Skip to main content
@tevm/voltaire
@tevm/voltaire / crypto/Bls12381

crypto/Bls12381

Namespaces

Classes

Bls12381Error

Defined in: src/crypto/Bls12381/errors.js:12 Base error class for BLS12-381 operations

Extends

  • Error

Extended by

Constructors

Constructor
new Bls12381Error(message): Bls12381Error
Defined in: src/crypto/Bls12381/errors.js:16
Parameters
message
string
Returns
Bls12381Error
Overrides
Error.constructor

Properties

name
name: string
Defined in: src/crypto/Bls12381/errors.js:18
Inherited from
Error.name

InvalidFieldElementError

Defined in: src/crypto/Bls12381/errors.js:58 Error thrown when field element is invalid

Extends

Constructors

Constructor
new InvalidFieldElementError(reason?): InvalidFieldElementError
Defined in: src/crypto/Bls12381/errors.js:62
Parameters
reason?
string
Returns
InvalidFieldElementError
Overrides
Bls12381Error.constructor

Properties

name
name: string
Defined in: src/crypto/Bls12381/errors.js:64
Inherited from
Bls12381Error.name

InvalidPointError

Defined in: src/crypto/Bls12381/errors.js:25 Error thrown when a point is not on the curve

Extends

Constructors

Constructor
new InvalidPointError(): InvalidPointError
Defined in: src/crypto/Bls12381/errors.js:26
Returns
InvalidPointError
Overrides
Bls12381Error.constructor

Properties

name
name: string
Defined in: src/crypto/Bls12381/errors.js:28
Inherited from
Bls12381Error.name

InvalidScalarError

Defined in: src/crypto/Bls12381/errors.js:45 Error thrown when a scalar is invalid

Extends

Constructors

Constructor
new InvalidScalarError(reason?): InvalidScalarError
Defined in: src/crypto/Bls12381/errors.js:49
Parameters
reason?
string
Returns
InvalidScalarError
Overrides
Bls12381Error.constructor

Properties

name
name: string
Defined in: src/crypto/Bls12381/errors.js:51
Inherited from
Bls12381Error.name

InvalidSubgroupError

Defined in: src/crypto/Bls12381/errors.js:35 Error thrown when a point is not in the correct subgroup

Extends

Constructors

Constructor
new InvalidSubgroupError(): InvalidSubgroupError
Defined in: src/crypto/Bls12381/errors.js:36
Returns
InvalidSubgroupError
Overrides
Bls12381Error.constructor

Properties

name
name: string
Defined in: src/crypto/Bls12381/errors.js:38
Inherited from
Bls12381Error.name

PairingError

Defined in: src/crypto/Bls12381/errors.js:71 Error thrown when pairing check fails

Extends

Constructors

Constructor
new PairingError(reason?): PairingError
Defined in: src/crypto/Bls12381/errors.js:75
Parameters
reason?
string
Returns
PairingError
Overrides
Bls12381Error.constructor

Properties

name
name: string
Defined in: src/crypto/Bls12381/errors.js:77
Inherited from
Bls12381Error.name

SignatureError

Defined in: src/crypto/Bls12381/errors.js:84 Error thrown when signature operation fails

Extends

Constructors

Constructor
new SignatureError(reason?): SignatureError
Defined in: src/crypto/Bls12381/errors.js:88
Parameters
reason?
string
Returns
SignatureError
Overrides
Bls12381Error.constructor

Properties

name
name: string
Defined in: src/crypto/Bls12381/errors.js:90
Inherited from
Bls12381Error.name

Variables

B_G1

const B_G1: bigint = 4n
Defined in: src/crypto/Bls12381/constants.js:33 G1 curve coefficient b = 4 y^2 = x^3 + 4 over Fp

B_G2

const B_G2: object
Defined in: src/crypto/Bls12381/constants.js:41 G2 curve coefficient b = 4(1+i) y^2 = x^3 + 4(1+i) over Fp2 Represented as [4, 4] for the Fp2 element

Type Declaration

c0
c0: bigint
c1
c1: bigint

BLS_X

const BLS_X: bigint = 0xd201000000010000n
Defined in: src/crypto/Bls12381/constants.js:93 BLS parameter x (used in Miller loop) x = -0xd201000000010000 (negative)

BLS_X_IS_NEGATIVE

const BLS_X_IS_NEGATIVE: boolean = true
Defined in: src/crypto/Bls12381/constants.js:99 BLS parameter x is negative

Bls12381

const Bls12381: object
Defined in: src/crypto/Bls12381/Bls12381.js:104 Bls12381 main export

Type Declaration

aggregate()
aggregate: (signatures) => Uint8Array<ArrayBufferLike>
Aggregate multiple BLS signatures into one The aggregated signature can be verified against an aggregated public key (when all signers signed the same message) or via batch verification (when signers signed different messages).
Parameters
signatures
Uint8Array<ArrayBufferLike>[] Array of compressed G1 signatures (48 bytes each)
Returns
Uint8Array<ArrayBufferLike> Aggregated signature (48 bytes compressed G1)
Throws
If aggregation fails or no signatures provided
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const message = new TextEncoder().encode('Vote for proposal');

const pk1 = Bls12381.randomPrivateKey();
const pk2 = Bls12381.randomPrivateKey();

const sig1 = Bls12381.sign(message, pk1);
const sig2 = Bls12381.sign(message, pk2);

const aggSig = Bls12381.aggregate([sig1, sig2]);
aggregatePublicKeys()
aggregatePublicKeys: (publicKeys) => Uint8Array<ArrayBufferLike>
Aggregate multiple public keys into one Used when multiple signers sign the same message and you want to verify against a single aggregated public key.
Parameters
publicKeys
Uint8Array<ArrayBufferLike>[] Array of compressed G2 public keys (96 bytes each)
Returns
Uint8Array<ArrayBufferLike> Aggregated public key (96 bytes compressed G2)
Throws
If aggregation fails or no public keys provided
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const pk1 = Bls12381.randomPrivateKey();
const pk2 = Bls12381.randomPrivateKey();

const pubKey1 = Bls12381.derivePublicKey(pk1);
const pubKey2 = Bls12381.derivePublicKey(pk2);

const aggPubKey = Bls12381.aggregatePublicKeys([pubKey1, pubKey2]);
aggregateVerify()
aggregateVerify: (aggregatedSignature, message, publicKeys) => boolean
Verify an aggregated signature where all signers signed the same message This is the most common case in Ethereum consensus - multiple validators sign the same block/attestation.
Parameters
aggregatedSignature
Uint8Array<ArrayBufferLike> Aggregated signature (96 bytes)
message
Uint8Array<ArrayBufferLike> The message that was signed by all parties
publicKeys
Uint8Array<ArrayBufferLike>[] Public keys of all signers (48 bytes each)
Returns
boolean True if the aggregated signature is valid
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const message = new TextEncoder().encode('Block attestation');

const pk1 = Bls12381.randomPrivateKey();
const pk2 = Bls12381.randomPrivateKey();
const pubKey1 = Bls12381.derivePublicKey(pk1);
const pubKey2 = Bls12381.derivePublicKey(pk2);

const sig1 = Bls12381.sign(message, pk1);
const sig2 = Bls12381.sign(message, pk2);
const aggSig = Bls12381.aggregate([sig1, sig2]);

const isValid = Bls12381.aggregateVerify(aggSig, message, [pubKey1, pubKey2]);
console.log(isValid); // true
batchVerify()
batchVerify: (aggregatedSignature, messages, publicKeys) => boolean
Verify an aggregated signature where each signer signed a different message Uses multi-pairing verification: product of e(pk_i, H(msg_i)) == e(G1, aggSig)
Parameters
aggregatedSignature
Uint8Array<ArrayBufferLike> Aggregated signature (96 bytes)
messages
Uint8Array<ArrayBufferLike>[] Messages that were signed (one per signer)
publicKeys
Uint8Array<ArrayBufferLike>[] Public keys (one per signer, same order as messages)
Returns
boolean True if the aggregated signature is valid
Throws
If messages and publicKeys have different lengths
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const pk1 = Bls12381.randomPrivateKey();
const pk2 = Bls12381.randomPrivateKey();
const pubKey1 = Bls12381.derivePublicKey(pk1);
const pubKey2 = Bls12381.derivePublicKey(pk2);

const msg1 = new TextEncoder().encode('Message 1');
const msg2 = new TextEncoder().encode('Message 2');

const sig1 = Bls12381.sign(msg1, pk1);
const sig2 = Bls12381.sign(msg2, pk2);
const aggSig = Bls12381.aggregate([sig1, sig2]);

const isValid = Bls12381.batchVerify(aggSig, [msg1, msg2], [pubKey1, pubKey2]);
console.log(isValid); // true
derivePublicKey()
derivePublicKey: (privateKey) => Uint8Array<ArrayBufferLike>
Derive a BLS12-381 public key from a private key Public key = privateKey * G2_generator
Parameters
privateKey
Uint8Array<ArrayBufferLike> 32-byte private key (scalar in Fr)
Returns
Uint8Array<ArrayBufferLike> Compressed G2 public key (96 bytes)
Throws
If private key is invalid
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const privateKey = Bls12381.randomPrivateKey();
const publicKey = Bls12381.derivePublicKey(privateKey);
console.log(publicKey.length); // 96
derivePublicKeyPoint()
derivePublicKeyPoint: (privateKey) => Bls12381G1PointType
Derive a BLS12-381 public key as a G1 point (uncompressed)
Parameters
privateKey
Uint8Array<ArrayBufferLike> 32-byte private key
Returns
Bls12381G1PointType Public key as G1 point
Throws
If private key is invalid
fastAggregateVerify()
fastAggregateVerify: (aggregatedSignature, message, aggregatedPublicKey) => boolean
Fast aggregate verify (same message case) Optimized for the common case where all signers signed the same message. This is faster than aggregateVerify when you already have the aggregated public key.
Parameters
aggregatedSignature
Uint8Array<ArrayBufferLike> Aggregated signature (96 bytes)
message
Uint8Array<ArrayBufferLike> The message that was signed
aggregatedPublicKey
Uint8Array<ArrayBufferLike> Pre-computed aggregated public key (48 bytes)
Returns
boolean True if valid
Fp
Fp: Fp
Fp2
Fp2: Fp2
Fr
Fr: Fr
G1
G1: G1
G2
G2: G2
isValidPrivateKey()
isValidPrivateKey: (privateKey) => boolean
Check if a private key is valid A valid private key must be:
  • 32 bytes
  • Non-zero
  • Less than the curve order (Fr modulus)
Parameters
privateKey
Uint8Array<ArrayBufferLike> Private key to validate
Returns
boolean True if valid
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const pk = Bls12381.randomPrivateKey();
console.log(Bls12381.isValidPrivateKey(pk)); // true

const invalid = new Uint8Array(32); // all zeros
console.log(Bls12381.isValidPrivateKey(invalid)); // false
Pairing
Pairing: Pairing
BLS12-381 Pairing Operations Optimal Ate pairing implementation for BLS12-381. e: G1 x G2 -> GT NOTE: Full pairing implementation requires Fp6, Fp12 tower extensions and Miller loop computation. For production use, the native blst library should be used via the Zig FFI bindings. This module provides the interface and simplified implementations for testing and educational purposes.
See
https://hackmd.io/@benjaminion/bls12-381 for pairing details
Since
0.0.0
randomPrivateKey()
randomPrivateKey: () => Uint8Array<ArrayBufferLike>
Generate a random BLS12-381 private key Uses cryptographically secure random number generation. The key is guaranteed to be valid (non-zero and less than curve order).
Returns
Uint8Array<ArrayBufferLike> 32-byte private key
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const privateKey = Bls12381.randomPrivateKey();
const publicKey = Bls12381.derivePublicKey(privateKey);
sign()
sign: (message, privateKey) => Uint8Array<ArrayBufferLike>
Sign a message using BLS12-381 Uses the Ethereum consensus “short signatures” scheme:
  • Signature = privateKey * H(message) where H maps to G1
  • Signatures are 48 bytes (compressed G1 point)
Parameters
message
Uint8Array<ArrayBufferLike> Message to sign
privateKey
Uint8Array<ArrayBufferLike> 32-byte private key (scalar in Fr)
Returns
Uint8Array<ArrayBufferLike> Signature as compressed G1 point (48 bytes)
Throws
If private key is invalid
Throws
If signing fails
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const privateKey = Bls12381.randomPrivateKey();
const message = new TextEncoder().encode('Hello, Ethereum!');
const signature = Bls12381.sign(message, privateKey);
signPoint()
signPoint: (messagePoint, privateKey) => Bls12381G2PointType
Sign a pre-hashed message (G2 point) using BLS12-381 For advanced use when you have already hashed the message to G2.
Parameters
messagePoint
Bls12381G2PointType Message as G2 point
privateKey
Uint8Array<ArrayBufferLike> 32-byte private key (scalar in Fr)
Returns
Bls12381G2PointType Signature as G2 point (projective)
Throws
If private key is invalid
Throws
If signing fails
verify()
verify: (signature, message, publicKey) => boolean
Verify a BLS12-381 signature Uses pairing check for verification.
Parameters
signature
Uint8Array<ArrayBufferLike> Compressed G1 signature (48 bytes)
message
Uint8Array<ArrayBufferLike> Original message that was signed
publicKey
Uint8Array<ArrayBufferLike> Compressed G2 public key (96 bytes)
Returns
boolean True if signature is valid
Throws
If verification fails due to invalid inputs
Example
import { Bls12381 } from './crypto/Bls12381/index.js';

const privateKey = Bls12381.randomPrivateKey();
const publicKey = Bls12381.derivePublicKey(privateKey);
const message = new TextEncoder().encode('Hello!');
const signature = Bls12381.sign(message, privateKey);

const isValid = Bls12381.verify(signature, message, publicKey);
console.log(isValid); // true
verifyPoint()
verifyPoint: (signaturePoint, messagePoint, publicKeyPoint) => boolean
Verify a BLS signature with pre-computed points (advanced) For use when you have already deserialized the points.
Parameters
signaturePoint
Bls12381G2PointType Signature as G2 point
messagePoint
Bls12381G2PointType Message hash as G2 point
publicKeyPoint
Bls12381G1PointType Public key as G1 point
Returns
boolean True if signature is valid

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

// Generate keypair
const privateKey = Bls12381.randomPrivateKey();
const publicKey = Bls12381.derivePublicKey(privateKey);

// Sign and verify
const message = new TextEncoder().encode('Hello');
const signature = Bls12381.sign(message, privateKey);
const isValid = Bls12381.verify(signature, message, publicKey);

EMBEDDING_DEGREE

const EMBEDDING_DEGREE: number = 12
Defined in: src/crypto/Bls12381/constants.js:86 Embedding degree k = 12

FP_MOD

const FP_MOD: bigint = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn
Defined in: src/crypto/Bls12381/constants.js:17 Base field modulus p (381 bits) p = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab

FR_MOD

const FR_MOD: bigint = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001n
Defined in: src/crypto/Bls12381/constants.js:25 Scalar field modulus r (curve order, 255 bits) r = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001

G1_GENERATOR_X

const G1_GENERATOR_X: bigint = 0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bbn
Defined in: src/crypto/Bls12381/constants.js:47 G1 generator x-coordinate

G1_GENERATOR_Y

const G1_GENERATOR_Y: bigint = 0x08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1n
Defined in: src/crypto/Bls12381/constants.js:54 G1 generator y-coordinate

G2_COFACTOR

const G2_COFACTOR: bigint = 0x5d543a95414e7f1091d50792876a202cd91de4547085abaa68a205b2e5a7ddfa628f1cb4d9e82ef21537e293a6691ae1616ec6e786f0c70cf1c38e31c7238e5n
Defined in: src/crypto/Bls12381/constants.js:79 G2 cofactor h2 (large value)

G2_GENERATOR_X

const G2_GENERATOR_X: object
Defined in: src/crypto/Bls12381/constants.js:61 G2 generator x-coordinate (Fp2 element)

Type Declaration

c0
c0: bigint
c1
c1: bigint

G2_GENERATOR_Y

const G2_GENERATOR_Y: object
Defined in: src/crypto/Bls12381/constants.js:70 G2 generator y-coordinate (Fp2 element)

Type Declaration

c0
c0: bigint
c1
c1: bigint

Functions

aggregate()

aggregate(signatures): Uint8Array<ArrayBufferLike>
Defined in: src/crypto/Bls12381/aggregate.js:43 Aggregate multiple BLS signatures into one The aggregated signature can be verified against an aggregated public key (when all signers signed the same message) or via batch verification (when signers signed different messages).

Parameters

signatures
Uint8Array<ArrayBufferLike>[] Array of compressed G1 signatures (48 bytes each)

Returns

Uint8Array<ArrayBufferLike> Aggregated signature (48 bytes compressed G1)

Throws

If aggregation fails or no signatures provided

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const message = new TextEncoder().encode('Vote for proposal');

const pk1 = Bls12381.randomPrivateKey();
const pk2 = Bls12381.randomPrivateKey();

const sig1 = Bls12381.sign(message, pk1);
const sig2 = Bls12381.sign(message, pk2);

const aggSig = Bls12381.aggregate([sig1, sig2]);

aggregatePublicKeys()

aggregatePublicKeys(publicKeys): Uint8Array<ArrayBufferLike>
Defined in: src/crypto/Bls12381/aggregate.js:89 Aggregate multiple public keys into one Used when multiple signers sign the same message and you want to verify against a single aggregated public key.

Parameters

publicKeys
Uint8Array<ArrayBufferLike>[] Array of compressed G2 public keys (96 bytes each)

Returns

Uint8Array<ArrayBufferLike> Aggregated public key (96 bytes compressed G2)

Throws

If aggregation fails or no public keys provided

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const pk1 = Bls12381.randomPrivateKey();
const pk2 = Bls12381.randomPrivateKey();

const pubKey1 = Bls12381.derivePublicKey(pk1);
const pubKey2 = Bls12381.derivePublicKey(pk2);

const aggPubKey = Bls12381.aggregatePublicKeys([pubKey1, pubKey2]);

aggregateVerify()

aggregateVerify(aggregatedSignature, message, publicKeys): boolean
Defined in: src/crypto/Bls12381/aggregateVerify.js:47 Verify an aggregated signature where all signers signed the same message This is the most common case in Ethereum consensus - multiple validators sign the same block/attestation.

Parameters

aggregatedSignature
Uint8Array<ArrayBufferLike> Aggregated signature (96 bytes)
message
Uint8Array<ArrayBufferLike> The message that was signed by all parties
publicKeys
Uint8Array<ArrayBufferLike>[] Public keys of all signers (48 bytes each)

Returns

boolean True if the aggregated signature is valid

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const message = new TextEncoder().encode('Block attestation');

const pk1 = Bls12381.randomPrivateKey();
const pk2 = Bls12381.randomPrivateKey();
const pubKey1 = Bls12381.derivePublicKey(pk1);
const pubKey2 = Bls12381.derivePublicKey(pk2);

const sig1 = Bls12381.sign(message, pk1);
const sig2 = Bls12381.sign(message, pk2);
const aggSig = Bls12381.aggregate([sig1, sig2]);

const isValid = Bls12381.aggregateVerify(aggSig, message, [pubKey1, pubKey2]);
console.log(isValid); // true

batchVerify()

batchVerify(aggregatedSignature, messages, publicKeys): boolean
Defined in: src/crypto/Bls12381/aggregateVerify.js:105 Verify an aggregated signature where each signer signed a different message Uses multi-pairing verification: product of e(pk_i, H(msg_i)) == e(G1, aggSig)

Parameters

aggregatedSignature
Uint8Array<ArrayBufferLike> Aggregated signature (96 bytes)
messages
Uint8Array<ArrayBufferLike>[] Messages that were signed (one per signer)
publicKeys
Uint8Array<ArrayBufferLike>[] Public keys (one per signer, same order as messages)

Returns

boolean True if the aggregated signature is valid

Throws

If messages and publicKeys have different lengths

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const pk1 = Bls12381.randomPrivateKey();
const pk2 = Bls12381.randomPrivateKey();
const pubKey1 = Bls12381.derivePublicKey(pk1);
const pubKey2 = Bls12381.derivePublicKey(pk2);

const msg1 = new TextEncoder().encode('Message 1');
const msg2 = new TextEncoder().encode('Message 2');

const sig1 = Bls12381.sign(msg1, pk1);
const sig2 = Bls12381.sign(msg2, pk2);
const aggSig = Bls12381.aggregate([sig1, sig2]);

const isValid = Bls12381.batchVerify(aggSig, [msg1, msg2], [pubKey1, pubKey2]);
console.log(isValid); // true

derivePublicKey()

derivePublicKey(privateKey): Uint8Array<ArrayBufferLike>
Defined in: src/crypto/Bls12381/derivePublicKey.js:38 Derive a BLS12-381 public key from a private key Public key = privateKey * G2_generator

Parameters

privateKey
Uint8Array<ArrayBufferLike> 32-byte private key (scalar in Fr)

Returns

Uint8Array<ArrayBufferLike> Compressed G2 public key (96 bytes)

Throws

If private key is invalid

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const privateKey = Bls12381.randomPrivateKey();
const publicKey = Bls12381.derivePublicKey(privateKey);
console.log(publicKey.length); // 96

derivePublicKeyPoint()

derivePublicKeyPoint(privateKey): Bls12381G1PointType
Defined in: src/crypto/Bls12381/derivePublicKey.js:80 Derive a BLS12-381 public key as a G1 point (uncompressed)

Parameters

privateKey
Uint8Array<ArrayBufferLike> 32-byte private key

Returns

Bls12381G1PointType Public key as G1 point

Throws

If private key is invalid

fastAggregateVerify()

fastAggregateVerify(aggregatedSignature, message, aggregatedPublicKey): boolean
Defined in: src/crypto/Bls12381/aggregateVerify.js:148 Fast aggregate verify (same message case) Optimized for the common case where all signers signed the same message. This is faster than aggregateVerify when you already have the aggregated public key.

Parameters

aggregatedSignature
Uint8Array<ArrayBufferLike> Aggregated signature (96 bytes)
message
Uint8Array<ArrayBufferLike> The message that was signed
aggregatedPublicKey
Uint8Array<ArrayBufferLike> Pre-computed aggregated public key (48 bytes)

Returns

boolean True if valid

isValidPrivateKey()

isValidPrivateKey(privateKey): boolean
Defined in: src/crypto/Bls12381/randomPrivateKey.js:55 Check if a private key is valid A valid private key must be:
  • 32 bytes
  • Non-zero
  • Less than the curve order (Fr modulus)

Parameters

privateKey
Uint8Array<ArrayBufferLike> Private key to validate

Returns

boolean True if valid

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const pk = Bls12381.randomPrivateKey();
console.log(Bls12381.isValidPrivateKey(pk)); // true

const invalid = new Uint8Array(32); // all zeros
console.log(Bls12381.isValidPrivateKey(invalid)); // false

randomPrivateKey()

randomPrivateKey(): Uint8Array<ArrayBufferLike>
Defined in: src/crypto/Bls12381/randomPrivateKey.js:29 Generate a random BLS12-381 private key Uses cryptographically secure random number generation. The key is guaranteed to be valid (non-zero and less than curve order).

Returns

Uint8Array<ArrayBufferLike> 32-byte private key

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const privateKey = Bls12381.randomPrivateKey();
const publicKey = Bls12381.derivePublicKey(privateKey);

sign()

sign(message, privateKey): Uint8Array<ArrayBufferLike>
Defined in: src/crypto/Bls12381/sign.js:44 Sign a message using BLS12-381 Uses the Ethereum consensus “short signatures” scheme:
  • Signature = privateKey * H(message) where H maps to G1
  • Signatures are 48 bytes (compressed G1 point)

Parameters

message
Uint8Array<ArrayBufferLike> Message to sign
privateKey
Uint8Array<ArrayBufferLike> 32-byte private key (scalar in Fr)

Returns

Uint8Array<ArrayBufferLike> Signature as compressed G1 point (48 bytes)

Throws

If private key is invalid

Throws

If signing fails

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const privateKey = Bls12381.randomPrivateKey();
const message = new TextEncoder().encode('Hello, Ethereum!');
const signature = Bls12381.sign(message, privateKey);

signPoint()

signPoint(messagePoint, privateKey): Bls12381G2PointType
Defined in: src/crypto/Bls12381/sign.js:91 Sign a pre-hashed message (G2 point) using BLS12-381 For advanced use when you have already hashed the message to G2.

Parameters

messagePoint
Bls12381G2PointType Message as G2 point
privateKey
Uint8Array<ArrayBufferLike> 32-byte private key (scalar in Fr)

Returns

Bls12381G2PointType Signature as G2 point (projective)

Throws

If private key is invalid

Throws

If signing fails

verify()

verify(signature, message, publicKey): boolean
Defined in: src/crypto/Bls12381/verify.js:41 Verify a BLS12-381 signature Uses pairing check for verification.

Parameters

signature
Uint8Array<ArrayBufferLike> Compressed G1 signature (48 bytes)
message
Uint8Array<ArrayBufferLike> Original message that was signed
publicKey
Uint8Array<ArrayBufferLike> Compressed G2 public key (96 bytes)

Returns

boolean True if signature is valid

Throws

If verification fails due to invalid inputs

Example

import { Bls12381 } from './crypto/Bls12381/index.js';

const privateKey = Bls12381.randomPrivateKey();
const publicKey = Bls12381.derivePublicKey(privateKey);
const message = new TextEncoder().encode('Hello!');
const signature = Bls12381.sign(message, privateKey);

const isValid = Bls12381.verify(signature, message, publicKey);
console.log(isValid); // true

verifyPoint()

verifyPoint(signaturePoint, messagePoint, publicKeyPoint): boolean
Defined in: src/crypto/Bls12381/verify.js:78 Verify a BLS signature with pre-computed points (advanced) For use when you have already deserialized the points.

Parameters

signaturePoint
Bls12381G2PointType Signature as G2 point
messagePoint
Bls12381G2PointType Message hash as G2 point
publicKeyPoint
Bls12381G1PointType Public key as G1 point

Returns

boolean True if signature is valid

References

Fp2Type

Renames and re-exports Bls12381Fp2Type

G1PointType

Renames and re-exports Bls12381G1PointType

G2PointType

Renames and re-exports Bls12381G2PointType