The Simple Price Oracle Verification based on BLS Key Aggregation and N-of-N Multisignature

0
23

The proposed Price Oracle Verification on the off-chain using BLS(Boneh-Lynn-Shacham)

key aggregation and n-of-n multi signature & VRF(Verifiable Random Function) for the blockchain DeFi(Decentralized Finance)

I wrote this article to propose a new and simple price oracle proof method in cryptocurrency field using BLS(Boneh–Lynn–Shacham)[12] Key Aggregation and N-of-N Multisignature and VRF(Verifiable Random Function)[6][13]. With this, we can expect to improve the verification speed and security performance of Price Oracle on many population bases.

[Fig.1]
[Fig.2][1]
[Fig.3][2]
[Fig.4]
[Fig.5][11]

[Understanding the basic Elliptic Curve Cryptography]
Before we start to understand the proposed structure, let us look at some of basic Elliptic Curve Cryptography [Fig.2]. G is defined as a base point(generator point) known to everyone, Gradient (256 bit encryption) is defined as a private key after G and public key(x,y) is defined as multiplying G and the private key. Through basic bilinear mathematics, the transformation map can be applied in elliptic curve on the random point(A, B)[Fig.3]. Using the mathematical formula I presented in [Fig. 3], we can simply prove the equation for the verification of the BLS Signature in [Fig. 4]. BLS(Boneh–Lynn–Shacham) is a digital signature created by Dan Boneh, Ben Lynn, and Hovav Shacham[12]. BLS signature can achieve signature aggregation with non-interactive way, which means that signers don’t have to cooperate with each other to aggregate their signatures and anyone can make signature. Additionally, unlike signing with Schnorr signature scheme[8], there is no need to predetermine many signers during signing for that of the BLS.

[Understanding of Proposed Price Oracle Structure]
Before we start to propose our new structure, first we need to determine what kinds of BLS implementation we will use. Currently, many people use Algoland’s draft version of Rust-based BLS12–381[3] as a reference implementation, so we will develop our proposed structure based on it, providing 128 bit security level, signature length’s 48 bytes long and public key’ length 96 bytes long. To be a signature creator in our proposed structure, you must stake coins or tokens in both Account keys and Stash keys[7] on your custom type blockchain and register VRF keys. To prevent replay and rougue public-key attacks[5], we ask the signature creators to submit proof of their own Stash keys with “sign_with_stashKey(concat(BLS pubkey, address))”. Through VRF, it is randomly determined when the person who holds the key can sign and VRF’s randomness and staking coins prevent malicious signers from interfering with the price oracle transparency for any reason. If we use BLS signature aggregation, the signatures in a transaction can be reduced from multiple signatures into a single aggregated signature when registering the off-chain price transaction towards the on-chain as you can see in Fig.1 one formula. From now on, we will briefly explain the structure proposed in Fig. 1. The concept of VRF is introduced in the BLS structure described above. After extracting the median value of price from the outside and hashing it, every signers randomly elected through VRF every round will verify price verification using BLS through n of n sign. As the number of signature groups increases, the BLS verification speed is proved to be faster than other algorithms with reducing the space size, so price trust is made possible through more signature recruitment with VRF concepts in our structure. For example, suppose you have 50 signatures. Based on the Schnorr signature, a total of 64*50 = 3200 bytes is used. On the other hand, based on the BLS signature, only 48 bytes are needed as described earlier. That is, the size can be reduced by about 66 times. If you increase the signatures aggregation to 300, you will get about 400 times the size reduction. In other words, as the number of aggregation increases, the BLS structure can benefit more. Through actual measurement through actual development, it is judged that this part can be checked later. In a future post, I will use these concepts of grouping, so called shards, but if I have the opportunity, I will explain in a future post.

[Conclusion]
Currently, a lot of approach is being made on the Price Oracle problem related to non-deterministic characteristics. In the end, it is a matter of price offering speed and trust in the price. In this regard, a new concept was proposed in this article. Currently, I am studying on parity substrate, algorand and etc. In particular, based on the substrate’s offchain-worker pallet [Fig.5][9][10], it is judged that interesting things will be realized if the above are implemented. However, the problem is the time it takes for the price information to authorize on-chain block, but in the end, it becomes a trade-off in terms of price trust and speed. In other words, it is difficult to satisfy both at the same time, but if the proposed structure works in the proper line with more development, I think that a new ecosystem will be formed.

[Reference]
[1] https://www.desmos.com/calculator/ialhd71we3
[2] https://en.wikipedia.org/wiki/Bilinear_map
[3] https://www.algorand.com/resources/blog/first-release-bls-library
[4] https://en.wikipedia.org/wiki/Schnorr_signature
[5] https://medium.com/@coolcottontail/rogue-key-attack-in-bls-signature-and-harmony-security-eac1ea2370ee
[6] https://polkadot.network/polkadot-consensus-part-3-babe/
[7] https://wiki.polkadot.network/docs/en/learn-keys
[8] https://en.wikipedia.org/wiki/Schnorr_signature
[9] https://gnunicorn.github.io/substrate-offchain-cb
[10] https://substrate.dev/recipes/3-entrees/off-chain-workers/index.html
[11] https://www.parity.io/substrate-off-chain-workers-secure-and-efficient-computing-intensive-tasks/
[12]https://en.wikipedia.org/wiki/Boneh%E2%80%93Lynn%E2%80%93Shacham
[13] https://en.wikipedia.org/wiki/Verifiable_random_function


The Simple Price Oracle Verification based on BLS Key Aggregation and N-of-N Multisignature was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.