Module Bls12_381_signature.MinSig

BLS signatures instantiation minimizing the size of the signatures (48 bytes) but use longer public keys (96 bytes).

type pk

Type of the public keys

val pk_size_in_bytes : int

The size of a serialized value pk

val unsafe_pk_of_bytes : Stdlib.Bytes.t -> pk

Build a value of type pk without performing any check on the input (hence the unsafe prefix because it might not give a correct inhabitant of the type pk). It is safe to use this function when verifying a signature as the signature function verifies if the point is in the prime subgroup. Using unsafe_pk_of_bytes removes a verification performed twice when used pk_of_bytes_exn or pk_of_bytes_opt.

The expected bytes format are the compressed form of a point on G2.

val pk_of_bytes_exn : Stdlib.Bytes.t -> pk

Build a value of type pk safely, i.e. the function checks the bytes given in parameters represents a point on the curve and in the prime subgroup. Raise Invalid_argument if the bytes are not in the correct format or does not represent a point in the prime subgroup.

The expected bytes format are the compressed form of a point on G2.

val pk_of_bytes_opt : Stdlib.Bytes.t -> pk option

Build a value of type pk safely, i.e. the function checks the bytes given in parameters represents a point on the curve and in the prime subgroup. Return None if the bytes are not in the correct format or does not represent a point in the prime subgroup.

The expected bytes format are the compressed form of a point on G2.

val pk_to_bytes : pk -> Stdlib.Bytes.t

Returns a bytes representation of a value of type pk. The output is the compressed form of the point Bls12_381.Bls12_381.G2.t the pk represents.

val derive_pk : sk -> pk

derive_pk sk derives the corresponding public key of sk.

type signature

Type of the signatures

val signature_size_in_bytes : int

The size of a serialized value signature

val unsafe_signature_of_bytes : Stdlib.Bytes.t -> signature

Build a value of type signature without performing any check on the input (hence the unsafe prefix because it might not give a correct inhabitant of the type signature). It is safe to use this function when verifying a signature as the signature function verifies if the point is in the prime subgroup. Using unsafe_signature_of_bytes removes a verification performed twice when used signature_of_bytes_exn or signature_of_bytes_opt.

The expected bytes format are the compressed form of a point on G1.

val signature_of_bytes_exn : Stdlib.Bytes.t -> signature

Build a value of type signature safely, i.e. the function checks the bytes given in parameters represents a point on the curve and in the prime subgroup. Raise Invalid_argument if the bytes are not in the correct format or does not represent a point in the prime subgroup.

The expected bytes format are the compressed form of a point on G1.

val signature_of_bytes_opt : Stdlib.Bytes.t -> signature option

Build a value of type signature safely, i.e. the function checks the bytes given in parameters represents a point on the curve and in the prime subgroup. Return None if the bytes are not in the correct format or does not represent a point in the prime subgroup.

The expected bytes format are the compressed form of a point on G1.

val signature_to_bytes : signature -> Stdlib.Bytes.t

Returns a bytes representation of a value of type signature. The output is the compressed form a the point Bls12_381.G1.t the signature represents.

val aggregate_signature_opt : ?subgroup_check:bool -> signature list -> signature option

aggregate_signature_opt signatures aggregates the signatures signatures, following section 2.8. Return None if INVALID is expected in the specification. If subgroup_check is set, the function also checks if the points are in G1. (set by default)

val aggregate_signature_weighted_opt : ?subgroup_check:bool -> (Z.t * signature) list -> signature option

aggregate_signature_weighted_opt [(w_1, s_1);(w_1, s_2);...] aggregates the signatures s_i multiplied by their weights w_i, i.e it returns the sum of w_i * s_i. Return None if deserialization of signatures fails. If subgroup_check is set, the function also checks if the points are in G1.

val threshold_signature_opt : (int * signature) list -> signature option

threshold_signature_opt [(id_x, s_x);(id_y, s_y);...] reconstructs a signature if at least m valid signatures s_i produced by a participant id_i are provided.

val aggregate_public_key_opt : ?subgroup_check:bool -> pk list -> pk option

aggregate_public_key_opt ?subgroup_check pks aggregates the public keys pks. If subgroup_check is set, the function also checks if the points are in G2.

val aggregate_public_key_weighted_opt : ?subgroup_check:bool -> (Z.t * pk) list -> pk option

aggregate_public_key_weighted_opt [(w_1, pk_1);(w_2, pk_2);...] aggregates the public keys pk_i multiplied by their weights w_i, i.e it returns the sum of w_i * pk_i. If subgroup_check is set, the function also checks if the points are in G2.

module Basic : sig ... end

Basic scheme described in section 3.1

module Aug : sig ... end

Augmentation scheme described in section 3.2

module Pop : sig ... end

Follow section 3.3.