def twist(pt: Optimized_Point3D[FQP]) -> Optimized_Point3D[FQ12]:
_x, _y, _z = pt
# Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 2*x + 2
xcoeffs = [_x.coeffs[0] - _x.coeffs[1], _x.coeffs[1]]
ycoeffs = [_y.coeffs[0] - _y.coeffs[1], _y.coeffs[1]]
zcoeffs = [_z.coeffs[0] - _z.coeffs[1], _z.coeffs[1]]
nx = FQ12([0] + [xcoeffs[0]] + [0] * 5 + [xcoeffs[1]] + [0] * 4)
ny = FQ12([ycoeffs[0]] + [0] * 5 + [ycoeffs[1]] + [0] * 5)
nz = FQ12([0] * 3 + [zcoeffs[0]] + [0] * 5 + [zcoeffs[1]] + [0] * 2)
return (nx, ny, nz)
def twist(pt):
_x, _y, _z = pt
# Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 2*x + 2
xcoeffs = [_x.coeffs[0] - _x.coeffs[1], _x.coeffs[1]]
ycoeffs = [_y.coeffs[0] - _y.coeffs[1], _y.coeffs[1]]
zcoeffs = [_z.coeffs[0] - _z.coeffs[1], _z.coeffs[1]]
nx = FQ12([xcoeffs[0]] + [0] * 5 + [xcoeffs[1]] + [0] * 5)
ny = FQ12([ycoeffs[0]] + [0] * 5 + [ycoeffs[1]] + [0] * 5)
nz = FQ12([zcoeffs[0]] + [0] * 5 + [zcoeffs[1]] + [0] * 5)
return (nx / w**2, ny / w**3, nz)
def twist(pt: Optimized_Point3D[FQP]) -> Optimized_Point3D[FQ12]:
_x, _y, _z = pt
# Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 18*x + 82
xcoeffs = [_x.coeffs[0] - _x.coeffs[1] * 9, _x.coeffs[1]]
ycoeffs = [_y.coeffs[0] - _y.coeffs[1] * 9, _y.coeffs[1]]
zcoeffs = [_z.coeffs[0] - _z.coeffs[1] * 9, _z.coeffs[1]]
nx = FQ12([xcoeffs[0]] + [0] * 5 + [xcoeffs[1]] + [0] * 5)
ny = FQ12([ycoeffs[0]] + [0] * 5 + [ycoeffs[1]] + [0] * 5)
nz = FQ12([zcoeffs[0]] + [0] * 5 + [zcoeffs[1]] + [0] * 5)
return (nx * w**2, ny * w**3, nz)
def twist(pt):
if pt is None:
return None
_x, _y = pt
# Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 2*x + 2
xcoeffs = [_x.coeffs[0] - _x.coeffs[1], _x.coeffs[1]]
ycoeffs = [_y.coeffs[0] - _y.coeffs[1], _y.coeffs[1]]
# Isomorphism into subfield of Z[p] / w**12 - 2 * w**6 + 2,
# where w**6 = x
nx = FQ12([xcoeffs[0]] + [0] * 5 + [xcoeffs[1]] + [0] * 5)
ny = FQ12([ycoeffs[0]] + [0] * 5 + [ycoeffs[1]] + [0] * 5)
# Divide x coord by w**2 and y coord by w**3
return (nx / w**2, ny / w**3)
def twist(pt: Point2D[FQP]) -> Point2D[FQ12]:
if pt is None:
return None
_x, _y = pt
# Field isomorphism from Z[p] / x**2 to Z[p] / x**2 - 18*x + 82
xcoeffs = [_x.coeffs[0] - _x.coeffs[1] * 9, _x.coeffs[1]]
ycoeffs = [_y.coeffs[0] - _y.coeffs[1] * 9, _y.coeffs[1]]
# Isomorphism into subfield of Z[p] / w**12 - 18 * w**6 + 82,
# where w**6 = x
nx = FQ12([int(xcoeffs[0])] + [0] * 5 + [int(xcoeffs[1])] + [0] * 5)
ny = FQ12([int(ycoeffs[0])] + [0] * 5 + [int(ycoeffs[1])] + [0] * 5)
# Divide x coord by w**2 and y coord by w**3
return (nx * w**2, ny * w**3)
def verify_multiple(pubkeys: Sequence[BLSPubkey],
message_hashes: Sequence[Hash32], signature: BLSSignature,
domain: int) -> bool:
len_msgs = len(message_hashes)
if len(pubkeys) != len_msgs:
raise ValidationError(
"len(pubkeys) (%s) should be equal to len(message_hashes) (%s)" %
(len(pubkeys), len_msgs))
try:
o = FQ12([1] + [0] * 11)
for m_pubs in set(message_hashes):
# aggregate the pubs
group_pub = Z1
for i in range(len_msgs):
if message_hashes[i] == m_pubs:
group_pub = add(group_pub, pubkey_to_G1(pubkeys[i]))
o *= pairing(hash_to_G2(m_pubs, domain),
group_pub,
final_exponentiate=False)
o *= pairing(signature_to_G2(signature),
neg(G1),
final_exponentiate=False)
final_exponentiation = final_exponentiate(o)
return final_exponentiation == FQ12.one()
except (ValidationError, ValueError, AssertionError):
return False
def test_FQ_sgn0(degree, value, expected):
if degree == 1:
x = FQ(value)
elif degree == 2:
x = FQ2([value, 0])
elif degree == 12:
x = FQ12([value] + [0] * 11)
assert x.sgn0 == expected
if value != 0:
assert x.sgn0 != (-x).sgn0
def cast_point_to_fq12(pt: Optimized_Point3D[FQ]) -> Optimized_Point3D[FQ12]:
if pt is None:
return None
x, y, z = pt
return (FQ12([x.n] + [0] * 11), FQ12([y.n] + [0] * 11),
FQ12([z.n] + [0] * 11))
from .bls12_381_field_elements import (
field_modulus, )
curve_order = 52435875175126190479447740508185965837690552500527637822603658699938581184513
# Curve order should be prime
assert pow(2, curve_order, curve_order) == 2
# Curve order should be a factor of field_modulus**12 - 1
assert (field_modulus**12 - 1) % curve_order == 0
# Curve is y**2 = x**3 + 4
b = FQ(4)
# Twisted curve over FQ**2
b2 = FQ2((4, 4))
# Extension curve over FQ**12; same b value as over FQ
b12 = FQ12((4, ) + (0, ) * 11)
# Generator for curve over FQ
G1 = (
FQ(3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507
), # noqa: E501
FQ(1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569
), # noqa: E501
)
# Generator for twisted curve over FQ2
G2 = (
FQ2([
352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160, # noqa: E501
3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758, # noqa: E501
]),
FQ2([
)
field_modulus = field_properties["bn128"]["field_modulus"]
curve_order = 21888242871839275222246405745257275088548364400416034343698204186575808495617
# Curve order should be prime
assert pow(2, curve_order, curve_order) == 2
# Curve order should be a factor of field_modulus**12 - 1
assert (field_modulus**12 - 1) % curve_order == 0
# Curve is y**2 = x**3 + 3
b = FQ(3)
# Twisted curve over FQ**2
b2 = FQ2([3, 0]) / FQ2([9, 1])
# Extension curve over FQ**12; same b value as over FQ
b12 = FQ12([3] + [0] * 11)
# Generator for curve over FQ
G1 = (FQ(1), FQ(2), FQ(1))
# Generator for twisted curve over FQ2
G2 = (
FQ2([
10857046999023057135944570762232829481370756359578518086990519993285655852781,
11559732032986387107991004021392285783925812861821192530917403151452391805634
]),
FQ2([
8495653923123431417604973247489272438418190587263600148770280649306958101930,
4082367875863433681332203403145435568316851327593401208105741076214120093531,
]),
FQ2.one(),
)
def cast_point_to_fq12(pt: Point2D[FQ]) -> Point2D[FQ12]:
if pt is None:
return None
x, y = pt
fq12_point = (FQ12([x.n] + [0] * 11), FQ12([y.n] + [0] * 11))
return fq12_point
def cast_point_to_fq12(pt):
if pt is None:
return None
x, y = pt
return (FQ12([x.n] + [0] * 11), FQ12([y.n] + [0] * 11))
def cast_point_to_fq12(pt: FQPoint2D) -> FQ12Point2D:
if pt is None:
return None
x, y = pt
fq12_point = (FQ12([x.n] + [0] * 11), FQ12([y.n] + [0] * 11))
return cast(FQ12Point2D, fq12_point)
