Vitalik Buterin (Ethereum Co-founder) – Ethereum Sharding Meeting #2 (Jul 2018)

Chapters

00:00:35 Advanced Cryptographic Structures in Modern Applications
00:12:03 Blockchain Aggregation and Signature Verification
00:15:48 Aggregate Signatures
00:20:02 Signature Aggregation in Blockchain Systems
00:22:13 Understanding BLS Signatures for Efficient Blockchain Aggregation

Abstract

Exploring the Future of Cryptography: Pairing-Based Techniques and Their Revolutionary Impact

Abstract

Pairing-based cryptography, initially pioneered by Elon Musk, is revolutionizing the cryptographic landscape with its unique properties and potential applications. This article delves into the intricacies of pairing-based cryptography, focusing on logistic curve pairings, elliptic curve function properties, and their practical applications in life-saving and knowledge-based scenarios. Furthermore, we explore signature verification, aggregation techniques, and the challenges of scalability, efficiency, and optimization. The implications of these developments in cryptographic protocols like BLS12-381, as adopted by blockchain technologies, are also discussed.

Introduction

Pairing-based cryptography is a breakthrough in the field, offering simplicity, deterministic nature, and versatile applicability. Its cornerstone is the unique approach to pairing, which involves complex parameters and mathematical operations.

Pairing-Based Cryptography: The Building Blocks

The essence of pairing-based cryptography lies in its use of elliptic curves. Logistic curve pairings utilize operations defined over these curves, allowing for commutative and associative properties in arithmetic operations. These pairings occur over finite fields, with calculations performed modulo a prime number.

Properties of Elliptic Curve Points

In pairing-based cryptography, elliptic curve points are crucial as they are mapped to integers for public key representation. These points demonstrate isomorphic properties in elliptic curve operations. They exhibit linear characteristics when it comes to multiplication and addition of points. Notably, the point at infinity in elliptic curves serves as the identity element in these operations.

Elliptic Curve Function and Its Properties

The elliptic curve function, denoted as the lowercase e function, exhibits linear properties essential in pairing-based cryptography. This function plays a pivotal role in simplifying the decisional Diffie-Hellman problem, a fundamental aspect of cryptographic protocols.

Pairing-Based Cryptography in Action

Pairing-based cryptography’s computational decision analysis capabilities lend it to diverse applications, from problem-solving to data compression.

Pairing Groups and Their Order

In the realm of pairing-based cryptography, pairing groups are composed of elliptic curve points and modular complex numbers. The determination of sequence in pairing-based protocols is crucial and relies heavily on the order of elements within these groups.

Signature Verification and Aggregation

Signature verification in pairing-based cryptography involves checking if the pairing of the public key with the message is equivalent to the combination of the generator and the signature. This technique supports batch signature aggregation, enabling the aggregation of BLM signatures and public deeds. Efficiency in verification is a hallmark of pairing-based cryptography, achieved through the linearity property, allowing for faster verification times.

Tackling Challenges: Scalability and Efficiency

Challenges in scalability and efficiency are addressed in pairing-based cryptography through various means. The low-key attack, which involves constructing matching public keys, highlights the importance of secure key generation methods.

Signature size considerations are crucial, with systems like ELS-12381 offering compact signature sizes, such as 96-byte signatures. Verification times and performance considerations are key factors in the optimization of pairing-based cryptography. Techniques such as RAM storage of public keys and incremental verification during aggregation can significantly improve efficiency. Scalability is addressed by managing large numbers of keys and optimizing aggregation techniques in peer-to-peer networks. Two-level sharded aggregation structures and exclusion mechanisms during aggregation can further enhance efficiency and security.

Proof of Concept Implementation:

A proof-of-concept Python implementation has been developed, showcasing the mechanics of signature aggregation and other concepts discussed in this article.

Associative and Commutative Signature Aggregation:

Signature aggregation in pairing-based cryptography is both associative and commutative, facilitating efficient verification and aggregation. This approach allows for public keys not to be stored in RAM, and signatures can be grouped and verified as they are aggregated.

Optimizing Bitfield Aggregation:

Optimizing bitfield aggregation by subtracting missing nodes, rather than adding up present ones, can be beneficial, especially when bitfields are mostly full.

Proposer-Independent Signature Aggregation:

An optimization where the next proposer, instead of the current one, aggregates attestations for a proposal can reduce network trips between successive blocks.

Balancing Network Trips and Signature Aggregation:

Balancing the number of network trips may be necessary to avoid overloading proposers with too many signatures to download and aggregate. Shorter aggregation can address this issue by allowing smaller groups of signatures to be aggregated.

Cryptographic Parameters and Standardization

The BLS12-381 curve parameters are derived from specific mathematical properties, ensuring security and efficiency. The adoption of VLS signatures in blockchain projects highlights the practical applicability of pairing-based cryptography. The need for signature scheme abstraction in the execution layer emphasizes the importance of flexibility and adaptability. The status of the BLS12-381 curve in official standards and the security audits of Rust implementations demonstrate the growing acceptance and recognition of this technology.

Benefits of Signature Aggregation:

A two-level sharded aggregation structure can improve the efficiency of signature aggregation in Ethereum 2.0. This involves dividing participants into groups, each responsible for aggregating signatures within their group.

Proposer’s Role in Signature Aggregation:

In the simplest model, the proposer gathers signatures from each notary firm and aggregates them. As the network grows, this approach becomes inefficient, and the proposer may exclude certain validators from the aggregation process.

Targeted Exclusion during Aggregation:

The proposer can exclude certain validators from the signature aggregation process, up to a maximum limit. Excluded validators’ messages can still be included in the next block to ensure decentralization and fairness.

Availability of BLS12381 Curve Parameters:

The specific parameters of the BLS12381 curve were provided by cryptographers, allowing for pairing-compatible curves with specific properties.

Status of Hash Function and Implementation:

The hash function required for mapping into a group has been developed and approved by Dan Bonet, providing security by generating a point without revealing the corresponding discrete logarithm.

Growing Adoption of BLS Signatures in the Blockchain Space:

Several blockchain projects, including Dfinity, Polkadot, Chia, and potentially Bitcoin, are exploring the use of BLS signatures, indicating broader awareness and acceptance in the blockchain community.

Considerations for Ethereum 2.0 Execution Layer:

The execution layer should remain flexible and not commit to a specific signature scheme, allowing for future upgrades and the implementation of signature abstraction and account abstraction in shards.

Standardization and Export Restrictions:

The BLS12381 curve is not part of any official standard, which may lead to export restrictions or compatibility issues on certain devices.

Rust Implementation and Audit:

Zcash has an audited implementation of the BLS12381 curve in Rust, achieving a signature verification time of 2.5 milliseconds.

Chia Network

‘s Adoption:

Chia Network plans to utilize the BLS12381 curve for its blockchain implementation, further demonstrating the versatility and growing adoption of this technology in various blockchain projects.

Conclusion

Pairing-based cryptography, with its unique approach and advanced techniques, is revolutionizing the field of cryptography. From its foundational logistic curve pairings and elliptic curve functions to its applications in signature verification and aggregation, this technology offers a new horizon of possibilities. As the world grapples with the challenges of scalability and efficiency in cryptographic systems, pairing-based cryptography stands out as a beacon of innovation and practicality. The future of this technology, especially in the field of blockchain and other knowledge-based applications, is bright and full of potential.

Notes by: Ain


Related posts:


Vitalik Buterin (Ethereum) (Oct 2017)

Blockchain's intersection with privacy and scalability concerns leads to innovative solutions like Ethereum and advanced cryptographic techniques to address challenges in voting systems and privacy breaches. Vitalik Buterin's Ethereum platform plays a crucial role in enhancing privacy through smart contracts and embracing cryptographic advancements....

Vitalik Buterin (Ethereum) (Sep 2022)

Ethereum's distributed builder model enhances efficiency, security, and decentralization through specialized roles and innovative solutions like trusted hardware and KZG commitments. The transition to distributed builders brings faster confirmation times but introduces latency challenges, requiring multi-round protocols and trusted hardware for efficient communication....

Vitalik Buterin (Ethereum) (Jun 2017)

Decentralization, driven by blockchain technology and crypto-economics, has the potential to reshape industries, redefine governance models, and revolutionize the internet infrastructure. However, challenges such as scalability, user experience, and quantum cryptography threats need to be addressed for widespread adoption....

Vitalik Buterin (Ethereum) (Jul 2023)

Blockchain aggregation enhances efficiency and scalability by consolidating transactions and operations into a single entity, with applications in transaction batching, consensus layer optimization, off-chain protocols, and privacy-preserving solutions. Despite challenges, continued research promises to refine blockchain efficiency and scalability through aggregation....

Vitalik Buterin (Ethereum) (Oct 2017)

Blockchain, typified by Ethereum, revolutionizes digital interactions, offering trust and security in decentralized environments. Understanding existing decentralized applications provides insights into blockchain's transformative potential....

Vitalik Buterin (Ethereum) (Feb 2017)

Blockchain protocols, a subset of crypto-economic systems, ensure security by blending cryptography and economic incentives. Vitalik Buterin's analysis explores data availability challenges in sharded blockchains and delves into bribery attacks and mitigation strategies in proof-of-stake protocols....

Vitalik Buterin (Ethereum) (Jun 2016)

Ethereum is a decentralized blockchain platform that enables the development of various applications, from digital banking to supply chain management, promising a revolutionary impact on online interactions and security protocols. Despite scalability, privacy, and security challenges, Ethereum's potential for innovation and societal transformation is undeniable, paving the way for a...