[−][src]Module bls_signatures_rs::bn256
BLS aggregate signatures with bn256.
This module has been designed with the goal of being compatible with the bn256Add(G1), bn256ScalarMul(G1) and bn256Pairing provided by Ethereum.
BLS verification: e(H(m), PubKey) = e(Signature, G2::one)
This module handles public keys in G2 in order to avoid performing the hashing to G2, which involves a costly multiplication with the cofactor.
Test vectors: the following resources have been used for testing BN256 functionalities
Hashing to G1: In order to hash a specific message to G1 this module uses the try and increment algorithm. The running time of this algorithm is dependant on the input message, so it should be used only with public inputs. Alternatively different hashing methods can be implemented as specified in:
BLS resources: The following resources have been used as a reference to implement BLS signatures:
Disclaimer
This module does not implement a defense against Rogue-key attacks, which means it should be used in protocols where the possession of the private key of each individual has been proven (i.e., by signing a message)
Modules
error | Errors returned by the bn256 library |
Structs
Bn256 | BLS multi signatures with curve bn256. |
PrivateKey | The scalar used as private key |
PublicKey | The public key as point in G2 |