# toy implementation of BLS signatures
|
|
|
|
load("bls12-381.sage")
|
|
from hashlib import sha256
|
|
|
|
def hash(m):
|
|
h_output = sha256(str(m).encode('utf-8'))
|
|
return int(h_output.hexdigest(), 16)
|
|
|
|
def hash_to_point(m):
|
|
# WARNING this hash-to-point approach should not be used!
|
|
h = hash(m)
|
|
return G2 * h
|
|
|
|
|
|
pairing = Pairing()
|
|
|
|
class Signer:
|
|
def __init__(self):
|
|
self.sk = F1.random_element()
|
|
self.pk = self.sk * G1
|
|
|
|
def sign(self, m):
|
|
H = hash_to_point(m)
|
|
return self.sk * H
|
|
|
|
def verify(pk, s, m):
|
|
H = hash_to_point(m)
|
|
return pairing.pair(G1, s) == pairing.pair(pk, H)
|
|
|
|
def aggr(points):
|
|
R = 0
|
|
for i in range(len(points)):
|
|
R = R + points[i]
|
|
return R
|
|
|
|
|
|
m = 1234
|
|
|
|
# single signature & verification
|
|
user0 = Signer()
|
|
s = user0.sign(m)
|
|
v = verify(user0.pk, s, m)
|
|
assert v
|
|
|
|
|
|
# BLS signature aggregation
|
|
n = 10
|
|
users = [None]*n
|
|
pks = [None]*n
|
|
sigs = [None]*n
|
|
for i in range(n):
|
|
users[i] = Signer()
|
|
pks[i] = users[i].pk
|
|
sigs[i] = users[i].sign(m)
|
|
|
|
# aggregate sigs & pks
|
|
s_aggr = aggr(sigs)
|
|
pk_aggr = aggr(pks)
|
|
|
|
# verify aggregated signature
|
|
v = verify(pk_aggr, s_aggr, m)
|
|
assert v
|