def test_ec():
q = default_ec.q
g = G1Generator()
assert g.is_on_curve()
assert 2 * g == g + g
assert (3 * g).is_on_curve()
assert 3 * g == g + g + g
g2 = G2Generator()
assert g2.x * (Fq(q, 2) * g2.y) == Fq(q, 2) * (g2.x * g2.y)
assert g2.is_on_curve()
s = g2 + g2
assert untwist(twist(s.to_affine())) == s.to_affine()
assert untwist(5 * twist(s.to_affine())) == (5 * s).to_affine()
assert 5 * twist(s.to_affine()) == twist((5 * s).to_affine())
assert s.is_on_curve()
assert g2.is_on_curve()
assert g2 + g2 == 2 * g2
assert g2 * 5 == (g2 * 2) + (2 * g2) + g2
y = y_for_x(g2.x, default_ec_twist, Fq2)
assert y == g2.y or -y == g2.y
g_j = G1Generator()
g2_j = G2Generator()
g2_j2 = G2Generator() * 2
assert g.to_affine().to_jacobian() == g
assert (g_j * 2).to_affine() == g.to_affine() * 2
assert (g2_j + g2_j2).to_affine() == g2.to_affine() * 3
def test_ec():
g = generator_Fq(default_ec)
assert g.is_on_curve()
assert 2 * g == g + g
assert (3 * g).is_on_curve()
assert 3 * g == g + g + g
P = hash_to_point_Fq(bytes([]))
assert P.is_on_curve()
assert P.serialize() == bytes.fromhex(
"12fc5ad5a2fbe9d4b6eb0bc16d530e5f263b6d59cbaf26c3f2831962924aa588ab84d46cc80d3a433ce064adb307f256"
)
g2 = generator_Fq2(default_ec_twist)
assert g2.x * (2 * g2.y) == 2 * (g2.x * g2.y)
assert g2.is_on_curve()
s = g2 + g2
assert untwist(twist(s)) == s
assert untwist(5 * twist(s)) == 5 * s
assert 5 * twist(s) == twist(5 * s)
assert s.is_on_curve()
assert g2.is_on_curve()
assert g2 + g2 == 2 * g2
assert g2 * 5 == (g2 * 2) + (2 * g2) + g2
y = y_for_x(g2.x, default_ec_twist, Fq2)
assert y[0] == g2.y or y[1] == g2.y
assert hash_to_point_Fq2("chia") == hash_to_point_Fq2("chia")
g_j = generator_Fq(default_ec_twist).to_jacobian()
g2_j = generator_Fq2(default_ec_twist).to_jacobian()
g2_j2 = (generator_Fq2(default_ec_twist) * 2).to_jacobian()
assert g.to_jacobian().to_affine() == g
assert (g_j * 2).to_affine() == g * 2
assert (g2_j + g2_j2).to_affine() == g2 * 3
assert sw_encode(Fq(default_ec.q, 0)).infinity
assert sw_encode(Fq(default_ec.q, 1)) == sw_encode(Fq(default_ec.q, -1)).negate()
assert (
sw_encode(
Fq(
default_ec.q,
0x019CFABA0C258165D092F6BCA9A081871E62A126C499340DC71C0E9527F923F3B299592A7A9503066CC5362484D96DD7,
)
)
== generator_Fq()
)
assert (
sw_encode(
Fq(
default_ec.q,
0x186417302D5A65347A88B0F999AB2B504614AA5E2EEBDEB1A014C40BCEB7D2306C12A6D436BEFCF94D39C9DB7B263CD4,
)
)
== generator_Fq().negate()
)
def from_bytes(buffer):
bit1 = buffer[0] & 0x80
buffer = bytes([buffer[0] & 0x1f]) + buffer[1:]
x = Fq(default_ec.q, int.from_bytes(buffer, "big"))
y_values = y_for_x(Fq(default_ec.q, x))
y_values.sort()
y = y_values[0]
if bit1:
y = y_values[1]
return PublicKey(AffinePoint(x, y, False, default_ec).to_jacobian())
def test_ec():
g = generator_Fq(default_ec)
assert (g.is_on_curve())
assert (2 * g == g + g)
assert ((3 * g).is_on_curve())
assert (3 * g == g + g + g)
P = hash_to_point_Fq(bytes([]))
assert (P.is_on_curve())
assert (P.serialize() == bytes.fromhex(
"12fc5ad5a2fbe9d4b6eb0bc16d530e5f263b6d59cbaf26c3f2831962924aa588ab84d46cc80d3a433ce064adb307f256"
))
g2 = generator_Fq2(default_ec_twist)
assert (g2.x * (2 * g2.y) == 2 * (g2.x * g2.y))
assert (g2.is_on_curve())
s = g2 + g2
assert (untwist(twist(s)) == s)
assert (untwist(5 * twist(s)) == 5 * s)
assert (5 * twist(s) == twist(5 * s))
assert (s.is_on_curve())
assert (g2.is_on_curve())
assert (g2 + g2 == 2 * g2)
assert (g2 * 5 == (g2 * 2) + (2 * g2) + g2)
y = y_for_x(g2.x, default_ec_twist, Fq2)
assert (y[0] == g2.y or y[1] == g2.y)
assert (hash_to_point_Fq2("chia") == hash_to_point_Fq2("chia"))
g_j = generator_Fq(default_ec_twist).to_jacobian()
g2_j = generator_Fq2(default_ec_twist).to_jacobian()
g2_j2 = (generator_Fq2(default_ec_twist) * 2).to_jacobian()
assert (g.to_jacobian().to_affine() == g)
assert ((g_j * 2).to_affine() == g * 2)
assert ((g2_j + g2_j2).to_affine() == g2 * 3)
assert (sw_encode(Fq(default_ec.q, 0)).infinity)
assert (sw_encode(Fq(default_ec.q, 1)) == sw_encode(Fq(default_ec.q,
-1)).negate())
assert (sw_encode(
Fq(
default_ec.q,
0x019cfaba0c258165d092f6bca9a081871e62a126c499340dc71c0e9527f923f3b299592a7a9503066cc5362484d96dd7
)) == generator_Fq())
assert (sw_encode(
Fq(
default_ec.q,
0x186417302d5a65347a88b0f999ab2b504614aa5e2eebdeb1a014c40bceb7d2306c12a6d436befcf94d39c9db7b263cd4
)) == generator_Fq().negate())
def from_bytes(buffer, aggregation_info=None):
use_big_y = buffer[0] & 0x80
buffer = bytes([buffer[0] & 0x1f]) + buffer[1:]
x0 = int.from_bytes(buffer[:48], "big")
x1 = int.from_bytes(buffer[48:], "big")
x = Fq2(default_ec.q, Fq(default_ec.q, x0), Fq(default_ec.q, x1))
ys = y_for_x(x, default_ec_twist, Fq2)
y = ys[0]
if ((use_big_y and ys[1][1] > default_ec.q // 2) or
(not use_big_y and ys[1][1] < default_ec.q // 2)):
y = ys[1]
return Signature(AffinePoint(x, y, False, default_ec_twist)
.to_jacobian(),
aggregation_info)
def from_bytes(buffer):
use_big_y = buffer[0] & 0x80
prepend = buffer[0] & 0x40
if not prepend:
raise "Should have prepend bit set"
buffer = bytes([buffer[0] & 0x1f]) + buffer[1:]
x0 = int.from_bytes(buffer[:48], "big")
x1 = int.from_bytes(buffer[48:], "big")
x = Fq2(default_ec.q, Fq(default_ec.q, x0), Fq(default_ec.q, x1))
ys = y_for_x(x, default_ec_twist, Fq2)
y = ys[0]
if ((use_big_y and ys[1][1] > default_ec.q // 2)
or (not use_big_y and ys[1][1] < default_ec.q // 2)):
y = ys[1]
return PrependSignature(
AffinePoint(x, y, False, default_ec_twist).to_jacobian())
def from_bytes(buffer, aggregation_info=None):
use_big_y = buffer[0] & 0x80
prepend = buffer[0] & 0x40
if prepend:
raise Exception("Should not have prepend bit set")
buffer = bytes([buffer[0] & 0x1F]) + buffer[1:]
x0 = int.from_bytes(buffer[:48], "big")
x1 = int.from_bytes(buffer[48:], "big")
x = Fq2(default_ec.q, Fq(default_ec.q, x0), Fq(default_ec.q, x1))
ys = y_for_x(x, default_ec_twist, Fq2)
y = ys[0]
if (use_big_y and ys[1][1] > default_ec.q // 2) or (
not use_big_y and ys[1][1] < default_ec.q // 2):
y = ys[1]
return Signature(
AffinePoint(x, y, False, default_ec_twist).to_jacobian(),
aggregation_info)