BLS Threshold Crypto

BLS Threshold Crypto (blsttc) is a Rust implementation of BLS (Boneh-Lynn-Shacham) threshold signatures with support for both Rust and Python interfaces.

Installation

# Add to Cargo.toml
[dependencies]
blsttc = "8.0.2"

# Install using uv (recommended)
curl -LsSf <https://astral.sh/uv/install.sh> | sh
uv pip install blsttc

# Or using pip
pip install blsttc

Basic Usage

use blsttc::{SecretKey, PublicKey, Signature};

// Generate a secret key
let secret_key = SecretKey::random();

// Get the corresponding public key
let public_key = secret_key.public_key();

// Sign a message
let message = b"Hello, World!";
let signature = secret_key.sign(message);

// Verify the signature
assert!(public_key.verify(&signature, message));

from blsttc import SecretKey, PublicKey, Signature

# Generate a secret key
secret_key = SecretKey.random()

# Get the corresponding public key
public_key = secret_key.public_key()

# Sign a message
message = b"Hello, World!"
signature = secret_key.sign(message)

# Verify the signature
assert public_key.verify(signature, message)

Threshold Signatures

use blsttc::{SecretKeySet, PublicKeySet};

// Create a threshold signature scheme
let threshold = 3;  // Minimum signatures required
let total = 5;      // Total number of shares
let sk_set = SecretKeySet::random(threshold);

// Get the public key set
let pk_set = sk_set.public_keys();

// Generate secret key shares
let secret_shares: Vec<_> = (0..total)
    .map(|i| sk_set.secret_key_share(i))
    .collect();

// Sign with individual shares
let message = b"Hello, World!";
let sig_shares: Vec<_> = secret_shares
    .iter()
    .map(|share| share.sign(message))
    .collect();

// Combine signatures
let combined_sig = pk_set.combine_signatures(sig_shares[..threshold].iter())?;

// Verify the combined signature
assert!(pk_set.public_key().verify(&combined_sig, message));

from blsttc import SecretKeySet, PublicKeySet

# Create a threshold signature scheme
threshold = 3  # Minimum signatures required
total = 5      # Total number of shares
sk_set = SecretKeySet.random(threshold)

# Get the public key set
pk_set = sk_set.public_keys()

# Generate secret key shares
secret_shares = [sk_set.secret_key_share(i) for i in range(total)]

# Sign with individual shares
message = b"Hello, World!"
sig_shares = [share.sign(message) for share in secret_shares]

# Combine signatures
combined_sig = pk_set.combine_signatures(sig_shares[:threshold])

# Verify the combined signature
assert pk_set.public_key().verify(combined_sig, message)

Advanced Features

Key Generation

use blsttc::{SecretKey, Fr};
use rand::thread_rng;

// Generate from random seed
let secret_key = SecretKey::random();

// Generate from bytes
let bytes_data = b"some-32-byte-seed";
let secret_key = SecretKey::from_bytes(bytes_data)?;

// Generate from field element
let fr = Fr::random();
let secret_key = SecretKey::from_fr(&fr);

from blsttc import SecretKey, Fr

# Generate from random seed
secret_key = SecretKey.random()

# Generate from bytes
bytes_data = b"some-32-byte-seed"
secret_key = SecretKey.from_bytes(bytes_data)

# Generate from field element
fr = Fr.random()
secret_key = SecretKey.from_fr(fr)

Serialization

// Serialize keys and signatures
let sk_bytes = secret_key.to_bytes();
let pk_bytes = public_key.to_bytes();
let sig_bytes = signature.to_bytes();

// Deserialize
let sk = SecretKey::from_bytes(&sk_bytes)?;
let pk = PublicKey::from_bytes(&pk_bytes)?;
let sig = Signature::from_bytes(&sig_bytes)?;

# Serialize keys and signatures
sk_bytes = secret_key.to_bytes()
pk_bytes = public_key.to_bytes()
sig_bytes = signature.to_bytes()

# Deserialize
sk = SecretKey.from_bytes(sk_bytes)
pk = PublicKey.from_bytes(pk_bytes)
sig = Signature.from_bytes(sig_bytes)

Error Handling

use blsttc::error::Error;

// Handle key generation errors
match SecretKey::from_bytes(invalid_bytes) {
    Ok(sk) => println!("Key generated successfully"),
    Err(Error::InvalidBytes) => println!("Invalid key bytes"),
    Err(e) => println!("Other error: {}", e),
}

// Handle signature verification
if !pk.verify(&sig, msg) {
    println!("Invalid signature");
}

try:
    # Operations that might fail
    sk = SecretKey.from_bytes(invalid_bytes)
except ValueError as e:
    print(f"Invalid key bytes: {e}")

try:
    # Signature verification
    if not pk.verify(sig, msg):
        print("Invalid signature")
except Exception as e:
    print(f"Verification error: {e}")

Best Practices

Key Management
- Securely store private keys
- Use strong random number generation
- Implement key rotation policies
Threshold Selection
- Choose appropriate threshold values
- Consider fault tolerance requirements
- Balance security and availability
Performance
- Cache public keys when possible
- Batch verify signatures when possible
- Use appropriate buffer sizes
Security
- Validate all inputs
- Use secure random number generation
- Implement proper error handling

Common Use Cases

Distributed Key Generation
- Generate keys for distributed systems
- Share keys among multiple parties
- Implement threshold cryptography
Signature Aggregation
- Combine multiple signatures
- Reduce signature size
- Improve verification efficiency
Consensus Protocols
- Implement Byzantine fault tolerance
- Create distributed voting systems
- Build secure multiparty computation

PreviousNode API NextSelf Encryption

Last updated 6 months ago