To define the system, it is necessary to define the following elements:

• Two distinct subgroups of the elliptic curve: $\mathbb{G}_1$ over the field $\mathbb{F}_p$ with generator $g_1$, and $\mathbb{G}2$ over the quadratic field extension $\mathbb{F}{p^2}$ with generator $g_2$.
• A bilinear paring $e:\mathbb{G}_1\times \mathbb{G}_2\rightarrow \mathbb{G}_t$ , where bilinear implies that $e(a^x,b^y)=e(a,b)^{xy}$
• A Key generation algorithm: A secret key $s_k$, that is chosen at random from $\mathbb{F}_p$ and a public key that is derived as $p_k=g_1^{s_k}\in \mathbb{G}_1$.

To sign a message $m$ (a string of bytes of arbitrary length), it is first hashed to a fixed length $H(m)\in \mathbb{G}_2$. A signature $\sigma$ for the message is crafted as $\sigma = H(m)^{s_k}\in\mathbb{G}_2$.

The verification algorithm takes as input $p_k$, $\sigma$ and $m$ and outputs a boolean that is true if and only if the following equality holds:

$e(\sigma, g)=e(H(m),p_k)$

It is easy to check, this holds if and only if $\sigma$ was signed with the same $s_k$ that corresponds to the $p_k$:

$e(\sigma, g)=e(H(m)^{s_k},g)=e(H(m),g^{s_k})=e(H(m),p_k)$

The cool thing about BLS, as we mentioned, is signature aggregation. Given a set of $n$ signatures $\{\sigma_1,\sigma_2,\dots, \sigma_n\}$, the aggregated signature will be $\sigma_{agg}=\sigma_1\cdot\sigma_2\dots\sigma_n$.

Then, verification will take $\sigma_{agg}, \{p_{k1},p_{k2},\dots,p_{kn}\}$ and $\{H(m_1),H(m_2),\dots,H(m_n)\}$ as inputs and output a boolean that is equal to true if and only if

$e(\sigma_{agg},g)=e(H(m_1),p_{k1})\cdot e(H(m_2),p_{k2})\dots e(H(m_n),p_{kn})$

In the case of the sync committee, all messages are equal (the beacon block root), which simplifies the check even further ($m_i=m\,\forall i$).