From 31d92cce11e8183a1c2ad488a8664f4a22575e02 Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paulmillr.com>
Date: Sun, 2 Apr 2023 14:42:49 +0000
Subject: [PATCH] README update

---
 README.md | 88 +++++++++++++++++++++++++++----------------------------
 1 file changed, 44 insertions(+), 44 deletions(-)

diff --git a/README.md b/README.md
index b1526a5..eba64a6 100644
--- a/README.md
+++ b/README.md
@@ -159,46 +159,6 @@ import { secp256k1 } from '@noble/curves/secp256k1'; // ESM and Common.js
 console.log(secp256k1.CURVE.p, secp256k1.CURVE.n, secp256k1.CURVE.a, secp256k1.CURVE.b);
 ```
 
-BLS12-381 pairing-friendly Barreto-Lynn-Scott elliptic curve construction allows to
-construct [zk-SNARKs](https://z.cash/technology/zksnarks/) at the 128-bit security
-and use aggregated, batch-verifiable
-[threshold signatures](https://medium.com/snigirev.stepan/bls-signatures-better-than-schnorr-5a7fe30ea716),
-using Boneh-Lynn-Shacham signature scheme. Compatible with ETH and others,
-just make sure to provide correct DST (domain separation tag argument).
-
-```ts
-import { bls12_381 as bls } from '@noble/curves/bls12-381';
-const privateKey = '67d53f170b908cabb9eb326c3c337762d59289a8fec79f7bc9254b584b73265c';
-const message = '64726e3da8';
-const publicKey = bls.getPublicKey(privateKey);
-const signature = bls.sign(message, privateKey);
-const isValid = bls.verify(signature, message, publicKey);
-console.log({ publicKey, signature, isValid });
-
-// Sign 1 msg with 3 keys
-const privateKeys = [
-  '18f020b98eb798752a50ed0563b079c125b0db5dd0b1060d1c1b47d4a193e1e4',
-  'ed69a8c50cf8c9836be3b67c7eeff416612d45ba39a5c099d48fa668bf558c9c',
-  '16ae669f3be7a2121e17d0c68c05a8f3d6bef21ec0f2315f1d7aec12484e4cf5',
-];
-const messages = ['d2', '0d98', '05caf3'];
-const publicKeys = privateKeys.map(bls.getPublicKey);
-const signatures2 = privateKeys.map((p) => bls.sign(message, p));
-const aggPubKey2 = bls.aggregatePublicKeys(publicKeys);
-const aggSignature2 = bls.aggregateSignatures(signatures2);
-const isValid2 = bls.verify(aggSignature2, message, aggPubKey2);
-console.log({ signatures2, aggSignature2, isValid2 });
-
-// Sign 3 msgs with 3 keys
-const signatures3 = privateKeys.map((p, i) => bls.sign(messages[i], p));
-const aggSignature3 = bls.aggregateSignatures(signatures3);
-const isValid3 = bls.verifyBatch(aggSignature3, messages, publicKeys);
-console.log({ publicKeys, signatures3, aggSignature3, isValid3 });
-// bls.pairing(PointG1, PointG2) // pairings
-
-// hash-to-curve examples can be seen below
-```
-
 ## Abstract API
 
 Abstract API allows to define custom curves. All arithmetics is done with JS
@@ -494,10 +454,11 @@ You must specify curve params `Fp`, `a`, `Gu` coordinate of u, `montgomeryBits`
 
 ### abstract/bls: BLS curves
 
-The module abstracts BLS (Barreto-Lynn-Scott) primitives.
-
-Right now we only implement BLS12-381, but in theory defining BLS12-377, BLS24
-should be straightforward.
+The module abstracts BLS (Barreto-Lynn-Scott) pairing-friendly elliptic curve construction.
+They allow to construct [zk-SNARKs](https://z.cash/technology/zksnarks/) and
+use aggregated, batch-verifiable
+[threshold signatures](https://medium.com/snigirev.stepan/bls-signatures-better-than-schnorr-5a7fe30ea716),
+using Boneh-Lynn-Shacham signature scheme.
 
 Main methods and properties are:
 
@@ -510,6 +471,45 @@ Main methods and properties are:
 - `Signature` property with `fromHex`, `toHex` methods
 - `fields` containing `Fp`, `Fp2`, `Fp6`, `Fp12`, `Fr`
 
+Right now we only implement BLS12-381 (compatible with ETH and others),
+but in theory defining BLS12-377, BLS24 should be straightforward. An example:
+
+```ts
+import { bls12_381 as bls } from '@noble/curves/bls12-381';
+const privateKey = '67d53f170b908cabb9eb326c3c337762d59289a8fec79f7bc9254b584b73265c';
+const message = '64726e3da8';
+const publicKey = bls.getPublicKey(privateKey);
+const signature = bls.sign(message, privateKey);
+const isValid = bls.verify(signature, message, publicKey);
+console.log({ publicKey, signature, isValid });
+
+// Sign 1 msg with 3 keys
+const privateKeys = [
+  '18f020b98eb798752a50ed0563b079c125b0db5dd0b1060d1c1b47d4a193e1e4',
+  'ed69a8c50cf8c9836be3b67c7eeff416612d45ba39a5c099d48fa668bf558c9c',
+  '16ae669f3be7a2121e17d0c68c05a8f3d6bef21ec0f2315f1d7aec12484e4cf5',
+];
+const messages = ['d2', '0d98', '05caf3'];
+const publicKeys = privateKeys.map(bls.getPublicKey);
+const signatures2 = privateKeys.map((p) => bls.sign(message, p));
+const aggPubKey2 = bls.aggregatePublicKeys(publicKeys);
+const aggSignature2 = bls.aggregateSignatures(signatures2);
+const isValid2 = bls.verify(aggSignature2, message, aggPubKey2);
+console.log({ signatures2, aggSignature2, isValid2 });
+
+// Sign 3 msgs with 3 keys
+const signatures3 = privateKeys.map((p, i) => bls.sign(messages[i], p));
+const aggSignature3 = bls.aggregateSignatures(signatures3);
+const isValid3 = bls.verifyBatch(aggSignature3, messages, publicKeys);
+console.log({ publicKeys, signatures3, aggSignature3, isValid3 });
+
+// bls.pairing(PointG1, PointG2) // pairings
+// bls.G1.ProjectivePoint.BASE, bls.G2.ProjectivePoint.BASE
+// bls.fields.Fp, bls.fields.Fp2, bls.fields.Fp12, bls.fields.Fr
+
+// hash-to-curve examples can be seen below
+```
+
 Full types:
 
 ```ts