Skip to main content

BLS on EVM

The EVM has precompiles that support operations on the BN254 pairing-friendly curve, which our version of drand depends on.

Solidity contracts & utilities

The supporting BLS contracts can be found on GitHub. Much of the code is based on previous work by The Hubble Project, with some modifications to make our implementation compliant with RFC9380 while also being more gas-efficient.

Hash-to-point

The BLS-on-BN254 scheme used in Anyrand utilises the RFC9380-compliant Shallue-van de Woestijne (SVDW), which is a constant-time method to map points to a curve. Other constant-time methods that were compared include the Simplified SWU (SSWU) and the Fouque-Tibouchi (not RFC9380-compliant) mappings. However, SVDW yielded the most gas-efficient and compliant implementation for the EVM.