def ecrecover_substitute(z, v, r, s): P, A, B, N, Gx, Gy = b.P, b.A, b.B, b.N, b.Gx, b.Gy x = r beta = pow(x*x*x+A*x+B, (P + 1) / 4, P) BETA_PREMIUM = modexp_substitute(x, (P + 1) / 4, P)["gas"] y = beta if v % 2 ^ beta % 2 else (P - beta) Gz = b.jordan_multiply(((Gx, 1), (Gy, 1)), (N - z) % N) GZ_PREMIUM = jacobian_mul_substitute(Gx, 1, Gy, 1, (N - z) % N)["gas"] XY = b.jordan_multiply(((x, 1), (y, 1)), s) XY_PREMIUM = jacobian_mul_substitute(x, 1, y, 1, s % N)["gas"] Qr = b.jordan_add(Gz, XY) QR_PREMIUM = jacobian_add_substitute(Gz[0][0], Gz[0][1], Gz[1][0], Gz[1][1], XY[0][0], XY[0][1], XY[1][0], XY[1][1] )["gas"] Q = b.jordan_multiply(Qr, pow(r, N - 2, N)) Q_PREMIUM = jacobian_mul_substitute(Qr[0][0], Qr[0][1], Qr[1][0], Qr[1][1], pow(r, N - 2, N))["gas"] R_PREMIUM = modexp_substitute(r, N - 2, N)["gas"] OX_PREMIUM = modexp_substitute(Q[0][1], P - 2, P)["gas"] OY_PREMIUM = modexp_substitute(Q[1][1], P - 2, P)["gas"] Q = b.from_jordan(Q) return { "gas": 993 + BETA_PREMIUM + GZ_PREMIUM + XY_PREMIUM + QR_PREMIUM + Q_PREMIUM + R_PREMIUM + OX_PREMIUM + OY_PREMIUM, "output": signed(Q) }
def ecrecover_substitute(z, v, r, s): P, A, B, N, Gx, Gy = b.P, b.A, b.B, b.N, b.Gx, b.Gy x = r beta = pow(x * x * x + A * x + B, (P + 1) / 4, P) BETA_PREMIUM = modexp_substitute(x, (P + 1) / 4, P)["gas"] y = beta if v % 2 ^ beta % 2 else (P - beta) Gz = b.jordan_multiply(((Gx, 1), (Gy, 1)), (N - z) % N) GZ_PREMIUM = jacobian_mul_substitute(Gx, 1, Gy, 1, (N - z) % N)["gas"] XY = b.jordan_multiply(((x, 1), (y, 1)), s) XY_PREMIUM = jacobian_mul_substitute(x, 1, y, 1, s % N)["gas"] Qr = b.jordan_add(Gz, XY) QR_PREMIUM = jacobian_add_substitute(Gz[0][0], Gz[0][1], Gz[1][0], Gz[1][1], XY[0][0], XY[0][1], XY[1][0], XY[1][1])["gas"] Q = b.jordan_multiply(Qr, pow(r, N - 2, N)) Q_PREMIUM = jacobian_mul_substitute(Qr[0][0], Qr[0][1], Qr[1][0], Qr[1][1], pow(r, N - 2, N))["gas"] R_PREMIUM = modexp_substitute(r, N - 2, N)["gas"] OX_PREMIUM = modexp_substitute(Q[0][1], P - 2, P)["gas"] OY_PREMIUM = modexp_substitute(Q[1][1], P - 2, P)["gas"] Q = b.from_jordan(Q) return { "gas": 993 + BETA_PREMIUM + GZ_PREMIUM + XY_PREMIUM + QR_PREMIUM + Q_PREMIUM + R_PREMIUM + OX_PREMIUM + OY_PREMIUM, "output": signed(Q) }
def jacobian_mul_substitute(A, B, C, D, N): if A == 0 and C == 0 or (N % b.N) == 0: return {"gas": 87, "output": [0, 1, 0, 1]} else: output = b.jordan_multiply(((A, B), (C, D)), N) return { "gas": 34239 + 94 * binary_length(N % b.N) + 349 * hamming_weight(N % b.N), "output": signed(list(output[0]) + list(output[1])) }
def jacobian_mul_substitute(A, B, C, D, N): if A == 0 and C == 0 or (N % b.N) == 0: return {"gas": 86, "output": [0, 1, 0, 1]} else: output = b.jordan_multiply(((A, B), (C, D)), N) return { "gas": 35262 + 95 * binary_length(N % b.N) + 355 * hamming_weight(N % b.N), "output": signed(list(output[0]) + list(output[1])) }
import bitcoin as b import random import sys import math from pyethereum import tester as t import substitutes import time vals = [random.randrange(2**256) for i in range(12)] test_points = [list(p[0]) + list(p[1]) for p in [b.jordan_multiply(((b.Gx, 1), (b.Gy, 1)), r) for r in vals]] G = [b.Gx, 1, b.Gy, 1] Z = [0, 1, 0, 1] def neg_point(p): return [p[0], b.P - p[1], p[2], b.P - p[3]] s = t.state() s.block.gas_limit = 10000000 t.gas_limit = 1000000 c = s.contract('modexp.se') print "Starting modexp tests" for i in range(0, len(vals) - 2, 3): o1 = substitutes.modexp_substitute(vals[i], vals[i+1], vals[i+2]) o2 = s.profile(t.k0, c, 0, funid=0, abi=vals[i:i+3])
import bitcoin as b import random import sys import math from pyethereum import tester as t import substitutes import time vals = [random.randrange(2**256) for i in range(12)] test_points = [ list(p[0]) + list(p[1]) for p in [b.jordan_multiply(((b.Gx, 1), (b.Gy, 1)), r) for r in vals] ] G = [b.Gx, 1, b.Gy, 1] Z = [0, 1, 0, 1] def neg_point(p): return [p[0], b.P - p[1], p[2], b.P - p[3]] s = t.state() s.block.gas_limit = 10000000 t.gas_limit = 1000000 c = s.contract('modexp.se') print "Starting modexp tests" for i in range(0, len(vals) - 2, 3):