Crate nugget_bls 

Nugget BLS

Implements the nugget BLS protocols for more efficent aggregation and gossip.

At first blush, BLS signatures need public keys and signatures to live on opposite sides of the pairing, so verifiers need either slow G2 operations for either the hash-to-curve or else for combining public key.

In nugget BLS, we demand public keys be a DLEQ proof between points on each of G1 and G2. so then aggregation sums the public keys on G2, but verifiers only sub the G1 public keys. We now have two verification equations, but they could easily be merged after two scalar multiplications on G1, so verifiers need only the G2 subgroup check and point preperation.

In principle, one always checks signle BLS signatures before creating aggregate BLS signatures. Individual BLS signatures already create DoS risks, which we aleviate by having so individual nugget BLS’ signatures by DLEQ proofs, that employ only G1 arithmetic.

Modules

bls12_377

bls12_381

Structs

AggregateSignature

PublicKey

SecretKey

Signature

Actual nugget BLS signature including faster correctness proof

Transcript

Shake128 transcript style hasher.

Enums

SignatureError

Traits

IntoTranscript

All types interpretable as Transcripts, including primarily impl BorrowMut<Traanscript> types like Transcript and &mut Transcript.

IntoVrfInput

Create VRF input points

Functions

pedersen_vrf

Pedersen VRF configured by the G1 generator for public key certs.

thin_vrf

Then VRF configured by the G1 generator for signatures.

Type Aliases

PublicKeyG1

Incomplete public key living only on G1, not useful for aggregation but useful for end verifiers.

SignatureResult