def twist(pt: Optimized_Point3D[FQP]) -> Optimized_Point3D[FQ12]: _x, _y, _z = pt # Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 2*x + 2 xcoeffs = [_x.coeffs[0] - _x.coeffs[1], _x.coeffs[1]] ycoeffs = [_y.coeffs[0] - _y.coeffs[1], _y.coeffs[1]] zcoeffs = [_z.coeffs[0] - _z.coeffs[1], _z.coeffs[1]] nx = FQ12([0] + [xcoeffs[0]] + [0] * 5 + [xcoeffs[1]] + [0] * 4) ny = FQ12([ycoeffs[0]] + [0] * 5 + [ycoeffs[1]] + [0] * 5) nz = FQ12([0] * 3 + [zcoeffs[0]] + [0] * 5 + [zcoeffs[1]] + [0] * 2) return (nx, ny, nz)
def twist(pt): _x, _y, _z = pt # Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 2*x + 2 xcoeffs = [_x.coeffs[0] - _x.coeffs[1], _x.coeffs[1]] ycoeffs = [_y.coeffs[0] - _y.coeffs[1], _y.coeffs[1]] zcoeffs = [_z.coeffs[0] - _z.coeffs[1], _z.coeffs[1]] nx = FQ12([xcoeffs[0]] + [0] * 5 + [xcoeffs[1]] + [0] * 5) ny = FQ12([ycoeffs[0]] + [0] * 5 + [ycoeffs[1]] + [0] * 5) nz = FQ12([zcoeffs[0]] + [0] * 5 + [zcoeffs[1]] + [0] * 5) return (nx / w**2, ny / w**3, nz)
def twist(pt: Optimized_Point3D[FQP]) -> Optimized_Point3D[FQ12]: _x, _y, _z = pt # Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 18*x + 82 xcoeffs = [_x.coeffs[0] - _x.coeffs[1] * 9, _x.coeffs[1]] ycoeffs = [_y.coeffs[0] - _y.coeffs[1] * 9, _y.coeffs[1]] zcoeffs = [_z.coeffs[0] - _z.coeffs[1] * 9, _z.coeffs[1]] nx = FQ12([xcoeffs[0]] + [0] * 5 + [xcoeffs[1]] + [0] * 5) ny = FQ12([ycoeffs[0]] + [0] * 5 + [ycoeffs[1]] + [0] * 5) nz = FQ12([zcoeffs[0]] + [0] * 5 + [zcoeffs[1]] + [0] * 5) return (nx * w**2, ny * w**3, nz)
def twist(pt): if pt is None: return None _x, _y = pt # Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 2*x + 2 xcoeffs = [_x.coeffs[0] - _x.coeffs[1], _x.coeffs[1]] ycoeffs = [_y.coeffs[0] - _y.coeffs[1], _y.coeffs[1]] # Isomorphism into subfield of Z[p] / w**12 - 2 * w**6 + 2, # where w**6 = x nx = FQ12([xcoeffs[0]] + [0] * 5 + [xcoeffs[1]] + [0] * 5) ny = FQ12([ycoeffs[0]] + [0] * 5 + [ycoeffs[1]] + [0] * 5) # Divide x coord by w**2 and y coord by w**3 return (nx / w**2, ny / w**3)
def twist(pt: Point2D[FQP]) -> Point2D[FQ12]: if pt is None: return None _x, _y = pt # Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 18*x + 82 xcoeffs = [_x.coeffs[0] - _x.coeffs[1] * 9, _x.coeffs[1]] ycoeffs = [_y.coeffs[0] - _y.coeffs[1] * 9, _y.coeffs[1]] # Isomorphism into subfield of Z[p] / w**12 - 18 * w**6 + 82, # where w**6 = x nx = FQ12([int(xcoeffs[0])] + [0] * 5 + [int(xcoeffs[1])] + [0] * 5) ny = FQ12([int(ycoeffs[0])] + [0] * 5 + [int(ycoeffs[1])] + [0] * 5) # Divide x coord by w**2 and y coord by w**3 return (nx * w**2, ny * w**3)
def verify_multiple(pubkeys: Sequence[BLSPubkey], message_hashes: Sequence[Hash32], signature: BLSSignature, domain: int) -> bool: len_msgs = len(message_hashes) if len(pubkeys) != len_msgs: raise ValidationError( "len(pubkeys) (%s) should be equal to len(message_hashes) (%s)" % (len(pubkeys), len_msgs)) try: o = FQ12([1] + [0] * 11) for m_pubs in set(message_hashes): # aggregate the pubs group_pub = Z1 for i in range(len_msgs): if message_hashes[i] == m_pubs: group_pub = add(group_pub, pubkey_to_G1(pubkeys[i])) o *= pairing(hash_to_G2(m_pubs, domain), group_pub, final_exponentiate=False) o *= pairing(signature_to_G2(signature), neg(G1), final_exponentiate=False) final_exponentiation = final_exponentiate(o) return final_exponentiation == FQ12.one() except (ValidationError, ValueError, AssertionError): return False
def test_FQ_sgn0(degree, value, expected): if degree == 1: x = FQ(value) elif degree == 2: x = FQ2([value, 0]) elif degree == 12: x = FQ12([value] + [0] * 11) assert x.sgn0 == expected if value != 0: assert x.sgn0 != (-x).sgn0
def cast_point_to_fq12(pt: Optimized_Point3D[FQ]) -> Optimized_Point3D[FQ12]: if pt is None: return None x, y, z = pt return (FQ12([x.n] + [0] * 11), FQ12([y.n] + [0] * 11), FQ12([z.n] + [0] * 11))
from .bls12_381_field_elements import ( field_modulus, ) curve_order = 52435875175126190479447740508185965837690552500527637822603658699938581184513 # Curve order should be prime assert pow(2, curve_order, curve_order) == 2 # Curve order should be a factor of field_modulus**12 - 1 assert (field_modulus**12 - 1) % curve_order == 0 # Curve is y**2 = x**3 + 4 b = FQ(4) # Twisted curve over FQ**2 b2 = FQ2((4, 4)) # Extension curve over FQ**12; same b value as over FQ b12 = FQ12((4, ) + (0, ) * 11) # Generator for curve over FQ G1 = ( FQ(3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507 ), # noqa: E501 FQ(1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569 ), # noqa: E501 ) # Generator for twisted curve over FQ2 G2 = ( FQ2([ 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160, # noqa: E501 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758, # noqa: E501 ]), FQ2([
) field_modulus = field_properties["bn128"]["field_modulus"] curve_order = 21888242871839275222246405745257275088548364400416034343698204186575808495617 # Curve order should be prime assert pow(2, curve_order, curve_order) == 2 # Curve order should be a factor of field_modulus**12 - 1 assert (field_modulus**12 - 1) % curve_order == 0 # Curve is y**2 = x**3 + 3 b = FQ(3) # Twisted curve over FQ**2 b2 = FQ2([3, 0]) / FQ2([9, 1]) # Extension curve over FQ**12; same b value as over FQ b12 = FQ12([3] + [0] * 11) # Generator for curve over FQ G1 = (FQ(1), FQ(2), FQ(1)) # Generator for twisted curve over FQ2 G2 = ( FQ2([ 10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634 ]), FQ2([ 8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531, ]), FQ2.one(), )
def cast_point_to_fq12(pt: Point2D[FQ]) -> Point2D[FQ12]: if pt is None: return None x, y = pt fq12_point = (FQ12([x.n] + [0] * 11), FQ12([y.n] + [0] * 11)) return fq12_point
def cast_point_to_fq12(pt): if pt is None: return None x, y = pt return (FQ12([x.n] + [0] * 11), FQ12([y.n] + [0] * 11))
def cast_point_to_fq12(pt: FQPoint2D) -> FQ12Point2D: if pt is None: return None x, y = pt fq12_point = (FQ12([x.n] + [0] * 11), FQ12([y.n] + [0] * 11)) return cast(FQ12Point2D, fq12_point)