From add628d26bcb0b55d7f1a4b4c3031f4241922c66 Mon Sep 17 00:00:00 2001
From: vbuterin <v@buterin.com>
Date: Thu, 13 Dec 2018 19:06:07 -0500
Subject: [PATCH 1/3] Edit BLS spec as per issue #300

See https://github.com/ethereum/eth2.0-specs/issues/300
---
 specs/{bls_verify.md => bls_signature.md} | 10 ++++++++++
 1 file changed, 10 insertions(+)
 rename specs/{bls_verify.md => bls_signature.md} (91%)

diff --git a/specs/bls_verify.md b/specs/bls_signature.md
similarity index 91%
rename from specs/bls_verify.md
rename to specs/bls_signature.md
index a6c41e555..47f7b69c0 100644
--- a/specs/bls_verify.md
+++ b/specs/bls_signature.md
@@ -117,6 +117,16 @@ Let `bls_verify(pubkey: uint384, message: bytes32, signature: [uint384], domain:
 * Verify that `signature` is a valid G2 point.
 * Verify that `e(pubkey, hash_to_G2(message, domain)) == e(g, signature)`.
 
+## Operations involving aggregate signatures
+
+### `bls_aggregate_pubkeys`
+
+Let `bls_aggregate_pubkeys(pubkeys: [uint384]) -> uint384` return `pubkeys[0] + .... + pubkeys[len(pubkeys)-1]`, where `+` is the elliptic curve addition operation over the G1 curve.
+
+### `bls_aggregate_signatures`
+
+Let `bls_aggregate_signatures(signatures: [[uint384]]) -> [uint384]` return `signatures[0] + .... + signatures[len(signatures)-1]`, where `+` is the elliptic curve addition operation over the G2 curve.
+
 ### `bls_verify_multiple`
 
 Let `bls_verify_multiple(pubkeys: [uint384], messages: [bytes32], signature: [uint384], domain: uint64) -> bool`:

From 7b4c4f299da3ce19ec84f2344ada723ea4a5d4a9 Mon Sep 17 00:00:00 2001
From: Danny Ryan <dannyjryan@gmail.com>
Date: Fri, 14 Dec 2018 09:39:14 -0600
Subject: [PATCH 2/3] add bls_aggregate_pubkeys ref in beacon chain spec

---
 specs/core/0_beacon-chain.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/specs/core/0_beacon-chain.md b/specs/core/0_beacon-chain.md
index 198c4872a..f6ee34c01 100644
--- a/specs/core/0_beacon-chain.md
+++ b/specs/core/0_beacon-chain.md
@@ -84,6 +84,7 @@
             - [`integer_squareroot`](#integer_squareroot)
             - [`bls_verify`](#bls_verify)
             - [`bls_verify_multiple`](#bls_verify_multiple)
+            - [`bls_aggregate_pubkeys`](#bls_aggregate_pubkeys)
         - [On startup](#on-startup)
         - [Routine for processing deposits](#routine-for-processing-deposits)
         - [Routine for updating validator status](#routine-for-updating-validator-status)
@@ -1104,11 +1105,15 @@ def integer_squareroot(n: int) -> int:
 
 #### `bls_verify`
 
-`bls_verify` is a function for verifying a BLS12-381 signature, defined in the [BLS Verification spec](https://github.com/ethereum/eth2.0-specs/blob/master/specs/bls_verify.md#bls_verify).
+`bls_verify` is a function for verifying a BLS12-381 signature, defined in the [BLS Signature spec](https://github.com/ethereum/eth2.0-specs/blob/master/specs/bls_signature.md#bls_verify).
 
 #### `bls_verify_multiple`
 
-`bls_verify_multiple` is a function for verifying a BLS12-381 signature constructed from multiple messages, defined in the [BLS Verification spec](https://github.com/ethereum/eth2.0-specs/blob/master/specs/bls_verify.md#bls_verify_multiple).
+`bls_verify_multiple` is a function for verifying a BLS12-381 signature constructed from multiple messages, defined in the [BLS Signature spec](https://github.com/ethereum/eth2.0-specs/blob/master/specs/bls_signature.md#bls_verify_multiple).
+
+#### `bls_aggregate_pubkeys`
+
+`bls_aggregate_pubkeys` is a function for aggregating a BLS12-381 public keys into a single aggregate key, defined in the [BLS Signature spec](https://github.com/ethereum/eth2.0-specs/blob/master/specs/bls_signature.md#bls_aggregate_pubkeys).
 
 ### On startup
 
@@ -1473,7 +1478,7 @@ For each `attestation` in `block.body.attestations`:
 * Verify that either `attestation.data.latest_crosslink_root` or `attestation.data.shard_block_root` equals `state.latest_crosslinks[shard].shard_block_root`.
 * `aggregate_signature` verification:
     * Let `participants = get_attestation_participants(state, attestation.data, attestation.participation_bitfield)`.
-    * Let `group_public_key = BLSAddPubkeys([state.validator_registry[v].pubkey for v in participants])`.
+    * Let `group_public_key = bls_aggregate_pubkeys([state.validator_registry[v].pubkey for v in participants])`.
     * Verify that `bls_verify(pubkey=group_public_key, message=hash_tree_root(attestation.data) + bytes1(0), signature=attestation.aggregate_signature, domain=get_domain(state.fork_data, attestation.data.slot, DOMAIN_ATTESTATION))`.
 * [TO BE REMOVED IN PHASE 1] Verify that `attestation.data.shard_block_root == ZERO_HASH`.
 * Append `PendingAttestationRecord(data=attestation.data, participation_bitfield=attestation.participation_bitfield, custody_bitfield=attestation.custody_bitfield, slot_included=state.slot)` to `state.latest_attestations`.

From 829911c0fdd0d2337fda320a6c333ae053eaa3d0 Mon Sep 17 00:00:00 2001
From: vbuterin <v@buterin.com>
Date: Fri, 14 Dec 2018 19:55:05 -0500
Subject: [PATCH 3/3] Swapped order of aggregate and verify

---
 specs/bls_signature.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/specs/bls_signature.md b/specs/bls_signature.md
index 47f7b69c0..394d6bbc3 100644
--- a/specs/bls_signature.md
+++ b/specs/bls_signature.md
@@ -99,6 +99,16 @@ def modular_squareroot(value: int) -> int:
     return None
 ```
 
+## Operations involving asignature aggregation
+
+### `bls_aggregate_pubkeys`
+
+Let `bls_aggregate_pubkeys(pubkeys: [uint384]) -> uint384` return `pubkeys[0] + .... + pubkeys[len(pubkeys)-1]`, where `+` is the elliptic curve addition operation over the G1 curve.
+
+### `bls_aggregate_signatures`
+
+Let `bls_aggregate_signatures(signatures: [[uint384]]) -> [uint384]` return `signatures[0] + .... + signatures[len(signatures)-1]`, where `+` is the elliptic curve addition operation over the G2 curve.
+
 ## Signature verification
 
 In the following `e` is the pairing function and `g` is the G1 generator with the following coordinates (see [here](https://github.com/zkcrypto/pairing/tree/master/src/bls12_381#g1)):
@@ -117,16 +127,6 @@ Let `bls_verify(pubkey: uint384, message: bytes32, signature: [uint384], domain:
 * Verify that `signature` is a valid G2 point.
 * Verify that `e(pubkey, hash_to_G2(message, domain)) == e(g, signature)`.
 
-## Operations involving aggregate signatures
-
-### `bls_aggregate_pubkeys`
-
-Let `bls_aggregate_pubkeys(pubkeys: [uint384]) -> uint384` return `pubkeys[0] + .... + pubkeys[len(pubkeys)-1]`, where `+` is the elliptic curve addition operation over the G1 curve.
-
-### `bls_aggregate_signatures`
-
-Let `bls_aggregate_signatures(signatures: [[uint384]]) -> [uint384]` return `signatures[0] + .... + signatures[len(signatures)-1]`, where `+` is the elliptic curve addition operation over the G2 curve.
-
 ### `bls_verify_multiple`
 
 Let `bls_verify_multiple(pubkeys: [uint384], messages: [bytes32], signature: [uint384], domain: uint64) -> bool`: