You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

87 lines
2.6 KiB

  1. \documentclass{article}
  2. \usepackage[utf8]{inputenc}
  3. \usepackage{amsfonts}
  4. \usepackage{amsthm}
  5. \usepackage{amsmath}
  6. \usepackage{enumerate}
  7. \usepackage{hyperref}
  8. \hypersetup{
  9. colorlinks,
  10. citecolor=black,
  11. filecolor=black,
  12. linkcolor=black,
  13. urlcolor=blue
  14. }
  15. \usepackage{xcolor}
  16. % prevent warnings of underfull \hbox:
  17. \usepackage{etoolbox}
  18. \apptocmd{\sloppy}{\hbadness 4000\relax}{}{}
  19. \theoremstyle{definition}
  20. \newtheorem{definition}{Def}[section]
  21. \newtheorem{theorem}[definition]{Thm}
  22. \title{Notes on BLS Signatures}
  23. \author{arnaucube}
  24. \date{}
  25. \begin{document}
  26. \maketitle
  27. \begin{abstract}
  28. Notes taken while reading about BLS signatures \cite{bls-sig-eth2}. Usually while reading papers I take handwritten notes, this document contains some of them re-written to $LaTeX$.
  29. The notes are not complete, don't include all the steps neither all the proofs.
  30. \end{abstract}
  31. % \tableofcontents
  32. \section{BLS signatures}
  33. \paragraph{Key generation}
  34. $sk \in \mathbb{Z}_q$, $pk = [sk] \cdot g_1$, where $g_1 \in G_1$, and is the generator.
  35. \paragraph{Signature}
  36. $$\sigma = [sk] \cdot H(m)$$
  37. where $H$ is a function that maps to a point in $G_2$. So $H(m), \sigma \in G_2$.
  38. \paragraph{Verification}
  39. $$e(g_1, \sigma) == e(pk, H(m))$$
  40. Unfold:
  41. $$e(pk, H(m)) = e([sk] \cdot g_1, H(m) = e(g_1, H(m))^{sk} = e(g_1, [sk] \cdot H(m)) = e(g_1, \sigma))$$
  42. \paragraph{Aggregation}
  43. Signatures aggregation:
  44. $$\sigma_{aggr} = \sigma_1 + \sigma_2 + \ldots + \sigma_n$$
  45. where $\sigma_{aggr} \in G_2$, and an aggregated signatures is indistinguishible from a non-aggregated signature.
  46. \vspace{0.5cm}
  47. Public keys aggregation:
  48. $$pk_{aggr} = pk_1 + pk_2 + \ldots + pk_n$$
  49. where $pk_{aggr} \in G_1$, and an aggregated public keys is indistinguishible from a non-aggregated public key.
  50. \paragraph{Verification of aggregated signatures}
  51. Identical to verification of a normal signature as long as we use the same corresponding aggregated public key:
  52. $$e(g_1, \sigma_{aggr})==e(pk_{aggr}, H(m))$$
  53. Unfold:
  54. $$\fbox{e(pk_{aggr}, H(m))}= e(pk_1 + pk_2 + \ldots + pk_n, H(m)) =$$
  55. $$=e([sk_1] \cdot g_1 + [sk_2] \cdot g_1 + \ldots + [sk_n] \cdot g_1, H(m))=$$
  56. $$=e([sk_1 + sk_2 + \ldots + sk_n] \cdot g_1, H(m))=$$
  57. $$=[sk_1 + sk_2 + \ldots + sk_n]~\cdot~e(g_1, H(m))=$$
  58. $$=e(g_1, [sk_1 + sk_2 + \ldots + sk_n] \cdot H(m))=$$
  59. $$=e(g_1, [sk_1] \cdot H(m) + [sk_2] \cdot H(m) + \ldots + [sk_n] \cdot H(m))=$$
  60. $$=e(g_1, \sigma_1 + \sigma_2 + \ldots + \sigma_n)= \fbox{e(g_1, \sigma_{aggr})}$$
  61. Note: in the current notes $pk \in G_1$ and $\sigma, H(m) \in G_2$, but we could use $\sigma, H(m) \in G_1$ and $pk \in G_2$.
  62. \bibliography{paper-notes.bib}
  63. \bibliographystyle{unsrt}
  64. \end{document}