def test_benchmark_create_witness(benchmark, t):
g = G1.rand()
h = G1.rand()
pc = PolyCommitLin([g, h])
phi_hat = polynomials_over(ZR).random(t)
i = ZR.random()
benchmark(pc.create_witness, phi_hat, i)
def get_avss_params(n, t, my_id):
g, h = G1.rand(seed=[0, 0, 0, 1]), G1.rand(seed=[0, 0, 0, 2])
public_keys, private_keys = [None] * n, [None] * n
for i in range(n):
private_keys[i] = ZR.random(seed=17 + i)
public_keys[i] = pow(g, private_keys[i])
return g, h, public_keys, private_keys[my_id]
def test_bilinear_math():
from honeybadgermpc.betterpairing import ZR, G1, G2, GT, pair
a = G1.rand()
b = G2.rand()
c = pair(a, b)
i = ZR.random()
assert pair(a**i, b) == c**i
assert pair(a, b**i) == c**i
assert pair(a**i, b**i) == c**(i**2)
a.preprocess(8)
b.preprocess(3)
c.preprocess(5)
i = ZR.random()
assert pair(a**i, b) == c**i
assert pair(a, b**i) == c**i
assert pair(a**i, b**i) == c**(i**2)
a **= ZR.random()
b **= ZR.random()
c **= ZR.random()
a2 = G1.rand()
assert a / a2 == a * a2**-1
b2 = G2.rand()
assert b / b2 == b * b2**-1
c2 = GT.rand()
assert c / c2 == c * c2**-1
assert (a**-1)**-1 == a
assert (b**-1)**-1 == b
assert (c**-1)**-1 == c
def get_avss_params(n, t):
g, h = G1.rand(), G1.rand()
public_keys, private_keys = [None] * n, [None] * n
for i in range(n):
private_keys[i] = ZR.random(0)
public_keys[i] = pow(g, private_keys[i])
return g, h, public_keys, private_keys
def test_benchmark_commit(benchmark, t):
alpha = ZR.random()
g = G1.rand()
h = G1.rand()
crs = gen_pc_const_crs(t, alpha=alpha, g=g, h=h)
pc = PolyCommitConst(crs)
phi = polynomials_over(ZR).random(t)
benchmark(pc.commit, phi)
def get_avss_params_pyp(n, t):
from pypairing import G1, ZR
g, h = G1.rand(), G1.rand()
public_keys, private_keys = [None] * n, [None] * n
for i in range(n):
private_keys[i] = ZR.random()
public_keys[i] = pow(g, private_keys[i])
return g, h, public_keys, private_keys
def test_poly_commit():
poly_commit = PolyCommitLin([G1.rand(), G1.rand()])
degree = randint(10, 50)
phi = polynomials_over(ZR).random(degree)
cs, aux = poly_commit.commit(phi)
i = randint(0, degree - 1)
witness = poly_commit.create_witness(aux, i)
assert poly_commit.verify_eval(cs, i, phi(i), witness)
def test_benchmark_create_witness(benchmark, t):
alpha = ZR.random()
g = G1.rand()
h = G1.rand()
crs = gen_pc_const_crs(t, alpha=alpha, g=g, h=h)
pc = PolyCommitConst(crs)
phi = polynomials_over(ZR).random(t)
c, phi_hat = pc.commit(phi)
pc.preprocess_prover(10)
i = ZR.random()
benchmark(pc.create_witness, phi, phi_hat, i)
def test_pc_const():
t = 3
alpha = ZR.random()
g = G1.rand()
h = G1.rand()
crs = gen_pc_const_crs(t, alpha=alpha, g=g, h=h)
pc = PolyCommitConst(crs)
phi = polynomials_over(ZR).random(t)
c, phi_hat = pc.commit(phi)
witness = pc.create_witness(phi, phi_hat, 3)
assert c == g**phi(alpha) * h**phi_hat(alpha)
assert pc.verify_eval(c, 3, phi(3), phi_hat(3), witness)
assert not pc.verify_eval(c, 4, phi(3), phi_hat(3), witness)
def test_serialization():
from honeybadgermpc.betterpairing import ZR, G1, G2, GT
a = ZR.random()
b = G1.rand()
c = G2.rand()
d = GT.rand()
assert a == ZR(a.__getstate__())
# assert b == G1(b.__getstate__())
assert c == G2(c.__getstate__())
assert d == GT(d.__getstate__())
bb = G1()
bb.__setstate__(b.__getstate__())
assert bb == b
def batch_verify_eval(self, commits, i, shares, auxes, witnesses):
assert (len(commits) == len(shares) and len(commits) == len(witnesses)
and len(commits) == len(auxes))
commitprod = G1.one()
witnessprod = G1.one()
sharesum = ZR(0)
auxsum = ZR(0)
for j in range(len(commits)):
commitprod *= commits[j]
witnessprod *= witnesses[j]
sharesum += shares[j]
auxsum += auxes[j]
lhs = pair(commitprod, self.ghats[0])
rhs = (pair(witnessprod, self.ghats[1] * self.ghats[0]**(-i)) *
(self.gg**sharesum) * (self.gh**auxsum))
return lhs == rhs
def test_hashing():
from honeybadgermpc.betterpairing import ZR, G1, G2
import pickle
crs = G1.hash_many(b"honeybadger", 10) + G2.hash_many(b"honeybadger", 2)
assert crs[0] != crs[1]
assert type(crs[0]) is G1
assert type(crs[11]) is G2
assert len(crs) == 12
c = ZR.hash(pickle.dumps(crs))
assert type(c) is ZR
c2 = ZR.hash(pickle.dumps(crs))
assert c == c2
g = G1.hash(pickle.dumps(crs))
g2 = G1.hash(pickle.dumps(crs))
ghat = G2.hash(pickle.dumps(crs))
ghat2 = G2.hash(pickle.dumps(crs))
assert g == g2
assert ghat == ghat2
def commit(self, phi):
c = G1.one()
phi_hat = polynomials_over(self.field).random(self.t)
i = 0
for item in self.gs:
c *= item**phi.coeffs[i]
i += 1
i = 0
for item in self.hs:
c *= item**phi_hat.coeffs[i]
i += 1
# c should equal g **(phi(alpha)) h **(phi_hat(alpha))
return c, phi_hat
def create_witness(self, phi, phi_hat, i):
poly = polynomials_over(self.field)
div = poly([-1 * i, 1])
psi = (phi - poly([phi(i)])) / div
psi_hat = (phi_hat - poly([phi_hat(i)])) / div
witness = G1.one()
j = 0
for item in self.gs[:-1]:
witness *= item**psi.coeffs[j]
j += 1
j = 0
for item in self.hs[:-1]:
witness *= item**psi_hat.coeffs[j]
j += 1
return witness
def gen_pc_const_crs(t, alpha=None, g=None, h=None, ghat=None):
nonetype = type(None)
assert type(t) is int
assert type(alpha) in (ZR, int, nonetype)
assert type(g) in (G1, nonetype)
assert type(h) in (G1, nonetype)
assert type(ghat) in (G2, nonetype)
if alpha is None:
alpha = ZR.random(0)
if g is None:
g = G1.rand([0, 0, 0, 1])
if h is None:
h = G1.rand([0, 0, 0, 1])
if ghat is None:
ghat = G2.rand([0, 0, 0, 1])
(gs, ghats, hs) = ([], [], [])
for i in range(t + 1):
gs.append(g**(alpha**i))
for i in range(2):
ghats.append(ghat**(alpha**i))
for i in range(t + 1):
hs.append(h**(alpha**i))
crs = [gs, ghats, hs]
return crs
def verify_eval(self, cs, i, phi_at_i, witness):
lhs = G1.one()
for j in range(len(cs)):
lhs *= pow(cs[j], pow(i, j))
rhs = pow(self.g, phi_at_i) * pow(self.h, witness)
return lhs == rhs
def test_benchmark_commit(benchmark, t):
g = G1.rand()
h = G1.rand()
pc = PolyCommitLin([g, h])
phi = polynomials_over(ZR).random(t)
benchmark(pc.commit, phi)
