Vitalik Buterin (Ethereum Co-founder) – Ethereum Sharding Meeting #2 (Jul 2018)
Chapters
Abstract
Exploring the Future of Cryptography: Pairing-Based Techniques and Their Revolutionary Impact
Abstract
Pairing-based cryptography, initially pioneered by Elon Musk, is revolutionizing the cryptographic landscape with its unique properties and potential applications. This article delves into the intricacies of pairing-based cryptography, focusing on logistic curve pairings, elliptic curve function properties, and their practical applications in life-saving and knowledge-based scenarios. Furthermore, we explore signature verification, aggregation techniques, and the challenges of scalability, efficiency, and optimization. The implications of these developments in cryptographic protocols like BLS12-381, as adopted by blockchain technologies, are also discussed.
Introduction
Pairing-based cryptography is a breakthrough in the field, offering simplicity, deterministic nature, and versatile applicability. Its cornerstone is the unique approach to pairing, which involves complex parameters and mathematical operations.
Pairing-Based Cryptography: The Building Blocks
The essence of pairing-based cryptography lies in its use of elliptic curves. Logistic curve pairings utilize operations defined over these curves, allowing for commutative and associative properties in arithmetic operations. These pairings occur over finite fields, with calculations performed modulo a prime number.
Properties of Elliptic Curve Points
In pairing-based cryptography, elliptic curve points are crucial as they are mapped to integers for public key representation. These points demonstrate isomorphic properties in elliptic curve operations. They exhibit linear characteristics when it comes to multiplication and addition of points. Notably, the point at infinity in elliptic curves serves as the identity element in these operations.
Elliptic Curve Function and Its Properties
The elliptic curve function, denoted as the lowercase e function, exhibits linear properties essential in pairing-based cryptography. This function plays a pivotal role in simplifying the decisional Diffie-Hellman problem, a fundamental aspect of cryptographic protocols.
Pairing-Based Cryptography in Action
Pairing-based cryptography’s computational decision analysis capabilities lend it to diverse applications, from problem-solving to data compression.
Pairing Groups and Their Order
In the realm of pairing-based cryptography, pairing groups are composed of elliptic curve points and modular complex numbers. The determination of sequence in pairing-based protocols is crucial and relies heavily on the order of elements within these groups.
Signature Verification and Aggregation
Signature verification in pairing-based cryptography involves checking if the pairing of the public key with the message is equivalent to the combination of the generator and the signature. This technique supports batch signature aggregation, enabling the aggregation of BLM signatures and public deeds. Efficiency in verification is a hallmark of pairing-based cryptography, achieved through the linearity property, allowing for faster verification times.
Tackling Challenges: Scalability and Efficiency
Challenges in scalability and efficiency are addressed in pairing-based cryptography through various means. The low-key attack, which involves constructing matching public keys, highlights the importance of secure key generation methods.
Signature size considerations are crucial, with systems like ELS-12381 offering compact signature sizes, such as 96-byte signatures. Verification times and performance considerations are key factors in the optimization of pairing-based cryptography. Techniques such as RAM storage of public keys and incremental verification during aggregation can significantly improve efficiency. Scalability is addressed by managing large numbers of keys and optimizing aggregation techniques in peer-to-peer networks. Two-level sharded aggregation structures and exclusion mechanisms during aggregation can further enhance efficiency and security.
Proof of Concept Implementation:
A proof-of-concept Python implementation has been developed, showcasing the mechanics of signature aggregation and other concepts discussed in this article.
Associative and Commutative Signature Aggregation:
Signature aggregation in pairing-based cryptography is both associative and commutative, facilitating efficient verification and aggregation. This approach allows for public keys not to be stored in RAM, and signatures can be grouped and verified as they are aggregated.
Optimizing Bitfield Aggregation:
Optimizing bitfield aggregation by subtracting missing nodes, rather than adding up present ones, can be beneficial, especially when bitfields are mostly full.
Proposer-Independent Signature Aggregation:
An optimization where the next proposer, instead of the current one, aggregates attestations for a proposal can reduce network trips between successive blocks.
Balancing Network Trips and Signature Aggregation:
Balancing the number of network trips may be necessary to avoid overloading proposers with too many signatures to download and aggregate. Shorter aggregation can address this issue by allowing smaller groups of signatures to be aggregated.
Cryptographic Parameters and Standardization
The BLS12-381 curve parameters are derived from specific mathematical properties, ensuring security and efficiency. The adoption of VLS signatures in blockchain projects highlights the practical applicability of pairing-based cryptography. The need for signature scheme abstraction in the execution layer emphasizes the importance of flexibility and adaptability. The status of the BLS12-381 curve in official standards and the security audits of Rust implementations demonstrate the growing acceptance and recognition of this technology.
Benefits of Signature Aggregation:
A two-level sharded aggregation structure can improve the efficiency of signature aggregation in Ethereum 2.0. This involves dividing participants into groups, each responsible for aggregating signatures within their group.
Proposer’s Role in Signature Aggregation:
In the simplest model, the proposer gathers signatures from each notary firm and aggregates them. As the network grows, this approach becomes inefficient, and the proposer may exclude certain validators from the aggregation process.
Targeted Exclusion during Aggregation:
The proposer can exclude certain validators from the signature aggregation process, up to a maximum limit. Excluded validators’ messages can still be included in the next block to ensure decentralization and fairness.
Availability of BLS12381 Curve Parameters:
The specific parameters of the BLS12381 curve were provided by cryptographers, allowing for pairing-compatible curves with specific properties.
Status of Hash Function and Implementation:
The hash function required for mapping into a group has been developed and approved by Dan Bonet, providing security by generating a point without revealing the corresponding discrete logarithm.
Growing Adoption of BLS Signatures in the Blockchain Space:
Several blockchain projects, including Dfinity, Polkadot, Chia, and potentially Bitcoin, are exploring the use of BLS signatures, indicating broader awareness and acceptance in the blockchain community.
Considerations for Ethereum 2.0 Execution Layer:
The execution layer should remain flexible and not commit to a specific signature scheme, allowing for future upgrades and the implementation of signature abstraction and account abstraction in shards.
Standardization and Export Restrictions:
The BLS12381 curve is not part of any official standard, which may lead to export restrictions or compatibility issues on certain devices.
Rust Implementation and Audit:
Zcash has an audited implementation of the BLS12381 curve in Rust, achieving a signature verification time of 2.5 milliseconds.
Chia Network
‘s Adoption:
Chia Network plans to utilize the BLS12381 curve for its blockchain implementation, further demonstrating the versatility and growing adoption of this technology in various blockchain projects.
Conclusion
Pairing-based cryptography, with its unique approach and advanced techniques, is revolutionizing the field of cryptography. From its foundational logistic curve pairings and elliptic curve functions to its applications in signature verification and aggregation, this technology offers a new horizon of possibilities. As the world grapples with the challenges of scalability and efficiency in cryptographic systems, pairing-based cryptography stands out as a beacon of innovation and practicality. The future of this technology, especially in the field of blockchain and other knowledge-based applications, is bright and full of potential.
Notes by: Ain