def aggregate_verify(pks, msgs, sig, ciphersuite):
assert len(pks) == len(msgs), "FAIL: aggregate_verify needs same number of sigs and msgs"
if not subgroup_check_g1(sig):
return False
Ps = [None] * (1 + len(msgs))
for (idx, (msg, pk)) in enumerate(zip(msgs, pks)):
if not subgroup_check_g2(pk):
return False
Ps[idx] = map2curve_osswu(msg, ciphersuite)
Ps[-1] = sig
Qs = chain(pks, (point_neg(g2gen),))
return multi_pairing(Ps, Qs) == 1
def G2neg(a): return point_neg(a)
def pop_verify(pk, proof, ciphersuite):
pk_bytes = serialize(pk, True) # serialize in compressed form
P = map2curve_osswu2(pk_bytes, ciphersuite)
if not (subgroup_check_g1(pk) and subgroup_check_g2(proof)):
return False
return multi_pairing((pk, point_neg(g1gen)), (P, proof)) == 1
def pop_verify(pk, proof, ciphersuite):
pk_bytes = serialize(pk, True) # serialize in compressed form
P = map2curve_osswu(pk_bytes, ciphersuite)
pk_ok = subgroup_check_g2(pk)
proof_ok = multi_pairing((P, proof), (pk, point_neg(g2gen))) == 1
return pk_ok and proof_ok
def verify(pk, sig, msg, ciphersuite):
P = map2curve_osswu2(msg, ciphersuite)
return multi_pairing((pk, point_neg(g1gen)), (P, sig)) == 1
def verify(pk, sig, msg, ciphersuite):
P = map2curve_osswu(msg, ciphersuite)
if not (subgroup_check_g2(pk) and subgroup_check_g1(sig)):
return False
return multi_pairing((P, sig), (pk, point_neg(g2gen))) == 1
