Paper 2022/1611

Efficient Aggregatable BLS Signatures with Chaum-Pedersen Proofs

Jeff Burdges, Web3 Foundation
Oana Ciobotaru, OpenZeppelin
Syed Lavasani, Web3 Foundation
Alistair Stewart, Web3 Foundation

BLS signatures have fast aggregated signature verification but slow individual signature verification. We propose a three part optimisation that dramatically reduces CPU time in large distributed system using BLS signatures: First, public keys should be given on both source groups $\mathbb{G}_1$ and $\mathbb{G}_2$, with a proof-of-possession check for correctness. Second, aggregated BLS signatures should carry their particular aggregate public key in $\mathbb{G}_2$, so that verifiers can do both hash-to-curve and aggregate public key checks in $\mathbb{G}_1$. Third, individual non-aggregated BLS signatures should carry short Chaum-Pedersen DLEQ proofs of correctness, so that verifying individual signatures no longer requires pairings, which makes their verification much faster. We prove security for these optimisations. The proposed scheme is implemented and benchmarked to compare with classic BLS scheme.

Note: Some corrections. Change of affiliation for second author.

Available format(s)
Cryptographic protocols
Publication info
aggregated BLS signaturesproofs-of-possessionChaum-Pedersen proofsefficient verification
Contact author(s)
jeff @ web3 foundation
oana ciobotaru @ gmail com
syed @ web3 foundation
stewart al @ gmail com
2023-09-19: last of 10 revisions
2022-11-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jeff Burdges and Oana Ciobotaru and Syed Lavasani and Alistair Stewart},
      title = {Efficient Aggregatable BLS Signatures with Chaum-Pedersen Proofs},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1611},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.