def pairing_check(G1_left, G2_left, G1_right, G2_right) -> bool:
final_exponentiation = final_exponentiate(
pairing(
G2_left,
G1_left,
final_exponentiate=False,
) * pairing(
G2_right,
G1_right,
final_exponentiate=False,
))
return final_exponentiation == FQ12.one()
def pair_check_multiple(sig: G2Point, pubs: Sequence[G1Point],
msgs: Sequence[Message]) -> bool:
size = len(pubs)
if size == 0:
raise Exception("empty pubkey vector")
if len(msgs) == 0:
raise Exception("empty message vector")
if size != len(msgs):
raise Exception("size of public keys and messages should be equal")
f = pairing(sig, neg(G1), final_exponentiate=False)
for i in range(size):
f *= pairing(hash_to_g2(msgs[i]), pubs[i], final_exponentiate=False)
return final_exponentiate(f) == TARGET
def ec_pair(data: List[int]) -> List[int]:
if len(data) % 192:
return []
zero = (bn128.FQ2.one(), bn128.FQ2.one(), bn128.FQ2.zero())
exponent = bn128.FQ12.one()
bytes_data = bytearray(data)
for i in range(0, len(bytes_data), 192):
x1 = extract32(bytes_data, i)
y1 = extract32(bytes_data, i + 32)
x2_i = extract32(bytes_data, i + 64)
x2_r = extract32(bytes_data, i + 96)
y2_i = extract32(bytes_data, i + 128)
y2_r = extract32(bytes_data, i + 160)
p1 = validate_point(x1, y1)
if p1 is False:
return []
for v in (x2_i, x2_r, y2_i, y2_r):
if v >= bn128.field_modulus:
return []
fq2_x = bn128.FQ2([x2_r, x2_i])
fq2_y = bn128.FQ2([y2_r, y2_i])
if (fq2_x, fq2_y) != (bn128.FQ2.zero(), bn128.FQ2.zero()):
p2 = (fq2_x, fq2_y, bn128.FQ2.one())
if not bn128.is_on_curve(p2, bn128.b2):
return []
else:
p2 = zero
if bn128.multiply(p2, bn128.curve_order)[-1] != bn128.FQ2.zero():
return []
exponent *= bn128.pairing(p2, p1, final_exponentiate=False)
result = bn128.final_exponentiate(exponent) == bn128.FQ12.one()
return [0] * 31 + [1 if result else 0]
def _process_point(data_buffer: bytes, exponent: int) -> bn128.FQP:
x1, y1, x2_i, x2_r, y2_i, y2_r = _extract_point(data_buffer)
p1 = validate_point(x1, y1)
for v in (x2_i, x2_r, y2_i, y2_r):
if v >= bn128.field_modulus:
raise ValidationError("value greater than field modulus")
fq2_x = bn128.FQ2([x2_r, x2_i])
fq2_y = bn128.FQ2([y2_r, y2_i])
p2 = ZERO
if (fq2_x, fq2_y) != (bn128.FQ2.zero(), bn128.FQ2.zero()):
p2 = (fq2_x, fq2_y, bn128.FQ2.one())
if not bn128.is_on_curve(p2, bn128.b2):
raise ValidationError("point is not on curve")
if bn128.multiply(p2, bn128.curve_order)[-1] != bn128.FQ2.zero():
raise ValidationError("TODO: what case is this?????")
return exponent * bn128.pairing(FQP_point_to_FQ2_point(p2), p1, final_exponentiate=False)
def proc_ecpairing(ext, msg):
if not ext.post_metropolis_hardfork():
return 1, msg.gas, []
import py_ecc.optimized_bn128 as bn128
FQ = bn128.FQ
print('pairing proc', msg.gas)
# Data must be an exact multiple of 192 byte
if msg.data.size % 192:
return 0, 0, []
gascost = opcodes.GPAIRINGBASE + msg.data.size // 192 * opcodes.GPAIRINGPERPOINT
if msg.gas < gascost:
return 0, 0, []
zero = (bn128.FQ2.one(), bn128.FQ2.one(), bn128.FQ2.zero())
exponent = bn128.FQ12.one()
for i in range(0, msg.data.size, 192):
x1 = msg.data.extract32(i)
y1 = msg.data.extract32(i + 32)
x2_i = msg.data.extract32(i + 64)
x2_r = msg.data.extract32(i + 96)
y2_i = msg.data.extract32(i + 128)
y2_r = msg.data.extract32(i + 160)
p1 = validate_point(x1, y1)
if p1 is False:
return 0, 0, []
for v in (x2_i, x2_r, y2_i, y2_r):
if v >= bn128.field_modulus:
return 0, 0, []
fq2_x = bn128.FQ2([x2_r, x2_i])
fq2_y = bn128.FQ2([y2_r, y2_i])
if (fq2_x, fq2_y) != (bn128.FQ2.zero(), bn128.FQ2.zero()):
p2 = (fq2_x, fq2_y, bn128.FQ2.one())
if not bn128.is_on_curve(p2, bn128.b2):
return 0, 0, []
else:
p2 = zero
if bn128.multiply(p2, bn128.curve_order)[-1] != bn128.FQ2.zero():
return 0, 0, []
exponent *= bn128.pairing(p2, p1, final_exponentiate=False)
result = bn128.final_exponentiate(exponent) == bn128.FQ12.one()
return 1, msg.gas - gascost, [0] * 31 + [1 if result else 0]
def _process_point(data_buffer, exponent):
x1, y1, x2_i, x2_r, y2_i, y2_r = _extract_point(data_buffer)
p1 = validate_point(x1, y1)
for v in (x2_i, x2_r, y2_i, y2_r):
if v >= bn128.field_modulus:
raise ValidationError("value greater than field modulus")
fq2_x = bn128.FQ2([x2_r, x2_i])
fq2_y = bn128.FQ2([y2_r, y2_i])
if (fq2_x, fq2_y) != (bn128.FQ2.zero(), bn128.FQ2.zero()):
p2 = (fq2_x, fq2_y, bn128.FQ2.one())
if not bn128.is_on_curve(p2, bn128.b2):
raise ValidationError("point is not on curve")
else:
p2 = ZERO
if bn128.multiply(p2, bn128.curve_order)[-1] != bn128.FQ2.zero():
raise ValidationError("TODO: what case is this?????")
return exponent * bn128.pairing(p2, p1, final_exponentiate=False)
def verify(m: bytes, pub: int, sig: bytes) -> bool:
final_exponentiation = final_exponentiate(
pairing(FQP_point_to_FQ2_point(decompress_G2(sig)), G1, False) *
pairing(FQP_point_to_FQ2_point(hash_to_G2(m)), neg(decompress_G1(pub)),
False))
return final_exponentiation == FQ12.one()
def pair_check(sig: G2Point, msg: Message, pub: G1Point) -> bool:
f = pairing(sig, neg(G1), final_exponentiate=False) * pairing(
hash_to_g2(msg), pub, final_exponentiate=False)
return final_exponentiate(f) == TARGET
def pairing(G1: "G1", G2: "G2", final_exponentiate: bool = True) -> "FQ12":
return pairing(G2.py_ecc_object, G1.py_ecc_object, final_exponentiate)
def verify(m, pub, sig):
final_exponentiation = final_exponentiate(
pairing(decompress_G2(sig), G1, False) *
pairing(hash_to_G2(m), neg(decompress_G1(pub)), False))
return final_exponentiation == FQ12.one()
def verify(m, pub, sig):
return pairing(decompress_G2(sig), G1) == pairing(hash_to_G2(m), decompress_G1(pub))
