1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# BLS threshold signature
An implementation of BLS threshold signature
# Installation Requirements
Create a working directory (e.g., work) and clone the following repositories.
```
mkdir work
cd work
git clone git://github.com/herumi/xbyak.git
git clone git://github.com/herumi/cybozulib.git
git clone git://github.com/herumi/mcl.git
git clone git://github.com/herumi/bls.git
```
# Build and test
To make lib/libbls.a and test, run
```
cd bls
make test
```
To make sample programs, run
```
make sample_test
```
# API
## Basic API
BLS signature
```
e : G2 x G1 -> Fp12 ; optimal ate pairing over BN curve
Q in G2 ; fixed global parameter
H : {str} -> G1
s in Fr: secret key
sQ in G2; public key
s H(m) in G1; signature of m
verify ; e(sQ, H(m)) = e(Q, s H(m))
```
```
void bls::init();
```
Initialize this library. Call this once to use the other api.
```
void SecretKey::init();
```
Initialize the instance of SecretKey. `s` is a random number.
```
void SecretKey::getPublicKey(PublicKey& pub) const;
```
Get public key `sQ` for the secret key `s`.
```
void SecretKey::sign(Sign& sign, const std::string& m) const;
```
Make sign `s H(m)` from message m.
```
bool Sign::verify(const PublicKey& pub, const std::string& m) const;
```
Verify sign with pub and m and return true if it is valid.
```
e(sQ, H(m)) == e(Q, s H(m))
```
### Secret Sharing API
```
void SecretKey::getMasterSecretKey(SecretKeyVec& msk, size_t k) const;
```
Prepare k-out-of-n secret sharing for the secret key.
`msk[0]` is the original secret key `s` and `msk[i]` for i > 0 are random secret key.
```
void SecretKey::set(const SecretKeyVec& msk, const Id& id);
```
Make secret key f(id) from msk and id where f(x) = msk[0] + msk[1] x + ... + msk[k-1] x^{k-1}.
You can make a public key `f(id)Q` from each secret key f(id) for id != 0 and sign a message.
```
void Sign::recover(const SignVec& signVec, const IdVec& idVec);
```
Collect k pair of sign `f(id) H(m)` and `id` for a message m and recover the original signature `s H(m)` for the secret key `s`.
### PoP (Proof of Possesion)
```
void SecretKey::getPop(Sign& pop) const;
```
Sign pub and make a pop `s H(sQ)`
```
bool Sign::verify(const PublicKey& pub) const;
```
Verify a public key by pop.
# License
modified new BSD License
http://opensource.org/licenses/BSD-3-Clause
# Author
MITSUNARI Shigeo(herumi@nifty.com)
|
