaconProposer)
-	priv := bls.RandKey()
+	priv, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Errorf("failed to generate private key got: %v", err)
+	}
 	blockSig := priv.Sign([]byte("hello"), dt)
 	validators[5896].PublicKey = priv.PublicKey().Marshal()
 	block := &ethpb.BeaconBlock{
@@ -141,7 +145,10 @@ func TestProcessBlockHeader_PreviousBlockRootNotSignedRoot(t *testing.T) {
 
 	currentEpoch := helpers.CurrentEpoch(state)
 	dt := helpers.Domain(state.Fork, currentEpoch, params.BeaconConfig().DomainBeaconProposer)
-	priv := bls.RandKey()
+	priv, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Errorf("failed to generate private key got: %v", err)
+	}
 	blockSig := priv.Sign([]byte("hello"), dt)
 	validators[5896].PublicKey = priv.PublicKey().Marshal()
 	block := &ethpb.BeaconBlock{
@@ -153,7 +160,7 @@ func TestProcessBlockHeader_PreviousBlockRootNotSignedRoot(t *testing.T) {
 		Signature:  blockSig.Marshal(),
 	}
 
-	_, err := blocks.ProcessBlockHeader(state, block)
+	_, err = blocks.ProcessBlockHeader(state, block)
 	want := "does not match"
 	if !strings.Contains(err.Error(), want) {
 		t.Errorf("Expected %v, received %v", want, err)
@@ -186,7 +193,10 @@ func TestProcessBlockHeader_SlashedProposer(t *testing.T) {
 	}
 	currentEpoch := helpers.CurrentEpoch(state)
 	dt := helpers.Domain(state.Fork, currentEpoch, params.BeaconConfig().DomainBeaconProposer)
-	priv := bls.RandKey()
+	priv, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Errorf("failed to generate private key got: %v", err)
+	}
 	blockSig := priv.Sign([]byte("hello"), dt)
 	validators[12683].PublicKey = priv.PublicKey().Marshal()
 	block := &ethpb.BeaconBlock{
@@ -233,7 +243,10 @@ func TestProcessBlockHeader_OK(t *testing.T) {
 	}
 	currentEpoch := helpers.CurrentEpoch(state)
 	dt := helpers.Domain(state.Fork, currentEpoch, params.BeaconConfig().DomainBeaconProposer)
-	priv := bls.RandKey()
+	priv, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Fatalf("Failed to generate private key got: %v", err)
+	}
 	block := &ethpb.BeaconBlock{
 		Slot: 0,
 		Body: &ethpb.BeaconBlockBody{
@@ -523,7 +536,10 @@ func TestProcessProposerSlashings_AppliesCorrectStatus(t *testing.T) {
 		helpers.CurrentEpoch(beaconState),
 		params.BeaconConfig().DomainBeaconProposer,
 	)
-	privKey := bls.RandKey()
+	privKey, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Errorf("Could not generate random private key: %v", err)
+	}
 
 	header1 := &ethpb.BeaconBlockHeader{
 		Slot:      0,
@@ -1509,7 +1525,10 @@ func TestProcessDeposits_AddsNewValidatorDeposit(t *testing.T) {
 }
 
 func TestProcessDeposits_RepeatedDeposit_IncreasesValidatorBalance(t *testing.T) {
-	sk := bls.RandKey()
+	sk, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
 	deposit := &ethpb.Deposit{
 		Data: &ethpb.Deposit_Data{
 			PublicKey: sk.PublicKey().Marshal(),
@@ -1821,7 +1840,10 @@ func TestProcessVoluntaryExits_AppliesCorrectStatus(t *testing.T) {
 	}
 	state.Slot = state.Slot + (params.BeaconConfig().PersistentCommitteePeriod * params.BeaconConfig().SlotsPerEpoch)
 
-	priv := bls.RandKey()
+	priv, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Error(err)
+	}
 	state.Validators[0].PublicKey = priv.PublicKey().Marshal()[:]
 	signingRoot, err := ssz.SigningRoot(exits[0])
 	if err != nil {

beacon-chain/core/helpers/attestation_test.go

@@ -2,6 +2,7 @@ package helpers_test
 
 import (
 	"bytes"
+	"crypto/rand"
 	"sort"
 	"testing"
 
@@ -167,7 +168,10 @@ func TestAggregateAttestations(t *testing.T) {
 	var makeAttestationsFromBitlists = func(bl []bitfield.Bitlist) []*ethpb.Attestation {
 		atts := make([]*ethpb.Attestation, len(bl))
 		for i, b := range bl {
-			sk := bls.RandKey()
+			sk, err := bls.RandKey(rand.Reader)
+			if err != nil {
+				panic(err)
+			}
 			sig := sk.Sign([]byte("dummy_test_data"), 0 /*domain*/)
 			atts[i] = &ethpb.Attestation{
 				AggregationBits: b,

beacon-chain/core/state/transition_test.go

@@ -3,6 +3,7 @@ package state_test
 import (
 	"bytes"
 	"context"
+	"crypto/rand"
 	"encoding/binary"
 	"fmt"
 	"strings"
@@ -506,7 +507,7 @@ func TestProcessBlock_PassesProcessingConditions(t *testing.T) {
 	beaconState.BlockRoots = blockRoots
 
 	aggBits := bitfield.NewBitlist(1)
-	aggBits.SetBitAt(0, true)
+	aggBits.SetBitAt(1, true)
 	custodyBits := bitfield.NewBitlist(1)
 	blockAtt := &ethpb.Attestation{
 		Data: &ethpb.AttestationData{
@@ -835,7 +836,10 @@ func BenchmarkProcessBlk_65536Validators_FullBlock(b *testing.B) {
 	if err != nil {
 		b.Fatal(err)
 	}
-	priv := bls.RandKey()
+	priv, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		b.Fatal(err)
+	}
 	s.Validators[proposerIdx].PublicKey = priv.PublicKey().Marshal()
 	buf := make([]byte, 32)
 	binary.LittleEndian.PutUint64(buf, 0)

beacon-chain/gateway/server/BUILD.bazel

@@ -30,9 +30,7 @@ go_image(
     goarch = "amd64",
     goos = "linux",
     importpath = "github.com/prysmaticlabs/prysm/beacon-chain/gateway/server",
-    pure = "off",
     race = "off",
-    static = "on",
     tags = ["manual"],
     visibility = ["//visibility:private"],
     deps = [

beacon-chain/operations/attestation_test.go

@@ -41,7 +41,7 @@ func TestHandleAttestation_Saves_NewAttestation(t *testing.T) {
 			Source:          &ethpb.Checkpoint{Epoch: 0, Root: []byte("hello-world")},
 			Target:          &ethpb.Checkpoint{Epoch: 0, Root: []byte("hello-world")},
 		},
-		AggregationBits: bitfield.Bitlist{0xCF, 0xC0, 0xC0, 0xC0, 0x01},
+		AggregationBits: bitfield.Bitlist{0xC0, 0xC0, 0xC0, 0xC0, 0x01},
 		CustodyBits:     bitfield.Bitlist{0x00, 0x00, 0x00, 0x00, 0x01},
 	}
 
@@ -360,7 +360,7 @@ func TestRetrieveAttestations_OK(t *testing.T) {
 	}
 
 	aggBits := bitfield.NewBitlist(1)
-	aggBits.SetBitAt(0, true)
+	aggBits.SetBitAt(1, true)
 	custodyBits := bitfield.NewBitlist(1)
 	att := &ethpb.Attestation{
 		Data: &ethpb.AttestationData{
@@ -379,12 +379,10 @@ func TestRetrieveAttestations_OK(t *testing.T) {
 		CustodyBit: false,
 	}
 	domain := helpers.Domain(beaconState.Fork, 0, params.BeaconConfig().DomainBeaconAttester)
-
 	sigs := make([]*bls.Signature, len(attestingIndices))
 
 	zeroSig := [96]byte{}
 	att.Signature = zeroSig[:]
-
 	for i, indice := range attestingIndices {
 		hashTreeRoot, err := ssz.HashTreeRoot(dataAndCustodyBit)
 		if err != nil {
@@ -395,7 +393,9 @@ func TestRetrieveAttestations_OK(t *testing.T) {
 	}
 
 	beaconState.Slot += params.BeaconConfig().MinAttestationInclusionDelay
+
 	att.Signature = bls.AggregateSignatures(sigs).Marshal()[:]
+
 	beaconState.CurrentEpochAttestations = []*pb.PendingAttestation{}
 
 	r, _ := ssz.HashTreeRoot(att.Data)

beacon-chain/powchain/deposit_test.go

@@ -2,6 +2,7 @@ package powchain
 
 import (
 	"context"
+	"crypto/rand"
 	"strings"
 	"testing"
 
@@ -220,7 +221,11 @@ func TestProcessDeposit_IncompleteDeposit(t *testing.T) {
 		},
 	}
 
-	sk := bls.RandKey()
+	sk, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	deposit.Data.PublicKey = sk.PublicKey().Marshal()
 	signedRoot, err := ssz.SigningRoot(deposit.Data)
 	if err != nil {

beacon-chain/rpc/validator/server_test.go

@@ -2,6 +2,7 @@ package validator
 
 import (
 	"context"
+	"crypto/rand"
 	"fmt"
 	"math/big"
 	"strconv"
@@ -122,9 +123,14 @@ func TestWaitForActivation_ValidatorOriginallyExists(t *testing.T) {
 	defer params.OverrideBeaconConfig(params.MinimalSpecConfig())
 	ctx := context.Background()
 
-	priv1 := bls.RandKey()
-	priv2 := bls.RandKey()
-
+	priv1, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Error(err)
+	}
+	priv2, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Error(err)
+	}
 	pubKey1 := priv1.PublicKey().Marshal()[:]
 	pubKey2 := priv2.PublicKey().Marshal()[:]
 

beacon-chain/sync/validate_proposer_slashing_test.go

@@ -56,7 +56,10 @@ func setupValidProposerSlashing(t *testing.T) (*ethpb.ProposerSlashing, *pb.Beac
 		helpers.CurrentEpoch(state),
 		params.BeaconConfig().DomainBeaconProposer,
 	)
-	privKey := bls.RandKey()
+	privKey, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Errorf("Could not generate random private key: %v", err)
+	}
 
 	header1 := &ethpb.BeaconBlockHeader{
 		Slot:      0,

beacon-chain/sync/validate_voluntary_exit_test.go

@@ -41,8 +41,10 @@ func setupValidExit(t *testing.T) (*ethpb.VoluntaryExit, *pb.BeaconState) {
 		t.Error(err)
 	}
 	domain := helpers.Domain(state.Fork, helpers.CurrentEpoch(state), params.BeaconConfig().DomainVoluntaryExit)
-	priv := bls.RandKey()
-
+	priv, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Error(err)
+	}
 	sig := priv.Sign(signingRoot[:], domain)
 	exit.Signature = sig.Marshal()
 	state.Validators[0].PublicKey = priv.PublicKey().Marshal()[:]

shared/bls/BUILD.bazel

@@ -9,8 +9,8 @@ go_library(
         "//shared/bytesutil:go_default_library",
         "//shared/featureconfig:go_default_library",
         "//shared/hashutil:go_default_library",
-        "@com_github_herumi_bls_eth_go_binary//bls:go_default_library",
         "@com_github_karlseguin_ccache//:go_default_library",
+        "@com_github_kilic_bls12-381//:go_default_library",
         "@com_github_pkg_errors//:go_default_library",
     ],
 )
@@ -41,7 +41,5 @@ go_test(
     ],
     deps = [
         "//shared/bls:go_default_library",
-        "//shared/hashutil:go_default_library",
-        "@com_github_herumi_bls_eth_go_binary//bls:go_default_library",
     ],
 )

shared/bls/bls.go

@@ -4,87 +4,79 @@
 package bls
 
 import (
+	"crypto/rand"
 	"encoding/binary"
+	"io"
 	"math/big"
 	"time"
 
 	"github.com/karlseguin/ccache"
+	bls12 "github.com/kilic/bls12-381"
 	"github.com/pkg/errors"
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	"github.com/prysmaticlabs/prysm/shared/featureconfig"
 	"github.com/prysmaticlabs/prysm/shared/hashutil"
-
-	bls12 "github.com/herumi/bls-eth-go-binary/bls"
 )
 
-func init() {
-	err := bls12.Init(bls12.BLS12_381)
-	if err != nil {
-		panic(err)
-	}
-	bls12.SetETHserialization(true)
-}
-
 var pubkeyCache = ccache.New(ccache.Configure())
 
 // CurveOrder for the BLS12-381 curve.
 const CurveOrder = "52435875175126190479447740508185965837690552500527637822603658699938581184513"
 
-// The size would be a combination of both the message(32 bytes) and domain(8 bytes) size.
-const concatMsgDomainSize = 40
-
 var curveOrder, _ = new(big.Int).SetString(CurveOrder, 10)
 
 // Signature used in the BLS signature scheme.
 type Signature struct {
-	s *bls12.Sign
+	s *bls12.PointG2
 }
 
 // PublicKey used in the BLS signature scheme.
 type PublicKey struct {
-	p *bls12.PublicKey
+	p *bls12.PointG1
 }
 
 // SecretKey used in the BLS signature scheme.
 type SecretKey struct {
-	p *bls12.SecretKey
+	p *big.Int
 }
 
 // RandKey creates a new private key using a random method provided as an io.Reader.
-func RandKey() *SecretKey {
-	secKey := &bls12.SecretKey{}
-	secKey.SetByCSPRNG()
-	return &SecretKey{secKey}
+func RandKey(r io.Reader) (*SecretKey, error) {
+	k, err := rand.Int(r, curveOrder)
+	if err != nil {
+		return nil, err
+	}
+	return &SecretKey{k}, nil
 }
 
-// SecretKeyFromBytes creates a BLS private key from a BigEndian byte slice.
+// SecretKeyFromBytes creates a BLS private key from a LittleEndian byte slice.
 func SecretKeyFromBytes(priv []byte) (*SecretKey, error) {
-	secKey := &bls12.SecretKey{}
-	err := secKey.Deserialize(priv)
-	return &SecretKey{p: secKey}, err
+	b := bytesutil.ToBytes32(priv)
+	k := new(big.Int).SetBytes(b[:])
+	if curveOrder.Cmp(k) < 0 {
+		return nil, errors.New("invalid private key")
+	}
+	return &SecretKey{p: k}, nil
 }
 
-// PublicKeyFromBytes creates a BLS public key from a  BigEndian byte slice.
+// PublicKeyFromBytes creates a BLS public key from a  LittleEndian byte slice.
 func PublicKeyFromBytes(pub []byte) (*PublicKey, error) {
 	if featureconfig.Get().SkipBLSVerify {
 		return &PublicKey{}, nil
 	}
 	cv := pubkeyCache.Get(string(pub))
 	if cv != nil && cv.Value() != nil && featureconfig.Get().EnableBLSPubkeyCache {
-		return cv.Value().(*PublicKey).Copy()
+		return cv.Value().(*PublicKey).Copy(), nil
 	}
-	pubKey := &bls12.PublicKey{}
-	err := pubKey.Deserialize(pub)
+	b := bytesutil.ToBytes48(pub)
+	g1Elems := bls12.NewG1(nil)
+	p, err := g1Elems.FromCompressed(b[:])
 	if err != nil {
 		return nil, errors.Wrap(err, "could not unmarshal bytes into public key")
 	}
-	pubkeyObj := &PublicKey{p: pubKey}
-	copiedKey, err := pubkeyObj.Copy()
-	if err != nil {
-		return nil, errors.Wrap(err, "could not copy pubkey")
-	}
-	pubkeyCache.Set(string(pub), copiedKey, 48*time.Hour)
-	return pubkeyObj, nil
+	pubkey := &PublicKey{p: p}
+	pubkeyCache.Set(string(pub), pubkey.Copy(), 48*time.Hour)
+	return pubkey, nil
 }
 
 // SignatureFromBytes creates a BLS signature from a LittleEndian byte slice.
@@ -92,24 +84,18 @@ func SignatureFromBytes(sig []byte) (*Signature, error) {
 	if featureconfig.Get().SkipBLSVerify {
 		return &Signature{}, nil
 	}
-	signature := &bls12.Sign{}
-	err := signature.Deserialize(sig)
+	s, err := bls12.NewG2(nil).FromCompressed(sig)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not unmarshal bytes into signature")
 	}
-	return &Signature{s: signature}, nil
+	return &Signature{s: s}, nil
 }
 
 // PublicKey obtains the public key corresponding to the BLS secret key.
 func (s *SecretKey) PublicKey() *PublicKey {
-	return &PublicKey{p: s.p.GetPublicKey()}
-}
-
-func concatMsgAndDomain(msg []byte, domain uint64) []byte {
-	b := [concatMsgDomainSize]byte{}
-	binary.LittleEndian.PutUint64(b[32:], domain)
-	copy(b[0:32], msg)
-	return b[:]
+	p := &bls12.PointG1{}
+	bls12.NewG1(nil).MulScalar(p, &bls12.G1One, s.p)
+	return &PublicKey{p: p}
 }
 
 // Sign a message using a secret key - in a beacon/validator client.
@@ -117,13 +103,17 @@ func (s *SecretKey) Sign(msg []byte, domain uint64) *Signature {
 	if featureconfig.Get().SkipBLSVerify {
 		return &Signature{}
 	}
-	signature := s.p.SignHashWithDomain(concatMsgAndDomain(msg, domain))
+	g2 := bls12.NewG2(nil)
+	b := [8]byte{}
+	binary.LittleEndian.PutUint64(b[:], domain)
+	signature := g2.MapToPoint(HashWithDomain(bytesutil.ToBytes32(msg), b))
+	g2.MulScalar(signature, signature, s.p)
 	return &Signature{s: signature}
 }
 
 // Marshal a secret key into a LittleEndian byte slice.
 func (s *SecretKey) Marshal() []byte {
-	keyBytes := s.p.Serialize()
+	keyBytes := s.p.Bytes()
 	if len(keyBytes) < 32 {
 		emptyBytes := make([]byte, 32-len(keyBytes))
 		keyBytes = append(emptyBytes, keyBytes...)
@@ -133,16 +123,12 @@ func (s *SecretKey) Marshal() []byte {
 
 // Marshal a public key into a LittleEndian byte slice.
 func (p *PublicKey) Marshal() []byte {
-	rawBytes := p.p.Serialize()
-	return rawBytes
+	return bls12.NewG1(nil).ToCompressed(p.p)
 }
 
 // Copy the public key to a new pointer reference.
-func (p *PublicKey) Copy() (*PublicKey, error) {
-	rawBytes := p.p.Serialize()
-	newKey := &bls12.PublicKey{}
-	err := newKey.Deserialize(rawBytes)
-	return &PublicKey{p: newKey}, err
+func (p *PublicKey) Copy() *PublicKey {
+	return &PublicKey{p: new(bls12.PointG1).Set(p.p)}
 }
 
 // Aggregate two public keys.
@@ -150,7 +136,7 @@ func (p *PublicKey) Aggregate(p2 *PublicKey) *PublicKey {
 	if featureconfig.Get().SkipBLSVerify {
 		return p
 	}
-	p.p.Add(p2.p)
+	bls12.NewG1(nil).Add(p.p, p.p, p2.p)
 	return p
 }
 
@@ -159,7 +145,21 @@ func (s *Signature) Verify(msg []byte, pub *PublicKey, domain uint64) bool {
 	if featureconfig.Get().SkipBLSVerify {
 		return true
 	}
-	return s.s.VerifyHashWithDomain(pub.p, concatMsgAndDomain(msg, domain))
+	b := [8]byte{}
+	binary.LittleEndian.PutUint64(b[:], domain)
+	e := bls12.NewBLSPairingEngine()
+	target := &bls12.Fe12{}
+	e.Pair(target,
+		[]bls12.PointG1{
+			bls12.G1NegativeOne,
+			*pub.p,
+		},
+		[]bls12.PointG2{
+			*s.s,
+			*e.G2.MapToPoint(HashWithDomain(bytesutil.ToBytes32(msg), b)),
+		},
+	)
+	return e.Fp12.Equal(&bls12.Fp12One, target)
 }
 
 // VerifyAggregate verifies each public key against its respective message.
@@ -178,62 +178,77 @@ func (s *Signature) VerifyAggregate(pubKeys []*PublicKey, msg [][32]byte, domain
 	}
 	b := [8]byte{}
 	binary.LittleEndian.PutUint64(b[:], domain)
-	hashWithDomains := make([]byte, 0, size*concatMsgDomainSize)
-	var rawKeys []bls12.PublicKey
+	points := make([]bls12.PointG1, size+1)
+	e := bls12.NewBLSPairingEngine()
+	e.G1.Copy(&points[0], &bls12.G1NegativeOne)
+	twistPoints := make([]bls12.PointG2, size+1)
+	e.G2.Copy(&twistPoints[0], s.s)
 	for i := 0; i < size; i++ {
-		hashWithDomains = append(hashWithDomains, concatMsgAndDomain(msg[i][:], domain)...)
-		rawKeys = append(rawKeys, *pubKeys[i].p)
+		e.G1.Copy(&points[i+1], pubKeys[i].p)
+		e.G2.Copy(&twistPoints[i+1], e.G2.MapToPoint(HashWithDomain(msg[i], b)))
 	}
-	return s.s.VerifyAggregateHashWithDomain(rawKeys, hashWithDomains)
+	target := &bls12.Fe12{}
+	e.Pair(target, points, twistPoints)
+	return e.Fp12.Equal(&bls12.Fp12One, target)
 }
 
 // VerifyAggregateCommon verifies each public key against its respective message.
 // This is vulnerable to rogue public-key attack. Each user must
 // provide a proof-of-knowledge of the public key.
-func (s *Signature) VerifyAggregateCommon(pubKeys []*PublicKey, msg [32]byte, domain uint64) bool {
+func (s *Signature) VerifyAggregateCommon(pubKeys []*PublicKey, msg []byte, domain uint64) bool {
 	if featureconfig.Get().SkipBLSVerify {
 		return true
 	}
 	if len(pubKeys) == 0 {
 		return false
 	}
-	//#nosec G104
-	aggregated, _ := pubKeys[0].Copy()
-
+	b := [8]byte{}
+	binary.LittleEndian.PutUint64(b[:], domain)
+	e := bls12.NewBLSPairingEngine()
+	aggregated := &bls12.PointG1{}
+	e.G1.Copy(aggregated, pubKeys[0].p)
 	for i := 1; i < len(pubKeys); i++ {
-		aggregated.p.Add(pubKeys[i].p)
+		e.G1.Add(aggregated, aggregated, pubKeys[i].p)
 	}
-
-	return s.s.VerifyHashWithDomain(aggregated.p, concatMsgAndDomain(msg[:], domain))
+	target := &bls12.Fe12{}
+	e.Pair(target,
+		[]bls12.PointG1{
+			bls12.G1NegativeOne,
+			*aggregated,
+		},
+		[]bls12.PointG2{
+			*s.s,
+			*e.G2.MapToPoint(HashWithDomain(bytesutil.ToBytes32(msg), b)),
+		},
+	)
+	return e.Fp12.Equal(&bls12.Fp12One, target)
 }
 
 // NewAggregateSignature creates a blank aggregate signature.
 func NewAggregateSignature() *Signature {
-	return &Signature{s: bls12.HashAndMapToSignature([]byte{'m', 'o', 'c', 'k'})}
+	return &Signature{s: &bls12.PointG2{}}
 }
 
 // NewAggregatePubkey creates a blank public key.
 func NewAggregatePubkey() *PublicKey {
-	return &PublicKey{p: RandKey().PublicKey().p}
+	return &PublicKey{p: &bls12.PointG1{}}
 }
 
 // AggregateSignatures converts a list of signatures into a single, aggregated sig.
 func AggregateSignatures(sigs []*Signature) *Signature {
-	if len(sigs) == 0 {
-		return nil
-	}
 	if featureconfig.Get().SkipBLSVerify {
 		return sigs[0]
 	}
-	marshalled := sigs[0].s.Serialize()
-	signature := &bls12.Sign{}
-	//#nosec G104
-	signature.Deserialize(marshalled)
-
-	for i := 1; i < len(sigs); i++ {
-		signature.Add(sigs[i].s)
+	aggregated := NewAggregateSignature()
+	g2 := bls12.NewG2(nil)
+	for i := 0; i < len(sigs); i++ {
+		sig := sigs[i]
+		if sig == nil {
+			continue
+		}
+		g2.Add(aggregated.s, aggregated.s, sig.s)
 	}
-	return &Signature{s: signature}
+	return aggregated
 }
 
 // Marshal a signature into a LittleEndian byte slice.
@@ -241,9 +256,7 @@ func (s *Signature) Marshal() []byte {
 	if featureconfig.Get().SkipBLSVerify {
 		return make([]byte, 96)
 	}
-
-	rawBytes := s.s.Serialize()
-	return rawBytes
+	return bls12.NewG2(nil).ToCompressed(s.s)
 }
 
 // Domain returns the bls domain given by the domain type and the operation 4 byte fork version.

shared/bls/bls_benchmark_test.go

@@ -1,40 +1,17 @@
 package bls_test
 
 import (
+	"crypto/rand"
 	"testing"
 
-	bls2 "github.com/herumi/bls-eth-go-binary/bls"
 	"github.com/prysmaticlabs/prysm/shared/bls"
-	"github.com/prysmaticlabs/prysm/shared/hashutil"
 )
 
-func BenchmarkPairing(b *testing.B) {
-	bls2.Init(bls2.BLS12_381)
-	newGt := &bls2.GT{}
-	newG1 := &bls2.G1{}
-	newG2 := &bls2.G2{}
-
-	newGt.SetInt64(10)
-	hash := hashutil.Hash([]byte{})
-	err := newG1.HashAndMapTo(hash[:])
-	if err != nil {
-		b.Fatal(err)
-	}
-	err = newG2.HashAndMapTo(hash[:])
-	if err != nil {
-		b.Fatal(err)
-	}
-
-	b.ResetTimer()
-	b.ReportAllocs()
-	for i := 0; i < b.N; i++ {
-		bls2.Pairing(newGt, newG1, newG2)
-	}
-
-}
 func BenchmarkSignature_Verify(b *testing.B) {
-	sk := bls.RandKey()
-
+	sk, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		b.Fatal(err)
+	}
 	msg := []byte("Some msg")
 	domain := uint64(42)
 	sig := sk.Sign(msg, domain)
@@ -49,19 +26,18 @@ func BenchmarkSignature_Verify(b *testing.B) {
 
 func BenchmarkSignature_VerifyAggregate(b *testing.B) {
 	sigN := 128 // MAX_ATTESTATIONS per block.
-	msg := [32]byte{'s', 'i', 'g', 'n', 'e', 'd'}
+	msg := []byte("signed message")
 	domain := uint64(0)
 
 	var aggregated *bls.Signature
 	var pks []*bls.PublicKey
 	for i := 0; i < sigN; i++ {
-		sk := bls.RandKey()
-		sig := sk.Sign(msg[:], domain)
-		if aggregated == nil {
-			aggregated = bls.AggregateSignatures([]*bls.Signature{sig})
-		} else {
-			aggregated = bls.AggregateSignatures([]*bls.Signature{aggregated, sig})
+		sk, err := bls.RandKey(rand.Reader)
+		if err != nil {
+			b.Fatal(err)
 		}
+		sig := sk.Sign(msg, domain)
+		aggregated = bls.AggregateSignatures([]*bls.Signature{aggregated, sig})
 		pks = append(pks, sk.PublicKey())
 	}
 

shared/bls/bls_test.go

@@ -2,6 +2,7 @@ package bls_test
 
 import (
 	"bytes"
+	"crypto/rand"
 	"testing"
 
 	"github.com/prysmaticlabs/prysm/shared/bls"
@@ -9,7 +10,7 @@ import (
 )
 
 func TestMarshalUnmarshal(t *testing.T) {
-	b := bls.RandKey().Marshal()
+	b := []byte("hi")
 	b32 := bytesutil.ToBytes32(b)
 	pk, err := bls.SecretKeyFromBytes(b32[:])
 	if err != nil {
@@ -25,7 +26,7 @@ func TestMarshalUnmarshal(t *testing.T) {
 }
 
 func TestSignVerify(t *testing.T) {
-	priv := bls.RandKey()
+	priv, _ := bls.RandKey(rand.Reader)
 	pub := priv.PublicKey()
 	msg := []byte("hello")
 	sig := priv.Sign(msg, 0)
@@ -40,7 +41,7 @@ func TestVerifyAggregate(t *testing.T) {
 	var msgs [][32]byte
 	for i := 0; i < 100; i++ {
 		msg := [32]byte{'h', 'e', 'l', 'l', 'o', byte(i)}
-		priv := bls.RandKey()
+		priv, _ := bls.RandKey(rand.Reader)
 		pub := priv.PublicKey()
 		sig := priv.Sign(msg[:], 0)
 		pubkeys = append(pubkeys, pub)
@@ -56,11 +57,11 @@ func TestVerifyAggregate(t *testing.T) {
 func TestVerifyAggregateCommon(t *testing.T) {
 	pubkeys := make([]*bls.PublicKey, 0, 100)
 	sigs := make([]*bls.Signature, 0, 100)
-	msg := [32]byte{'h', 'e', 'l', 'l', 'o'}
+	msg := []byte("hello")
 	for i := 0; i < 100; i++ {
-		priv := bls.RandKey()
+		priv, _ := bls.RandKey(rand.Reader)
 		pub := priv.PublicKey()
-		sig := priv.Sign(msg[:], 0)
+		sig := priv.Sign(msg, 0)
 		pubkeys = append(pubkeys, pub)
 		sigs = append(sigs, sig)
 	}
@@ -73,7 +74,7 @@ func TestVerifyAggregateCommon(t *testing.T) {
 func TestVerifyAggregate_ReturnsFalseOnEmptyPubKeyList(t *testing.T) {
 	var pubkeys []*bls.PublicKey
 	sigs := make([]*bls.Signature, 0, 100)
-	msg := [32]byte{'h', 'e', 'l', 'l', 'o'}
+	msg := []byte("hello")
 
 	aggSig := bls.AggregateSignatures(sigs)
 	if aggSig.VerifyAggregateCommon(pubkeys, msg, 0 /*domain*/) != false {

shared/bls/spectest/BUILD.bazel

@@ -36,6 +36,6 @@ go_test(
         "//shared/bytesutil:go_default_library",
         "//shared/testutil:go_default_library",
         "@com_github_ghodss_yaml//:go_default_library",
-        "@com_github_herumi_bls_eth_go_binary//bls:go_default_library",
+        "@com_github_kilic_bls12-381//:go_default_library",
     ],
 )

shared/bls/spectest/aggregate_pubkeys_test.go

@@ -46,7 +46,7 @@ func TestAggregatePubkeysYaml(t *testing.T) {
 		t.Fatalf("Cannot decode string to bytes: %v", err)
 	}
 	if !bytes.Equal(outputBytes, pk.Marshal()) {
-		t.Fatalf("Output does not equal marshaled aggregated public "+
-			"key bytes. wanted %#x but got %#x", outputBytes, pk.Marshal())
+		t.Fatal("Output does not equal marshaled aggregated public " +
+			"key bytes")
 	}
 }

shared/bls/spectest/msg_hash_compressed_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/ghodss/yaml"
-	bls2 "github.com/herumi/bls-eth-go-binary/bls"
+	bls12 "github.com/kilic/bls12-381"
 	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	"github.com/prysmaticlabs/prysm/shared/testutil"
@@ -37,21 +37,13 @@ func TestMsgHashCompressed(t *testing.T) {
 			if err != nil {
 				t.Fatalf("Cannot decode string to bytes: %v", err)
 			}
+			g2 := bls12.NewG2(nil)
 			hash := bls.HashWithDomain(
 				bytesutil.ToBytes32(msgBytes),
 				bytesutil.ToBytes8(domain),
 			)
-			g2Point := &bls2.G2{}
-			fp2Point := &bls2.Fp2{}
-			err = fp2Point.Deserialize(hash)
-			if err != nil {
-				t.Fatal(err)
-			}
-			err = bls2.MapToG2(g2Point, fp2Point)
-			if err != nil {
-				t.Fatal(err)
-			}
-			compressedHash := g2Point.Serialize()
+			g2Point := g2.MapToPoint(hash)
+			compressedHash := g2.ToCompressed(g2Point)
 
 			var buf []byte
 			for _, innerString := range test.Output {

shared/bls/spectest/msg_hash_uncompressed_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"github.com/ghodss/yaml"
-	bls2 "github.com/herumi/bls-eth-go-binary/bls"
+	bls12 "github.com/kilic/bls12-381"
 	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	"github.com/prysmaticlabs/prysm/shared/testutil"
@@ -42,8 +42,8 @@ func TestMsgHashUncompressed(t *testing.T) {
 				bytesutil.ToBytes32(msgBytes),
 				bytesutil.ToBytes8(domain),
 			)
-			sig := bls2.HashAndMapToSignature(hash)
-			uncompressed := sig.Serialize()
+			g2Point := bls12.NewG2(nil).MapToPoint(hash)
+			uncompressed := bls12.NewG2(nil).ToUncompressed(g2Point)
 
 			var buf []byte
 			for _, outputStrings := range test.Output {

shared/bls/spectest/priv_to_pub_test.go

@@ -39,7 +39,7 @@ func TestPrivToPubYaml(t *testing.T) {
 				t.Fatalf("Cannot decode string to bytes: %v", err)
 			}
 			if !bytes.Equal(outputBytes, sk.PublicKey().Marshal()) {
-				t.Fatalf("Output does not marshaled public key bytes wanted %#x but got %#x", outputBytes, sk.PublicKey().Marshal())
+				t.Fatal("Output does not marshaled public key bytes")
 			}
 		})
 	}

shared/keystore/BUILD.bazel

@@ -18,6 +18,7 @@ go_library(
         "//shared/params:go_default_library",
         "@com_github_minio_sha256_simd//:go_default_library",
         "@com_github_pborman_uuid//:go_default_library",
+        "@com_github_pkg_errors//:go_default_library",
         "@com_github_prysmaticlabs_go_ssz//:go_default_library",
         "@org_golang_x_crypto//pbkdf2:go_default_library",
         "@org_golang_x_crypto//scrypt:go_default_library",

shared/keystore/key.go

@@ -27,6 +27,7 @@ import (
 	"path/filepath"
 
 	"github.com/pborman/uuid"
+	"github.com/pkg/errors"
 	"github.com/prysmaticlabs/prysm/shared/bls"
 )
 
@@ -152,7 +153,10 @@ func NewKeyFromBLS(blsKey *bls.SecretKey) (*Key, error) {
 
 // NewKey generates a new random key.
 func NewKey(rand io.Reader) (*Key, error) {
-	secretKey := bls.RandKey()
+	secretKey, err := bls.RandKey(rand)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not generate random key")
+	}
 	return NewKeyFromBLS(secretKey)
 }
 

shared/keystore/key_test.go

@@ -15,8 +15,10 @@ import (
 
 func TestMarshalAndUnmarshal(t *testing.T) {
 	testID := uuid.NewRandom()
-	blsKey := bls.RandKey()
-
+	blsKey, err := bls.RandKey(rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
 	key := &Key{
 		ID:        testID,
 		SecretKey: blsKey,

shared/mathutil/math_helper_test.go

@@ -57,15 +57,15 @@ func TestIntegerSquareRoot(t *testing.T) {
 		},
 		{
 			number: 1024,
-			root:   32,
+			root: 32,
 		},
 		{
 			number: 4,
-			root:   2,
+			root: 2,
 		},
 		{
 			number: 16,
-			root:   4,
+			root: 4,
 		},
 	}
 

tools/cluster-pk-manager/client/BUILD.bazel

@@ -30,9 +30,8 @@ go_image(
     goarch = "amd64",
     goos = "linux",
     importpath = "github.com/prysmaticlabs/prysm/tools/cluster-pk-manager/client",
-    pure = "off",
+    pure = "on",
     race = "off",
-    static = "on",
     tags = ["manual"],
     visibility = ["//visibility:private"],
     deps = [

tools/cluster-pk-manager/server/BUILD.bazel

@@ -78,7 +78,7 @@ go_image(
     importpath = "github.com/prysmaticlabs/prysm/tools/cluster-pk-manager/server",
     pure = "off",  # depends on cgo for go-ethereum crypto
     race = "off",
-    static = "on",
+    static = "off",
     tags = ["manual"],
     visibility = ["//visibility:private"],
     deps = [

tools/faucet/BUILD.bazel

@@ -49,7 +49,7 @@ go_image(
     importpath = IMPORT_PATH,
     pure = "off",  # depends on cgo for go-ethereum crypto
     race = "off",
-    static = "on",  # go-ethereum is bad about static
+    static = "off",  # go-ethereum is bad about static
     tags = ["manual"],
     deps = DEPS,
 )

validator/BUILD.bazel

@@ -38,9 +38,8 @@ go_image(
     goarch = "amd64",
     goos = "linux",
     importpath = "github.com/prysmaticlabs/prysm/validator",
-    pure = "off",
+    pure = "on",
     race = "off",
-    static = "on",
     tags = ["manual"],
     visibility = ["//visibility:private"],
     deps = [
@@ -78,7 +77,7 @@ docker_push(
 go_binary(
     name = "validator",
     embed = [":go_default_library"],
-    pure = "off",  # Enabled unless there is a valid reason to include cgo dep.
+    pure = "on",  # Enabled unless there is a valid reason to include cgo dep.
     visibility = [
         "//validator:__subpackages__",
         "//endtoend:__pkg__",