Exemple #1
0
 def pop_verify(pk: JacobianPoint, proof: JacobianPoint) -> bool:
     try:
         proof.check_valid()
         pk.check_valid()
         q = g2_map(bytes(pk), pop_scheme_pop_dst)
         one = Fq12.one(default_ec.q)
         pairing_result = ate_pairing_multi([pk, G1Generator().negate()],
                                            [q, proof])
         return pairing_result == one
     except AssertionError:
         return False
Exemple #2
0
def core_verify_mpl(pk: JacobianPoint, message: bytes,
                    signature: JacobianPoint, dst: bytes) -> bool:
    try:
        signature.check_valid()
        pk.check_valid()
    except AssertionError:
        return False
    q = g2_map(message, dst)
    one = Fq12.one(default_ec.q)
    pairing_result = ate_pairing_multi([pk, G1Generator().negate()],
                                       [q, signature])
    return pairing_result == one
Exemple #3
0
    def verify(self):
        """
        This implementation of verify has several steps. First, it
        reorganizes the pubkeys and messages into groups, where
        each group corresponds to a message. Then, it checks if the
        siganture has info on how it was aggregated. If so, we
        exponentiate each pk based on the exponent in the AggregationInfo.
        If not, we find public keys that share messages with others,
        and aggregate all of these securely (with exponents.).
        Finally, since each public key now corresponds to a unique
        message (since we grouped them), we can verify using the
        distinct verification procedure.
        """
        message_hashes = self.aggregation_info.message_hashes
        public_keys = self.aggregation_info.public_keys
        assert (len(message_hashes) == len(public_keys))

        hash_to_public_keys = {}
        for i in range(len(message_hashes)):
            if message_hashes[i] in hash_to_public_keys:
                hash_to_public_keys[message_hashes[i]].append(public_keys[i])
            else:
                hash_to_public_keys[message_hashes[i]] = [public_keys[i]]

        final_message_hashes = []
        final_public_keys = []
        ec = public_keys[0].value.ec
        for message_hash, mapped_keys in hash_to_public_keys.items():
            dedup = list(set(mapped_keys))
            public_key_sum = JacobianPoint(Fq.one(ec.q), Fq.one(ec.q),
                                           Fq.zero(ec.q), True, ec)
            for public_key in dedup:
                try:
                    exponent = self.aggregation_info.tree[(message_hash,
                                                           public_key)]
                    public_key_sum += (public_key.value * exponent)
                except KeyError:
                    return False
            final_message_hashes.append(message_hash)
            final_public_keys.append(public_key_sum.to_affine())

        mapped_hashes = [
            hash_to_point_prehashed_Fq2(mh) for mh in final_message_hashes
        ]

        g1 = Fq(default_ec.n, -1) * generator_Fq()
        Ps = [g1] + final_public_keys
        Qs = [self.value.to_affine()] + mapped_hashes
        res = ate_pairing_multi(Ps, Qs, default_ec)
        return res == Fq12.one(default_ec.q)
Exemple #4
0
def core_aggregate_verify(pks: List[JacobianPoint], ms: List[bytes],
                          signature: JacobianPoint, dst: bytes) -> bool:
    if len(pks) != len(ms) or len(pks) < 1:
        return False
    try:
        signature.check_valid()
        qs = [signature]
        ps = [G1Generator().negate()]
        for i in range(len(pks)):
            pks[i].check_valid()
            qs.append(g2_map(ms[i], dst))
            ps.append(pks[i])
        return Fq12.one(default_ec.q) == ate_pairing_multi(ps, qs)

    except AssertionError:
        return False
Exemple #5
0
    def verify(self, message_hashes, public_keys):
        """
        Verifies messages using the prepend method. It prepends public keys
        to message hashes before verifying.
        """
        assert (len(message_hashes) == len(public_keys))
        mapped_hashes = [
            hash_to_point_prehashed_Fq2(
                hash256(public_keys[i].serialize() + message_hashes[i]))
            for i in range(len(message_hashes))
        ]
        keys = [pk.value.to_affine() for pk in public_keys]

        g1 = Fq(default_ec.n, -1) * generator_Fq()
        Ps = [g1] + keys
        Qs = [self.value.to_affine()] + mapped_hashes
        res = ate_pairing_multi(Ps, Qs, default_ec)
        return res == Fq12.one(default_ec.q)