Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BLS Signature Implementation #38

Open
nikbhintade opened this issue Feb 20, 2025 · 5 comments
Open

BLS Signature Implementation #38

nikbhintade opened this issue Feb 20, 2025 · 5 comments

Comments

@nikbhintade
Copy link

nikbhintade commented Feb 20, 2025
edited
Loading

As there was no section on contributions in the readme of the repo, I’m not sure if it’s open to external contributors. If yes, please read the next part; if not, feel free to close this issue (thanks for the answer, and sorry for opening an unnecessary issue).

Assuming the repo is open to external contributions, I wanted to check if anyone is working on implementing BLS signatures. If no one has taken on that task, can I work on it?

If yes, let me know if there are any specific details I should consider, or if it should be implemented similarly to other signature schemes used in the contract.

I recently worked on BLS signature verification with EIP-2537 precompiles, so I’d like to implement it here as well. You can check out more of my work here.

Thanks!
@Vectorized
Copy link
Collaborator

Vectorized commented Feb 20, 2025
edited
Loading

You can work on it, but I'd first explain why we've paused working on it for now:

BLS shines when there are either many signers signing few messages, or a few signers signing many messages.

Right now each UserOp is a unique message. And we expect that there are many unique signers too.

Note that BLS is way more expensive in precompile gas costs than secp256k1 (ecrecover) and secp256r1 (p256).
When writing Solady's tests, I also noticed that non-precompile gas costs could be around 30% of the gas costs, which is pretty substantial, due to all those copying.

Before 4844, BLS might have still made sense, as L1 calldata costs were about 2 to 5 orders of magnitude higher than L2 gas costs back them

But the relationship has drastically flipped today: simply brute forcing optimizations via assembly (e.g. spamming Solady everywhere) for L2 gas savings will yield much greater overall scalability and cost savings.

BLS is also high-effort (implementation, audit, maintenance). There are more lower-hanging fruits.

@nikbhintade
Copy link
Author

nikbhintade commented Feb 21, 2025
edited
Loading

Yeah, I understand why that was put on the backburner. I'm happy to take on that work and implement it myself.

One more thing—could you elaborate on this point?

BLS is also high-effort (implementation, audit, maintenance).

@Vectorized
Copy link
Collaborator

It requires adding BLS methods onto the Delegation and EntryPoint.

The EntryPoint will need a completely separate batch execute workflow for BLS.

@nikbhintade
Copy link
Author

Oh, I thought there was some other issue that I didn't know. I am gonna start working on it right now. If you have any pointers for me, let me know.

@nikbhintade
Copy link
Author

I spent some time understanding the project structure and implementing BLS signatures for delegation. I did the implementation to understand how much extra gas it uses—about 17 times more, just for the BLS pairing precompile. Now I get what you meant by "high efforts" and a "completely separate batch execute workflow for BLS." This is going to be harder than I thought.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Vectorized @nikbhintade