MinPk.Pop
Proof of possession scheme described in section 3.3
A proof of possession scheme uses a separate public key validation step, called a proof of possession, to defend against rogue key attacks. This enables an optimization to aggregate signature verification for the case that all signatures are on the same message.
Equivalent to core_sign
with the DST given in the specification in section 4.2.3.
Equivalent to core_verify
with the DST given in the specification in section 4.2.3.
pop_proof sk
implements section 3.3.2.
pop_verify pk signature
implements section 3.3.3.
aggregate_verify pks msg aggregated_signature
performs a aggregate signature verification. It supposes the same message msg
has been signed. It implements the FastAggregateVerify algorithm specified in section 3.3.4.