BLS Signature
What is BLS Signature?
BLS SignatureA short pairing-based digital signature by Boneh, Lynn, and Shacham (2001) supporting deterministic single signatures and efficient aggregation across many signers.
BLS signatures, introduced by Dan Boneh, Ben Lynn, and Hovav Shacham in 2001, build on bilinear pairings over pairing-friendly elliptic curves such as BLS12-381. A signature on message m is sigma = H(m)^x where x is the private key and H hashes to the curve, with verification done via the pairing equation e(g, sigma) = e(pk, H(m)). BLS signatures are deterministic, 48 bytes on BLS12-381 G1, and uniquely support non-interactive aggregation: many signatures on possibly different messages combine into one short signature verifiable in a single multi-pairing. They underpin Ethereum 2.0 validator consensus, threshold and distributed key generation schemes (DKG), proof-of-stake protocols (Dfinity, Filecoin, Chia), and IETF draft-irtf-cfrg-bls-signature.
● Examples
- 01
Ethereum beacon-chain validators sign blocks with BLS over BLS12-381.
- 02
Threshold-BLS signatures back distributed randomness beacons like drand.
● Frequently asked questions
What is BLS Signature?
A short pairing-based digital signature by Boneh, Lynn, and Shacham (2001) supporting deterministic single signatures and efficient aggregation across many signers. It belongs to the Cryptography category of cybersecurity.
What does BLS Signature mean?
A short pairing-based digital signature by Boneh, Lynn, and Shacham (2001) supporting deterministic single signatures and efficient aggregation across many signers.
How does BLS Signature work?
BLS signatures, introduced by Dan Boneh, Ben Lynn, and Hovav Shacham in 2001, build on bilinear pairings over pairing-friendly elliptic curves such as BLS12-381. A signature on message m is sigma = H(m)^x where x is the private key and H hashes to the curve, with verification done via the pairing equation e(g, sigma) = e(pk, H(m)). BLS signatures are deterministic, 48 bytes on BLS12-381 G1, and uniquely support non-interactive aggregation: many signatures on possibly different messages combine into one short signature verifiable in a single multi-pairing. They underpin Ethereum 2.0 validator consensus, threshold and distributed key generation schemes (DKG), proof-of-stake protocols (Dfinity, Filecoin, Chia), and IETF draft-irtf-cfrg-bls-signature.
How do you defend against BLS Signature?
Defences for BLS Signature typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for BLS Signature?
Common alternative names include: Boneh-Lynn-Shacham signature, BLS12-381 signature.
● Related terms
- cryptography№ 321
Digital Signature
A public-key cryptographic mechanism that proves the authenticity, integrity and non-repudiation of a message or document.
- cryptography№ 1152
Threshold Cryptography
A class of cryptographic schemes in which a secret key is split across n parties so that any t of them — but no smaller subset — can sign, decrypt, or perform any other key operation.
- cryptography№ 370
Ed25519
An EdDSA signature scheme over the twisted Edwards curve edwards25519, offering ~128-bit security with deterministic, fast, side-channel-resistant signing as defined in RFC 8032.
- cryptography№ 374
Elliptic Curve Cryptography (ECC)
A family of public-key algorithms based on the algebraic structure of elliptic curves over finite fields, offering equivalent security to RSA with much smaller keys.
- cryptography№ 1029
Shamir's Secret Sharing
A threshold cryptographic scheme by Adi Shamir (1979) that splits a secret into n shares such that any k can reconstruct it while fewer than k reveal nothing.