You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FIP-0086: Specify and update signature and signature aggregation (#1064)
* FIP-0086: Specify and update signature and signature aggregation
This commit:
1. Specifies the BLS curve used by F3.
2. Specifies the aggregation scheme.
3. Tweaks the aggregation scheme to use all public keys from the
committee when computing the aggregation coefficients for better
performance.
This change does not change how F3 consensus works, it just makes the
protocol more efficient.
See filecoin-project/go-f3#592
* Apply suggestions from code review
Co-authored-by: Jorge M. Soares <[email protected]>
Co-authored-by: Masih H. Derkani <[email protected]>
---------
Co-authored-by: Jorge M. Soares <[email protected]>
Co-authored-by: Masih H. Derkani <[email protected]>
Copy file name to clipboardExpand all lines: FIPS/fip-0086.md
+17Lines changed: 17 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -801,6 +801,23 @@ This protocol uses merkle trees as vector commitments to commit to both (a) the
801
801
802
802
In this tree, a proof that some value `v` is committed to at index `i` in the merkle tree rooted at `r` comprises the "uncles" (the branches not taken) of the merkle path from `v` to `r` (bottom to top). This algorithm is best described in [code](../resources/fip-0086/merkletree.go).
803
803
804
+
### Signatures and Signature Aggregation
805
+
806
+
This protocol uses BLS signatures. Specifically, it uses the BLS12-381 curve where G2 is used for signatures and G1 is used for public keys.
807
+
808
+
For aggregation, it uses the [BDN][bdn] signature aggregation scheme with BLAKE2X XOF as the hash function to generate the coefficients. Implementations should use [go.dedis.ch/kyber/v4](https://pkg.go.dev/go.dedis.ch/kyber/v4/sign/bdn) for reference.
809
+
810
+
Signatures and public keys are aggregated by:
811
+
812
+
1. Collecting all public keys from the committee for the current instance, ordered by power descending.
813
+
* In cases of equal power, ordered by actor ID ascending.
814
+
2. Computing the coefficients given this set of public keys. The aggregation coefficients depend on all public keys, not just the public keys involved in a particular signature.
815
+
3. Finally, aggregating according to the [BDN][bdn] aggregation scheme.
816
+
817
+
Implementations should pre-compute the aggregation coefficients and the public key terms at the beginning of each instance as they can be reused for the duration of the instance and are expensive to compute.
0 commit comments