BLS12-381 threshold signature aggregation

bls12-381-tss.md

BLS12-381 threshold signature scheme in Go using "trusted" key generation.

Based on cryptography libraries from https://github.com/drand

Output:

Private key:            19ff5b84b3e983e022d9f189a8832ddeb638fb7242c2d1e6c01bfe6afc6f9354
Public key:             87182d07e893944771b9eb443bb43548b060606143587f2e104a9de56a4831848b83deb4ad553cabcbec90ed0adbca91
Message:                Hello Obol
------------------------
T:                      3
N:                      4
Private key share #0:   2906b9f80dad755aef8c8eb36f3fd5442ba2f11db71dde26a007879a3de07a8d
Signature share   #0:   8818888e6b2ca853405e5dfd5faeadaae15ced42452140396fb251e981d28e7d5e89c2b7d75ed22317cb6efba4148269175c9fed43a9c588f5fe6eeab93efc21471c459cd85f73b0175ad58a2aba5d06c9bc2bf98606c608fbd4a2757497b251
Private key share #1:   2e9a896cf08db4c4e8f4757d5ed2b08544aa8bef8cb734d2f382242f45c193db
Signature share   #1:   98e6de2216cf0828941413c449dfbffd597f30b128eb7f38d077d1ec3b0ef18c4d0f176e560b1b062db38abc7a3a97101707cea95f000520cfa0896d29e3201aad996c75598cb3ac4895376bd51cb1159c69e409194ac8829b0f5dcbf8231246
Private key share #2:   2abac9e35c8a421e0f11a5e7773bbfa2014fcbe7c38ed5ebba8bd42a1412df3e
Signature share   #2:   b1ee29d2cd8dae2bd9815434373526c0e065ec6cf03505b3dd4247797251723d30d9b7c197fd572235a61e1387e5e84708c17d2e4d393a90cba0d5e82271f658cb52eea7b6ee4def542c6e52527f3100413928bb86b8f43edbba320051288038
Private key share #3:   1d677b5b51a31d6661e41ff1b87b029a6192b1065ba4c170f524978aa8d45cb6
Signature share   #3:   aca273694c35c793ccfbf599e68b803d178097c61333736086ed1d09b26556c1c8343ea5dbdcc5a83f421c0a98b5ec2c0735efc51c7a552612803894c704140477a98e971401b7576b44d87187443c938f4fd726b759917bd85d3266389bd79e
------------------------
Signature:              8408587118b17687a793acd5a1b56564206fe7256fc0dd349c31fe1a274a2aaa0e64cbf2bb90c732994c18637729168506b2131462d4e40d6f1eeb258fc86125782c207274d754e72cdfd0db79ad5df835aa357ed66f87c8fc81ab272ec61ece
Verify:                 OK

main.go

package main

import (
	"fmt"

	bls "github.com/drand/kyber-bls12381"
	"github.com/drand/kyber/share"
	sign "github.com/drand/kyber/sign/bls"
	"github.com/drand/kyber/sign/tbls"
	"github.com/drand/kyber/util/random"
)

var Pairing = bls.NewBLS12381Suite()

var KeyGroup = Pairing.G1()
var SigGroup = Pairing.G2()
var Scheme = sign.NewSchemeOnG2(Pairing)
var TSS = tbls.NewThresholdSchemeOnG2(Pairing)

func main() {
	const t = 3
	const n = 4
	msg := []byte("Hello Obol")

	secret := KeyGroup.Scalar().Pick(random.New())
	priPoly := share.NewPriPoly(KeyGroup, t, secret, random.New())
	privkeyBin, err := priPoly.Secret().MarshalBinary()
	if err != nil {
		panic(err.Error())
	}
	fmt.Printf("Private key:\t\t%x\n", privkeyBin)
	pubPoly := priPoly.Commit(KeyGroup.Point().Base())
	pubkey := pubPoly.Commit()
	pubkeyBin, err := pubkey.MarshalBinary()
	if err != nil {
		panic(err.Error())
	}
	fmt.Printf("Public key:\t\t%x\n", pubkeyBin)
	fmt.Printf("Message:\t\t%s\n", msg)
	priShares := priPoly.Shares(n)
	sigShares := make([][]byte, 0)
	fmt.Println("------------------------")
	fmt.Printf("T:\t\t\t%d\n", t)
	fmt.Printf("N:\t\t\t%d\n", n)
	for _, x := range priShares {
		priShareBin, err := x.V.MarshalBinary()
		if err != nil {
			panic(err.Error())
		}
		fmt.Printf("Private key share #%d:\t%x\n", x.I, priShareBin)
		sig, err := TSS.Sign(x, msg)
		if err != nil {
			panic(err.Error())
		}
		fmt.Printf("Signature share   #%d:\t%x\n", x.I, sig[2:])
		sigShares = append(sigShares, sig)
	}
	fmt.Println("------------------------")
	sigBuf, err := TSS.Recover(pubPoly, msg, sigShares, t, n)
	if err != nil {
		panic(err.Error())
	}
	fmt.Printf("Signature:\t\t%x\n", sigBuf)
	var verifyResult string
	if err := Scheme.Verify(pubkey, msg, sigBuf); err != nil {
		verifyResult = err.Error()
	} else {
		verifyResult = "OK"
	}
	fmt.Printf("Verify:\t\t\t%s\n", verifyResult)
}