def ecrecover_substitute(z, v, r, s):
P, A, B, N, Gx, Gy = b.P, b.A, b.B, b.N, b.Gx, b.Gy
x = r
beta = pow(x*x*x+A*x+B, (P + 1) / 4, P)
BETA_PREMIUM = modexp_substitute(x, (P + 1) / 4, P)["gas"]
y = beta if v % 2 ^ beta % 2 else (P - beta)
Gz = b.jordan_multiply(((Gx, 1), (Gy, 1)), (N - z) % N)
GZ_PREMIUM = jacobian_mul_substitute(Gx, 1, Gy, 1, (N - z) % N)["gas"]
XY = b.jordan_multiply(((x, 1), (y, 1)), s)
XY_PREMIUM = jacobian_mul_substitute(x, 1, y, 1, s % N)["gas"]
Qr = b.jordan_add(Gz, XY)
QR_PREMIUM = jacobian_add_substitute(Gz[0][0], Gz[0][1], Gz[1][0], Gz[1][1],
XY[0][0], XY[0][1], XY[1][0], XY[1][1]
)["gas"]
Q = b.jordan_multiply(Qr, pow(r, N - 2, N))
Q_PREMIUM = jacobian_mul_substitute(Qr[0][0], Qr[0][1], Qr[1][0], Qr[1][1],
pow(r, N - 2, N))["gas"]
R_PREMIUM = modexp_substitute(r, N - 2, N)["gas"]
OX_PREMIUM = modexp_substitute(Q[0][1], P - 2, P)["gas"]
OY_PREMIUM = modexp_substitute(Q[1][1], P - 2, P)["gas"]
Q = b.from_jordan(Q)
return {
"gas": 993 + BETA_PREMIUM + GZ_PREMIUM + XY_PREMIUM + QR_PREMIUM +
Q_PREMIUM + R_PREMIUM + OX_PREMIUM + OY_PREMIUM,
"output": signed(Q)
}
def ecrecover_substitute(z, v, r, s):
P, A, B, N, Gx, Gy = b.P, b.A, b.B, b.N, b.Gx, b.Gy
x = r
beta = pow(x * x * x + A * x + B, (P + 1) / 4, P)
BETA_PREMIUM = modexp_substitute(x, (P + 1) / 4, P)["gas"]
y = beta if v % 2 ^ beta % 2 else (P - beta)
Gz = b.jordan_multiply(((Gx, 1), (Gy, 1)), (N - z) % N)
GZ_PREMIUM = jacobian_mul_substitute(Gx, 1, Gy, 1, (N - z) % N)["gas"]
XY = b.jordan_multiply(((x, 1), (y, 1)), s)
XY_PREMIUM = jacobian_mul_substitute(x, 1, y, 1, s % N)["gas"]
Qr = b.jordan_add(Gz, XY)
QR_PREMIUM = jacobian_add_substitute(Gz[0][0], Gz[0][1], Gz[1][0],
Gz[1][1], XY[0][0], XY[0][1],
XY[1][0], XY[1][1])["gas"]
Q = b.jordan_multiply(Qr, pow(r, N - 2, N))
Q_PREMIUM = jacobian_mul_substitute(Qr[0][0], Qr[0][1], Qr[1][0], Qr[1][1],
pow(r, N - 2, N))["gas"]
R_PREMIUM = modexp_substitute(r, N - 2, N)["gas"]
OX_PREMIUM = modexp_substitute(Q[0][1], P - 2, P)["gas"]
OY_PREMIUM = modexp_substitute(Q[1][1], P - 2, P)["gas"]
Q = b.from_jordan(Q)
return {
"gas":
993 + BETA_PREMIUM + GZ_PREMIUM + XY_PREMIUM + QR_PREMIUM + Q_PREMIUM +
R_PREMIUM + OX_PREMIUM + OY_PREMIUM,
"output":
signed(Q)
}
def jacobian_mul_substitute(A, B, C, D, N):
if A == 0 and C == 0 or (N % b.N) == 0:
return {"gas": 87, "output": [0, 1, 0, 1]}
else:
output = b.jordan_multiply(((A, B), (C, D)), N)
return {
"gas": 34239 + 94 * binary_length(N % b.N) + 349 * hamming_weight(N % b.N),
"output": signed(list(output[0]) + list(output[1]))
}
def jacobian_mul_substitute(A, B, C, D, N):
if A == 0 and C == 0 or (N % b.N) == 0:
return {"gas": 86, "output": [0, 1, 0, 1]}
else:
output = b.jordan_multiply(((A, B), (C, D)), N)
return {
"gas": 35262 + 95 * binary_length(N % b.N) + 355 * hamming_weight(N % b.N),
"output": signed(list(output[0]) + list(output[1]))
}
import bitcoin as b
import random
import sys
import math
from pyethereum import tester as t
import substitutes
import time
vals = [random.randrange(2**256) for i in range(12)]
test_points = [list(p[0]) + list(p[1]) for p in
[b.jordan_multiply(((b.Gx, 1), (b.Gy, 1)), r) for r in vals]]
G = [b.Gx, 1, b.Gy, 1]
Z = [0, 1, 0, 1]
def neg_point(p):
return [p[0], b.P - p[1], p[2], b.P - p[3]]
s = t.state()
s.block.gas_limit = 10000000
t.gas_limit = 1000000
c = s.contract('modexp.se')
print "Starting modexp tests"
for i in range(0, len(vals) - 2, 3):
o1 = substitutes.modexp_substitute(vals[i], vals[i+1], vals[i+2])
o2 = s.profile(t.k0, c, 0, funid=0, abi=vals[i:i+3])
import bitcoin as b
import random
import sys
import math
from pyethereum import tester as t
import substitutes
import time
vals = [random.randrange(2**256) for i in range(12)]
test_points = [
list(p[0]) + list(p[1])
for p in [b.jordan_multiply(((b.Gx, 1), (b.Gy, 1)), r) for r in vals]
]
G = [b.Gx, 1, b.Gy, 1]
Z = [0, 1, 0, 1]
def neg_point(p):
return [p[0], b.P - p[1], p[2], b.P - p[3]]
s = t.state()
s.block.gas_limit = 10000000
t.gas_limit = 1000000
c = s.contract('modexp.se')
print "Starting modexp tests"
for i in range(0, len(vals) - 2, 3):
