def Dec(sk, X, Y): sk_inv = pow(sk, bn128.curve_order - 2, bn128.curve_order) denom = bn128.multiply(X, sk_inv) denom = (denom[0], -denom[1]) Hm = bn128.add(Y, denom) P_test = H m = 1 while not bn128.eq(Hm, P_test): m += 1 P_test = bn128.add(P_test, H) return m
def verify(vk: SigningVerificationKey, m: bytes, sigma: int) -> bool: """ Return true if the signature sigma is valid on message m and vk. We assume here that the message is an hexadecimal string written in less than 256 bits to conform with Ethereum bytes32 type. """ # Encode and hash the verifying key and input hashes challenge_to_hash = g1_to_bytes(vk.spk) + m challenge = int(sha256(challenge_to_hash).hexdigest(), 16) challenge = challenge % ZETH_PRIME left_part = ec.multiply(ec.G1, FQ(sigma).n) right_part = ec.add(vk.spk, ec.multiply(vk.ppk, FQ(challenge).n)) return ec.eq(left_part, right_part)
target_bits=64) C_expected = bn128.add(bn128.multiply(bn128.G1, total_bf), bn128.multiply(H_from_address(asset_address), v)) print("Commitment Generated") print("asset_address = 0x" + asset_address.to_bytes(20, 'big').hex()) print("value = " + str(v)) print("bf = " + hex(total_bf)[2:]) print("(" + C_expected[0].n.to_bytes(32, 'big').hex() + ",") print(C_expected[1].n.to_bytes(32, 'big').hex() + ")") print() #Test commitment build _, public_bit_commitments = ExtractCommitments( bytes.fromhex(data[0]['data'])) C_out = BuildCommitmentPublic(public_bit_commitments, indices) print("Assembled Commitment") print("(" + C_out[0].n.to_bytes(32, 'big').hex() + ",") print(C_out[1].n.to_bytes(32, 'big').hex() + ")") print() #Do results match? print("Do they match?") print(bn128.eq(C_out, C_expected)) print() #Output proof print("Output proof:") print(bytes(indices).hex()) print() print(data[0]['data'])