def test1(): seed = bytes([ 0, 50, 6, 244, 24, 199, 1, 25, 52, 88, 192, 19, 18, 12, 89, 6, 220, 18, 102, 58, 209, 82, 12, 62, 89, 110, 182, 9, 44, 20, 254, 22 ]) sk = PrivateKey.from_seed(seed) pk = sk.get_public_key() msg = bytes([100, 2, 254, 88, 90, 45, 23]) sig = sk.sign(msg) sk_bytes = sk.serialize() pk_bytes = pk.serialize() sig_bytes = sig.serialize() sk = PrivateKey.from_bytes(sk_bytes) pk = PublicKey.from_bytes(pk_bytes) sig = Signature.from_bytes(sig_bytes) sig.set_aggregation_info(AggregationInfo.from_msg(pk, msg)) ok = sig.verify() assert (ok) seed = bytes([1]) + seed[1:] sk1 = PrivateKey.from_seed(seed) seed = bytes([2]) + seed[1:] sk2 = PrivateKey.from_seed(seed) pk1 = sk1.get_public_key() sig1 = sk1.sign(msg) pk2 = sk2.get_public_key() sig2 = sk2.sign(msg) agg_sig = Signature.aggregate([sig1, sig2]) agg_pubkey = PublicKey.aggregate([pk1, pk2]) agg_sig.set_aggregation_info(AggregationInfo.from_msg(agg_pubkey, msg)) assert (agg_sig.verify()) seed = bytes([3]) + seed[1:] sk3 = PrivateKey.from_seed(seed) pk3 = sk3.get_public_key() msg2 = bytes([100, 2, 254, 88, 90, 45, 23]) sig1 = sk1.sign(msg) sig2 = sk2.sign(msg) sig3 = sk3.sign(msg2) agg_sig_l = Signature.aggregate([sig1, sig2]) agg_sig_final = Signature.aggregate([agg_sig_l, sig3]) sig_bytes = agg_sig_final.serialize() agg_sig_final = Signature.from_bytes(sig_bytes) a1 = AggregationInfo.from_msg(pk1, msg) a2 = AggregationInfo.from_msg(pk2, msg) a3 = AggregationInfo.from_msg(pk3, msg2) a1a2 = AggregationInfo.merge_infos([a1, a2]) a_final = AggregationInfo.merge_infos([a1a2, a3]) print(a_final) agg_sig_final.set_aggregation_info(a_final) ok = agg_sig_final.verify() ok = agg_sig_l.verify() agg_sig_final = agg_sig_final.divide_by([agg_sig_l]) ok = agg_sig_final.verify() agg_sk = PrivateKey.aggregate([sk1, sk2], [pk1, pk2]) agg_sk.sign(msg) seed = bytes([ 1, 50, 6, 244, 24, 199, 1, 25, 52, 88, 192, 19, 18, 12, 89, 6, 220, 18, 102, 58, 209, 82, 12, 62, 89, 110, 182, 9, 44, 20, 254, 22 ]) esk = ExtendedPrivateKey.from_seed(seed) epk = esk.get_extended_public_key() sk_child = esk.private_child(0).private_child(5) pk_child = epk.public_child(0).public_child(5) buffer1 = pk_child.serialize() buffer2 = sk_child.serialize() print(len(buffer1), buffer1) print(len(buffer2), buffer2) assert (sk_child.get_extended_public_key() == pk_child)
def aggregate(signatures): """ Aggregates many (aggregate) signatures, using a combination of simple and secure aggregation. Signatures are grouped based on which ones share common messages, and these are all merged securely. """ public_keys = [] # List of lists message_hashes = [] # List of lists for signature in signatures: if signature.aggregation_info.empty(): raise Exception( "Each signature must have a valid aggregation " + "info") public_keys.append(signature.aggregation_info.public_keys) message_hashes.append(signature.aggregation_info.message_hashes) # Find colliding vectors, save colliding messages messages_set = set() colliding_messages_set = set() for msg_vector in message_hashes: messages_set_local = set() for msg in msg_vector: if msg in messages_set and msg not in messages_set_local: colliding_messages_set.add(msg) messages_set.add(msg) messages_set_local.add(msg) if len(colliding_messages_set) == 0: # There are no colliding messages between the groups, so we # will just aggregate them all simply. Note that we assume # that every group is a valid aggregate signature. If an invalid # or insecure signature is given, and invalid signature will # be created. We don't verify for performance reasons. final_sig = Signature.aggregate_sigs_simple(signatures) aggregation_infos = [sig.aggregation_info for sig in signatures] final_agg_info = AggregationInfo.merge_infos(aggregation_infos) final_sig.set_aggregation_info(final_agg_info) return final_sig # There are groups that share messages, therefore we need # to use a secure form of aggregation. First we find which # groups collide, and securely aggregate these. Then, we # use simple aggregation at the end. colliding_sigs = [] non_colliding_sigs = [] colliding_message_hashes = [] # List of lists colliding_public_keys = [] # List of lists for i in range(len(signatures)): group_collides = False for msg in message_hashes[i]: if msg in colliding_messages_set: group_collides = True colliding_sigs.append(signatures[i]) colliding_message_hashes.append(message_hashes[i]) colliding_public_keys.append(public_keys[i]) break if not group_collides: non_colliding_sigs.append(signatures[i]) # Arrange all signatures, sorted by their aggregation info colliding_sigs.sort(key=lambda s: s.aggregation_info) # Arrange all public keys in sorted order, by (m, pk) sort_keys_sorted = [] for i in range(len(colliding_public_keys)): for j in range(len(colliding_public_keys[i])): sort_keys_sorted.append((colliding_message_hashes[i][j], colliding_public_keys[i][j])) sort_keys_sorted.sort() sorted_public_keys = [pk for (mh, pk) in sort_keys_sorted] computed_Ts = BLS.hash_pks(len(colliding_sigs), sorted_public_keys) # Raise each sig to a power of each t, # and multiply all together into agg_sig ec = sorted_public_keys[0].value.ec agg_sig = JacobianPoint(Fq2.one(ec.q), Fq2.one(ec.q), Fq2.zero(ec.q), True, ec) for i, signature in enumerate(colliding_sigs): agg_sig += signature.value * computed_Ts[i] for signature in non_colliding_sigs: agg_sig += signature.value final_sig = Signature.from_g2(agg_sig) aggregation_infos = [sig.aggregation_info for sig in signatures] final_agg_info = AggregationInfo.merge_infos(aggregation_infos) final_sig.set_aggregation_info(final_agg_info) return final_sig