Struct MinSig

pub struct MinSig {}

A Variant with a public key of type G2 and a signature of type G1.

Trait Implementations

impl Clone for MinSig

fn clone(&self) -> MinSig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for MinSig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Hash for MinSig

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for MinSig

fn eq(&self, other: &MinSig) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Variant for MinSig

fn verify( public: &Self::Public, hm: &Self::Signature, signature: &Self::Signature, ) -> Result<(), Error>

Verifies that e(pk,hm) is equal to e(G2::one(),sig) using a single product check with a negated G2 generator (e(pk,hm) * e(-G2::one(),sig) == 1).

fn batch_verify<R: RngCore + CryptoRng>( rng: &mut R, publics: &[Self::Public], hms: &[Self::Signature], signatures: &[Self::Signature], ) -> Result<(), Error>

Verifies a set of signatures against their respective public keys and pre-hashed messages.

This method outperforms individual signature verification (2 pairings per signature) by verifying a random linear combination of the public keys and signatures (n+1 pairings and 2n multiplications for n signatures).

The verification equation for each signature i is: e(pk_i,hm_i) == e(G2::one(),sig_i), which is equivalent to checking if e(pk_i,hm_i) * e(-G2::one(),sig_i) == 1.

To batch verify n such equations, we introduce random non-zero scalars r_i (for i=1..n). The batch verification checks if the product of these individual equations, each effectively raised to the power of its respective r_i, equals one: prod_i((e(pk_i,hm_i) * e(-G2::one(),sig_i))^{r_i}) == 1

Using the bilinearity of pairings, this can be rewritten (by moving r_i inside the pairings): prod_i(e(r_i * pk_i,hm_i) * e(-G2::one(),r_i * sig_i)) == 1

The second term e(-G2::one(),r_i * sig_i) can be computed efficiently with Multi-Scalar Multiplication: e(-G2::one(),sum_i(r_i * sig_i))

Finally, we aggregate all pairings e(r_i * pk_i,hm_i) (n) and e(-G2::one(),sum_i(r_i * sig_i)) (1) into a single product in the target group G_T. If the result is the identity element in G_T, the batch verification succeeds.

Source: https://ethresear.ch/t/security-of-bls-batch-verification/10748

const PROOF_OF_POSSESSION: DST = G1_PROOF_OF_POSSESSION

The domain separator tag (DST) for a proof of possession.

const MESSAGE: DST = G1_MESSAGE

The domain separator tag (DST) for a message.

type Public = G2

The public key type.

type Signature = G1

The signature type.

impl Eq for MinSig

impl StructuralPartialEq for MinSig