def OpBLS_G1_Add(arg): op = json.loads(arg) a_x = to_int(op['a_x']) a_y = to_int(op['a_y']) b_x = to_int(op['b_x']) b_y = to_int(op['b_y']) if (a_x % MOD, a_y % MOD) == (0, 0): return if (b_x % MOD, b_y % MOD) == (0, 0): return A = [FQ(a_x), FQ(a_y), FQ.one()] B = [FQ(b_x), FQ(b_y), FQ.one()] if not (is_on_curve(A, b) and subgroup_check(A)): return if not (is_on_curve(B, b) and subgroup_check(B)): return result = add(A, B) result = [str(result[0] / result[2]), str(result[1] / result[2])] r = json.dumps(result) return bytes(r, 'utf-8')
def OpBLS_Verify(arg): op = json.loads(arg) verified = False g1_x = to_int(op['g1_x']) g1_y = to_int(op['g1_y']) g1 = [FQ(g1_x), FQ(g1_y), FQ.one()] if is_on_curve(g1, b) == False: r = json.dumps(verified) return bytes(r, 'utf-8') g1 = G1_to_pubkey(g1) g2_v = to_int(op['g2_v']) g2_w = to_int(op['g2_w']) g2_x = to_int(op['g2_x']) g2_y = to_int(op['g2_y']) g2 = (FQ2((g2_v, g2_x)), FQ2((g2_w, g2_y)), FQ2.one()) try: g2 = G2_to_signature(g2) except: r = json.dumps(verified) return bytes(r, 'utf-8') msg = bytes.fromhex(op['cleartext']) verified = bls_pop.Verify(g1, msg, g2) r = json.dumps(verified) return bytes(r, 'utf-8')
def OpBLS_G1_IsEq(arg): op = json.loads(arg) a_x = to_int(op['a_x']) a_y = to_int(op['a_y']) b_x = to_int(op['b_x']) b_y = to_int(op['b_y']) if (a_x % MOD, a_y % MOD) == (0, 0): return if (b_x % MOD, b_y % MOD) == (0, 0): return A = [FQ(a_x), FQ(a_y), FQ.one()] B = [FQ(b_x), FQ(b_y), FQ.one()] r = json.dumps(A == B) return bytes(r, 'utf-8')
def OpBLS_IsG1OnCurve(arg): op = json.loads(arg) x = to_int(op['g1_x']) y = to_int(op['g1_y']) g1 = [FQ(x), FQ(y), FQ.one()] if is_valid([x, y]) == False: return #r = json.dumps(is_on_curve(g2, b2)) r = json.dumps(is_on_curve(g1, b) and subgroup_check(g1)) return bytes(r, 'utf-8')
def OpBLS_G1_Neg(arg): op = json.loads(arg) a_x = to_int(op['a_x']) a_y = to_int(op['a_y']) if (a_x % MOD, a_y % MOD) == (0, 0): return A = [FQ(a_x), FQ(a_y), FQ.one()] result = neg(A) result = [str(result[0] / result[2]), str(result[1] / result[2])] r = json.dumps(result) return bytes(r, 'utf-8')
def OpBLS_Compress_G1(arg): op = json.loads(arg) x = to_int(op['g1_x']) y = to_int(op['g1_y']) if (x % MOD, y % MOD) == (0, 0): return g1 = [FQ(x), FQ(y), FQ.one()] compressed = compress_G1(g1) if is_valid([x, y]) == True and is_on_curve(g1, b): decompressed = decompress_G1(compressed) assert g1[0] == decompressed[0] and g1[1] == decompressed[1] r = json.dumps(str(compressed)) return bytes(r, 'utf-8')
FQ(1), ) # Generator for twisted curve over FQ2 G2 = ( FQ2(( 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160, # noqa: E501 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758, # noqa: E501 )), FQ2(( 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905, # noqa: E501 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582, # noqa: E501 )), FQ2.one(), ) # Point at infinity over FQ Z1 = (FQ.one(), FQ.one(), FQ.zero()) # Point at infinity for twisted curve over FQ2 Z2 = (FQ2.one(), FQ2.one(), FQ2.zero()) # Check if a point is the point at infinity def is_inf(pt: Optimized_Point3D[Optimized_Field]) -> bool: return pt[-1] == pt[-1].__class__.zero() # Check that a point is on the curve defined by y**2 == x**3 + b def is_on_curve(pt: Optimized_Point3D[Optimized_Field], b: Optimized_Field) -> bool: if is_inf(pt): return True x, y, z = pt
def test_decompress_G2_with_no_modular_square_root_found(): with pytest.raises(ValueError, match="Failed to find a modular squareroot"): signature_to_G2(b'\x11' * 96) @pytest.mark.parametrize( 'pt,on_curve,is_infinity', [ # On curve points (G1, True, False), (multiply(G1, 5), True, False), # Infinity point but still on curve (Z1, True, True), # Not on curve ((FQ(5566), FQ(5566), FQ.one()), False, None), ]) def test_G1_compress_and_decompress_flags(pt, on_curve, is_infinity): assert on_curve == is_on_curve(pt, b) z = compress_G1(pt) if on_curve: x = z % POW_2_381 c_flag = (z % 2**384) // POW_2_383 b_flag = (z % POW_2_383) // POW_2_382 a_flag = (z % POW_2_382) // POW_2_381 assert x < q assert c_flag == 1 if is_infinity: assert b_flag == 1 assert a_flag == x == 0 else: