def test_ec(self):
g = generator_Fq(default_ec)
assert (g.is_on_curve())
assert (2 * g == g + g)
assert ((3 * g).is_on_curve())
assert (3 * g == g + g + g)
P = hash_to_point_Fq(bytes([]))
assert (P.is_on_curve())
assert (P.serialize() == bytes.fromhex(
"12fc5ad5a2fbe9d4b6eb0bc16d530e5f263b6d59cbaf26c3f2831962924aa588ab84d46cc80d3a433ce064adb307f256"
))
g2 = generator_Fq2(default_ec_twist)
assert (g2.x * (2 * g2.y) == 2 * (g2.x * g2.y))
assert (g2.is_on_curve())
s = g2 + g2
assert (untwist(twist(s)) == s)
assert (untwist(5 * twist(s)) == 5 * s)
assert (5 * twist(s) == twist(5 * s))
assert (s.is_on_curve())
assert (g2.is_on_curve())
assert (g2 + g2 == 2 * g2)
assert (g2 * 5 == (g2 * 2) + (2 * g2) + g2)
y = y_for_x(g2.x, default_ec_twist, Fq2)
assert (y[0] == g2.y or y[1] == g2.y)
assert (hash_to_point_Fq2("chia") == hash_to_point_Fq2("chia"))
g_j = generator_Fq(default_ec_twist).to_jacobian()
g2_j = generator_Fq2(default_ec_twist).to_jacobian()
g2_j2 = (generator_Fq2(default_ec_twist) * 2).to_jacobian()
assert (g.to_jacobian().to_affine() == g)
assert ((g_j * 2).to_affine() == g * 2)
assert ((g2_j + g2_j2).to_affine() == g2 * 3)
assert (sw_encode(Fq(default_ec.q, 0)).infinity)
assert (sw_encode(Fq(default_ec.q,
1)) == sw_encode(Fq(default_ec.q, -1)).negate())
assert (sw_encode(
Fq(
default_ec.q,
0x019cfaba0c258165d092f6bca9a081871e62a126c499340dc71c0e9527f923f3b299592a7a9503066cc5362484d96dd7
)) == generator_Fq())
assert (sw_encode(
Fq(
default_ec.q,
0x186417302d5a65347a88b0f999ab2b504614aa5e2eebdeb1a014c40bceb7d2306c12a6d436befcf94d39c9db7b263cd4
)) == generator_Fq().negate())
class SSS:
g = bls.generator_Fq()
q = bls.bls12381.n
@staticmethod
def keygen():
sk = secrets.randbelow(SSS.q)
pk = SSS.g * sk
return (sk, pk)
@staticmethod
def gen_commit():
x = secrets.randbelow(SSS.q)
big_X = SSS.g * x
return (x, big_X)
@staticmethod
def gen_challenge(m, X):
return int(
sha3_512(
(m + point_to_string_FQ(X)).encode()).hexdigest(), 16) % SSS.q
@staticmethod
def calc_proof(a, x, c):
return (x + a * c) % SSS.q
@staticmethod
def verify(A, X, c, s):
return SSS.g * s == X + (A * c)
class SIS:
g = bls.generator_Fq()
q = bls.bls12381.n
@staticmethod
def keygen():
sk = secrets.randbelow(SIS.q)
pk = SIS.g * sk
return (sk, pk)
@staticmethod
def gen_commit():
x = secrets.randbelow(SIS.q)
big_X = SIS.g * x
return (x, big_X)
@staticmethod
def gen_challenge():
return secrets.randbelow(SIS.q)
@staticmethod
def verify(A, X, c, s):
return SIS.g * s == X + (A * c)
@staticmethod
def calc_proof(a, x, c):
return (x + a * c) % SIS.q
class GJSS:
g = bls.generator_Fq()
q = bls.bls12381.n
@staticmethod
def keygen():
sk = secrets.randbelow(GJSS.q)
pk = GJSS.g * sk
return (sk, pk)
@staticmethod
def gen_random(bits):
return secrets.randbits(bits)
@staticmethod
def gen_h(msg, r):
payload = [f'{msg}{str(r)}']
return string_to_point_FQ(
call_node("./schemas/protocols/hash_map_g1.js", payload))
@staticmethod
def compute_h_key(h, x):
return h * x
@staticmethod
def gen_commit(h):
k = secrets.randbelow(GJSS.q)
u = GJSS.g * k
v = h * k
return (k, u, v)
@staticmethod
def gen_challenge(h, Y, z, u, v):
g_str = point_to_string_FQ(GJSS.g)
h_str = point_to_string_FQ(h)
Y_str = point_to_string_FQ(Y)
z_str = point_to_string_FQ(z)
u_str = point_to_string_FQ(u)
v_str = point_to_string_FQ(v)
points = g_str + h_str + Y_str + z_str + u_str + v_str
return int(sha3_512((points).encode()).hexdigest(), 16) % GJSS.q
@staticmethod
def calc_proof(k, x, c):
return (k + x * c) % GJSS.q
@staticmethod
def calc_commits(s, c, z, h, y):
u = (GJSS.g * s) - (y * c)
v = (h * s) - (z * c)
return (u, v)
@staticmethod
def verify(c, c_prim):
return c == c_prim
class NAXOS:
g = bls.generator_Fq()
q = bls.bls12381.n
@staticmethod
def keygen():
sk = secrets.randbelow(NAXOS.q)
pk = NAXOS.g * sk
return (sk, pk)
@staticmethod
def gen_ephemeral(lamb):
return secrets.randbits(lamb)
@staticmethod
def H1(str):
return int(sha3_512(str.encode()).hexdigest(), 16) % NAXOS.q
@staticmethod
def calc_commit(ephemeral, sk):
h = NAXOS.H1((str(ephemeral) + str(sk)))
return NAXOS.g * h
@staticmethod
def H2(str):
return sha3_512(str.encode()).digest()
@staticmethod
def calc_keyB(pk_a, esk_b, sk_b, X, pk_b):
h = NAXOS.H1((str(esk_b) + str(sk_b)))
pk_a_hash = point_to_string_FQ(pk_a * h)
X_sk_b = point_to_string_FQ(X * sk_b)
X_hash = point_to_string_FQ(X * h)
return NAXOS.H2(pk_a_hash + X_sk_b + X_hash +
point_to_string_FQ(pk_a) + point_to_string_FQ(pk_b))
@staticmethod
def calc_keyA(Y, sk_a, pk_b, esk_a, pk_a):
h = NAXOS.H1((str(esk_a) + str(sk_a)))
Y_sk_a = point_to_string_FQ(Y * sk_a)
pk_b_hash = point_to_string_FQ(pk_b * h)
Y_hash = point_to_string_FQ(Y * h)
return NAXOS.H2(Y_sk_a + pk_b_hash + Y_hash +
point_to_string_FQ(pk_a) + point_to_string_FQ(pk_b))
@staticmethod
def encode_msg(msg, K):
return b64encode(sha3_512(K + msg.encode()).digest()).decode("utf-8")
class OIS:
g1 = bls.generator_Fq()
g2 = bls.AffinePoint(
bls.Fq(
bls.bls12381.q,
2144250947445192081071618466765046647019257686245947349033844530891338159027816696711238671324221321317530545114427
),
bls.Fq(
bls.bls12381.q,
2665798332422762660334686159210698639947668680862640755137811598895238932478193747736307724249253853210778728799013
), False)
q = bls.bls12381.n
@staticmethod
def keygen():
a_1 = secrets.randbelow(OIS.q)
a_2 = secrets.randbelow(OIS.q)
pk = (OIS.g1 * a_1) + (OIS.g2 * a_2)
return ((a_1, a_2), pk)
@staticmethod
def gen_commit():
x_1 = secrets.randbelow(OIS.q)
x_2 = secrets.randbelow(OIS.q)
big_X = (OIS.g1 * x_1) + (OIS.g2 * x_2)
return ((x_1, x_2), big_X)
@staticmethod
def gen_challenge():
return secrets.randbelow(OIS.q)
@staticmethod
def calc_proof(sk, x, c):
s_1 = (x[0] + sk[0] * c) % OIS.q
s_2 = (x[1] + sk[1] * c) % OIS.q
return (s_1, s_2)
@staticmethod
def verify(A, X, c, s):
return (OIS.g1 * s[0]) + (OIS.g2 * s[1]) == X + (A * c)
class BLSSS:
g = bls.generator_Fq()
q = bls.bls12381.n
@staticmethod
def keygen():
sk = secrets.randbelow(BLSSS.q)
pk = BLSSS.g * sk
return (sk, pk)
@staticmethod
def gen_g2_generator(msg):
payload = [f'{msg}']
return string_to_point_FQ2(
call_node("./schemas/protocols/hash_map_g2.js", payload))
@staticmethod
def compute_sigma(h, sk):
return h * sk
@staticmethod
def verify(sigma, A, h):
return e(BLSSS.g, sigma) == e(A, h)
class MSIS:
g = bls.generator_Fq()
q = bls.bls12381.n
@staticmethod
def keygen():
sk = secrets.randbelow(MSIS.q)
pk = MSIS.g * sk
return (sk, pk)
@staticmethod
def gen_commit():
x = secrets.randbelow(MSIS.q)
big_X = MSIS.g * x
return (x, big_X)
@staticmethod
def gen_challenge():
return secrets.randbelow(MSIS.q)
@staticmethod
def gen_g2_generator(X, c):
x_str = point_to_string_FQ(X)
payload = [f'{x_str}{str(c)}']
return string_to_point_FQ2(
call_node("./schemas/protocols/hash_map_g2.js", payload))
@staticmethod
def calc_proof(g_hat, a, x, c):
s = (x + a * c) % MSIS.q
S = g_hat * s
return S
@staticmethod
def verify(A, X, c, g_hat, S):
return e(MSIS.g, S) == e(X + (A * c), g_hat)