Support verification of multi-message aggregated signature using auxilary publickey in the signature group#84
Open
drskalman wants to merge 2 commits into
Conversation
- Change Verifier to support verifiying multimessage signature using aux pubkey - Update example and tests.
…get verifier. - Add separate aggregator for the verifier and the prover.
davxy
reviewed
May 2, 2026
Comment on lines
+112
to
+116
| /// Like `merge_by_signer` but keyed on `(public_key, aux_public_key)`. | ||
| /// Only message points are merged for entries sharing the same signer pair. | ||
| /// Like `merge_by_signer` but also carries auxiliary public keys. | ||
| /// Keyed on the public key; returns `None` if the same public key | ||
| /// appears with conflicting auxiliary keys. |
| }; | ||
| let (first_message, first_public_key) = match signed.messages_and_publickeys().next() { | ||
| Some((first_message, first_public_key)) => (first_message, first_public_key), | ||
| None => return false, |
Member
There was a problem hiding this comment.
Empty-aggregate behavior changed silently. The old returned false immediately when the message map was empty. The new version proceeds with empty vectors and ends in verify_normalized with no pairings, which only succeeds if the aggregated signature is the identity. Functionally probably fine, but maybe is better to explicitly reject empty inputs?
Comment on lines
+319
to
+320
| let pseudo_random_scalar_seed = | ||
| [msg_bytes, pk_bytes, aux_pk_bytes, signature_as_bytes.clone()].concat(); |
Member
There was a problem hiding this comment.
Nit. Perhaps we can preallocate the buffer outside the loop. Not a big deal BTW
| H: FixedOutputReset + Default + Clone, | ||
| >( | ||
| signed: &single_pop_aggregator::SignatureAggregatorAssumingPoP<E>, | ||
| signed: &pop_aggregator::SignatureAggregatorAssumingPoP<E>, |
Member
There was a problem hiding this comment.
Can this be a generic implementation of Signed trait? (as verify_with_distinct_messages)
Collaborator
Author
|
This also addresses https://github.com/paritytech/srlabs_findings/issues/676 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR removes the single message pop aggregaor used for aggregated nugget BLS and add support for multi message verification using nugget BLS (verifying using auxilary public key in the Signature group.
As a result It rename
MultiMessageSignatureAggregatorAssumingPoP' to 'SignatureAggregatorAssumingPoP(as there is no single message aggregator any more), so there is no place for confusion.The aggergator could verify the signature using either public key in the G1 or G2. If the public key in the signature group doesn't exists the verification in Signature group simply fails.