def test_8_hash_to_point(self): p = Point.from_hash(b'test') expected = Point(x=14447835080060184026016688399206371580541195409649120233292541285797925116718, y=6491210871329023843020152497494661717176702609200142392074344830880218876421) self.assertEqual(p, expected) for _ in range(0, 10): entropy = urandom(10) p = Point.from_hash(entropy)
def test_8_hash_to_point(self): p = Point.from_hash(b'test') expected = Point(x=6310387441923805963163495340827050724868600896655464356695079365984952295953, y=12999349368805111542414555617351208271526681431102644160586079028197231734677) self.assertEqual(p, expected) for _ in range(0, 10): entropy = urandom(10) p = Point.from_hash(entropy)
def sign(value, k):
k = FQ(k)
B = Point.from_hash(b'eddsa_base')
m = bytes.fromhex(hex(int(toBinaryString(value), 2))[2:])
R, S, A = eddsa_sign(m, k, B)
assert eddsa_verify(A, R, S, m, B)
return R, S
def test_signverify(self):
B = Point.from_hash(b'eddsa_base')
k = FQ.random(JUBJUB_L)
A = B * k
m = urandom(32)
R, s = eddsa_sign(m, k, B, A)
self.assertTrue(eddsa_verify(A, R, s, m, B))
def test_points(self):
d = urandom(10)
p = Point.from_hash(d)
q = pedersen_hash_points(b'test', p)
r = pedersen_hash_points(b'test', q)
self.assertTrue(q.valid())
self.assertTrue(r.valid())
self.assertNotEqual(q, r)
def test_mont_double(self): """ Verified in Sage, using `ejubjub.py` Ensure that addition laws remain the same between Montgomery and Edwards coordinates """ q = Point.from_hash(b'x') mq = MontPoint(FQ(4828722366376575650251607168518886976429844446767098803596167689250506416759), FQ(12919092401030192644826086113396919334232812611316996694878363256143428656958)) self.assertEqual(q.as_mont(), mq) q2 = MontPoint(FQ(760569539648116659146730905587051427168718890872716379895718021693339839266), FQ(19523163946365579499783218718995636854804792079073783994015125253921919723342)) self.assertEqual(q.double().as_mont(), q2) for _ in range(0, 10): p = Point.from_hash(urandom(32)) self.assertEqual(p.as_mont().double().as_edwards_yz().as_point().as_edwards_yz(), p.double().as_edwards_yz())
def test_signverify(self):
B = Point.from_hash(b'eddsa_base')
#B = None
k, A = eddsa_random_keypair()
m = urandom(32)
smsg = eddsa_sign(m, k, B)
self.assertTrue(eddsa_verify(*smsg, B))
smsg = pureeddsa_sign(m, k, B)
self.assertTrue(pureeddsa_verify(*smsg, B))
def test_signverify(self): B = Point.from_hash(b'eddsa_base') k, A = EdDSA.random_keypair() m = urandom(32) # Hash-EdDSA smsg = EdDSA.sign(m, k, B) self.assertTrue(EdDSA.verify(*smsg, B)) # Pure-EdDSA (no message pre-hash) smsg = PureEdDSA.sign(m, k, B) self.assertTrue(PureEdDSA.verify(*smsg, B))
# 7 Constraints
assert beta == X1 * Y2
assert gamma == Y1 * X2
assert delta == Y1 * Y2
assert epsilon == X1 * X2
assert tau == delta * epsilon
assert X3 * (1 + (d * tau)) == (beta + gamma)
assert Y3 * (1 - (d * tau)) == (delta + (nega * epsilon))
print(X3, P3.x)
print(Y3, P3.y)
print()
return Point(X3, Y3)
if __name__ == "__main__":
summed = Point.infinity()
base_start = Point.from_hash(urandom(32))
scalar = randint(1, JUBJUB_L - 1)
result = base_start * scalar
while scalar != 0:
if (scalar & 1) == 1:
summed = point_add(summed, base_start)
base_start = base_start.double()
scalar = scalar // 2
assert summed.x == result.x
assert summed.y == result.y
from math import ceil, log2
from os import urandom
from ethsnarks.jubjub import Point
N = 4
nbits = ceil(log2(N))
p = []
for _ in range(0, N):
p.append(Point.from_hash(urandom(32)))
p[0] = Point.infinity()
c = [_.x for _ in p]
for i in range(0, N):
b = [int(_) for _ in bin(i)[2:].rjust(nbits, '0')][::-1]
r = c[i]
A = (b[1] * c[3]) - (b[1] * c[2]) - (b[1] * c[1]) + c[1] + (c[0] *
b[1]) - c[0]
B = b[0]
C = r - (b[1] * c[2]) + (c[0] * b[1]) - c[0]
assert A * B == C
def _point_r(self): return Point.from_hash(urandom(10))
def verify(value, R, S, A):
R = Point(FQ(R[0]), FQ(R[1]))
A = Point(FQ(A[0]), FQ(A[1]))
B = Point.from_hash(b'eddsa_base')
m = bytes.fromhex(hex(int(toBinaryString(value), 2))[2:])
return eddsa_verify(A, R, S, m, B)
def keypair():
B = Point.from_hash(b'eddsa_base') # base point
k = FQ.random(JUBJUB_L) # secret key
A = B * k # public key
return k, A
