BLS Signature Aggregation & Cryptography

A fantastic innovation that came out of Dan Boneh’s research in the past few years is the idea of Signature Aggregation. A major bottleneck for decentralized networks such as Ethereum to move into a Proof of Stake model is the problem of verifying cryptographic signatures at scale. Boneh-Lynn-Shacham signatures (BLS) are an innovation that allows for fast, signature aggregation and verification at scale using Elliptic Curve cryptography. This has been popularized by the Dfinity project using BLS additionally to create a source of distributed randomness through a mechanism called “threshold relay”. In Ethereum, we will not be using BLS for randomness but rather for its capabilities of verifying tens of thousands of validator signatures efficiently in a single node by aggregating them together.

Ethereum 2.0 uses the Boneh-Lynn-Shacham signature scheme for secure cryptography in the protocol. This method allows validators to sign messages and the resulting signatures can be aggregated and efficiently verified at scale, allowing full proof of stake systems with a massive number of validators to function in production. We are currently using a pure Go BLS implementation for our testnet, but due to efficiency reasons we will switch Prysm into a more performant implementation, perhaps written in C++.

Prysm contains the following public BLS API which can be used across the project:

func (s *Signature) Verify(msg []byte, pub *PublicKey, domain uint64) bool
func (s *SecretKey) Sign(msg []byte, domain uint64) *Signature
func (s *Signature) VerifyAggregate(pubKeys []*PublicKey, msg []byte, domain uint64) bool
func AggregateSignatures(sigs []*Signature) *Signature

The BLS specification used by Ethereum 2.0 can be found in the official specs repo here.