def dleq_verify(x1, y1, x2, y2, challenge, response):
"""
Verify the proof computed with the dleq function in G1
Args:
x1: a point in G1
y1: a point in G1
x2: a point in G1
y2: a point in G1
challenge (int): the first coefficient of the proof
response (int): the second coefficient of the proof
Returns:
True if the proof is correct, False else
"""
a1 = add(multiply(x1, response), multiply(y1, challenge))
a2 = add(multiply(x2, response), multiply(y2, challenge))
c = keccak_256( # pylint: disable=E1120
abi_types=["uint256"] * 12, # 12,
values=[
int(v) for v in normalize(a1) + normalize(a2) + normalize(x1) +
normalize(y1) + normalize(x2) + normalize(y2)
],
)
c = int.from_bytes(c, "big")
return c == challenge
def dleq_verify(x1: PointG1, y1: PointG1, x2: PointG1, y2: PointG1,
challenge: int, response: int) -> bool:
a1 = add(multiply(x1, response), multiply(y1, challenge))
a2 = add(multiply(x2, response), multiply(y2, challenge))
c = keccak_256( # pylint: disable=E1120
abi_types=["uint256"] * 12, # 12,
values=[
int(v) for v in normalize(a1) + normalize(a2) + normalize(x1) +
normalize(y1) + normalize(x2) + normalize(y2)
],
)
c = int.from_bytes(c, "big")
return c == challenge
def verify_share(j: int, s_ij: int, Cik: List[PointG1]) -> bool:
""" check share validity and return True if the share is valid, False otherwise
"""
r = Cik[0]
for k, c in enumerate(Cik[1:]):
r = add(r, multiply(c, pow(j, k + 1, CURVE_ORDER)))
return normalize(multiply(G1, s_ij)) == normalize(r)
def agg_pubs(pubs: Sequence[Pubkey]) -> Pubkey:
size = len(pubs)
if size < 1:
return
aggregated = pubkey_to_g2(pubs[0])
for i in range(1, size):
aggregated = add(aggregated, pubkey_to_g2(pubs[i]))
return g2_to_pubkey(aggregated)
def sum_points(points: Union[Iterable[PointG1], Iterable[PointG2]]):
result = None
for p in points:
if result is None:
result = p
else:
result = add(result, p)
return result
def test_jacobian_equations():
k = rand_int()
a = multiply_jacobian(G2, k)
_a = multiply(G2, k)
assert eq(normalize_jacobian(a), _normalize(_a))
b = add_mixed_jacobian(a, G2)
_b = add(_a, G2)
assert eq(normalize_jacobian(b), _normalize(_b))
def ec_add(data: List[int]) -> List[int]:
bytes_data = bytearray(data)
x1 = extract32(bytes_data, 0)
y1 = extract32(bytes_data, 32)
x2 = extract32(bytes_data, 64)
y2 = extract32(bytes_data, 96)
p1 = validate_point(x1, y1)
p2 = validate_point(x2, y2)
if p1 is False or p2 is False:
return []
o = bn128.normalize(bn128.add(p1, p2))
return [safe_ord(x) for x in (encode_int32(o[0].n) + encode_int32(o[1].n))]
def _ecadd(data):
x1_bytes = pad32r(data[:32])
y1_bytes = pad32r(data[32:64])
x2_bytes = pad32r(data[64:96])
y2_bytes = pad32r(data[96:128])
x1 = big_endian_to_int(x1_bytes)
y1 = big_endian_to_int(y1_bytes)
x2 = big_endian_to_int(x2_bytes)
y2 = big_endian_to_int(y2_bytes)
p1 = validate_point(x1, y1)
p2 = validate_point(x2, y2)
result = bn128.normalize(bn128.add(p1, p2))
return result
def proc_ecadd(ext, msg):
import py_ecc.optimized_bn128 as bn128
FQ = bn128.FQ
if msg.gas < opcodes.GECADD:
return 0, 0, []
x1 = msg.data.extract32(0)
y1 = msg.data.extract32(32)
x2 = msg.data.extract32(64)
y2 = msg.data.extract32(96)
p1 = validate_point(x1, y1)
p2 = validate_point(x2, y2)
if p1 is False or p2 is False:
return 0, 0, []
o = bn128.normalize(bn128.add(p1, p2))
return (
1,
msg.gas - opcodes.GECADD,
[safe_ord(x) for x in (encode_int32(o[0].n) + encode_int32(o[1].n))],
)
def proc_ecadd(ext, msg):
if not ext.post_metropolis_hardfork():
return 1, msg.gas, []
import py_ecc.optimized_bn128 as bn128
FQ = bn128.FQ
print('ecadd proc:', msg.gas)
if msg.gas < opcodes.GECADD:
return 0, 0, []
x1 = msg.data.extract32(0)
y1 = msg.data.extract32(32)
x2 = msg.data.extract32(64)
y2 = msg.data.extract32(96)
p1 = validate_point(x1, y1)
p2 = validate_point(x2, y2)
if p1 is False or p2 is False:
return 0, 0, []
o = bn128.normalize(bn128.add(p1, p2))
return 1, msg.gas - \
opcodes.GECADD, [safe_ord(x) for x in (
encode_int32(o[0].n) + encode_int32(o[1].n))]
def compute_mpk(self):
if len(self.gpk_0) > self.threshold and not self.has_mpk:
self.has_mpk = True
self.mpk = Z1
for gpki, ui in self.gpk_0[0:self.threshold + 1]:
coeff = 1
for gpkj, uj in self.gpk_0[0:self.threshold + 1]:
if uj != ui:
coeff *= uj * sympy.mod_inverse(
(uj - ui) % CURVE_ORDER, CURVE_ORDER)
coeff %= CURVE_ORDER
self.mpk = add(self.mpk, multiply(gpki, coeff))
self.mpk = normalize(self.mpk)
db = get_db()
value = (str(self.mpk[0]), str(self.mpk[1]))
db.execute("INSERT INTO mpk (x,y) VALUES (?,?)", value)
db.commit()
db.close()
def aggregate_pubs(pubs):
o = Z1
for p in pubs:
o = add(o, decompress_G1(p))
return compress_G1(o)
def aggregate_pubs(pubs):
o = FQ(1), FQ(1), FQ(0)
for p in pubs:
o = add(o, decompress_G1(p))
return compress_G1(o)
def aggregate_sigs(sigs):
o = FQ2([1,0]), FQ2([1,0]), FQ2([0,0])
for s in sigs:
o = add(o, decompress_G2(s))
return compress_G2(o)
def verify_agg_common_msg(sig: Signature, msg: Message,
pubs: Sequence[Pubkey]) -> bool:
aggregated_pub = Z1
for pub in pubs:
aggregated_pub = add(aggregated_pub, pubkey_to_G1(pub))
return pair_check(signature_to_G2(sig), msg, aggregated_pub)
def agg_sigs(sigs: Sequence[Signature]) -> Signature:
aggregated = Z1
for sig in sigs:
aggregated = add(aggregated, signature_to_g1(sig))
return g1_to_signature(aggregated)
def aggregate_sigs(sigs: Iterable[bytes]) -> Tuple[int, int]:
o = Z2
for s in sigs:
o = FQP_point_to_FQ2_point(add(o, decompress_G2(s)))
return compress_G2(o)
def aggregate_sigs(sigs):
o = Z2
for s in sigs:
o = add(o, decompress_G2(s))
return compress_G2(o)
def evaluate_public_polynomial(x: int, commitments: List[PointG1]):
result = commitments[0]
for k in range(1, len(commitments)):
result = add(result, multiply(commitments[k], pow(x, k, CURVE_ORDER)))
return result
def add(self, other: "WrappedCurvePoint") -> "WrappedCurvePoint":
return self.__class__(add(self.py_ecc_object, other.py_ecc_object))
def agg_sigs(sigs: Sequence[Signature]) -> Signature:
aggregated = Z2
for sig in sigs:
aggregated = add(aggregated, signature_to_G2(sig))
return G2_to_signature(aggregated)
def aggregate_pubs(pubs: Iterable[int]) -> int:
o = Z1
for p in pubs:
o = add(o, decompress_G1(p))
return compress_G1(o)
def agg_pubs(pubs: Sequence[Pubkey]) -> Signature:
aggregated = Z2
for pub in pubs:
aggregated = add(aggregated, pubkey_to_G1(pub))
return G1_to_pubkey(aggregated)
