package bls12-381

  1. Overview
  2. Docs

Follow https://tools.ietf.org/pdf/draft-irtf-cfrg-bls-signature-04.pdf

type sk

Type of the secret keys.

type pk

Type of the public keys

type signature = Stdlib.Bytes.t
val sk_of_bytes_exn : Stdlib.Bytes.t -> sk

sk_of_bytes_exn bs attempts to deserialize bs into a secret key. bs must be the little endian representation of the secret key. In this case, secret keys are scalars of BLS12-381 and are encoded on 32 bytes. The bytes sequence might be less of 32 bytes and in this case, the bytes sequence is padded on the right by 0's. If the bytes sequence is longer than 32 bytes, raise Invalid_argument.

val sk_to_bytes : sk -> Stdlib.Bytes.t

sk_to_bytes sk serialises the secret key into the little endian representation.

val unsafe_pk_of_bytes : Stdlib.Bytes.t -> pk

Build a value of type pk without performing any check on the input. It is safe to use this function when verifying a signature as the signature function verifies if the point is in the prime subgroup. Using unsafe_pk_of_bytes removes a verification performed twice when used pk_of_bytes_exn or pk_of_bytes_opt.

The expected bytes format are the compressed form of a point on G1.

val pk_of_bytes_exn : Stdlib.Bytes.t -> pk

Build a value of type pk safely, i.e. the function checks the bytes given in parameters represents a point on the curve and in the prime subgroup. Raise Invalid_argument if the bytes are not in the correct format or does not represent a point in the prime subgroup.

The expected bytes format are the compressed form of a point on G1.

val pk_of_bytes_opt : Stdlib.Bytes.t -> pk option

Build a value of type pk safely, i.e. the function checks the bytes given in parameters represents a point on the curve and in the prime subgroup. Return None if the bytes are not in the correct format or does not represent a point in the prime subgroup.

The expected bytes format are the compressed form of a point on G1.

val pk_to_bytes : pk -> Stdlib.Bytes.t

Returns a bytes representation of a value of type pk. The output is the compressed form a the point G1.t the pk represents.

val generate_sk : ?key_info:Stdlib.Bytes.t -> Stdlib.Bytes.t -> sk

generate_sk ?key_info ikm generates a new (random) secret key. ikm must be at least 32 bytes (otherwise, raise Invalid_argument). The default value of key_info is the empty bytes sequence.

val derive_pk : sk -> pk

derive_pk sk derives the corresponding public key of sk.

val aggregate_signature_opt : Stdlib.Bytes.t list -> Stdlib.Bytes.t option

aggregate_signature_opt signatures aggregates the signatures signatures, following https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-2.8. Return None if INVALID is expected in the specification

module Basic : sig ... end

https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-3.1

module Aug : sig ... end

https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-3.2

https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-3.3

A proof of possession scheme uses a separate public key validation step, called a proof of possession, to defend against rogue key attacks. This enables an optimization to aggregate signature verification for the case that all signatures are on the same message.

module Pop : sig ... end
OCaml

Innovation. Community. Security.