BLS Threshold Crypto

BLS Threshold Crypto (blsttc) is a Rust implementation of BLS (Boneh-Lynn-Shacham) threshold signatures with support for both Rust and Python interfaces.

Installation

# Add to Cargo.toml
[dependencies]
blsttc = "8.0.2"

Basic Usage

use blsttc::{SecretKey, PublicKey, Signature};

// Generate a secret key
let secret_key = SecretKey::random();

// Get the corresponding public key
let public_key = secret_key.public_key();

// Sign a message
let message = b"Hello, World!";
let signature = secret_key.sign(message);

// Verify the signature
assert!(public_key.verify(&signature, message));

from blsttc import SecretKey, PublicKey, Signature

# Generate a secret key
secret_key = SecretKey.random()

# Get the corresponding public key
public_key = secret_key.public_key()

# Sign a message
message = b"Hello, World!"
signature = secret_key.sign(message)

# Verify the signature
assert public_key.verify(signature, message)

Threshold Signatures

use blsttc::{SecretKeySet, PublicKeySet};

// Create a threshold signature scheme
let threshold = 3;  // Minimum signatures required
let total = 5;      // Total number of shares
let sk_set = SecretKeySet::random(threshold);

// Get the public key set
let pk_set = sk_set.public_keys();

// Generate secret key shares
let secret_shares: Vec<_> = (0..total)
    .map(|i| sk_set.secret_key_share(i))
    .collect();

// Sign with individual shares
let message = b"Hello, World!";
let sig_shares: Vec<_> = secret_shares
    .iter()
    .map(|share| share.sign(message))
    .collect();

// Combine signatures
let combined_sig = pk_set.combine_signatures(sig_shares[..threshold].iter())?;

// Verify the combined signature
assert!(pk_set.public_key().verify(&combined_sig, message));

from blsttc import SecretKeySet, PublicKeySet

# Create a threshold signature scheme
threshold = 3  # Minimum signatures required
total = 5      # Total number of shares
sk_set = SecretKeySet.random(threshold)

# Get the public key set
pk_set = sk_set.public_keys()

# Generate secret key shares
secret_shares = [sk_set.secret_key_share(i) for i in range(total)]

# Sign with individual shares
message = b"Hello, World!"
sig_shares = [share.sign(message) for share in secret_shares]

# Combine signatures
combined_sig = pk_set.combine_signatures(sig_shares[:threshold])

# Verify the combined signature
assert pk_set.public_key().verify(combined_sig, message)

Advanced Features

Key Generation

use blsttc::{SecretKey, Fr};
use rand::thread_rng;

// Generate from random seed
let secret_key = SecretKey::random();

// Generate from bytes
let bytes_data = b"some-32-byte-seed";
let secret_key = SecretKey::from_bytes(bytes_data)?;

// Generate from field element
let fr = Fr::random();
let secret_key = SecretKey::from_fr(&fr);

from blsttc import SecretKey, Fr

# Generate from random seed
secret_key = SecretKey.random()

# Generate from bytes
bytes_data = b"some-32-byte-seed"
secret_key = SecretKey.from_bytes(bytes_data)

# Generate from field element
fr = Fr.random()
secret_key = SecretKey.from_fr(fr)

Serialization

// Serialize keys and signatures
let sk_bytes = secret_key.to_bytes();
let pk_bytes = public_key.to_bytes();
let sig_bytes = signature.to_bytes();

// Deserialize
let sk = SecretKey::from_bytes(&sk_bytes)?;
let pk = PublicKey::from_bytes(&pk_bytes)?;
let sig = Signature::from_bytes(&sig_bytes)?;

# Serialize keys and signatures
sk_bytes = secret_key.to_bytes()
pk_bytes = public_key.to_bytes()
sig_bytes = signature.to_bytes()

# Deserialize
sk = SecretKey.from_bytes(sk_bytes)
pk = PublicKey.from_bytes(pk_bytes)
sig = Signature.from_bytes(sig_bytes)

Error Handling

use blsttc::error::Error;

// Handle key generation errors
match SecretKey::from_bytes(invalid_bytes) {
    Ok(sk) => println!("Key generated successfully"),
    Err(Error::InvalidBytes) => println!("Invalid key bytes"),
    Err(e) => println!("Other error: {}", e),
}

// Handle signature verification
if !pk.verify(&sig, msg) {
    println!("Invalid signature");
}

try:
    # Operations that might fail
    sk = SecretKey.from_bytes(invalid_bytes)
except ValueError as e:
    print(f"Invalid key bytes: {e}")

try:
    # Signature verification
    if not pk.verify(sig, msg):
        print("Invalid signature")
except Exception as e:
    print(f"Verification error: {e}")

Best Practices

Key Management
- Securely store private keys
- Use strong random number generation
- Implement key rotation policies
Threshold Selection
- Choose appropriate threshold values
- Consider fault tolerance requirements
- Balance security and availability
Performance
- Cache public keys when possible
- Batch verify signatures when possible
- Use appropriate buffer sizes
Security
- Validate all inputs
- Use secure random number generation
- Implement proper error handling

Common Use Cases

Distributed Key Generation
- Generate keys for distributed systems
- Share keys among multiple parties
- Implement threshold cryptography
Signature Aggregation
- Combine multiple signatures
- Reduce signature size
- Improve verification efficiency
Consensus Protocols
- Implement Byzantine fault tolerance
- Create distributed voting systems
- Build secure multiparty computation

PreviousNode API NextSelf Encryption

Last updated 1 year ago

hashtagInstallation

hashtagBasic Usage

hashtagThreshold Signatures

hashtagAdvanced Features

hashtagKey Generation

hashtagSerialization

hashtagError Handling

hashtagBest Practices

hashtagCommon Use Cases

Installation

Basic Usage

Threshold Signatures

Advanced Features

Key Generation

Serialization

Error Handling

Best Practices

Common Use Cases