[−][src]Module bls_like::distinct
Aggregation for BLS signatures with distinct message.
In this module, we provide the linear flavor of aggregate BLS signature in which all messages are required to be distinct. In other words, if all messages are distinct then we cannot add public keys from different pairings anyways.
In verification, we can add different message hashes signed by the
same public key, ala e(g1,s*H(m1)+s*H(m2)) = e(s*g1,H(m1)+H(m2)),
assuming we need not worry about a signers "equivocating" in
advance by providing signatures that verify only when aggregated.
We cannot exploit this before verification however, due to the
requirement to enforce distinct messages.
We also note that most signature schemes permit support extremely efficent signer side batching, which normally out performs BLS. It's ocasioanlly worth asking if signers can be trusted to such collected signatures. See also:
- RSA: https://eprint.iacr.org/2018/082.pdf
- Boneh-Boyen: https://crypto.stanford.edu/~dabo/papers/bbsigs.pdf http://sci-gems.math.bas.bg:8080/jspui/bitstream/10525/1569/1/sjc096-vol3-num3-2009.pdf
Structs
| AttackViaDuplicateMessages | Error tyoe for non-distinct messages found during distinct message aggregation. |
| DistinctMessages | Distinct messages with attached BLS signature |
Type Definitions
| DistinctMessagesResult |