This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Abstract. Since its inception in 2004, BLS signature (named after its inventors Bonneh, Lynn and Shacham) has been very popular among researchers due to its uber-simple structure, small size, and plethora of features it offers. For example, BLS is a unique deterministic signature, and is readily thresholdizable due to its “key-homomorphism”. The signing procedure is completely non-interactive, once a key is setup (for example, by using a standard distributed key-generation, or DKG, in a fully decentralized setting). Therefore, it can be used in an asynchronous or partially synchronous setting immediately. Efficiency-wise, threshold BLS outperforms other threshold signatures such as ECDSA and Schorr in the signing, but incurs a higher cost during aggregation and verification due to use of pairing. Nevertheless, the signature size of BLS is much shorter. Furthermore, BLS supports easy aggregation of multiple signatures on the same messages but with different public keys (multi-signatures) and also various signatures on different messages (aggregate signatures). Due to its deterministic (and unique) nature, it can be immediately converted to a distributed VRF. Moreover, as shown by Das et al. (CCS’23) and Garg et al. (S&P’24), scalable weighted threshold signatures can be built based on BLS, without requiring a separate DKG. Other features include multiverse signatures, as constructed by Baird et al. (S&P’23). In Web3 setting variants of BLS signatures were deployed in several blockchain ecosystems, including Ethereum 2.0 for generating validation certificates (a BLS multi-signature was used in this case), and Hashgraph to generate a state proof. Furthermore, Distributed VRFs based on BLS were deployed in DRand, Dfinity, Supra DVRF. In this talk I shall present the importance of threshold BLS signatures, the amazing features it offers in the threshold setting, and also the trade-off in efficiency (due to pairing) in comparison with ECDSA and Schnorr. We would like to make a case for standardization of BLS in Category 2.1: verifiably-deterministic succinct signatures.
Security and Privacy: cryptography