Update BLS signature module

[hwwhww]

What was wrong?

#1565

How was it fixed?

1. Follow the logic from the BLS signature verification
   
2. Replace BN128 with BLS-12-381 curve.
3. Replace the current blake hashing function with keccak-256.

Note

• Please ignore the eth/beacon/aggregation.py for now. It's supposed to be updated in other PRs.
• This PR is opened for reviewing the reference implementation. The current CI error is due to other type hinting issues. @carver, feel free to solve that and merge Upgrade py-ecc past a buggy release, to 1.4.6 #1576 before it, I'll resolve the conflicts. :)

Cute Animal Picture

[pipermerriam]

@hwwhww can you look into fixing these linting errors that show up when using the latest py_ecc as well?

#1576 -> https://circleci.com/gh/ethereum/py-evm/109848?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link

[hwwhww]

@pipermerriam yes, I'll investigate it.

[djrtwo]

looks good! left some comments.

[carver]

• @carver, feel free to solve that and merge Upgrade py-ecc past a buggy release, to 1.4.6 #1576 before it, I'll resolve the conflicts. :)

Done. Thanks for doing the type cleanups! :)

[djrtwo]

I think I was a bit unclear in the last comment. I meant something like the following which utilizes aggregate_pubs rather than directly calling add

for message in set(messages):
    pubkeys_for_message = [
        pubkey for i, pubkey in enumerate(pubkeys)
        if messages[i] == message
    ]
    group_pub = aggregate_pubkeys(pubkeys_for_message)

[hwwhww]

Oh I see! I think I've tried to do that before, if we want to utilize aggregate_pubkeys, we will need:

1. len(messages) times extra compress_G1() calling (inside aggregate_pubkeys)
2. len(messages) times extra decompress_G1() calling for the second argument of pairing.

Alternatively, we might refactor aggregate_signatures(signatures: Sequence[bytes]) -> Tuple[int, int] to:

def aggregate_pubkeys(pubkeys: Sequence[int]) -> int:
    return compress_G1(_aggregate_pubkeys(pubkeys))

def _aggregate_pubkeys(pubkeys: Sequence[int]) -> Tuple[FQ, FQ, FQ]:
    o = Z1
    for p in pubkeys:
        o = add(o, decompress_G1(p))
    return o

And then make verify_multiple call _aggregate_pubkeys().

What do you think of it?

[djrtwo]

oh crap, you're right.

I'm okay either way. It's not a huge gain in code reuse and this code won't change much once in place.

[djrtwo]

Do whichever you want. I'm going to use the updated work in #1631 in the morning so merge whenever you're ready.

[hwwhww]

@djrtwo merging it now! We can optimize the BLS APIs while moving it to py-ecc later (#1592). :)