Learning the principles of the BLS signature algorithm
(This scheme is used in EIP-4337 for the signature of bulk transactions)
Elliptic curve pairing
Define the elliptic curve pairing function as:
G1 and G2 are additive groups and GT is a multiplicative group. This may be abstract for beginners. It can simply be understood that this is a function with 2 parameters. Parameter 1 is input to G1, parameter 2 is input to G2, and finally an element inside GT is returned.
Among them are the following features:
The following derivation can be obtained, where [a], [b] is a scalar, which can be understood as an integer concept in arithmetic.
sk: secret key
pk: publick key
We get the process from generating the private key to generating the corresponding public key as follows:
In cryptographic theory, it is difficult to obtain [sk] even if we get the values of pk, g1, which is called discrete logarithm problem. This feature is very important, which must be understood intuitively.
The process of signature
Our message m is a data of arbitrary length, we need to map m to the group G2, which can be understood as a hash after getting m, then we will get the corresponding signature result:
Note:
pk is distributed inside G1 and σ is distributed inside G2. This order is interchangeable. However, the number of points in G1 is small, and the computation is fast but the storage is small; the point data in G2 is large, and the storage is large but the computation is slow. Therefore, tradeoff is to be done according to the application scenario.
The Verification of signature
The validator of the message only needs to verify that the following two sides are equal:
The Process of aggregation verification (scenarios with identical messages)
This is the feature of BLS aggregation. σagg and pkagg still belong to G2 and G1 respectively due to the closed nature of the additive group.
This leads to the fact that even if multiple signatures are added up and multiple public keys are added up, the length of the data obtained is still fixed. Thus, the message verifier simply verifies the equality of the following equations:
Application scenarios of BLS signature in blockchain ecosystem
1. In EIP-4337, optimized use of signature compression after multiple merged transactions.
2. The POS design of Ethereum at the beginning can only support several hundred validators. Node information authentication between P2P needs to transmit a large number of verification messages, resulting in high overhead. BLS greatly saves the transmission space of verifying signature data, called **BLS-12–318**.
Reference:
Author: ZeroKPunk
