-
Notifications
You must be signed in to change notification settings - Fork 959
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BLS12-381: Clarification between G1/G2 and serialisation #184
Comments
Please ignore the notation I used in the ethresear.ch post :) The spec is the reference. Having said that, it is intentional to have 48-byte pubkeys and 96-byte signatures. The reason is that the performance of signature verification is improved when adding pubkeys (to form the aggregated pubkey) is fast, i.e. happens on the "small-and-fast" curve. |
@mratsim can we close this issue? |
FWIW, I believe that Chia also has pubkeys on the small-and-fast curve (unlike Zcash). |
Please reopen if you still have questions @mratsim :) |
@vbuterin @JustinDrake thank you for the new spec regarding BLS12-381.
Comparison with ethresear.ch post
I've compared it with the mini-spec from https://ethresear.ch/t/pragmatic-signature-aggregation-with-bls/2105/31.
I noticed the following differences:
As of this version of the specs we have G1 48 bytes and G2 96 bytes (like Zcash) while the ethresear.ch post (and Chia Network) is using the G1 96 bytes and G2 48 bytes.
I.e. Are the changes intentional?
Serialization
Internally many libraries are using a custom binary representation for bigint for crypto to avoid dealing with carry, for example in Milagro
or BearSSL is using i15/i31 limbs (int16 and int32 with spare bits):
So we need to define a canonical serialisation that is used during communication.
If understood correctly the serialisation format is defined by
which is just the natural way to extend uint32 / uint64 to uint384.
Is the following visualisation correct? I assume big endian, so most significant bit on the left.
The text was updated successfully, but these errors were encountered: