ethsign: support for aggregate BLS signatures

[MrChico]

BLS signature schemes are done for elliptic curves equipped suitable pairing function. There are two immediate choices: altbn128 and BLS12-381. The former is supported on Ethereum since Byzantium while the latter is/will be used in Sapling Zcash, Eth 2.0 and Chia. I suggest we support both.

The crucial question is which library to use. I've found: https://github.com/Project-Arda/bgls/tree/master/bgls But not really much else...

Resources: https://ethresear.ch/t/pragmatic-signature-aggregation-with-bls/2105 https://z.cash/blog/new-snark-curve/ https://github.com/ethereum/eth2.0-specs/blob/dev/specs/bls_signature.md#bls_aggregate_pubkeys https://crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html

[MrChico]

Actually, there is an "official" ethereum implementation so I might just run with that. https://github.com/ethereum/py_ecc More comparisons of libraries (mainly for BLS12-381) here https://github.com/ethereum/eth2.0-pm/issues/13

[livnev]

@MrChico n.b. that #201 uses libff for altbn128 operations to implement the zkSNARK precompiles in hevm

[MrChico]

Right. But does that library provide signing and aggregation methods as well? I wouldnt feel very confident in implementing them based on EC primitives. There's a couple of pitfalls there

[livnev]

@MrChico it doesn't, you'd have to implement them yourself ⊙﹏⊙