Skip to content

Support verification of multi-message aggregated signature using auxilary publickey in the signature group #84

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
drskalman wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Support verification of multi-message aggregated signature using auxilary publickey in the signature group #84

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
574cd57
- Remove SingleAggergator.
drskalman Apr 21, 2026
dd94829
- Implement `aggregate_aux_publickey_for_message_n_publickey` for nug…
drskalman Apr 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 10 additions & 26 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ Assuming you already have proofs-of-possession, then you'll want to do aggregati
The library offers method for generating and verifying proof of positions both based on BLS and [Schnorr Signature](https://en.wikipedia.org/wiki/Schnorr_signature) which is faster to verify than when using BLS signature itself as proof of position. The following example demonstrate how to generate and verify proof of positions and then using `SignatureAggregatorAssumingPoP` to batch and verify multiple BLS signatures.

```rust
use w3f_bls::{Keypair,PublicKey,ZBLS,Message,Signed, ProofOfPossessionGenerator, ProofOfPossession, experimental::schnorr_pop::{SchnorrPoP}, multi_pop_aggregator::MultiMessageSignatureAggregatorAssumingPoP};
use w3f_bls::{Keypair,PublicKey,ZBLS,Message,Signed, ProofOfPossessionGenerator, ProofOfPossession, experimental::schnorr_pop::{SchnorrPoP}, pop_aggregator::SignatureAggregatorAssumingPoP};
use sha2::Sha256;

let mut keypairs = [Keypair::<ZBLS>::generate(::rand::thread_rng()), Keypair::<ZBLS>::generate(::rand::thread_rng())];
Expand All @@ -92,7 +92,7 @@ let pops = keypairs.iter_mut().map(|k|(ProofOfPossessionGenerator::<ZBLS, Sha256
let publickeys = publickeys.iter().zip(pops.iter()).map(|(publickey, pop) | {assert!(ProofOfPossession::<ZBLS, Sha256, PublicKey<ZBLS>>::verify(pop,publickey)); publickey}).collect::<Vec<_>>();

let batch_poped = msgs.iter().zip(publickeys).zip(sigs).fold(
MultiMessageSignatureAggregatorAssumingPoP::<ZBLS>::new(),
SignatureAggregatorAssumingPoP::<ZBLS>::new(),
|mut bpop,((message, publickey),sig)| { bpop.add_message_n_publickey(message, &publickey); bpop.add_signature(&sig); bpop }
);
assert!(batch_poped.verify())
Expand All @@ -106,12 +106,11 @@ The scheme introduced in [`our recent paper`](https://eprint.iacr.org/2022/1611)
```rust
use sha2::Sha256;
use ark_bls12_377::Bls12_377;
use ark_ff::Zero;
use rand::thread_rng;

use w3f_bls::{
single_pop_aggregator::SignatureAggregatorAssumingPoP, DoubleNuggetBLS, EngineBLS, Keypair,
Message, NuggetPublicKey, PublicKey, PublicKeyInSignatureGroup, Signed, TinyBLS, TinyBLS377,
pop_aggregator::SignatureAggregatorAssumingPoP, DoubleNuggetBLS, EngineBLS, Keypair,
Message, NuggetPublicKey, PublicKeyInSignatureGroup, TinyBLS, TinyBLS377,
};


Expand All @@ -125,28 +124,13 @@ let pub_keys_in_sig_grp: Vec<PublicKeyInSignatureGroup<TinyBLS377>> = keypairs
.map(|k| DoubleNuggetBLS::<TinyBLS377>::into_nugget_double_public_key(k).into_public_key_in_signature_group())
.collect();

let mut prover_aggregator =
SignatureAggregatorAssumingPoP::<TinyBLS377>::new(message.clone());
let mut aggregated_public_key =
PublicKey::<TinyBLS377>(<TinyBLS377 as EngineBLS>::PublicKeyGroup::zero());
let mut verifier_aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new();

//sign and aggegate
let _ = keypairs
.iter_mut()
.map(|k| {
prover_aggregator.add_signature(&k.sign(&message));
aggregated_public_key.0 += k.public.0;
})
.count();

let mut verifier_aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new(message);

verifier_aggregator.add_signature(&(&prover_aggregator).signature());

//aggregate public keys in signature group
verifier_aggregator.add_publickey(&aggregated_public_key);

pub_keys_in_sig_grp.iter().for_each(|pk| {verifier_aggregator.add_auxiliary_public_key(pk);});
//sign, aggregate, and add (publickey, aux) pairs
for (k, aux) in keypairs.iter_mut().zip(pub_keys_in_sig_grp.iter()) {
verifier_aggregator.add_signature(&k.sign(&message));
verifier_aggregator.add_message_n_publickey(&message, &(k.public, *aux));
}

assert!(
verifier_aggregator.verify_using_aggregated_auxiliary_public_keys::<Sha256>(),
Expand Down
31 changes: 8 additions & 23 deletions examples/aggregate_with_public_key_in_signature_group.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,13 @@
use sha2::Sha256;
#[cfg(feature = "std")]
use w3f_bls::{
single_pop_aggregator::SignatureAggregatorAssumingPoP, EngineBLS, Keypair, Message, NuggetBLS,
PublicKey, PublicKeyInSignatureGroup, Signed, TinyBLS, TinyBLS377,
pop_aggregator::SignatureAggregatorAssumingPoP, EngineBLS, Keypair, Message, NuggetBLS,
PublicKeyInSignatureGroup, TinyBLS, TinyBLS377,
};

#[cfg(feature = "std")]
use ark_bls12_377::Bls12_377;
#[cfg(feature = "std")]
use ark_ff::Zero;
#[cfg(feature = "std")]
use rand::thread_rng;

/// Run using
Expand All @@ -31,26 +29,13 @@ fn main() {
.iter()
.map(|k| NuggetBLS::<_, <EB as EngineBLS>::SignatureGroup>::into_public_key_in_signature_group(k))
.collect();
let mut prover_aggregator =
SignatureAggregatorAssumingPoP::<TinyBLS377>::new(message.clone());
let mut aggregated_public_key =
PublicKey::<TinyBLS377>(<TinyBLS377 as EngineBLS>::PublicKeyGroup::zero());

//sign and aggegate
keypairs.iter_mut().for_each(|k| {
prover_aggregator.add_signature(&k.sign(&message));
aggregated_public_key.0 += k.public.0;
});

let mut verifier_aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new(message);
//get the signature and already aggregated public key from the prover
verifier_aggregator.add_signature(&(&prover_aggregator).signature());
verifier_aggregator.add_publickey(&aggregated_public_key);
let mut verifier_aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new();

//aggregate public keys in signature group
pub_keys_in_sig_grp.iter().for_each(|pk| {
verifier_aggregator.add_auxiliary_public_key(pk);
});
//sign, aggregate, and add (publickey, aux) pairs
for (k, aux) in keypairs.iter_mut().zip(pub_keys_in_sig_grp.iter()) {
verifier_aggregator.add_signature(&k.sign(&message));
verifier_aggregator.add_message_n_publickey(&message, &(k.public, *aux));
}

assert!(
verifier_aggregator.verify_using_aggregated_auxiliary_public_keys::<Sha256>(),
Expand Down
4 changes: 2 additions & 2 deletions examples/experimental/aggregated_with_pop.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ use sha2::Sha256;
#[cfg(feature = "std")]
use w3f_bls::{
experimental::schnorr_pop::SchnorrPoP,
multi_pop_aggregator::MultiMessageSignatureAggregatorAssumingPoP,
pop_aggregator::SignatureAggregatorAssumingPoP,
Keypair, Message, ProofOfPossession, ProofOfPossessionGenerator, PublicKey, Signed, ZBLS,
};

Expand Down Expand Up @@ -53,7 +53,7 @@ fn main() {

//now that we have confidence in keys we can verify the batched signature
let batch_poped = msgs.iter().zip(publickeys).zip(sigs).fold(
MultiMessageSignatureAggregatorAssumingPoP::<ZBLS>::new(),
SignatureAggregatorAssumingPoP::<ZBLS>::new(),
|mut bpop, ((message, publickey), sig)| {
bpop.add_message_n_publickey(message, &publickey);
bpop.add_signature(&sig);
Expand Down
12 changes: 6 additions & 6 deletions src/experimental/bench.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ extern crate test;
const NO_OF_MULTI_SIG_SIGNERS: usize = 100;
use crate::chaum_pedersen_signature::ChaumPedersenSigner;
use crate::chaum_pedersen_signature::ChaumPedersenVerifier;
use crate::multi_pop_aggregator::MultiMessageSignatureAggregatorAssumingPoP;
use crate::pop_aggregator::SignatureAggregatorAssumingPoP;
use crate::Keypair;
use crate::Message;
use crate::Signature as BLSSignature;
Expand Down Expand Up @@ -55,15 +55,15 @@ use crate::PublicKeyInSignatureGroup;
// let mut pub_keys_in_sig_grp : Vec<PublicKeyInSignatureGroup<TinyBLS377>> = keypairs.iter().map(|k| k.into_public_key_in_signature_group()).collect();

// let mut aggregated_public_key = PublicKey::<TinyBLS377>(<TinyBLS377 as EngineBLS>::PublicKeyGroup::zero());
// let mut aggregator = MultiMessageSignatureAggregatorAssumingPoP::<TinyBLS377>::new();
// let mut aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new();

// for k in &mut keypairs {
// aggregator.aggregate(&k.signed_message(message));
// aggregated_public_key.0 += k.public.0;
// }

// b.iter(|| {
// let mut verifier_aggregator = MultiMessageSignatureAggregatorAssumingPoP::<TinyBLS377>::new();
// let mut verifier_aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new();
// let mut verifier_aggregated_public_key = PublicKey::<TinyBLS377>(<TinyBLS377 as EngineBLS>::PublicKeyGroup::zero());

// verifier_aggregator.add_signature(&aggregator.signature);
Expand All @@ -85,7 +85,7 @@ use crate::PublicKeyInSignatureGroup;
// let message = Message::new(b"ctx",b"test message");

// b.iter(|| {
// let mut aggregator = MultiMessageSignatureAggregatorAssumingPoP::<TinyBLS377>::new();
// let mut aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new();
// let mut aggregated_public_key = PublicKey::<TinyBLS377>(<TinyBLS377 as EngineBLS>::PublicKeyGroup::zero());

// for k in &mut keypairs {
Expand All @@ -102,7 +102,7 @@ use crate::PublicKeyInSignatureGroup;
// let mut keypairs = generate_many_keypairs(NO_OF_MULTI_SIG_SIGNERS);
// let mut pub_keys_in_sig_grp : Vec<PublicKeyInSignatureGroup<TinyBLS377>> = keypairs.iter().map(|k| k.into_public_key_in_signature_group()).collect();

// let mut aggregator = MultiMessageSignatureAggregatorAssumingPoP::<TinyBLS377>::new();
// let mut aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new();
// let mut aggregated_public_key = PublicKey::<TinyBLS377>(<TinyBLS377 as EngineBLS>::PublicKeyGroup::zero());

// for k in &mut keypairs {
Expand All @@ -111,7 +111,7 @@ use crate::PublicKeyInSignatureGroup;
// }

// b.iter(|| {
// let mut verifier_aggregator = MultiMessageSignatureAggregatorAssumingPoP::<TinyBLS377>::new();
// let mut verifier_aggregator = SignatureAggregatorAssumingPoP::<TinyBLS377>::new();

// verifier_aggregator.add_signature(&aggregator.signature);
// verifier_aggregator.add_message_n_publickey(&message, &aggregated_public_key);
Expand Down
3 changes: 1 addition & 2 deletions src/experimental/bit.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -660,8 +660,7 @@ mod tests {
assert!(bitsig1.merge(&bitsig2).is_err());

let mut multimsg =
crate::multi_pop_aggregator::MultiMessageSignatureAggregatorAssumingPoP::<ZBLS>::new(
);
crate::pop_aggregator::SignatureAggregatorAssumingPoP::<ZBLS>::new();
multimsg.aggregate(&bitsig1);
multimsg.aggregate(&bitsig2);
assert!(multimsg.verify()); // verifiers::verify_with_distinct_messages(&dms,true)
Expand Down
49 changes: 45 additions & 4 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ extern crate sha3;

extern crate alloc;

use ark_ff::Zero;
use core::borrow::Borrow;
use digest::DynDigest;

Expand All @@ -119,8 +120,7 @@ pub mod serialize;
pub mod single;
pub mod verifiers;

pub mod multi_pop_aggregator;
pub mod single_pop_aggregator;
pub mod pop_aggregator;

#[cfg(feature = "experimental")]
pub mod experimental;
Expand All @@ -138,7 +138,48 @@ pub use single::{Keypair, KeypairVT, PublicKey, SecretKey, SecretKeyVT, Signatur

use alloc::vec::Vec;

/// Internal message hash size.
/// Public key types usable in the [`Signed`] trait.
///
/// Standard BLS uses [`PublicKey<E>`] which carries only the key in the
/// public-key group. Nugget-style schemes use [`NuggetDoublePublicKey<E>`]
/// (or similar) which carries keys in **both** curve groups and thus
/// supports auxiliary-key verification.
pub trait GeneralizedBLSPublicKey<E: EngineBLS> {
/// The public key in the public-key group.
fn public_key(&self) -> PublicKey<E>;

/// The auxiliary public key in the signature group.
/// Returns zero by default (no auxiliary key).
fn public_key_in_signature_group(&self) -> nugget::PublicKeyInSignatureGroup<E> {
nugget::PublicKeyInSignatureGroup(E::SignatureGroup::zero())
}
}

impl<E: EngineBLS> GeneralizedBLSPublicKey<E> for PublicKey<E> {
fn public_key(&self) -> PublicKey<E> {
*self
}
}

impl<E: EngineBLS> GeneralizedBLSPublicKey<E> for (PublicKey<E>, nugget::PublicKeyInSignatureGroup<E>) {
fn public_key(&self) -> PublicKey<E> {
self.0
}
fn public_key_in_signature_group(&self) -> nugget::PublicKeyInSignatureGroup<E> {
self.1
}
}

impl<'a, E: EngineBLS, T: GeneralizedBLSPublicKey<E>> GeneralizedBLSPublicKey<E> for &'a T {
fn public_key(&self) -> PublicKey<E> {
(*self).public_key()
}
fn public_key_in_signature_group(&self) -> nugget::PublicKeyInSignatureGroup<E> {
(*self).public_key_in_signature_group()
}
}

/// Internal message hash size.
///
/// We choose 256 bits here so that birthday bound attacks cannot
/// find messages with the same hash.
Expand Down Expand Up @@ -262,7 +303,7 @@ pub trait Signed: Sized {
fn signature(&self) -> Signature<Self::E>;

type M: Borrow<Message>; // = Message;
type PKG: Borrow<PublicKey<Self::E>>; // = PublicKey<Self::E>;
type PKG: GeneralizedBLSPublicKey<Self::E>; // = PublicKey<Self::E>;

/// Iterator over, messages and public key reference pairs.
type PKnM: Iterator<Item = (Self::M, Self::PKG)> + ExactSizeIterator;
Expand Down
Loading