Function bls_on_arkworks::aggregate_verify

source ·

pub fn aggregate_verify(
    public_keys: Vec<PublicKey>,
    messages: Vec<Octets>,
    signature: &Signature,
    dst: &Octets
) -> bool

Expand description

(spec link) Checks an aggregated signature over several (PK, message) pairs.

Implementation:

   1.  R = signature_to_point(signature)
   2.  If R is INVALID, return INVALID
   3.  If signature_subgroup_check(R) is INVALID, return INVALID
   4.  C1 = 1 (the identity element in GT)
   5.  for i in 1, ..., n:
   6.      If KeyValidate(PK_i) is INVALID, return INVALID
   7.      xP = pubkey_to_point(PK_i)
   8.      Q = hash_to_point(message_i)
   9.      C1 = C1 * pairing(Q, xP)
   10. C2 = pairing(R, P)
   11. If C1 == C2, return VALID, else return INVALID

XXX: this function doesn’t take DST as an argument in the spec. It should!