bls12-381 2.0.1 · OCaml Package

To focus the search input from anywhere on the page, press the 'S' key.

in-package search v0.1.0

bls12-381
- Bls12_381
  - Fq12
  - Fr
  - G1
    
    Scalar
  - G2
    
    Scalar
  - Pairing
  - Poseidon128
  - Signature
    
    MinPk
    
    Aug
    
    Basic
    
    Pop
    
    MinSig
    
    Aug
    
    Basic
    
    Pop

Legend:
Library
Module
Module type
Parameter
Class
Class type

Follow https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-3.3

A proof of possession scheme uses a separate public key validation step, called a proof of possession, to defend against rogue key attacks. This enables an optimization to aggregate signature verification for the case that all signatures are on the same message.

type proof = Bytes.t

val sign : sk -> Bytes.t -> signature

Equivalent to core_sign with the DST given in the specification https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-4.2.3

val verify : pk -> Bytes.t -> signature -> bool

Equivalent to core_verify with the DST given in the specification https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-4.2.3

val pop_prove : sk -> proof

pop_proof sk implements https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-3.3.2

val pop_verify : pk -> proof -> bool

pop_verify pk proof implements https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-3.3.3

val aggregate_verify : (pk * proof) list -> Bytes.t -> signature -> bool

aggregate_verify pks msg aggregated_signature performs a aggregate signature verification. It supposes the same message msg has been signed. It implements the FastAggregateVerify algorithm specified in https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-04#section-3.3.4