#bls12-381 #bls-signatures

bls12_381-bls

Implementation of BLS signatures using the BLS12-381 curve

10 releases (5 breaking)

Uses new Rust 2024

0.6.0 Mar 31, 2026
0.5.1 Aug 8, 2025
0.5.0 Feb 10, 2025
0.4.1 Dec 18, 2024
0.2.0 Feb 28, 2024

#907 in Math

Download history 97/week @ 2025-12-25 347/week @ 2026-01-01 54/week @ 2026-01-08 109/week @ 2026-01-15 254/week @ 2026-01-22 527/week @ 2026-01-29 415/week @ 2026-02-05 1048/week @ 2026-02-12 573/week @ 2026-02-19 132/week @ 2026-02-26 820/week @ 2026-03-05 1883/week @ 2026-03-12 1128/week @ 2026-03-19 272/week @ 2026-03-26 302/week @ 2026-04-02 206/week @ 2026-04-09

2,300 downloads per month
Used in 17 crates (2 directly)

MPL-2.0 license

34KB
577 lines

Implementation of BLS signatures using the BLS12-381 curve.

This implementation currently only supports rogue-key attack resistant batching, and does not support distinct message verification.

Security Notice: Insecure V1 Signing

Insecure v1 signing is considered insecure and should not be used for new signatures. The v1 construction allows linear forgery combinations due to its legacy hash-to-scalar mapping.

  • By default, sign, sign_multisig, verify, and MultisigPublicKey::verify use the secure RFC9380 hash-to-curve path with explicit domain separation.
  • Historical insecure verification remains available via verify_insecure and MultisigPublicKey::verify_insecure.
  • Legacy multisig verification also requires MultisigPublicKey::aggregate_insecure for key aggregation.
  • Insecure v1 signing is opt-in via the insecure-v1-signing cargo feature.
# Only enable this if you explicitly need to produce insecure v1 signatures.
bls12_381-bls = { version = "0.6.0-rc.0", features = ["insecure-v1-signing"] }

Benchmarks

Machine specs

The benchmarks were ran on a 2020 13.3" MacBook Pro.

CPU:

$ lscpu
Intel(R) Core(TM) i7-1068NG7 CPU @ 2.30GHz

RAM:

16 GB 3733 MHz LPDDR4X

Results

test benches::bench_aggregate_pk    ... bench:   1,654,552 ns/iter (+/- 107,025)
test benches::bench_aggregate_sig   ... bench:      36,893 ns/iter (+/- 3,399)
test benches::bench_sign            ... bench:   1,480,169 ns/iter (+/- 106,151)
test benches::bench_sign_vulnerable ... bench:   1,024,052 ns/iter (+/- 111,395)
test benches::bench_verify          ... bench:   4,740,114 ns/iter (+/- 336,036)

Dependencies

~3–4.5MB
~99K SLoC