diff --git a/.gitignore b/.gitignore
index de6d9c486..ee13fb270 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,4 @@ lotus
 **/*.h
 **/*.a
 **/*.pc
-build/.update-modules
+build/.*
diff --git a/.gitmodules b/.gitmodules
index a58051da8..454cb766b 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,6 @@
-[submodule "lib/bls-signatures/bls-signatures"]
-	path = lib/bls-signatures/bls-signatures
-	url = https://github.com/filecoin-project/bls-signatures.git
 [submodule "lib/sectorbuilder"]
 	path = lib/sectorbuilder
 	url = https://github.com/filecoin-project/go-sectorbuilder.git
+[submodule "extern/go-bls-sigs"]
+	path = extern/go-bls-sigs
+	url = https://github.com/filecoin-project/go-bls-sigs.git
diff --git a/Makefile b/Makefile
index 08b05d780..1b1aca9bb 100644
--- a/Makefile
+++ b/Makefile
@@ -1,17 +1,26 @@
 all: build
 .PHONY: all
 
-BUILD_DEPS:=lib/bls-signatures/include/libbls_signatures.h
 BUILD_DEPS+=lib/sectorbuilder/include/sector_builder_ffi.h
 
 # git modules that need to be loaded
 MODULES:=
 
-lib/bls-signatures/include/libbls_signatures.h: lib/bls-signatures/bls-signatures
-	./scripts/install-bls-signatures.sh
+CLEAN:=
+
+BLS_PATH:=extern/go-bls-sigs/
+BLS_DEPS:=libbls_signatures.a libbls_signatures.pc libbls_signatures.h
+BLS_DEPS:=$(addprefix $(BLS_PATH),$(BLS_DEPS))
+
+$(BLS_DEPS): build/.bls-install ;
+
+build/.bls-install: $(BLS_PATH)
+	$(MAKE) -C $(BLS_PATH) $(BLS_DEPS:$(BLS_PATH)%=%)
 	@touch $@
 
-MODULES+=lib/bls-signatures/bls-signatures
+MODULES+=$(BLS_PATH)
+BUILD_DEPS+=build/.bls-install
+CLEAN+=build/.bls-install
 
 
 lib/sectorbuilder/include/sector_builder_ffi.h: lib/sectorbuilder lib/sectorbuilder/rust-fil-sector-builder
@@ -28,6 +37,8 @@ build/.update-modules:
 	git submodule update --init --recursive
 	touch $@
 
+CLEAN+=build/.update-modules
+
 deps: $(BUILD_DEPS)
 .PHONY: deps
 
@@ -35,6 +46,11 @@ build: $(BUILD_DEPS)
 	go build -o lotus ./cmd/lotus
 .PHONY: build
 
+clean:
+	$(MAKE) -C $(BLS_PATH) clean
+	rm -rf $(CLEAN)
+.PHONY: clean
+
 dist-clean:
 	git clean -xdff
 	git submodule deinit --all -f
diff --git a/chain/address/address.go b/chain/address/address.go
index 0155f2565..677abcc6a 100644
--- a/chain/address/address.go
+++ b/chain/address/address.go
@@ -7,8 +7,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/filecoin-project/go-lotus/lib/bls-signatures"
-
+	"github.com/filecoin-project/go-bls-sigs"
 	"github.com/filecoin-project/go-leb128"
 	cbor "github.com/ipfs/go-ipld-cbor"
 	"github.com/minio/blake2b-simd"
diff --git a/chain/address/address_test.go b/chain/address/address_test.go
index c55116544..9491384e5 100644
--- a/chain/address/address_test.go
+++ b/chain/address/address_test.go
@@ -9,11 +9,11 @@ import (
 	"testing"
 	"time"
 
+	"github.com/filecoin-project/go-bls-sigs"
 	"github.com/filecoin-project/go-leb128"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/filecoin-project/go-lotus/lib/bls-signatures"
 	"github.com/filecoin-project/go-lotus/lib/crypto"
 )
 
diff --git a/chain/mining.go b/chain/mining.go
index ec6ef8afd..d0f8842c0 100644
--- a/chain/mining.go
+++ b/chain/mining.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	bls "github.com/filecoin-project/go-bls-sigs"
 	cid "github.com/ipfs/go-cid"
 	hamt "github.com/ipfs/go-hamt-ipld"
 	"github.com/pkg/errors"
@@ -12,7 +13,6 @@ import (
 	"github.com/filecoin-project/go-lotus/chain/actors"
 	"github.com/filecoin-project/go-lotus/chain/address"
 	"github.com/filecoin-project/go-lotus/chain/types"
-	bls "github.com/filecoin-project/go-lotus/lib/bls-signatures"
 )
 
 func miningRewardForBlock(base *TipSet) types.BigInt {
diff --git a/chain/wallet.go b/chain/wallet.go
index b03d37e36..9a1dd5202 100644
--- a/chain/wallet.go
+++ b/chain/wallet.go
@@ -6,13 +6,13 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/filecoin-project/go-lotus/chain/address"
-	"github.com/filecoin-project/go-lotus/chain/types"
-	"github.com/filecoin-project/go-lotus/lib/bls-signatures"
-	"github.com/filecoin-project/go-lotus/lib/crypto"
-
+	"github.com/filecoin-project/go-bls-sigs"
 	"github.com/minio/blake2b-simd"
 	"golang.org/x/xerrors"
+
+	"github.com/filecoin-project/go-lotus/chain/address"
+	"github.com/filecoin-project/go-lotus/chain/types"
+	"github.com/filecoin-project/go-lotus/lib/crypto"
 )
 
 const (
diff --git a/extern/go-bls-sigs b/extern/go-bls-sigs
new file mode 160000
index 000000000..4bc4b8a7b
--- /dev/null
+++ b/extern/go-bls-sigs
@@ -0,0 +1 @@
+Subproject commit 4bc4b8a7bbf8118b8629084ff9207cfbf146df5f
diff --git a/go.mod b/go.mod
index a0742296f..451de0c25 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,7 @@ go 1.12
 
 require (
 	github.com/BurntSushi/toml v0.3.1
+	github.com/filecoin-project/go-bls-sigs v0.0.0-20190718224239-4bc4b8a7bbf8
 	github.com/filecoin-project/go-leb128 v0.0.0-20190212224330-8d79a5489543
 	github.com/gorilla/websocket v1.4.0
 	github.com/ipfs/go-bitswap v0.1.5
@@ -69,3 +70,5 @@ require (
 	gopkg.in/urfave/cli.v2 v2.0.0-20180128182452-d3ae77c26ac8
 	launchpad.net/gocheck v0.0.0-20140225173054-000000000087 // indirect
 )
+
+replace github.com/filecoin-project/go-bls-sigs => ./extern/go-bls-sigs
diff --git a/lib/bls-signatures/bls-signatures b/lib/bls-signatures/bls-signatures
deleted file mode 160000
index c2f288190..000000000
--- a/lib/bls-signatures/bls-signatures
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit c2f28819039ce50f9a25429598a6d179fdaabe20
diff --git a/lib/bls-signatures/bls.go b/lib/bls-signatures/bls.go
deleted file mode 100644
index 5fc674e32..000000000
--- a/lib/bls-signatures/bls.go
+++ /dev/null
@@ -1,148 +0,0 @@
-package bls
-
-import (
-	"unsafe"
-)
-
-// #cgo LDFLAGS: -L${SRCDIR}/lib -lbls_signatures
-// #cgo pkg-config: ${SRCDIR}/lib/pkgconfig/libbls_signatures.pc
-// #include "./include/libbls_signatures.h"
-import "C"
-
-// Hash computes the digest of a message
-func Hash(message Message) Digest {
-	// prep request
-	cMessage := C.CBytes(message)
-	defer C.free(cMessage)
-	cMessagePtr := (*C.uchar)(cMessage)
-	cMessageLen := C.size_t(len(message))
-
-	// call method
-	resPtr := (*C.HashResponse)(unsafe.Pointer(C.hash(cMessagePtr, cMessageLen)))
-	defer C.destroy_hash_response(resPtr)
-
-	// prep response
-	var digest Digest
-	digestSlice := C.GoBytes(unsafe.Pointer(&resPtr.digest), DigestBytes) // nolint: staticcheck
-	copy(digest[:], digestSlice)
-
-	return digest
-}
-
-// Verify verifies that a signature is the aggregated signature of digests - pubkeys
-func Verify(signature Signature, digests []Digest, publicKeys []PublicKey) bool {
-	// prep data
-	flattenedDigests := make([]byte, DigestBytes*len(digests))
-	for idx, digest := range digests {
-		copy(flattenedDigests[(DigestBytes*idx):(DigestBytes*(1+idx))], digest[:])
-	}
-
-	flattenedPublicKeys := make([]byte, PublicKeyBytes*len(publicKeys))
-	for idx, publicKey := range publicKeys {
-		copy(flattenedPublicKeys[(PublicKeyBytes*idx):(PublicKeyBytes*(1+idx))], publicKey[:])
-	}
-
-	// prep request
-	cSignature := C.CBytes(signature[:])
-	defer C.free(cSignature)
-	cSignaturePtr := (*C.uchar)(cSignature)
-
-	cFlattenedDigests := C.CBytes(flattenedDigests)
-	defer C.free(cFlattenedDigests)
-	cFlattenedDigestsPtr := (*C.uint8_t)(cFlattenedDigests)
-	cFlattenedDigestsLen := C.size_t(len(flattenedDigests))
-
-	cFlattenedPublicKeys := C.CBytes(flattenedPublicKeys)
-	defer C.free(cFlattenedPublicKeys)
-	cFlattenedPublicKeysPtr := (*C.uint8_t)(cFlattenedPublicKeys)
-	cFlattenedPublicKeysLen := C.size_t(len(flattenedPublicKeys))
-
-	// call method
-	resPtr := (*C.VerifyResponse)(unsafe.Pointer(C.verify(cSignaturePtr, cFlattenedDigestsPtr, cFlattenedDigestsLen, cFlattenedPublicKeysPtr, cFlattenedPublicKeysLen)))
-	defer C.destroy_verify_response(resPtr)
-
-	return resPtr.result > 0
-}
-
-// Aggregate aggregates signatures together into a new signature
-func Aggregate(signatures []Signature) Signature {
-	// prep data
-	flattenedSignatures := make([]byte, SignatureBytes*len(signatures))
-	for idx, sig := range signatures {
-		copy(flattenedSignatures[(SignatureBytes*idx):(SignatureBytes*(1+idx))], sig[:])
-	}
-
-	// prep request
-	cFlattenedSignatures := C.CBytes(flattenedSignatures)
-	defer C.free(cFlattenedSignatures)
-	cFlattenedSignaturesPtr := (*C.uint8_t)(cFlattenedSignatures)
-	cFlattenedSignaturesLen := C.size_t(len(flattenedSignatures))
-
-	// call method
-	resPtr := (*C.AggregateResponse)(unsafe.Pointer(C.aggregate(cFlattenedSignaturesPtr, cFlattenedSignaturesLen)))
-	defer C.destroy_aggregate_response(resPtr)
-
-	// prep response
-	var signature Signature
-	signatureSlice := C.GoBytes(unsafe.Pointer(&resPtr.signature), SignatureBytes) // nolint: staticcheck
-	copy(signature[:], signatureSlice)
-
-	return signature
-}
-
-// PrivateKeyGenerate generates a private key
-func PrivateKeyGenerate() PrivateKey {
-	// call method
-	resPtr := (*C.PrivateKeyGenerateResponse)(unsafe.Pointer(C.private_key_generate()))
-	defer C.destroy_private_key_generate_response(resPtr)
-
-	// prep response
-	var privateKey PrivateKey
-	privateKeySlice := C.GoBytes(unsafe.Pointer(&resPtr.private_key), PrivateKeyBytes) // nolint: staticcheck
-	copy(privateKey[:], privateKeySlice)
-
-	return privateKey
-}
-
-// PrivateKeySign signs a message
-func PrivateKeySign(privateKey PrivateKey, message Message) Signature {
-	// prep request
-	cPrivateKey := C.CBytes(privateKey[:])
-	defer C.free(cPrivateKey)
-	cPrivateKeyPtr := (*C.uchar)(cPrivateKey)
-
-	cMessage := C.CBytes(message)
-	defer C.free(cMessage)
-	cMessagePtr := (*C.uchar)(cMessage)
-	cMessageLen := C.size_t(len(message))
-
-	// call method
-	resPtr := (*C.PrivateKeySignResponse)(unsafe.Pointer(C.private_key_sign(cPrivateKeyPtr, cMessagePtr, cMessageLen)))
-	defer C.destroy_private_key_sign_response(resPtr)
-
-	// prep response
-	var signature Signature
-	signatureSlice := C.GoBytes(unsafe.Pointer(&resPtr.signature), SignatureBytes) // nolint: staticcheck
-	copy(signature[:], signatureSlice)
-
-	return signature
-}
-
-// PrivateKeyPublicKey gets the public key for a private key
-func PrivateKeyPublicKey(privateKey PrivateKey) PublicKey {
-	// prep request
-	cPrivateKey := C.CBytes(privateKey[:])
-	defer C.free(cPrivateKey)
-	cPrivateKeyPtr := (*C.uchar)(cPrivateKey)
-
-	// call method
-	resPtr := (*C.PrivateKeyPublicKeyResponse)(unsafe.Pointer(C.private_key_public_key(cPrivateKeyPtr))) // nolint: staticcheck
-	defer C.destroy_private_key_public_key_response(resPtr)
-
-	// prep response
-	var publicKey PublicKey
-	publicKeySlice := C.GoBytes(unsafe.Pointer(&resPtr.public_key), PublicKeyBytes) // nolint: staticcheck
-	copy(publicKey[:], publicKeySlice)
-
-	return publicKey
-}
diff --git a/lib/bls-signatures/bls_test.go b/lib/bls-signatures/bls_test.go
deleted file mode 100644
index 153e0b565..000000000
--- a/lib/bls-signatures/bls_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package bls
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestBLSSigningAndVerification(t *testing.T) {
-	// generate private keys
-	fooPrivateKey := PrivateKeyGenerate()
-	barPrivateKey := PrivateKeyGenerate()
-
-	// get the public keys for the private keys
-	fooPublicKey := PrivateKeyPublicKey(fooPrivateKey)
-	barPublicKey := PrivateKeyPublicKey(barPrivateKey)
-
-	// make messages to sign with the keys
-	fooMessage := Message("hello foo")
-	barMessage := Message("hello bar!")
-
-	// calculate the digests of the messages
-	fooDigest := Hash(fooMessage)
-	barDigest := Hash(barMessage)
-
-	// get the signature when signing the messages with the private keys
-	fooSignature := PrivateKeySign(fooPrivateKey, fooMessage)
-	barSignature := PrivateKeySign(barPrivateKey, barMessage)
-
-	// assert the foo message was signed with the foo key
-	assert.True(t, Verify(fooSignature, []Digest{fooDigest}, []PublicKey{fooPublicKey}))
-
-	// assert the bar message was signed with the bar key
-	assert.True(t, Verify(barSignature, []Digest{barDigest}, []PublicKey{barPublicKey}))
-
-	// assert the foo message was not signed by the bar key
-	assert.False(t, Verify(fooSignature, []Digest{fooDigest}, []PublicKey{barPublicKey}))
-
-	// assert the bar/foo message was not signed by the foo/bar key
-	assert.False(t, Verify(barSignature, []Digest{barDigest}, []PublicKey{fooPublicKey}))
-	assert.False(t, Verify(barSignature, []Digest{fooDigest}, []PublicKey{barPublicKey}))
-	assert.False(t, Verify(fooSignature, []Digest{barDigest}, []PublicKey{fooPublicKey}))
-}
diff --git a/lib/bls-signatures/types.go b/lib/bls-signatures/types.go
deleted file mode 100644
index 1d9cd5d6d..000000000
--- a/lib/bls-signatures/types.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package bls
-
-// SignatureBytes is the length of a BLS signature
-const SignatureBytes = 96
-
-// PrivateKeyBytes is the length of a BLS private key
-const PrivateKeyBytes = 32
-
-// PublicKeyBytes is the length of a BLS public key
-const PublicKeyBytes = 48
-
-// DigestBytes is the length of a BLS message hash/digest
-const DigestBytes = 96
-
-// Signature is a compressed affine
-type Signature [SignatureBytes]byte
-
-// PrivateKey is a compressed affine
-type PrivateKey [PrivateKeyBytes]byte
-
-// PublicKey is a compressed affine
-type PublicKey [PublicKeyBytes]byte
-
-// Message is a byte slice
-type Message []byte
-
-// Digest is a compressed affine
-type Digest [DigestBytes]byte