From 829911c0fdd0d2337fda320a6c333ae053eaa3d0 Mon Sep 17 00:00:00 2001 From: vbuterin Date: Fri, 14 Dec 2018 19:55:05 -0500 Subject: [PATCH] Swapped order of aggregate and verify --- specs/bls_signature.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/specs/bls_signature.md b/specs/bls_signature.md index 47f7b69c0..394d6bbc3 100644 --- a/specs/bls_signature.md +++ b/specs/bls_signature.md @@ -99,6 +99,16 @@ def modular_squareroot(value: int) -> int: return None ``` +## Operations involving asignature aggregation + +### `bls_aggregate_pubkeys` + +Let `bls_aggregate_pubkeys(pubkeys: [uint384]) -> uint384` return `pubkeys[0] + .... + pubkeys[len(pubkeys)-1]`, where `+` is the elliptic curve addition operation over the G1 curve. + +### `bls_aggregate_signatures` + +Let `bls_aggregate_signatures(signatures: [[uint384]]) -> [uint384]` return `signatures[0] + .... + signatures[len(signatures)-1]`, where `+` is the elliptic curve addition operation over the G2 curve. + ## Signature verification In the following `e` is the pairing function and `g` is the G1 generator with the following coordinates (see [here](https://github.com/zkcrypto/pairing/tree/master/src/bls12_381#g1)): @@ -117,16 +127,6 @@ Let `bls_verify(pubkey: uint384, message: bytes32, signature: [uint384], domain: * Verify that `signature` is a valid G2 point. * Verify that `e(pubkey, hash_to_G2(message, domain)) == e(g, signature)`. -## Operations involving aggregate signatures - -### `bls_aggregate_pubkeys` - -Let `bls_aggregate_pubkeys(pubkeys: [uint384]) -> uint384` return `pubkeys[0] + .... + pubkeys[len(pubkeys)-1]`, where `+` is the elliptic curve addition operation over the G1 curve. - -### `bls_aggregate_signatures` - -Let `bls_aggregate_signatures(signatures: [[uint384]]) -> [uint384]` return `signatures[0] + .... + signatures[len(signatures)-1]`, where `+` is the elliptic curve addition operation over the G2 curve. - ### `bls_verify_multiple` Let `bls_verify_multiple(pubkeys: [uint384], messages: [bytes32], signature: [uint384], domain: uint64) -> bool`: