def test_8_hash_to_point(self): p = Point.from_hash(b'test') expected = Point(x=14447835080060184026016688399206371580541195409649120233292541285797925116718, y=6491210871329023843020152497494661717176702609200142392074344830880218876421) self.assertEqual(p, expected) for _ in range(0, 10): entropy = urandom(10) p = Point.from_hash(entropy)
def test_8_hash_to_point(self): p = Point.from_hash(b'test') expected = Point(x=6310387441923805963163495340827050724868600896655464356695079365984952295953, y=12999349368805111542414555617351208271526681431102644160586079028197231734677) self.assertEqual(p, expected) for _ in range(0, 10): entropy = urandom(10) p = Point.from_hash(entropy)
def sign(value, k): k = FQ(k) B = Point.from_hash(b'eddsa_base') m = bytes.fromhex(hex(int(toBinaryString(value), 2))[2:]) R, S, A = eddsa_sign(m, k, B) assert eddsa_verify(A, R, S, m, B) return R, S
def test_signverify(self): B = Point.from_hash(b'eddsa_base') k = FQ.random(JUBJUB_L) A = B * k m = urandom(32) R, s = eddsa_sign(m, k, B, A) self.assertTrue(eddsa_verify(A, R, s, m, B))
def test_points(self): d = urandom(10) p = Point.from_hash(d) q = pedersen_hash_points(b'test', p) r = pedersen_hash_points(b'test', q) self.assertTrue(q.valid()) self.assertTrue(r.valid()) self.assertNotEqual(q, r)
def test_mont_double(self): """ Verified in Sage, using `ejubjub.py` Ensure that addition laws remain the same between Montgomery and Edwards coordinates """ q = Point.from_hash(b'x') mq = MontPoint(FQ(4828722366376575650251607168518886976429844446767098803596167689250506416759), FQ(12919092401030192644826086113396919334232812611316996694878363256143428656958)) self.assertEqual(q.as_mont(), mq) q2 = MontPoint(FQ(760569539648116659146730905587051427168718890872716379895718021693339839266), FQ(19523163946365579499783218718995636854804792079073783994015125253921919723342)) self.assertEqual(q.double().as_mont(), q2) for _ in range(0, 10): p = Point.from_hash(urandom(32)) self.assertEqual(p.as_mont().double().as_edwards_yz().as_point().as_edwards_yz(), p.double().as_edwards_yz())
def test_signverify(self): B = Point.from_hash(b'eddsa_base') #B = None k, A = eddsa_random_keypair() m = urandom(32) smsg = eddsa_sign(m, k, B) self.assertTrue(eddsa_verify(*smsg, B)) smsg = pureeddsa_sign(m, k, B) self.assertTrue(pureeddsa_verify(*smsg, B))
def test_signverify(self): B = Point.from_hash(b'eddsa_base') k, A = EdDSA.random_keypair() m = urandom(32) # Hash-EdDSA smsg = EdDSA.sign(m, k, B) self.assertTrue(EdDSA.verify(*smsg, B)) # Pure-EdDSA (no message pre-hash) smsg = PureEdDSA.sign(m, k, B) self.assertTrue(PureEdDSA.verify(*smsg, B))
# 7 Constraints assert beta == X1 * Y2 assert gamma == Y1 * X2 assert delta == Y1 * Y2 assert epsilon == X1 * X2 assert tau == delta * epsilon assert X3 * (1 + (d * tau)) == (beta + gamma) assert Y3 * (1 - (d * tau)) == (delta + (nega * epsilon)) print(X3, P3.x) print(Y3, P3.y) print() return Point(X3, Y3) if __name__ == "__main__": summed = Point.infinity() base_start = Point.from_hash(urandom(32)) scalar = randint(1, JUBJUB_L - 1) result = base_start * scalar while scalar != 0: if (scalar & 1) == 1: summed = point_add(summed, base_start) base_start = base_start.double() scalar = scalar // 2 assert summed.x == result.x assert summed.y == result.y
from math import ceil, log2 from os import urandom from ethsnarks.jubjub import Point N = 4 nbits = ceil(log2(N)) p = [] for _ in range(0, N): p.append(Point.from_hash(urandom(32))) p[0] = Point.infinity() c = [_.x for _ in p] for i in range(0, N): b = [int(_) for _ in bin(i)[2:].rjust(nbits, '0')][::-1] r = c[i] A = (b[1] * c[3]) - (b[1] * c[2]) - (b[1] * c[1]) + c[1] + (c[0] * b[1]) - c[0] B = b[0] C = r - (b[1] * c[2]) + (c[0] * b[1]) - c[0] assert A * B == C
def _point_r(self): return Point.from_hash(urandom(10))
def verify(value, R, S, A): R = Point(FQ(R[0]), FQ(R[1])) A = Point(FQ(A[0]), FQ(A[1])) B = Point.from_hash(b'eddsa_base') m = bytes.fromhex(hex(int(toBinaryString(value), 2))[2:]) return eddsa_verify(A, R, S, m, B)
def keypair(): B = Point.from_hash(b'eddsa_base') # base point k = FQ.random(JUBJUB_L) # secret key A = B * k # public key return k, A