hotstuff icon indicating copy to clipboard operation
hotstuff copied to clipboard
verified publisher icon relab

decision: bls12 dependency is old (archived), find alternative

Open meling opened this issue 3 months ago • 0 comments

The current BLS12 implementation that we depend on is

  • https://github.com/kilic/bls12-381

There hasn't been any releases since 2021; we are using v0.1.1-0.20210208205449-6045b0235e36

The repository was archived Dec 27, 2023. There is no suggested alternatives on their GitHub page. ChatGPT suggested these:

🧮 Better-maintained Go implementations of BLS12-381

Your current dependency github.com/kilic/bls12-381 has been archived.
Below are well-maintained alternatives depending on your requirements:

🔹 supranational/blst

  • Language: C/assembly core with Go bindings
  • Pros: Extremely fast, widely used (Ethereum 2.0 clients), actively maintained, audited
  • Cons: Requires cgo
  • Go bindings: github.com/supranational/blst/bindings/go
  • Best for: Production use where performance matters (e.g., HotStuff aggregate signatures)

🔹 ConsenSys/gnark-crypto

  • Language: Pure Go
  • Pros: Maintained, audited, full algebra support (pairings, G1/G2 ops, hash-to-curve)
  • Cons: Slower than blst but avoids cgo
  • Best for: Pure-Go builds needing complete BLS12-381 primitives

🔹 Cloudflare/CIRCL

  • Language: Pure Go
  • Pros: Clean API, maintained by Cloudflare, implements IETF BLS draft
  • Cons: Narrower scope (focused on BLS signatures only, not general pairings)
  • Best for: Simpler signature use cases and easy integration

🔹 herumi/bls

  • Language: C++ with Go wrapper
  • Pros: Mature, widely used historically (e.g., Chia, earlier BLS users)
  • Cons: Requires cgo; older design; previous audit concerns
  • Best for: Legacy compatibility when already using Herumi’s MCL

⚠️ Avoid

✅ Recommendation for HotStuff

  • High performance (aggregate verification): use blst
  • Pure Go implementation: use gnark-crypto
  • Simple BLS signatures: use CIRCL

If you tell me which specific BLS features your HotStuff implementation relies on
(e.g., coreVerify, Aggregate, BatchVerify, hash-to-curve mode),
I can show you a 1:1 API migration example for the most suitable library.

meling avatar Oct 31 '25 10:10 meling