Question about the BLS

cymqqqq · June 18, 2023, 7:50am

Hi Dfinity Team, are there some applications on IC about the bls signature code here?:

andrea · June 19, 2023, 7:33am

Hi there! I am not sure if you are asking something specific about that commit or generally about BLS signatures. Note that the crate being updated in that commit implements the BLS12_381 curve, not BLS signatures. However there are many uses of BLS signatures on the internet computer, such as:

Multi BLS signatures are used by the nodes to notarize and finalize blocks.
Threshold BLS signatures are used to certify information on the internet computer, as well as to generate the random beacon (used to select block proposers) and the random tape (used to derive randomness exposed to canisters)

cymqqqq · June 19, 2023, 7:39am

Thanks, andrea, that’s what I want to know about. And another question is:
What are the advantages of using BLS signatures for the two points that you listed here?

andrea · June 19, 2023, 10:38am

The main advantage of multi-signatures is that the combined signature is more compact to store/transfer than several individual signatures. BLS multi-signatures are also easy to generate as the signing protocol is non-interactive: i.e. every party individually signs a share and announces it to the other parties, the shares can then be publicly combined into a multi-signature.

Threshold BLS signatures are unique signatures, which means that for each message there is only one possible valid signature. It is well known that unique signature schemes can be used to construct verifiable random functions (VRF): these are pseudorandom functions for which it is possible to create proofs for the correctness of the outputs. This is what the IC uses to generate the random beacon and the random tape.

A crucial difference between multi and threshold BLS is that to verify a combined multi-signature you need to know all the public keys of the signers, while to verify a combined threshold signature you only need to know a single key (which is generated via distributed key generation protocol). This is the reason why for certification the IC uses threshold signatures: any content certified by the IC can be verified using a single root public key, so that users don’t have to keep track of all the public keys of the nodes on the IC.

Topic		Replies	Views
Is the Notarization the threshold BLS signature? Developers	2	322	May 17, 2023
What are the thresholds for various threshold signatures? Developers	3	239	April 16, 2024
Documentation threshold ecdsa Developers	31	2247	May 24, 2024
[RFC] Chain Fusion Signer Developers	19	322	December 21, 2024
Update on Recent Improvements to Canister Signature Verification Efficiency by Using Cache General	0	490	March 30, 2023

Question about the BLS

Related topics