Package bls implements the Boneh-Lynn-Shacham (BLS) signature scheme which was introduced in the paper "Short Signatures from the Weil Pairing". BLS requires pairing-based cryptography.
Deprecated: This version is vulnerable to rogue public-key attack and the new version of the protocol should be used to make sure a signature aggregate cannot be verified by a forged key. You can find the protocol in kyber/sign/bdn. Note that only the aggregation is broken against the attack and a later version will merge bls and asmbls.
AggregatePublicKeys takes a slice of public G2 points and returns the sum of those points. This is used to verify multisignatures.
AggregateSignatures combines signatures created using the Sign function
BatchVerify verifies a large number of publicKey/msg pairings with a single aggregated signature. Since aggregation is generally much faster than verification, this can be a speed enhancement. Benchmarks show a roughly 50% performance increase over individual signature verification Every msg must be unique or there is the possibility to accept an invalid signature see: https://crypto.stackexchange.com/questions/56288/is-bls-signature-scheme-strongly-unforgeable/56290 for a description of why each message must be unique.
NewKeyPair creates a new BLS signing key pair. The private key x is a scalar and the public key X is a point on curve G2.
Sign creates a BLS signature S = x * H(m) on a message m using the private key x. The signature S is a point on curve G1.
Verify checks the given BLS signature S on the message m using the public key X by verifying that the equality e(H(m), X) == e(H(m), x*B2) == e(x*H(m), B2) == e(S, B2) holds where e is the pairing operation and B2 is the base point from curve G2.