Skip to content

Add BLS signature following spec

Danny Willems requested to merge add-bls-signature into master

This MR implements BLS signature following the specification v4 (draft) available here. It fixes #34 (closed). It provides the 3 different schemes described in the paper. The specification describes two versions for the schemes: short pk/large signature and large pk/short signature. The first one is implemented, but both or the latter can be implemented very easily if required.

dune build @generate_test_vectors_for_bls_sig_g2_basic -f
dune build @generate_test_vectors_for_bls_sig_g2_aug -f
dune build @generate_test_vectors_for_bls_sig_g2_pop -f
dune build @generate_test_vectors_for_bls_pop_g2 -f

The reviewer MUST verify that by removing the lines hashing the salt and by removing the suffix _blst in the test vector names, the tests are passing without dc83192e!

  • fbdf1269 and 7a4fca6a fakes the implementation for JS and Rust. Rust backend is going to be replaced by the blst backend in the near future. For the JS backend, no decision has been made yet.

Test files are verbose on purpose. It should be self-contained when reading a test function.

TODO:

  • add signatures with points on the curve but not in the subgroup.
  • blst_core_verify_pk_in_g1 verifies the point and the signature are points on the curve and in the subgroup, which is already verified on the OCaml thanks to the typechecker. We could avoid it.
Edited by Danny Willems

Merge request reports