def pop_verify(pk: JacobianPoint, proof: JacobianPoint) -> bool: try: proof.check_valid() pk.check_valid() q = g2_map(bytes(pk), pop_scheme_pop_dst) one = Fq12.one(default_ec.q) pairing_result = ate_pairing_multi([pk, G1Generator().negate()], [q, proof]) return pairing_result == one except AssertionError: return False
def core_verify_mpl(pk: JacobianPoint, message: bytes, signature: JacobianPoint, dst: bytes) -> bool: try: signature.check_valid() pk.check_valid() except AssertionError: return False q = g2_map(message, dst) one = Fq12.one(default_ec.q) pairing_result = ate_pairing_multi([pk, G1Generator().negate()], [q, signature]) return pairing_result == one
def verify(self): """ This implementation of verify has several steps. First, it reorganizes the pubkeys and messages into groups, where each group corresponds to a message. Then, it checks if the siganture has info on how it was aggregated. If so, we exponentiate each pk based on the exponent in the AggregationInfo. If not, we find public keys that share messages with others, and aggregate all of these securely (with exponents.). Finally, since each public key now corresponds to a unique message (since we grouped them), we can verify using the distinct verification procedure. """ message_hashes = self.aggregation_info.message_hashes public_keys = self.aggregation_info.public_keys assert (len(message_hashes) == len(public_keys)) hash_to_public_keys = {} for i in range(len(message_hashes)): if message_hashes[i] in hash_to_public_keys: hash_to_public_keys[message_hashes[i]].append(public_keys[i]) else: hash_to_public_keys[message_hashes[i]] = [public_keys[i]] final_message_hashes = [] final_public_keys = [] ec = public_keys[0].value.ec for message_hash, mapped_keys in hash_to_public_keys.items(): dedup = list(set(mapped_keys)) public_key_sum = JacobianPoint(Fq.one(ec.q), Fq.one(ec.q), Fq.zero(ec.q), True, ec) for public_key in dedup: try: exponent = self.aggregation_info.tree[(message_hash, public_key)] public_key_sum += (public_key.value * exponent) except KeyError: return False final_message_hashes.append(message_hash) final_public_keys.append(public_key_sum.to_affine()) mapped_hashes = [ hash_to_point_prehashed_Fq2(mh) for mh in final_message_hashes ] g1 = Fq(default_ec.n, -1) * generator_Fq() Ps = [g1] + final_public_keys Qs = [self.value.to_affine()] + mapped_hashes res = ate_pairing_multi(Ps, Qs, default_ec) return res == Fq12.one(default_ec.q)
def core_aggregate_verify(pks: List[JacobianPoint], ms: List[bytes], signature: JacobianPoint, dst: bytes) -> bool: if len(pks) != len(ms) or len(pks) < 1: return False try: signature.check_valid() qs = [signature] ps = [G1Generator().negate()] for i in range(len(pks)): pks[i].check_valid() qs.append(g2_map(ms[i], dst)) ps.append(pks[i]) return Fq12.one(default_ec.q) == ate_pairing_multi(ps, qs) except AssertionError: return False
def verify(self, message_hashes, public_keys): """ Verifies messages using the prepend method. It prepends public keys to message hashes before verifying. """ assert (len(message_hashes) == len(public_keys)) mapped_hashes = [ hash_to_point_prehashed_Fq2( hash256(public_keys[i].serialize() + message_hashes[i])) for i in range(len(message_hashes)) ] keys = [pk.value.to_affine() for pk in public_keys] g1 = Fq(default_ec.n, -1) * generator_Fq() Ps = [g1] + keys Qs = [self.value.to_affine()] + mapped_hashes res = ate_pairing_multi(Ps, Qs, default_ec) return res == Fq12.one(default_ec.q)