|
|
# toy implementation of BLS signatures
load("bls12-381.sage") from hashlib import sha256
def hash(m): h_output = sha256(str(m).encode('utf-8')) return int(h_output.hexdigest(), 16)
def hash_to_point(m): # WARNING this hash-to-point approach should not be used! h = hash(m) return G2 * h
pairing = Pairing()
class Signer: def __init__(self): self.sk = F1.random_element() self.pk = self.sk * G1
def sign(self, m): H = hash_to_point(m) return self.sk * H
def verify(pk, s, m): H = hash_to_point(m) return pairing.pair(G1, s) == pairing.pair(pk, H)
def aggr(points): R = 0 for i in range(len(points)): R = R + points[i] return R
m = 1234
# single signature & verification user0 = Signer() s = user0.sign(m) v = verify(user0.pk, s, m) assert v
# BLS signature aggregation n = 10 users = [None]*n pks = [None]*n sigs = [None]*n for i in range(n): users[i] = Signer() pks[i] = users[i].pk sigs[i] = users[i].sign(m)
# aggregate sigs & pks s_aggr = aggr(sigs) pk_aggr = aggr(pks)
# verify aggregated signature v = verify(pk_aggr, s_aggr, m) assert v
|