Clik here to view.
Pragmatic signature aggregation with BLS
Thanks for the reference! JustinDrake: Yes but it would be a one-time cost, and the verification could have been done at registration by the blockchain at no cost to verifiers. I think this depends...
View ArticlePragmatic signature aggregation with BLS
I figured it out, probably. We already can aggregate the proofs of possession because they are on different messages, so this should all be fine in the end. Aggregation over different messages is not...
View ArticleClik here to view.
Pragmatic signature aggregation with BLS
I don’t understand the concern of your last two replies. Are you worried about the costs of registering a new BLS public key? burdges: if accounts are single use Accounts are not at all single use....
View ArticleClik here to view.
Pragmatic signature aggregation with BLS
JustinDrake: Are you worried about the costs of registering a new BLS public key? I had not quite understood if registration was even the right model. JustinDrake: Keep in mind that the deregistration...
View ArticleClik here to view.
Pragmatic signature aggregation with BLS
burdges: I’m asking about corrupting the entire validator set, or maybe just 2/3rds, entering rogue keys for large accounts that rarely move, and much later stealing the balances form the target...
View ArticleClik here to view.
Pragmatic signature aggregation with BLS
vbuterin: I’m confused here. How is entering rogue keys for other accounts even possible if you have to make a proof of possession at time of registration? Rogue keys are not possible under the...
View ArticlePragmatic signature aggregation with BLS
Ah, I see. I think in general registration is an unavoidable part of all of the kinds of deposit-based PoS algorithms we are using, because a signature is not even valid in a beacon chain unless the...
View ArticlePragmatic signature aggregation with BLS
Yes, initially I did not realize this was only for validators, not just general signature aggregation, which changes the situation, as you say. Read full topic
View ArticlePragmatic signature aggregation with BLS
Just fyi, Dan Boneh’s reference indicated using Wagner’s generalized birthday problem algorithm, which looks like L[1/2]. It’s slower than cracking RSA but not slow enough for these curve sizes. Read...
View ArticlePragmatic signature aggregation with BLS
Rust implementation for BLS sigs from Compact Multi-Signatures for Smaller Blockchains by Dan Boneh, Manu Drijvers, Gregory Neven. It supports single signature verification and aggregate signature...
View ArticleClik here to view.
Pragmatic signature aggregation with BLS
JustinDrake: Verification : Signature verification is the two-pairing check e(σ,g)?=e(H(m),π)e(\sigma, g) \stackrel{?}{=} e(\textsf{H}(m), \pi). Won’t the verification process need to verify every...
View ArticlePragmatic signature aggregation with BLS
Won’t the verification process need to verify every single signature prior to the aggregated signature verification? The onchain signature verification process is a single signature verification, but...
View ArticleClik here to view.
Pragmatic signature aggregation with BLS
JustinDrake: he expects some fraction (say, 99.9%) of signatures he receives to be valid. I’m trying to understand why this assumption is justified. Is there slashing for publishing invalid individual...
View ArticlePragmatic signature aggregation with BLS
How do you know who produced an invalid signature? Read full topic
View ArticleClik here to view.
Pragmatic signature aggregation with BLS
YaDavid: Is there slashing for publishing invalid individual signatures We don’t have plans for slashing conditions at the protocol level. I guess it could be implemented at the application layer in...
View ArticlePragmatic signature aggregation with BLS
Following the steps of @lovesh, we’ve also started an implementation of BLS multisig in Nim, based on Apache Milagro-Crypto as discussed in the sharding implementer call #0. For reference I’ve...
View ArticlePragmatic signature aggregation with BLS
I’ve stumbled upon Threshold Cryptography and Distributed Key Generation by Orbs.com. It goes over Elliptic Curve Crypto, BLS and then introduce Threshold BLS Signature Scheme with key generation...
View ArticlePragmatic signature aggregation with BLS
We are using joint-Feldman protocol for DKG and BLS with the curve implemented in ethereum (alt_bn128 + optimal ATE pairing). Will be happy to share the code once it is ready. Read full topic
View ArticlePragmatic signature aggregation with BLS
I have been working on the @lovesh Milagro implementation here: https://github.com/sigp/signature-schemes Thanks for your work @lovesh, it is much appreciated. Primarily, I have been working on the...
View ArticlePragmatic signature aggregation with BLS
Just published BLS aggregation library in Java (based on milagro): https://github.com/ConsenSys/mikuli One thing to note: If we assume that signature is a point in the group with smaller elements then...
View Article
