def test_ec():
q = default_ec.q
g = G1Generator()
assert g.is_on_curve()
assert 2 * g == g + g
assert (3 * g).is_on_curve()
assert 3 * g == g + g + g
g2 = G2Generator()
assert g2.x * (Fq(q, 2) * g2.y) == Fq(q, 2) * (g2.x * g2.y)
assert g2.is_on_curve()
s = g2 + g2
assert untwist(twist(s.to_affine())) == s.to_affine()
assert untwist(5 * twist(s.to_affine())) == (5 * s).to_affine()
assert 5 * twist(s.to_affine()) == twist((5 * s).to_affine())
assert s.is_on_curve()
assert g2.is_on_curve()
assert g2 + g2 == 2 * g2
assert g2 * 5 == (g2 * 2) + (2 * g2) + g2
y = y_for_x(g2.x, default_ec_twist, Fq2)
assert y == g2.y or -y == g2.y
g_j = G1Generator()
g2_j = G2Generator()
g2_j2 = G2Generator() * 2
assert g.to_affine().to_jacobian() == g
assert (g_j * 2).to_affine() == g.to_affine() * 2
assert (g2_j + g2_j2).to_affine() == g2.to_affine() * 3
def derive_child_g1_unhardened(parent_pk: JacobianPoint,
index: int) -> JacobianPoint:
"""
Derives an unhardened BIP-32 child public key, from a parent public key,
at the specified index. WARNING: this key is not as secure as a hardened key.
"""
h = hash256(bytes(parent_pk) + index.to_bytes(4, "big"))
return parent_pk + PrivateKey.from_bytes(h).value * G1Generator()
def pop_verify(pk: JacobianPoint, proof: JacobianPoint) -> bool:
try:
proof.check_valid()
pk.check_valid()
q = g2_map(bytes(pk), pop_scheme_pop_dst)
one = Fq12.one(default_ec.q)
pairing_result = ate_pairing_multi([pk, G1Generator().negate()],
[q, proof])
return pairing_result == one
except AssertionError:
return False
def core_verify_mpl(pk: JacobianPoint, message: bytes,
signature: JacobianPoint, dst: bytes) -> bool:
try:
signature.check_valid()
pk.check_valid()
except AssertionError:
return False
q = g2_map(message, dst)
one = Fq12.one(default_ec.q)
pairing_result = ate_pairing_multi([pk, G1Generator().negate()],
[q, signature])
return pairing_result == one
def core_aggregate_verify(pks: List[JacobianPoint], ms: List[bytes],
signature: JacobianPoint, dst: bytes) -> bool:
if len(pks) != len(ms) or len(pks) < 1:
return False
try:
signature.check_valid()
qs = [signature]
ps = [G1Generator().negate()]
for i in range(len(pks)):
pks[i].check_valid()
qs.append(g2_map(ms[i], dst))
ps.append(pks[i])
return Fq12.one(default_ec.q) == ate_pairing_multi(ps, qs)
except AssertionError:
return False
def get_g1(self):
return self.value * G1Generator()
def test_elements():
i1 = int.from_bytes(bytes([1, 2]), byteorder="big")
i2 = int.from_bytes(bytes([3, 1, 4, 1, 5, 9]), byteorder="big")
b1 = i1
b2 = i2
g1 = G1Generator()
g2 = G2Generator()
u1 = G1Infinity()
u2 = G2Infinity()
x1 = g1 * b1
x2 = g1 * b2
y1 = g2 * b1
y2 = g2 * b2
# G1
assert x1 != x2
assert x1 * b1 == b1 * x1
assert x1 * b1 != x1 * b2
left = x1 + u1
right = x1
assert left == right
assert x1 + x2 == x2 + x1
assert x1 + x1.negate() == u1
assert x1 == G1FromBytes(bytes(x1))
copy = deepcopy(x1)
assert x1 == copy
x1 += x2
assert x1 != copy
# G2
assert y1 != y2
assert y1 * b1 == b1 * y1
assert y1 * b1 != y1 * b2
assert y1 + u2 == y1
assert y1 + y2 == y2 + y1
assert y1 + y1.negate() == u2
assert y1 == G2FromBytes(bytes(y1))
copy = deepcopy(y1)
assert y1 == copy
y1 += y2
assert y1 != copy
# pairing operation
pair = ate_pairing(x1, y1)
assert pair != ate_pairing(x1, y2)
assert pair != ate_pairing(x2, y1)
copy = deepcopy(pair)
assert pair == copy
pair = None
assert pair != copy
sk = 728934712938472938472398074
pk = sk * g1
Hm = y2 * 12371928312 + y2 * 12903812903891023
sig = Hm * sk
assert ate_pairing(g1, sig) == ate_pairing(pk, Hm)