8 releases

0.3.5 Sep 14, 2021
0.3.4 Apr 2, 2021
0.3.3 Mar 8, 2021
0.3.2 Dec 1, 2020
0.1.0 Jun 22, 2020
Download history 1928/week @ 2021-06-06 2375/week @ 2021-06-13 1635/week @ 2021-06-20 3448/week @ 2021-06-27 3018/week @ 2021-07-04 3274/week @ 2021-07-11 2498/week @ 2021-07-18 3663/week @ 2021-07-25 4928/week @ 2021-08-01 3685/week @ 2021-08-08 2566/week @ 2021-08-15 2633/week @ 2021-08-22 3538/week @ 2021-08-29 3124/week @ 2021-09-05 3999/week @ 2021-09-12 3449/week @ 2021-09-19

13,506 downloads per month
Used in 27 crates (3 directly)


110K SLoC

GNU Style Assembly 65K SLoC // 0.0% comments Assembly 21K SLoC Perl 17K SLoC // 0.1% comments C 5K SLoC // 0.1% comments Rust 2.5K SLoC // 0.0% comments Shell 39 SLoC

blst Crates.io

The blst crate provides a rust interface to the blst BLS12-381 signature library.


bindgen is used to generate FFI bindings to blst.h. Then build.rs invokes C compiler to compile everything into libblst.a within the rust target build area. On Linux it's possible to choose compiler by setting CC environment variable.

Everything can be built and run with the typical cargo commands:

cargo test
cargo bench

If the target application crashes with an "illegal instruction" exception [after copying to an older system], activate portable feature when building blst. Conversely, if you compile on an older Intel system, but will execute the binary on a newer one, consider instead activating force-adx feature. Though keep in mind that cc passes the value of CFLAGS environment variable to the C compiler, and if set to contain specific flags, it can interfere with feature selection. -D__BLST_PORTABLE__ and -D__ADX__ are the said features' equivalents.


There are two primary modes of operation that can be chosen based on declaration path:

For minimal-pubkey-size operations:

use blst::min_pk::*

For minimal-signature-size operations:

use blst::min_sig::*

There are five structs with inherent implementations that provide the BLS12-381 signature functionality.


A simple example for generating a key, signing a message, and verifying the message:

let mut ikm = [0u8; 32];
rng.fill_bytes(&mut ikm);

let sk = SecretKey::key_gen(&ikm, &[]).unwrap();
let pk = sk.sk_to_pk();

let dst = b"BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_";
let msg = b"blst is such a blast";
let sig = sk.sign(msg, dst, &[]);

let err = sig.verify(msg, dst, &[], &pk);
assert_eq!(err, BLST_ERROR::BLST_SUCCESS);

See the tests in src/lib.rs and benchmarks in benches/blst_benches.rs for further examples of usage.


~24K SLoC