def check_mul(client, cls, xxx, yyy):
    check_contract_binop(
        client,
        f'mul_{bls(cls.name)}',
        cls.to_hex(xxx),
        Fr.to_hex(yyy),
        cls.to_hex(cls.mul(xxx, yyy)),
    )
def run_pairing_property_contract(client):
    g1 = G1.random()
    g2 = G2.random()
    a = Fr.random()
    b = Fr.random()
    ab = a * b
    # e(g1^a, g2^b) * e(g1, g2^-ab) = 1
    args = [(G1.mul(g1, a), G2.mul(g2, b)), (g1, G2.neg(G2.mul(g2, ab)))]

    # check if equality holds
    result = pairing_check(args)
    assert result

    stack_args = [(G1.to_hex(g1), G2.to_hex(g2)) for g1, g2 in args]
    stack_args = [f'Pair {g1} {g2}' for g1, g2 in stack_args]
    stack_args = f'{{ {"; ".join(stack_args)} }}'
    print("CONTRACT: ", CONTRACTS['pairing_check'])
    print("STACK ARGS: ", stack_args)
    check_contract(client, CONTRACTS['pairing_check'], stack_args, result)
    def test_signature_aggregation(self, client_regtest):
        for _ in RANDOM_ITERATIONS:
            sk0 = Fr.random(self.gen)  # secret key
            pk0 = G2.mul(G2.one, sk0)  # public key
            # we don't have hash-to-curve on g1, so compute a random point
            msg_hash = G1.random(self.gen)  # message hash
            sig0 = G1.mul(msg_hash, sk0)  # signature
            args0 = [(msg_hash, pk0), (G1.neg(sig0), G2.one)]
            check_pairing_check(client_regtest, args0)

            sk1 = Fr.random(self.gen)  # secret key
            pk1 = G2.mul(G2.one, sk1)  # public key
            # we don't have hash-to-curve on g1, so compute a random point
            sig1 = G1.mul(msg_hash, sk1)  # signature
            args1 = [
                (G1.add(msg_hash, msg_hash), G2.add(pk0, pk1)),
                (G1.neg(G1.add(sig0, sig1)), G2.add(G2.one, G2.one)),
            ]
            check_pairing_check(client_regtest, args1)
 def test_mul_random_random(self, client_regtest, cls):
     for _ in RANDOM_ITERATIONS:
         check_mul(client_regtest, cls, cls.random(self.gen),
                   Fr.random(self.gen))