4

relic, the library used by the majority of BLS implementations, is rather difficult to build cross-platform.

Because of this, I've been looking for other pure BLS implementations that don't rely on C - and I've found one in Go and another in Rust.

However, the nomenclature seems to be different between each library.

I see a mix and match of the words "Affine", "Scalar", "FR", "FRRepr", "G1", "G2", "Public Key", "Secret" and "Seed", among others, which don't necessarily match what I read in articles about BLS, WikiPedia, or other code libraries.

I'm assuming that some of these terms are interchangeable, and some have distinct meaning.

For example, it appears that "G1Element" is synonymous with "Public Key".

But what are the technical synonyms for "Private Key" or "Secret"?

Specifically, I'm trying to discern how I can use something like these:

At this point, all I want to do is be able to cross-compile some code for the 6 most common arch+os platforms that will generate a private + public keypair.

That said, I'd love to learn anything y'all have to offer in regards to how to relate the layperson terminology ("Private Key", "Public Key", "Signature") to the mathematical and programming terminology ("G1", etc).

coolaj86
  • 193
  • 1
  • 5

1 Answers1

5

The confusion stems from one name referencing two different but related things. Namely,

  1. BLS, as in BLS signatures: stands for Digital signatures that use pairing-based cryptography to provide short signature with additional properties like aggregability, See more here. They were first introduced by Boneh, Lynn and Shacham, hence the name BLS

  2. BLS, as in BLS12_381: is a so call "Pairing-Friendly" Elliptic curve that allows for efficient and secure applications of pairing-based cryptography, including BLS signatures. They come from the work of Barreto, Lynn and Scott, hence BLS.

So, it seems you are looking for an implementation of 1) whilst the libraries you have been looking at only provide an implementation for 2), i.e. e: the underlying curve.

Have a look into the pure Python implementation BLS signatures to see how the two concepts relate. https://github.com/Chia-Network/bls-signatures/blob/main/python-impl/schemes.py

But in general, and as described in Wikipedia: BLS signature scheme, the key generation works at a high level as follows: select a random value $x, 0 < x < N$, where $N$ is the order of the curve and set the public key to $xG$, where $G$ is the generator of the curve.

The precise details depend on the standard.

coolaj86
  • 193
  • 1
  • 5
Marc Ilunga
  • 3,188
  • 1
  • 9
  • 22