BLS signatures: The future of scalable blockchain cryptography

Digital signatures are the backbone of secure communications on the internet. They guarantee integrity and authenticity in everything from software updates to blockchain consensus. Among the various signature schemes available, BLS signatures have been gaining serious traction across blockchain networks, distributed systems, and cryptographic research - and they're not going anywhere.

BLS delivers something genuinely different: short, elegant signatures with native aggregation capabilities. This means thousands of individual signatures can be merged into a single compact proof. For systems that need to verify massive numbers of signatures efficiently or transmit verified data across bandwidth-constrained networks, BLS is the obvious choice.

What are BLS signatures?

BLS signatures are a cryptographic signature scheme proposed in 2001 by Dan Boneh, Ben Lynn, and Hovav Shacham. The design isn't straightforward - it's based on a mathematical construction called bilinear pairing, a special function that maps elements of elliptic curve groups into another group while preserving certain algebraic structures.

The operation is abstract, but the outcome is incredibly practical: BLS signatures are extremely short (typically 48 or 96 bytes) and multiple signatures can be combined.

The BLS signature scheme at high-level revolves around:

• A private key used to sign messages
• A corresponding public key for signature verification
• A hash-to-curve function that maps arbitrary messages onto elliptic curve points
• A pairing function that enables quick verification and aggregation

The mathematical foundations are based on the BLS12-381 elliptic curve, which has become a widely adopted standard.

Why BLS signatures matter

Signature aggregation

The most compelling feature of BLS is its ability to take thousands of signatures and compress them into a single signature with constant size. Consider this:

• 10,000 ECDSA signatures individually would consume ~640 KB of storage
• 10,000 BLS signatures aggregated require only 48 to 96 bytes total

This is an absolute game-changer for distributed systems, particularly blockchain networks that need to handle enormous volumes of signatures per block.

Verifying multiple signatures efficiently

With BLS, instead of verifying each signature separately, you can perform a single pairing check (sometimes two, depending on the variant) for the entire aggregated signature. This dramatically reduces computational overhead.

Simplicity of multisignatures

Multisignature arrangements allow multiple parties to jointly sign a document. Traditional multisig methods (like those based on Schnorr or ECDSA) often require multiple communication rounds or complex protocol frameworks. With BLS, simple aggregation is enough:

• Each participant signs the message independently
• Anyone collects and combines the signatures
• The result is a single signature that verifies as one

This simplifies threshold signatures, validator groups, and distributed key generation significantly.

Small signature size

BLS's compact, constant-size signatures have a profound impact on storage and bandwidth constraints - critical factors for decentralized systems.

Strong security properties

BLS signatures are unforgeable based on the Computational Diffie-Hellman (CDH) assumption in elliptic curve groups. They make use of well-established pairing-friendly curves, deriving their security characteristics from the latter.

How BLS signatures work? (high-level overview)

You don't need deep elliptic curve cryptography knowledge to understand BLS. Here's the high-level process:

Key generation

• Private key sk is a random integer
• Public key is a curve point: pk = sk * G, where G is the generator point

Signing
To sign a message:

• Map the message to a curve point: H(m)
• Derive the signature: sig = sk * H(m)

Verification
Verification uses a bilinear pairing function e:

• Verify: e(sig, G) == e(H(m), pk)
• If the equality holds, the signature is valid

Aggregation
When multiple signatures are created on the same message, they can be summed point-wise:

• Aggregated signature: sig_agg = sig1 + sig2 + ... + sign For multi-message aggregation, verification is more complex but still highly efficient. This straightforward algebraic structure is what makes BLS so elegant and powerful.

Current applications of BLS signatures

Ethereum Consensus (ETH2 / The Beacon Chain)

One of the largest real-world applications of BLS signatures is Ethereum's Proof of Stake consensus layer. Validators submit attestations and block proposals using BLS signatures. Aggregation is critical because:

• Hundreds of thousands of validators participate
• Attestations must be efficiently aggregated for block inclusion

Without BLS aggregation, the network's bandwidth and block size requirements would be completely impractical.

Distributed key generation (DKG) and threshold signatures

BLS is used in numerous decentralized protocols for:

• Generating random beacons
• Submitting committee signatures
• Conducting threshold cryptography

BLS signatures dramatically reduce required communication rounds and simplify coordination among parties.

Multi-signature wallets

BLS enables streamlined multisig transactions:

• No elaborate nonce coordination required
• No multiple communication rounds needed
• The final signature remains a single compact object

This allows for lightweight, high-security multi-signer wallet infrastructure.

Blockchain rollups & Layer 2 systems

Sequencers in rollups often need to verify signatures across multiple batches. BLS aggregation drastically reduces verification costs, enabling higher transaction throughput and lower fees.

Limitations and security considerations

Despite their advantages, BLS signatures present certain challenges.

Trusted setup in some curves

In the past, some pairing-friendly curves required trusted setups. Current schemes like BLS12-381 minimize this issue, but engineers must still be cautious when selecting curves.

Slower verification (unaggregated)

When comparing individually verified BLS signatures with Ed25519 or secp256k1, the former are slower to verify. Advances in verification have significantly reduced this gap, but for single-signature cases, Ed25519 may still be the faster option.

Hash-to-curve complexity

Hashing onto elliptic curve points is not an easy thing. To avoid security vulnerabilities, use standardized hash-to-curve functions (e.g., IETF RFC 9380).

Rogue-key attacks

Naive signature aggregation can allow attackers to manipulate keys and forge aggregated results. Countermeasures include:

• Proofs-of-possession (PoP)
• Rogue-key-resistant aggregation methods

Implementation safety

Pairing operations are tricky to implement securely. Critical requirements include:

• Libraries that perform constant-time operations
• Implementations that have been tested and proven secure (e.g., blst, noble-bls12-381)
• Proper domain separation tags

BLS vs. other signature schemes

Feature	BLS	Schnorr	ECDSA
Signature size	48–96 bytes	64 bytes	64–70 bytes
Aggregation	Native support	Supported with protocol complexity	Weak / inefficient
Verification speed	Moderate	Fast	Moderate
Multisig	Simple	Multi-round	Complex
Real-world adoption	Growing (ETH2, DKGs)	Bitcoin Taproot, many protocols	Legacy systems

BLS is ideal when:

• Many parties sign the same data
• Bandwidth or on-chain storage is scarce
• Multi-party coordination must be simple

The future of BLS signatures

With the rise of the decentralized systems, the need to efficiently verify large user groups is becoming more and more pronounced. BLS signatures are likely to be one of the cornerstones of the new cryptographic systems that will come about.

Some of the places where BLS might be used are:

• Cross-chain bridges
• Zero-knowledge proof systems
• Verifiable randomness (VRFs)
• IoT networks that need compact authentication

The trend is clear: systems with large user bases or distributed trust assumptions are increasingly adopting BLS for its compactness and merging capabilities.

The bottom line

BLS signatures offer a compelling combination of compactness, elegance, and powerful aggregation properties. Their mathematical beauty translates directly into practical engineering advantages: reduced bandwidth requirements, smaller data footprints, and simpler multi-party signing protocols.

As more networks embrace scalable consensus and multi-signer architectures, BLS adoption will accelerate. Whether you're building blockchain infrastructure, designing distributed cryptographic systems, or researching threshold signature schemes, BLS signatures are a tool worth deep understanding.

Ready to implement scalable cryptographic solutions? At goodmorning, we build Web3 solutions leveraging BLS signatures, threshold signature schemes, and Layer 2 infrastructure. Let's talk about your project.

Educatable resources

A demo project showcasing how to implement and test BLS signatures within a smart contract/blockchain-context environment and the percentage deviation between N pairs using G1 for public key and G1 for signature and message: BLS Signatures Demo on GitHub.