For our work, we needed BLS signature aggregation, which is not supported by the FIlecoin specific Zondax library, so we investigated other BLS libraries.
Noble
Fastest implementation of BLS12-381 in a scripting language. High-security, auditable, 0-dependency aggregated signatures / zk-snarks over pairing-friendly curve
The noble library seems to have the friendliest and most complete api that we’ve come across. We haven’t come across any bugs while working with it.
Popularity-wise, it’s tough to say. Based on a simple metric like github stars, it is one of the more popular repos with 74 stars, in comparison to Zondax’s at 50 and Chainsafe’s at 11.
Chainsafe
Javascript library for BLS (Boneh-Lynn-Shacham) signatures and signature aggregation, tailored for use in Eth2.
Chainsafe actually references Paul Miller’s library in the README in the benchmarks section as 1 of 3 popular libraries for javascript BLS.
The Chainsafe library is a wrapper around different implementations of BLS:
- Herumi’s lib (wasm for node/browser)
- Supranational’s blst lib (c bindings for node only)
This library is currently – as stated – optimized for being used in the ETH2 ecosystem.
We considered using Herumi’s or Chainsafe’s libraries. We couldn’t tell a big difference in terms of security. Noble claims to be production-ready, and is planning to have a security audit done.
Our decision mostly came down to pure JS vs WASM:
- we’ve run into a few difficulties getting WASM to cooperate, these are not insurmountable, but it does create a barrier to developers using the library. They will have to adapt their normal workflow and it can certainly cause some headaches.
- the main benefit of WASM is performance. This may matter when doing 1000s of signatures, but is not noticeable to a user that is only doing 1 or 2 signatures. Network latency far exceeds the time to create a signature.
The pure JS implementation of noble is a good fit for us right now.