You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

63 lines
1.1 KiB

  1. # toy implementation of BLS signatures
  2. load("bls12-381.sage")
  3. from hashlib import sha256
  4. def hash(m):
  5. h_output = sha256(str(m).encode('utf-8'))
  6. return int(h_output.hexdigest(), 16)
  7. def hash_to_point(m):
  8. # WARNING this hash-to-point approach should not be used!
  9. h = hash(m)
  10. return e.G2 * h
  11. e = Pairing()
  12. class Signer:
  13. def __init__(self):
  14. self.sk = e.F1.random_element()
  15. self.pk = self.sk * e.G1
  16. def sign(self, m):
  17. H = hash_to_point(m)
  18. return self.sk * H
  19. def verify(pk, s, m):
  20. H = hash_to_point(m)
  21. return e.pair(e.G1, s) == e.pair(pk, H)
  22. def aggr(points):
  23. R = 0
  24. for i in range(len(points)):
  25. R = R + points[i]
  26. return R
  27. m = 1234
  28. # single signature & verification
  29. user0 = Signer()
  30. s = user0.sign(m)
  31. v = verify(user0.pk, s, m)
  32. assert v
  33. # BLS signature aggregation
  34. n = 10
  35. users = [None]*n
  36. pks = [None]*n
  37. sigs = [None]*n
  38. for i in range(n):
  39. users[i] = Signer()
  40. pks[i] = users[i].pk
  41. sigs[i] = users[i].sign(m)
  42. # aggregate sigs & pks
  43. s_aggr = aggr(sigs)
  44. pk_aggr = aggr(pks)
  45. # verify aggregated signature
  46. v = verify(pk_aggr, s_aggr, m)
  47. assert v