kyber: Index | Files

package bls

import ""

Package bls implements the Boneh-Lynn-Shacham (BLS) signature scheme which was introduced in the paper "Short Signatures from the Weil Pairing". BLS requires pairing-based cryptography.

Deprecated: This version is vulnerable to rogue public-key attack and the new version of the protocol should be used to make sure a signature aggregate cannot be verified by a forged key. You can find the protocol in kyber/sign/bdn. Note that only the aggregation is broken against the attack and a later version will merge bls and asmbls.

See the paper:


Package Files


func AggregatePublicKeys Uses

func AggregatePublicKeys(suite pairing.Suite, Xs ...kyber.Point) kyber.Point

AggregatePublicKeys takes a slice of public G2 points and returns the sum of those points. This is used to verify multisignatures.

func AggregateSignatures Uses

func AggregateSignatures(suite pairing.Suite, sigs ...[]byte) ([]byte, error)

AggregateSignatures combines signatures created using the Sign function

func BatchVerify Uses

func BatchVerify(suite pairing.Suite, publics []kyber.Point, msgs [][]byte, sig []byte) error

BatchVerify verifies a large number of publicKey/msg pairings with a single aggregated signature. Since aggregation is generally much faster than verification, this can be a speed enhancement. Benchmarks show a roughly 50% performance increase over individual signature verification Every msg must be unique or there is the possibility to accept an invalid signature see: for a description of why each message must be unique.

func NewKeyPair Uses

func NewKeyPair(suite pairing.Suite, random cipher.Stream) (kyber.Scalar, kyber.Point)

NewKeyPair creates a new BLS signing key pair. The private key x is a scalar and the public key X is a point on curve G2.

func Sign Uses

func Sign(suite pairing.Suite, x kyber.Scalar, msg []byte) ([]byte, error)

Sign creates a BLS signature S = x * H(m) on a message m using the private key x. The signature S is a point on curve G1.

func Verify Uses

func Verify(suite pairing.Suite, X kyber.Point, msg, sig []byte) error

Verify checks the given BLS signature S on the message m using the public key X by verifying that the equality e(H(m), X) == e(H(m), x*B2) == e(x*H(m), B2) == e(S, B2) holds where e is the pairing operation and B2 is the base point from curve G2.

Package bls imports 6 packages (graph). Updated 2019-11-27. Refresh now. Tools for package owners.