A BLS digital signature, also known as Boneh–Lynn–Shacham (BLS), is a cryptographic signature scheme which allows a user to verify that a signer is authentic. The scheme uses a bilinear pairing, where G_1, G_2, and G_T are elliptic curve groups of prime order q, and a hash function H from the message space into G_1. Signature are elements of G_1, public keys are elements of G_2, and the secret key is an integer in [0,q-1]. Working in an elliptic curve group provides some defense against index calculus attacks (with the caveat that such attacks are still possible in the target group G_T of the pairing), allowing shorter signatures than FDH signatures for a similar level of security. Signatures produced by the BLS signature scheme are often referred to as short signatures, BLS short signatures, or simply BLS signatures. The signature scheme is provably secure (the scheme is existentially unforgeable under adaptive chosen-message attacks) in the random oracle model assuming the intractability of the computational Diffie–Hellman problem in a gap Diffie–Hellman group.

BLS signature scheme

A signature scheme consists of three functions: generate, sign, and verify. The key generation algorithm selects the private key by picking a random integer. The holder of the private key publishes the public key, g_2^x, where g_2 is a generator of G_2. Given the private key x, and some message m, we compute the signature by hashing the bitstring m, as h=H(m), and we output the signature \sigma=h^x. Given a signature \sigma for message m and public key g_2^x, we verify that.

Properties

Curves

BLS12-381

BLS12-381 is part of a family of elliptic curves named after Barreto, Lynn, and Scott (a different BLS trio, except for the L). It was designed by Sean Bowe in early 2017 as the foundation for an upgrade to the Zcash protocol. It is both pairing-friendly, making it efficient for digital signatures, and effective for constructing zkSnarks. The usage of BLS12-381 for BLS signatures is detailed in the IETF internet draft.

Implementations