Antimatter Finance
HomeApplicationGithub
  • Disclaimer
    • Notice and Disclaimer
  • πŸ”—Antimatter B2 Sidechain
    • Introduction - Scaling and Transaction Fees
    • Token Economy of B2
      • Configurations
    • Technical Background
    • Chain Architecture
      • System Contracts
      • On-Chain Governance
      • On-Chain Staking
      • Slashing
      • Blocks & Epochs
      • Reward Distribution
      • Modifications
    • DApps in Antimatter Ecosystem
    • Links
  • Introduction
    • Antimatter Overview
    • Antimatter Labs: Vision & Roadmap 2022
    • Community & Resources
    • Marketing Material
    • Educational Infographics
    • Challenges & Solutions
  • πŸ—οΈAntimatter Structured Product
    • Dual Investment
      • Rules
      • On-chain Configurations
      • Risk Control
      • Terminology & Calculations
    • Recurring Strategy
    • DeFi Option Vault - DOV
      • Mechanism
    • Weekly Sharkfin
      • Mechanism
  • πŸ“ˆAntimatter Perpetual Options
    • Introduction
      • Options Basics
      • Antimatter Features
      • Comparative analysis
      • Technical Whitepaper
      • Structure
      • Option Token Symbol System
    • Mechanism
      • Price Equilibrium and Arbitrage
      • Generation and Redemption
      • Underlying Asset
      • Leverage Ratio
      • Arbitrage Example
      • Slippage & Fees (full disclosure)
      • Oracles
      • Permission-less protocol
    • Mathematics
      • Modelling Kit
      • Mathematical Model
  • πŸ› οΈAntimatter Dao
    • Introduction
    • Governance Policies
  • πŸ›’Antimatter Non-fungible Finance
    • Introduction
    • How to Create an Index
  • ℹ️User guides
    • Connect to a Wallet
      • Switch Wallet Network
    • Bull & Bear Tokens
      • How to Create an Option
      • Tools
    • Account System
    • Getting Started - Antimatter Structured
      • Dual Investment Subscription
      • Recurring Strategy Subscription
      • Defi Option Vault Subscription
      • Defi Option Vault Withdrawal
      • Decision Guide for Dual Investment
  • Developers
    • Contracts
    • GitHub
    • Auditing report
  • Token
    • Token Utility
    • Token Information
    • Token Bridge
Powered by GitBook
On this page
  • Cryptographic Hash functions
  • Digital Signatures: ECDSA Signing Algorithm
  • Aggregated Signatures
  • BLS 12381
  • BN256 Curves

Was this helpful?

  1. Antimatter B2 Sidechain

Technical Background

In B2 Sidechain, all transactions are being signed by the ECDSA signature algorithm which is described in following subsection. The raw transaction is first digested by the hash function (Keccak), and then the hash value is signed by the sender’s private key through ECDSA. The current version of Parlia consensus does not provide fast finality because one validator produces a block, and to make sure of the correctness of these operations, one has to wait for the long confirmation time, usually it is 2/3βˆ—N+12/3*N+12/3βˆ—N+1 where NNN enotes the active validators. Aggregated signature mechanism with Parlia’s fast-finality can solve this problem because one can collect and convert many signatures into one aggregated signature and send only this aggregated signature to the chain. For the aggregated signature, some special elliptic curves such as BLS12381 or BN256 will be used.

Cryptographic Hash functions

A cryptographic hash function H:{0,1}βˆ—β†’{0,1}kH: \{0,1\}^* \rightarrow \{0,1\}^kH:{0,1}βˆ—β†’{0,1}k takes an arbitrary-length message and outputs a fixed-length output. A hash function has the following basic properties:

Β· Deterministic: Given mmm, we always have x=H(m)x=H(m)x=H(m)(the same input mmm always results in the same output xxx).

Β· Efficient: it is very fast to compute the hash value for any given message.

Β· Pre-image resistance (one-wayness): For essentially all pre-specified outputs, it is computationally infeasible to find any input which hashed to that output.

Β· Second pre-image resistance It is computationally infeasible to find a second message that produces the same hash value.

Β· Collision resistant: It is also hard to find two arbitrary inputs xxx and yyy that hash to the same value, i.e., H(x)=H(y)H(x)=H(y)H(x)=H(y).

Digital Signatures: ECDSA Signing Algorithm

Let’s assume that nnn is order point, PPP and QQQ are two points on an elliptic curve, and GGG is a base point. The ECDSA signature algorithm can be described as follows:

Key generation:

1. Select a random number ddd in the interval [1,nβˆ’1][ 1,n-1][1,nβˆ’1].

2. Compute Q=dGQ=dGQ=dG

3. Public key is QQQ, private key is ddd.

Signature generation:

1. Select a random integer kkk, 1≀k≀n1≀k≀n1≀k≀n.

2. Compute kG=(x1,y1)kG = (x_1,y_1)kG=(x1​,y1​) and convert x1x_1x1​ to an integer x^1\widehat{x}_1x1​.

3. Compute r=x1Β modΒ nr=x_1\ mod\ nr=x1​ modΒ n. If r=0r=0r=0 then go to step 1.

4. Compute kβˆ’1Β modΒ nk^{-1}\ mod\ nkβˆ’1Β modΒ n.

5. Compute Hash(m)Hash(m)Hash(m) and convert this bit string to an integer eee.

6. Compute s=kβˆ’1(e+dr)Β modΒ ns=k^{-1} (e + dr)\ mod\ ns=kβˆ’1(e+dr)Β modΒ n. If s=0s=0s=0 then go to step 1.

7. Signature for the message mmm is (r,s)(r,s)(r,s).

Signature verification:

1. Verify that rrr and sss are integers in the interval [1,nβˆ’1][1,n-1][1,nβˆ’1].

2. Compute Hash(m)Hash(m)Hash(m) and convert this bit string to an integer eee.

3. Compute w=sβˆ’1Β modΒ nw = s^{-1}\ mod\ nw=sβˆ’1Β modΒ n.

4. Compute u1=ewΒ modΒ nu_1 = ew\ mod\ nu1​=ewΒ modΒ n and u2=rwΒ modΒ nu_2 = rw\ mod\ nu2​=rwΒ modΒ n.

5. Compute X=u1G+u2QX = u_1G+u_2QX=u1​G+u2​Q.

6. If X=ΞΈX=\thetaX=ΞΈ then reject the signature. Otherwise, convert the xxx-coordinate x1x_1x1​ of XXX to an integer x^1\widehat{x}_1x1​, and compute v=x^1Β modΒ nv=\widehat{x}_1\ mod\ nv=x1​ modΒ n.

Aggregated Signatures

BLS 12381

BLS (Boneh, Lynn, Shacham) is another digital signature introduced in 2001 and has an aggregated structure. Let e:G1Γ—G2β†’G3e: \mathbb{G}_1 \times \mathbb{G}_2 \rightarrow \mathbb{G}_3e:G1​×G2​→G3​ be a pairing where G1,Β G2\mathbb{G_1},\ \mathbb{G_2}G1​,Β G2​ are additive groups and G3\mathbb{G_3}G3​ is a multiplicative group. Also, let G1,G2G_1, G_2G1​,G2​ and G3G_3G3​ are base elements of G1,Β G2\mathbb{G_1},\ \mathbb{G_2}G1​,Β G2​ and G3\mathbb{G_3}G3​ respectively.

Public and Private Key Pair (pk,sk)(pk,sk)(pk,sk):

Β· The private key sksksk to be used for signing is just a randomly chosen number between [1,rβˆ’1][1,r-1][1,rβˆ’1].

Β· The corresponding public key is pk=[sk]G1pk=[sk]G_1pk=[sk]G1​.

Signing:

Β· To sign a message mmm we first need to map mmm onto a point in group G2\mathbb{G_2}G2​. Let’s assume this mapping results in a G2\mathbb{G}_2G2​ point H(m)H(m)H(m).

Β· We sign the message by calculating the signature Οƒ=skH(m)\sigma=skH(m)Οƒ=skH(m).

Verification:

Given a message mmm, a signature σ\sigmaσ, and a public key pkpkpk, we want to verify that it was signed with the sksksk.

Β· The signature is valid if, and only if, e(G1,Οƒ)=e(pk,H(m))e(G_1,\sigma) = e(pk,H(m))e(G1​,Οƒ)=e(pk,H(m)).

Aggregation

Β· To aggregate signatures, we just must add up the G2\mathbb{G}_2G2​ points they correspond to: Οƒaggregated=Οƒ1+Οƒ2+...+Οƒn\sigma_{aggregated} = \sigma_1 + \sigma_2 + ...+ \sigma_nΟƒaggregated​=Οƒ1​+Οƒ2​+...+Οƒn​.

Β· We also aggregate the corresponding G1G_1G1​ public key point

pkaggregated=pk1+pk2+...+pknpk_{aggregated}=pk_1+pk_2+...+pk_npkaggregated​=pk1​+pk2​+...+pkn​.

Β· Verify that e(G1,Οƒaggregated)=e(pkaggregated,H(m))e(G_1,\sigma_{aggregated})=e(pk_{aggregated}, H(m))e(G1​,Οƒaggregated​)=e(pkaggregated​,H(m)) to verify all the signatures together with just two pairings.

BN256 Curves

BN256 is basically the size of the prime number of the underlying field in G1,Β G2\mathbb{G}_1,\ \mathbb{G}_2G1​,Β G2​ and G3\mathbb{G}_3G3​. In a BN256 curve, G2\mathbb{G}_2G2​ is basicallyE(GF(p)),Β G2E(GF(p)),\ \mathbb{G}_2E(GF(p)),Β G2​ is a subgroup of E(GF(p12))E(GF(p^{12}))E(GF(p12)) and G3\mathbb{G}_3G3​ is a subgroup of GF(p12)GF(p^{12})GF(p12). Elements of G1\mathbb{G}_1G1​ requires the same number of bits as ppp for each elliptic curve point. We would like to highlight that not all prime-friendly curves support cofactor 1. This means that we may need a larger prime for a particular group order in some cases. Elements of G2\mathbb{G}_2G2​ require the same as pkpkpk for each elliptic curve point coordinate, where kkk is the embedding degree of the curve. When using twisted curves, we can reduce this by 2, 3, 4, or 6 depending on the curve. BN curves have embedding degree 12 and support twists, therefore we can use elements with the same size as p126=p2p^{\frac{12}{6}} = p^2p612​=p2.

PreviousConfigurationsNextChain Architecture

Last updated 2 years ago

Was this helpful?

One of the most important properties of BLS signatures is that they can be

πŸ”—
aggregated