A BLS signature (Boneh–Lynn–Shacham) is a digital signature scheme based on elliptic curve pairings that enables signature aggregation—the ability to combine multiple signatures into one constant-size signature. Unlike traditional schemes like ECDSA, BLS signatures allow a verifier to authenticate hundreds of transactions simultaneously through batch verification, drastically reducing computational overhead and on-chain storage requirements in distributed systems.
Glossary
BLS Signature

What is a BLS Signature?
A BLS signature is a cryptographic signature scheme that supports efficient aggregation and batch verification, allowing multiple signatures from different parties on different messages to be combined into a single, compact signature.
The scheme relies on bilinear pairings over elliptic curves, where a pairing function e(P, Q) maps two points to an element in a finite field, enabling unique multiplicative properties. This allows a single aggregated signature to be verified against an aggregated public key, ensuring that all individual signers attested to their respective messages. BLS signatures are foundational to Ethereum 2.0's consensus mechanism, where thousands of validator signatures are aggregated into one compact proof, and are also used in threshold signature schemes and verifiable credential systems.
Key Features of BLS Signatures
BLS signatures are defined by their unique ability to compress multiple signatures into a single, constant-size proof. This enables a new class of efficient, scalable verification protocols.
Signature Aggregation
The core innovation: multiple signatures on distinct messages from different private keys are combined into a single, compact 96-byte signature. Verification confirms all messages were signed by their respective keys in one operation, not sequentially.
- Reduces storage overhead by up to 99% in multi-signer workflows
- Enables compact block attestations in Ethereum's Beacon Chain
- Aggregation can be performed by an untrusted third party without access to private keys
Batch Verification
A verifier can check a large set of (public key, message, signature) tuples simultaneously using a single, aggregated pairing equation. If all signatures are valid, the batch check passes. If any one is invalid, the entire batch fails.
- Computational cost grows sub-linearly relative to the number of signatures
- Critical for validating thousands of consensus votes in distributed ledgers
- Requires careful implementation to avoid rogue key attacks
Bilinear Pairing Foundation
BLS relies on bilinear pairings over elliptic curves (e.g., BLS12-381). A pairing e(aP, bQ) = e(P, Q)^(ab) enables the mathematical relationship that makes aggregation possible. This algebraic structure allows a verifier to check a relationship between hashed messages and public keys without seeing individual signatures.
- Built on pairing-friendly curves with 128-bit security
- The pairing operation is computationally expensive but performed only once per batch
Deterministic Output
Unlike ECDSA, which relies on a random nonce during signing, BLS signatures are fully deterministic. The same private key and message always produce the exact same signature. This eliminates an entire class of catastrophic failures caused by nonce reuse or poor randomness.
- Removes dependency on secure random number generation at signing time
- Simplifies implementation in constrained environments like HSMs
- Prevents the kind of private key extraction seen in Sony's PS3 ECDSA breach
Threshold Signature Schemes
BLS naturally supports m-of-n threshold signing. A private key can be split into n shares using Shamir's Secret Sharing, and any m participants can collaboratively produce a valid signature without ever reconstructing the full key. The resulting signature is indistinguishable from a single-signer BLS signature.
- Enables decentralized validator committees in proof-of-stake networks
- Used in Distributed Key Generation (DKG) protocols for consensus
- No interactive signing rounds required after key generation
Compact Proof Size
A single BLS signature is just 48 bytes on BLS12-381 curves, and an aggregated signature remains 48 bytes regardless of how many signers contributed. This constant-size property is a breakthrough for bandwidth-constrained systems.
- Compare: 100 ECDSA signatures = 6,400 bytes; 100 aggregated BLS signatures = 48 bytes
- Reduces on-chain data costs in rollups and light client proofs
- Enables efficient storage of historical attestations
BLS vs. ECDSA vs. Schnorr Signatures
A technical comparison of three elliptic curve digital signature schemes across key properties relevant to blockchain, distributed systems, and cryptographic attestation.
| Feature | BLS | ECDSA | Schnorr |
|---|---|---|---|
Signature Aggregation | Native (multiple signatures on distinct messages combine into one) | Native (multiple signatures on same message combine into one) | |
Batch Verification | Efficient (single pairing check for all signatures) | Limited (linear verification per signature) | Efficient (linear combination verification) |
Signature Size | 48 bytes (BLS12-381) | 70-72 bytes (secp256k1 DER-encoded) | 64 bytes (secp256k1) |
Public Key Size | 96 bytes (BLS12-381) | 33 bytes (compressed) | 32 bytes (x-only) |
Deterministic Signing | Optional (RFC 6979) | ||
Multi-Signature Rounds | 1 round (non-interactive) | 2-3 rounds (interactive) | 2 rounds (MuSig2) |
Threshold Signing | Native (polynomial-based key shares) | Requires complex MPC protocols | Requires FROST protocol |
Post-Quantum Security |
Frequently Asked Questions
Clear, technical answers to the most common questions about Boneh-Lynn-Shacham signatures, their aggregation properties, and their role in modern cryptographic attestation.
A BLS signature (Boneh-Lynn-Shacham) is a cryptographic signature scheme that uses elliptic curve pairings to produce short, unique signatures that support efficient aggregation. Unlike ECDSA or EdDSA, BLS signatures are deterministic—a given message and private key always produce the same signature, eliminating the nonce-reuse vulnerability that plagues other schemes.
The core mechanism relies on a bilinear pairing function e: G1 × G2 → GT, where G1 and G2 are elliptic curve groups. To sign, the signer hashes the message to a point on G1 and multiplies it by their private key. Verification checks that e(signature, g2) = e(H(m), public_key), where g2 is the generator of G2. This pairing-based structure is what enables the signature's most powerful feature: aggregation.
Key properties:
- Signatures are a single group element (48 bytes on BLS12-381)
- Deterministic output—no randomness required during signing
- Native support for multi-signature aggregation
- Batch verification of multiple signatures in a single pairing operation
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
BLS signatures are a foundational building block in modern cryptography. These related concepts form the ecosystem of tools and protocols that enable efficient, verifiable, and privacy-preserving digital attestation.
Threshold Signature Scheme
A protocol where a minimum number of parties (the threshold) from a defined group must cooperate to produce a valid signature. BLS signatures are uniquely suited for this because their signatures are natively aggregatable. In a t-of-n threshold scheme, any t participants can combine their partial BLS signatures into a single, compact signature that verifies against the group's aggregated public key, preventing any single party from unilaterally signing.
Digital Signature
A cryptographic mechanism for proving authenticity, integrity, and non-repudiation of a digital message. A standard digital signature like ECDSA is a single, non-aggregatable value. BLS signatures extend this concept by introducing signature aggregation: thousands of individual signatures can be compressed into a single 96-byte proof, making them the superior choice for blockchain consensus and distributed systems where bandwidth is a critical constraint.
Zero-Knowledge Proof (ZKP)
A method for proving a statement is true without revealing the underlying secret. BLS signatures are often used in conjunction with ZKPs to create efficient, privacy-preserving credentials. For example, a BLS signature on a set of attributes can be verified inside a zk-SNARK circuit, allowing a user to prove they possess a valid credential from an issuer while selectively disclosing only the attributes required for the transaction.
Verifiable Credential
A W3C standard for tamper-evident digital credentials. BLS signatures provide the cryptographic binding for these credentials. An issuer signs a set of claims with a BLS key, and the holder can later present this credential to a verifier. The use of BLS enables multi-show unlinkability when combined with zero-knowledge proofs, meaning a verifier cannot correlate multiple presentations of the same credential, a critical privacy property for digital identity systems.
Merkle Tree
A tree structure where every leaf is a hash of data, and every non-leaf node is a hash of its children. BLS signatures are frequently used to sign the Merkle root of a large dataset. This creates a single, compact proof that attests to the integrity of the entire set. A verifier can then use a Merkle proof (a path of sibling hashes) to confirm that a specific piece of data was included in the signed set without needing to download the entire dataset.
Post-Quantum Signature
A signature algorithm designed to resist attacks from large-scale quantum computers. Standard BLS signatures rely on bilinear pairings over elliptic curves, which are vulnerable to Shor's algorithm. Research into post-quantum BLS alternatives is active, exploring lattice-based and isogeny-based constructions that preserve the desirable aggregation property while providing security against quantum adversaries, ensuring the long-term viability of efficient attestation systems.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us