def Dec(sk, X, Y):
sk_inv = pow(sk, bn128.curve_order - 2, bn128.curve_order)
denom = bn128.multiply(X, sk_inv)
denom = (denom[0], -denom[1])
Hm = bn128.add(Y, denom)
P_test = H
m = 1
while not bn128.eq(Hm, P_test):
m += 1
P_test = bn128.add(P_test, H)
return m
def verify(vk: SigningVerificationKey, m: bytes, sigma: int) -> bool:
"""
Return true if the signature sigma is valid on message m and vk.
We assume here that the message is an hexadecimal string written in
less than 256 bits to conform with Ethereum bytes32 type.
"""
# Encode and hash the verifying key and input hashes
challenge_to_hash = g1_to_bytes(vk.spk) + m
challenge = int(sha256(challenge_to_hash).hexdigest(), 16)
challenge = challenge % ZETH_PRIME
left_part = ec.multiply(ec.G1, FQ(sigma).n)
right_part = ec.add(vk.spk, ec.multiply(vk.ppk, FQ(challenge).n))
return ec.eq(left_part, right_part)
target_bits=64)
C_expected = bn128.add(bn128.multiply(bn128.G1, total_bf),
bn128.multiply(H_from_address(asset_address), v))
print("Commitment Generated")
print("asset_address = 0x" + asset_address.to_bytes(20, 'big').hex())
print("value = " + str(v))
print("bf = " + hex(total_bf)[2:])
print("(" + C_expected[0].n.to_bytes(32, 'big').hex() + ",")
print(C_expected[1].n.to_bytes(32, 'big').hex() + ")")
print()
#Test commitment build
_, public_bit_commitments = ExtractCommitments(
bytes.fromhex(data[0]['data']))
C_out = BuildCommitmentPublic(public_bit_commitments, indices)
print("Assembled Commitment")
print("(" + C_out[0].n.to_bytes(32, 'big').hex() + ",")
print(C_out[1].n.to_bytes(32, 'big').hex() + ")")
print()
#Do results match?
print("Do they match?")
print(bn128.eq(C_out, C_expected))
print()
#Output proof
print("Output proof:")
print(bytes(indices).hex())
print()
print(data[0]['data'])