BLS digital signature


A BLS digital signature, also known as Boneh-Lynn-Shacham, is a cryptographic signature scheme which allows a user to verify that a signer is authentic.
The scheme uses a bilinear pairing, where and are elliptic curve groups of prime order, and a hash function from the message space into. Signature are elements of, public keys are elements of, and the secret key is an integer in. Working in an elliptic curve group provides some defense against index calculus attacks, allowing shorter signatures than FDH signatures for a similar level of security.
Signatures produced by the BLS signature scheme are often referred to as short signatures, BLS short signatures, or simply BLS signatures. The signature scheme is provably secure in the random oracle model assuming the intractability of the computational Diffie–Hellman problem in a gap Diffie–Hellman group.

BLS signature scheme

A signature scheme consists of three functions: generate, sign, and verify.
;Key generation
The key generation algorithm selects the private key by picking a random integer. The holder of the private key publishes the public key,, where is a generator of.
;Signing
Given the private key, and some message, we compute the signature by hashing the bitstring, as, and we output the signature.
;Verification
Given a signature for message and public key, we verify that.

Properties

  • Unique and deterministic: for a given key and message, there is only one valid signature.
  • Signature Aggregation: Multiple signatures generated under multiple public keys for multiple messages can be aggregated into a single signature.
  • Simple Threshold Signatures and multisignatures.

Curves

BLS12-381

BLS12-381 is part of a family of elliptic curves named after Barreto, Lynn, and Scott. It was designed by Sean Bowe in early 2017 as the foundation for an upgrade to the Zcash protocol. It is both pairing-friendly, making it efficient for digital signatures, and effective for constructing zkSnarks. The planned usage of BLS12-381 for BLS signatures is detailed in the June 2022 IETF internet draft.

Implementations

  • Chia network has used BLS signatures.
  • By 2021, BLS signatures were used in Proof-of-Stake Ethereum's consensus layer to aggregate signatures from all validators. Every validator participates in attesting to the validity of a single slot per 6.4 minute epoch. The use of BLS signatures in Ethereum is considered a solution to the verification bottleneck only for the medium term, as BLS signatures are not quantum secure. Over the longer term—say, 2025–2030—STARK aggregation is expected to be a drop-in replacement for BLS aggregation.
  • Skale cryptocurrency uses BLS signature algorithm.
  • drand uses the BLS12-381 curve as a threshold scheme.