Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: BLS Signature Support #66

Open
captain-kark opened this issue Dec 4, 2019 · 20 comments
Open

Feature Request: BLS Signature Support #66

captain-kark opened this issue Dec 4, 2019 · 20 comments

Comments

@captain-kark
Copy link

Would it be possible to do something like add a C interface to https://github.com/Chia-Network/bls-signatures and release the capability to create BLS signatures in a firmware update?

This would be a great addition to the product. If you're able to devote time to it, I would be greatly appreciative, as there are next to none HSMs which boast BLS signature support, and a mature operating platform.

Thanks!

@kobigurk
Copy link

kobigurk commented Dec 5, 2019

I'd like to second that direction! Though with another curve, or possibly both.

We're working on an embedded, constant-time version of BLS12-377 signing here: https://github.com/celo-org/bls-embedded/. We have code that works both on the thumb and armv7 instruction sets.

I think having BLS signature support for both BLS12-377 and BLS12-381 would be of great benefit to the community across many projects - some use them for consensus, some use them for application level security.

@a-dma
Copy link
Member

a-dma commented Dec 10, 2019

Hi, what applications use/require this kind of signatures? Are they standardized or approved in any way? Or will they be? I'm not familiar with this signature scheme.

While I like the idea of supporting more applications, adding functionalities to the device itself is a long a complex procedure. And once a functionality is added, it is really hard to remove support for it.

I don't want to shoot down good ideas and suggestions, but it would have to be a really compelling case.

@kobigurk
Copy link

Standardization is underway: https://tools.ietf.org/html/draft-irtf-cfrg-bls-signature-00

BLS signatures have a compelling feature of non-interactive aggregation - signatures, either for the same message or different messages, can be aggregated by anyone into a single signature. In the case of the same message, it’s as efficient as verifying a single signature.

It’s being deployed in some places, e.g. to produce non-biasable randomness and in blockchain networks.

@a-dma
Copy link
Member

a-dma commented Dec 10, 2019

Thanks for the reply.

I think this can be revisited when the standardization process has successfully ended and there is evidence of a widespread adoption.

@captain-kark
Copy link
Author

@a-dma Do you have a procedure for distributing beta firmware in some other release channel, with reduced support and backwards compatibility guarantees? Also, would this imply that users need to acquire a similarly "beta" hardware device, with reduced protection from firmware update attacks? I'd be interested in such a program, if it exists.

I'll reopen the issue once the standardization process has successfully ended. At that time we can figure out what it would take to sufficiently prove widespread adoption.

@a-dma
Copy link
Member

a-dma commented Dec 10, 2019

I'm sure that if and when this feature will be implemented and tested we can work something out.

I'll reopen the issue once the standardization process has successfully ended. At that time we can figure out what it would take to sufficiently prove widespread adoption.

Sounds like a plan to me.

@tyrion70
Copy link

Sounds like a good time to reopen this issue :) Celo is now live with BLS Signatures and we are dying to use our yubihsm's to sign. What would it take to reopen this issue?

@gaia
Copy link

gaia commented Jun 16, 2020

Sounds like a good time to reopen this issue :) Celo is now live with BLS Signatures and we are dying to use our yubihsm's to sign. What would it take to reopen this issue?

+1. same for SKALE, SecretNetwork (Enigma) and Harmony.

@captain-kark
Copy link
Author

I'll reopen this if:

@tyrion70
Copy link

@captain-kark the RFC status makes sense, I’ll try to go after that, what does Eth2.0 have to do with it though? Could you elaborate a bit on that? Thanks!

@captain-kark
Copy link
Author

Quoting @a-dma from earlier in the thread:

I think this can be revisited when the standardization process has successfully ended and there is evidence of a widespread adoption.

(emphasis mine)

The phrase "successfully ended" is a little vague, so if there's going to be more discussion about that, I would hope it would be balanced with the second clause that I've highlighted in bold, regarding widespread adoption.

Given that the projects cited in this issue asking for BLS signature support, derive significant portions of their platform from work happening in the ethereum project, I think it's fair to point to ethereum as the best indicator for adoption.

So, if the ethereum network begins depending on aggregate signatures for validators, etc., via BLS schemes, that would objectively represent de-facto widespread adoption. Personally, I think it's smarter to start now in anticipation of this technology being released, but then again I'm not a member of Yubico's board of directors so I can only advocate within the guidelines communicated to me by their contributors.

@cameroncooper
Copy link

Chia has launched their mainnet using BLS now, so does look like widespread adoption has happened. I've heard that the Ledger Nano X will have BLS support this summer as well.

@karalabe
Copy link

Ethereum here. Out of curiosity, did any BLS work end up on YubiKey products? The go-ethereum team is looking into how best to store and operate the beacon keys and I personally would prefer some hardware module. Though wondering if the HSM could support also specifying certain signing rules (e.g. disallow too frequent or even more specific ones); or whether we'd still need to rely on a dedicated machine if we want to create more complex rules?

@captain-kark captain-kark reopened this Jan 27, 2022
@a-dma
Copy link
Member

a-dma commented Jan 27, 2022

Hi,

neither YubiHSM nor YubiKey have support for those signature schemes.

The latest standardization effort that I can see is this which expired in 2021, please correct me if I'm wrong.

That document is still missing things like test vectors, an ASN.1 notation for the keys and a reference implementation (it only links to third-party ones and I don't know if one of those has become the de facto reference implementation).

It looks to me like there is not a lot of movement in that area unless, of course, I'm missing something.

@earonesty
Copy link

isnt this the signature scheme used by most of the "crypto" ecosystem, as well as most "identity based encryption" products? seems quite broadly used given the 200 billion dollar market

@uwuforever
Copy link

Also want to request this signature type, and Eth merges this week so at least one standard of it is being rolled out for good to a major production network.

But even if we don't agree about that being considered good enough a standard for YubiHSM to commit to as a core feature, I think it would still be worthwhile to consider as a paid upgrade feature or special edition - just considering a single use case, a single ETH2 BLS key is worth $55k USD now, there are 400,000 of them and growing, there are no true HSMs yet nor can they just use another algorithm,

@cameroncooper
Copy link

cameroncooper commented Feb 25, 2023

Ledger now has support for BLS in the Nano X with the new 2.1.0 firmware.

@uwuforever
Copy link

I will check that out. Although Ledger isn't really meant for unattended use (it requires manually approving each signature by pressing buttons on the device), so I still think something like this would be useful.

@pincente
Copy link

Though I would bump this considering the landscape has changed dramatically since 'Issue #66'.
There are now over 800K validators securing the Ethereum network, that's upwards of 25 million ETH staked to the tune of $42,533,500,000 USD at the time of writing.
Seems like the business case for adding this feature might be worth another look.

@guruhubb
Copy link

Does Yubico have BLS signature support? We need it for Zus servers, expect thousands of servers will use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests