When a node registers for participation in DA, it generates a private (or ”secret”) key $k_s$ and calculates the corresponding public key $k_p$ using the BLS signature scheme. The node then signs this public key, which will be used later to ensure that this node produced a valid signature.
<aside> 💡
The BLS signature scheme[LINK] allows someone to check whether a message or “signature” was really created by its “signer”. The BLS scheme uses a private and public key pair, where the private key is used for signing and the public key is used for signature verification. In NomosDA, all of the following operations are calculated using a pairing $e$, defined over a cyclic subgroup of the BLS12-381 elliptic curve $\mathbb{G_1}$ with a generator $G_1$, and a cyclic subgroup of its extension field $\mathbb{G_2}$ with a generator $G_2$.
To create a key pair, the signer chooses a private key $k_s$, which is an element in the scalar field used for $\mathbb{G_1}$. To create the public key, the signer calculates
$$ k_p=k_sG_1 $$
Now, to sign a message $m$, the signer uses a hash function $H()$ that takes bytes and maps them onto points on $\mathbb{G_2}$. The signed message $\sigma$ will therefore be
$$ \sigma=k_sH(m) $$
Finally, this signature can be verified by checking whether the following equation holds true:
$$ e(k_p,H(m))=e(G_1, \sigma) $$
If the signature is valid, the above must be true due to the bilinear property of elliptic curves. Using the definitions of the elliptic curve points $\sigma$ and $k_p$ from above allows us to rearrange the equation as follows:
$$ e(k_p,H(m))=e(k_sG_1, H(m))\\ =e(G_1, H(m))^{k_s}\\ =e(G_1,k_sH(m))=e(G_1, \sigma) $$
</aside>
h