def test_benchmark_create_witness(benchmark, t): g = G1.rand() h = G1.rand() pc = PolyCommitLin([g, h]) phi_hat = polynomials_over(ZR).random(t) i = ZR.random() benchmark(pc.create_witness, phi_hat, i)
def get_avss_params(n, t, my_id): g, h = G1.rand(seed=[0, 0, 0, 1]), G1.rand(seed=[0, 0, 0, 2]) public_keys, private_keys = [None] * n, [None] * n for i in range(n): private_keys[i] = ZR.random(seed=17 + i) public_keys[i] = pow(g, private_keys[i]) return g, h, public_keys, private_keys[my_id]
def test_bilinear_math(): from honeybadgermpc.betterpairing import ZR, G1, G2, GT, pair a = G1.rand() b = G2.rand() c = pair(a, b) i = ZR.random() assert pair(a**i, b) == c**i assert pair(a, b**i) == c**i assert pair(a**i, b**i) == c**(i**2) a.preprocess(8) b.preprocess(3) c.preprocess(5) i = ZR.random() assert pair(a**i, b) == c**i assert pair(a, b**i) == c**i assert pair(a**i, b**i) == c**(i**2) a **= ZR.random() b **= ZR.random() c **= ZR.random() a2 = G1.rand() assert a / a2 == a * a2**-1 b2 = G2.rand() assert b / b2 == b * b2**-1 c2 = GT.rand() assert c / c2 == c * c2**-1 assert (a**-1)**-1 == a assert (b**-1)**-1 == b assert (c**-1)**-1 == c
def get_avss_params(n, t): g, h = G1.rand(), G1.rand() public_keys, private_keys = [None] * n, [None] * n for i in range(n): private_keys[i] = ZR.random(0) public_keys[i] = pow(g, private_keys[i]) return g, h, public_keys, private_keys
def test_benchmark_commit(benchmark, t): alpha = ZR.random() g = G1.rand() h = G1.rand() crs = gen_pc_const_crs(t, alpha=alpha, g=g, h=h) pc = PolyCommitConst(crs) phi = polynomials_over(ZR).random(t) benchmark(pc.commit, phi)
def get_avss_params_pyp(n, t): from pypairing import G1, ZR g, h = G1.rand(), G1.rand() public_keys, private_keys = [None] * n, [None] * n for i in range(n): private_keys[i] = ZR.random() public_keys[i] = pow(g, private_keys[i]) return g, h, public_keys, private_keys
def test_poly_commit(): poly_commit = PolyCommitLin([G1.rand(), G1.rand()]) degree = randint(10, 50) phi = polynomials_over(ZR).random(degree) cs, aux = poly_commit.commit(phi) i = randint(0, degree - 1) witness = poly_commit.create_witness(aux, i) assert poly_commit.verify_eval(cs, i, phi(i), witness)
def test_benchmark_create_witness(benchmark, t): alpha = ZR.random() g = G1.rand() h = G1.rand() crs = gen_pc_const_crs(t, alpha=alpha, g=g, h=h) pc = PolyCommitConst(crs) phi = polynomials_over(ZR).random(t) c, phi_hat = pc.commit(phi) pc.preprocess_prover(10) i = ZR.random() benchmark(pc.create_witness, phi, phi_hat, i)
def test_pc_const(): t = 3 alpha = ZR.random() g = G1.rand() h = G1.rand() crs = gen_pc_const_crs(t, alpha=alpha, g=g, h=h) pc = PolyCommitConst(crs) phi = polynomials_over(ZR).random(t) c, phi_hat = pc.commit(phi) witness = pc.create_witness(phi, phi_hat, 3) assert c == g**phi(alpha) * h**phi_hat(alpha) assert pc.verify_eval(c, 3, phi(3), phi_hat(3), witness) assert not pc.verify_eval(c, 4, phi(3), phi_hat(3), witness)
def test_serialization(): from honeybadgermpc.betterpairing import ZR, G1, G2, GT a = ZR.random() b = G1.rand() c = G2.rand() d = GT.rand() assert a == ZR(a.__getstate__()) # assert b == G1(b.__getstate__()) assert c == G2(c.__getstate__()) assert d == GT(d.__getstate__()) bb = G1() bb.__setstate__(b.__getstate__()) assert bb == b
def batch_verify_eval(self, commits, i, shares, auxes, witnesses): assert (len(commits) == len(shares) and len(commits) == len(witnesses) and len(commits) == len(auxes)) commitprod = G1.one() witnessprod = G1.one() sharesum = ZR(0) auxsum = ZR(0) for j in range(len(commits)): commitprod *= commits[j] witnessprod *= witnesses[j] sharesum += shares[j] auxsum += auxes[j] lhs = pair(commitprod, self.ghats[0]) rhs = (pair(witnessprod, self.ghats[1] * self.ghats[0]**(-i)) * (self.gg**sharesum) * (self.gh**auxsum)) return lhs == rhs
def test_hashing(): from honeybadgermpc.betterpairing import ZR, G1, G2 import pickle crs = G1.hash_many(b"honeybadger", 10) + G2.hash_many(b"honeybadger", 2) assert crs[0] != crs[1] assert type(crs[0]) is G1 assert type(crs[11]) is G2 assert len(crs) == 12 c = ZR.hash(pickle.dumps(crs)) assert type(c) is ZR c2 = ZR.hash(pickle.dumps(crs)) assert c == c2 g = G1.hash(pickle.dumps(crs)) g2 = G1.hash(pickle.dumps(crs)) ghat = G2.hash(pickle.dumps(crs)) ghat2 = G2.hash(pickle.dumps(crs)) assert g == g2 assert ghat == ghat2
def commit(self, phi): c = G1.one() phi_hat = polynomials_over(self.field).random(self.t) i = 0 for item in self.gs: c *= item**phi.coeffs[i] i += 1 i = 0 for item in self.hs: c *= item**phi_hat.coeffs[i] i += 1 # c should equal g **(phi(alpha)) h **(phi_hat(alpha)) return c, phi_hat
def create_witness(self, phi, phi_hat, i): poly = polynomials_over(self.field) div = poly([-1 * i, 1]) psi = (phi - poly([phi(i)])) / div psi_hat = (phi_hat - poly([phi_hat(i)])) / div witness = G1.one() j = 0 for item in self.gs[:-1]: witness *= item**psi.coeffs[j] j += 1 j = 0 for item in self.hs[:-1]: witness *= item**psi_hat.coeffs[j] j += 1 return witness
def gen_pc_const_crs(t, alpha=None, g=None, h=None, ghat=None): nonetype = type(None) assert type(t) is int assert type(alpha) in (ZR, int, nonetype) assert type(g) in (G1, nonetype) assert type(h) in (G1, nonetype) assert type(ghat) in (G2, nonetype) if alpha is None: alpha = ZR.random(0) if g is None: g = G1.rand([0, 0, 0, 1]) if h is None: h = G1.rand([0, 0, 0, 1]) if ghat is None: ghat = G2.rand([0, 0, 0, 1]) (gs, ghats, hs) = ([], [], []) for i in range(t + 1): gs.append(g**(alpha**i)) for i in range(2): ghats.append(ghat**(alpha**i)) for i in range(t + 1): hs.append(h**(alpha**i)) crs = [gs, ghats, hs] return crs
def verify_eval(self, cs, i, phi_at_i, witness): lhs = G1.one() for j in range(len(cs)): lhs *= pow(cs[j], pow(i, j)) rhs = pow(self.g, phi_at_i) * pow(self.h, witness) return lhs == rhs
def test_benchmark_commit(benchmark, t): g = G1.rand() h = G1.rand() pc = PolyCommitLin([g, h]) phi = polynomials_over(ZR).random(t) benchmark(pc.commit, phi)