Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

BLS Signature

2 min read
Pronunciation
[bee-el-es sig-nuh-cher]
Analogy
BLS signatures are like a magical ink that lets multiple people sign a document in a way that all their signatures can merge into a single, compact signature that still verifies all the original signers. It's as if ten people each signed a contract, but instead of having ten separate signatures taking up space, all signatures combine into one small mark that cryptographically proves all ten people approved the document.
Definition
A digital signature scheme based on bilinear pairings on elliptic curves, named after its creators Boneh, Lynn, and Shacham. BLS signatures enable efficient signature aggregation, threshold signing, and non-interactive verification, making them valuable for blockchain consensus systems.
Key Points Intro
BLS signatures provide unique aggregation capabilities essential for scalable blockchain systems.
Key Points

Enables combining multiple signatures into a single, compact signature that verifies all signers.

Supports non-interactive distributed key generation and threshold signing.

Creates signatures roughly half the size of ECDSA for the same security level.

Provides deterministic signing without requiring additional randomness.

Example
In Ethereum 2.0's consensus mechanism, thousands of validators need to sign attestations for each block. Rather than including thousands of individual signatures in the blockchain, BLS signature aggregation allows all these signatures to be combined into a single signature of constant size (96 bytes), dramatically reducing bandwidth and storage requirements while maintaining security.
Technical Deep Dive
BLS signatures operate in elliptic curve groups that support bilinear pairings—a special mathematical mapping function e: G₁ × G₂ → G_T between three groups with the property e(g₁ᵃ, g₂ᵇ) = e(g₁, g₂)ᵃᵇ. The signing process involves: (1) Private key x is a random scalar; (2) Public key is pk = g₂ˣ where g₂ is a generator of G₂; (3) Signing maps a message to a point in G₁ using a hash function H, then computes signature σ = H(m)ˣ; (4) Verification checks if e(σ, g₂) = e(H(m), pk). BLS signatures enable multiple valuable properties: signature aggregation where σ_agg = σ₁ + σ₂ + ... + σₙ for multiple signatures on the same message; multi-signature schemes for signatures on different messages; threshold signing where t-of-n participants can create valid signatures; and non-interactivity where signers don't need to communicate. Implementation typically uses pairing-friendly curves like BLS12-381 (optimized for 128-bit security). While computationally more expensive for individual operations than ECDSA or EdDSA, the aggregation capabilities make BLS highly efficient for systems with many signers.
Security Warning
When implementing BLS signatures with aggregation, include the public keys in the message being signed to prevent rogue key attacks where an attacker claims others' public keys. Additionally, ensure signatures use domain separation parameters to prevent signatures from one application being valid in another context.
Caveat
While offering significant advantages, BLS signatures have higher computational costs for individual signature operations compared to ECDSA or EdDSA, particularly for verification which requires expensive pairing computations. Additionally, they rely on newer, less battle-tested cryptographic assumptions than more established signature schemes.
Related Terms
Threshold Cryptography
Pairing-based Cryptography
Elliptic Curve

BLS Signature - Related Articles

No related articles for this term.