What is the BLS signature scheme? posted February 2019
BLS is a digital signature scheme being standardized.
Its basis is quite similar to other signature schemes, it has a key generation with a generator $P2$:
The signature is a bit weird though, you pretend the hashed message is the generator (using a hash_to_G1
function you hash the message into a point on a curve) and you do what you usually do in a key generation: you make it a public key with your private key
Verification is even weirder, you use a bilinear pairing to verify that indeed, pairing([secret_key]hashed_msg, P2) = pairing([secret_key]P2, hashed_msg)
.
This weird signing/verifying process allows for pretty cool stuff. You can compress (aggregate) signatures of the same msg in a single signature!
To do that, simply add all the signatures together! Easy peasy right?
Can you verify such a compressed signature? Yes you can.
Simply compress the public key, the same way you compressed the signature. And verify the sig_compressed
with the public_key_compressed
. Elegant :)
But what if the different signatures are on different messages? Well, just add them together as well.
The process to verify that is a bit more complicated. This time you multiply a bunch of pairing([secret_key]P2, hashed_msg)
together, and you verify that it is equal to another pairing made out of the compressed signature. Pairings are magical!
Comments
Joker
Comedy is subjective, Mur-ray.
Bete
Is BLS similar with Shacham’s Public Verification? Thanks!
Jon
What about same public key, different messages?
leave a comment...