1. Overview
  2. Docs


In a basic scheme, rogue key attacks are handled by requiring all messages signed by an aggregate signature to be distinct. This requirement is enforced in the definition of AggregateVerify.

The Sign and Verify functions are identical to CoreSign and CoreVerify (Section 2), respectively.

val sign : sk -> Bytes.t -> signature
val verify : pk -> Bytes.t -> signature -> bool
val aggregate_verify : (pk * Bytes.t) list -> signature -> bool

Raise Invalid_argument if the messages are not distinct