def dleq_verify(x1, y1, x2, y2, challenge, response): """ Verify the proof computed with the dleq function in G1 Args: x1: a point in G1 y1: a point in G1 x2: a point in G1 y2: a point in G1 challenge (int): the first coefficient of the proof response (int): the second coefficient of the proof Returns: True if the proof is correct, False else """ a1 = add(multiply(x1, response), multiply(y1, challenge)) a2 = add(multiply(x2, response), multiply(y2, challenge)) c = keccak_256( # pylint: disable=E1120 abi_types=["uint256"] * 12, # 12, values=[ int(v) for v in normalize(a1) + normalize(a2) + normalize(x1) + normalize(y1) + normalize(x2) + normalize(y2) ], ) c = int.from_bytes(c, "big") return c == challenge
def dleq_verify(x1: PointG1, y1: PointG1, x2: PointG1, y2: PointG1, challenge: int, response: int) -> bool: a1 = add(multiply(x1, response), multiply(y1, challenge)) a2 = add(multiply(x2, response), multiply(y2, challenge)) c = keccak_256( # pylint: disable=E1120 abi_types=["uint256"] * 12, # 12, values=[ int(v) for v in normalize(a1) + normalize(a2) + normalize(x1) + normalize(y1) + normalize(x2) + normalize(y2) ], ) c = int.from_bytes(c, "big") return c == challenge
def verify_share(j: int, s_ij: int, Cik: List[PointG1]) -> bool: """ check share validity and return True if the share is valid, False otherwise """ r = Cik[0] for k, c in enumerate(Cik[1:]): r = add(r, multiply(c, pow(j, k + 1, CURVE_ORDER))) return normalize(multiply(G1, s_ij)) == normalize(r)
def agg_pubs(pubs: Sequence[Pubkey]) -> Pubkey: size = len(pubs) if size < 1: return aggregated = pubkey_to_g2(pubs[0]) for i in range(1, size): aggregated = add(aggregated, pubkey_to_g2(pubs[i])) return g2_to_pubkey(aggregated)
def sum_points(points: Union[Iterable[PointG1], Iterable[PointG2]]): result = None for p in points: if result is None: result = p else: result = add(result, p) return result
def test_jacobian_equations(): k = rand_int() a = multiply_jacobian(G2, k) _a = multiply(G2, k) assert eq(normalize_jacobian(a), _normalize(_a)) b = add_mixed_jacobian(a, G2) _b = add(_a, G2) assert eq(normalize_jacobian(b), _normalize(_b))
def ec_add(data: List[int]) -> List[int]: bytes_data = bytearray(data) x1 = extract32(bytes_data, 0) y1 = extract32(bytes_data, 32) x2 = extract32(bytes_data, 64) y2 = extract32(bytes_data, 96) p1 = validate_point(x1, y1) p2 = validate_point(x2, y2) if p1 is False or p2 is False: return [] o = bn128.normalize(bn128.add(p1, p2)) return [safe_ord(x) for x in (encode_int32(o[0].n) + encode_int32(o[1].n))]
def _ecadd(data): x1_bytes = pad32r(data[:32]) y1_bytes = pad32r(data[32:64]) x2_bytes = pad32r(data[64:96]) y2_bytes = pad32r(data[96:128]) x1 = big_endian_to_int(x1_bytes) y1 = big_endian_to_int(y1_bytes) x2 = big_endian_to_int(x2_bytes) y2 = big_endian_to_int(y2_bytes) p1 = validate_point(x1, y1) p2 = validate_point(x2, y2) result = bn128.normalize(bn128.add(p1, p2)) return result
def proc_ecadd(ext, msg): import py_ecc.optimized_bn128 as bn128 FQ = bn128.FQ if msg.gas < opcodes.GECADD: return 0, 0, [] x1 = msg.data.extract32(0) y1 = msg.data.extract32(32) x2 = msg.data.extract32(64) y2 = msg.data.extract32(96) p1 = validate_point(x1, y1) p2 = validate_point(x2, y2) if p1 is False or p2 is False: return 0, 0, [] o = bn128.normalize(bn128.add(p1, p2)) return ( 1, msg.gas - opcodes.GECADD, [safe_ord(x) for x in (encode_int32(o[0].n) + encode_int32(o[1].n))], )
def proc_ecadd(ext, msg): if not ext.post_metropolis_hardfork(): return 1, msg.gas, [] import py_ecc.optimized_bn128 as bn128 FQ = bn128.FQ print('ecadd proc:', msg.gas) if msg.gas < opcodes.GECADD: return 0, 0, [] x1 = msg.data.extract32(0) y1 = msg.data.extract32(32) x2 = msg.data.extract32(64) y2 = msg.data.extract32(96) p1 = validate_point(x1, y1) p2 = validate_point(x2, y2) if p1 is False or p2 is False: return 0, 0, [] o = bn128.normalize(bn128.add(p1, p2)) return 1, msg.gas - \ opcodes.GECADD, [safe_ord(x) for x in ( encode_int32(o[0].n) + encode_int32(o[1].n))]
def compute_mpk(self): if len(self.gpk_0) > self.threshold and not self.has_mpk: self.has_mpk = True self.mpk = Z1 for gpki, ui in self.gpk_0[0:self.threshold + 1]: coeff = 1 for gpkj, uj in self.gpk_0[0:self.threshold + 1]: if uj != ui: coeff *= uj * sympy.mod_inverse( (uj - ui) % CURVE_ORDER, CURVE_ORDER) coeff %= CURVE_ORDER self.mpk = add(self.mpk, multiply(gpki, coeff)) self.mpk = normalize(self.mpk) db = get_db() value = (str(self.mpk[0]), str(self.mpk[1])) db.execute("INSERT INTO mpk (x,y) VALUES (?,?)", value) db.commit() db.close()
def aggregate_pubs(pubs): o = Z1 for p in pubs: o = add(o, decompress_G1(p)) return compress_G1(o)
def aggregate_pubs(pubs): o = FQ(1), FQ(1), FQ(0) for p in pubs: o = add(o, decompress_G1(p)) return compress_G1(o)
def aggregate_sigs(sigs): o = FQ2([1,0]), FQ2([1,0]), FQ2([0,0]) for s in sigs: o = add(o, decompress_G2(s)) return compress_G2(o)
def verify_agg_common_msg(sig: Signature, msg: Message, pubs: Sequence[Pubkey]) -> bool: aggregated_pub = Z1 for pub in pubs: aggregated_pub = add(aggregated_pub, pubkey_to_G1(pub)) return pair_check(signature_to_G2(sig), msg, aggregated_pub)
def agg_sigs(sigs: Sequence[Signature]) -> Signature: aggregated = Z1 for sig in sigs: aggregated = add(aggregated, signature_to_g1(sig)) return g1_to_signature(aggregated)
def aggregate_sigs(sigs: Iterable[bytes]) -> Tuple[int, int]: o = Z2 for s in sigs: o = FQP_point_to_FQ2_point(add(o, decompress_G2(s))) return compress_G2(o)
def aggregate_sigs(sigs): o = Z2 for s in sigs: o = add(o, decompress_G2(s)) return compress_G2(o)
def evaluate_public_polynomial(x: int, commitments: List[PointG1]): result = commitments[0] for k in range(1, len(commitments)): result = add(result, multiply(commitments[k], pow(x, k, CURVE_ORDER))) return result
def add(self, other: "WrappedCurvePoint") -> "WrappedCurvePoint": return self.__class__(add(self.py_ecc_object, other.py_ecc_object))
def agg_sigs(sigs: Sequence[Signature]) -> Signature: aggregated = Z2 for sig in sigs: aggregated = add(aggregated, signature_to_G2(sig)) return G2_to_signature(aggregated)
def aggregate_pubs(pubs: Iterable[int]) -> int: o = Z1 for p in pubs: o = add(o, decompress_G1(p)) return compress_G1(o)
def agg_pubs(pubs: Sequence[Pubkey]) -> Signature: aggregated = Z2 for pub in pubs: aggregated = add(aggregated, pubkey_to_G1(pub)) return G1_to_pubkey(aggregated)