def test1():
seed = bytes([
0, 50, 6, 244, 24, 199, 1, 25, 52, 88, 192, 19, 18, 12, 89, 6, 220, 18,
102, 58, 209, 82, 12, 62, 89, 110, 182, 9, 44, 20, 254, 22
])
sk = PrivateKey.from_seed(seed)
pk = sk.get_public_key()
msg = bytes([100, 2, 254, 88, 90, 45, 23])
sig = sk.sign(msg)
sk_bytes = sk.serialize()
pk_bytes = pk.serialize()
sig_bytes = sig.serialize()
sk = PrivateKey.from_bytes(sk_bytes)
pk = PublicKey.from_bytes(pk_bytes)
sig = Signature.from_bytes(sig_bytes)
sig.set_aggregation_info(AggregationInfo.from_msg(pk, msg))
ok = sig.verify()
assert (ok)
seed = bytes([1]) + seed[1:]
sk1 = PrivateKey.from_seed(seed)
seed = bytes([2]) + seed[1:]
sk2 = PrivateKey.from_seed(seed)
pk1 = sk1.get_public_key()
sig1 = sk1.sign(msg)
pk2 = sk2.get_public_key()
sig2 = sk2.sign(msg)
agg_sig = Signature.aggregate([sig1, sig2])
agg_pubkey = PublicKey.aggregate([pk1, pk2])
agg_sig.set_aggregation_info(AggregationInfo.from_msg(agg_pubkey, msg))
assert (agg_sig.verify())
seed = bytes([3]) + seed[1:]
sk3 = PrivateKey.from_seed(seed)
pk3 = sk3.get_public_key()
msg2 = bytes([100, 2, 254, 88, 90, 45, 23])
sig1 = sk1.sign(msg)
sig2 = sk2.sign(msg)
sig3 = sk3.sign(msg2)
agg_sig_l = Signature.aggregate([sig1, sig2])
agg_sig_final = Signature.aggregate([agg_sig_l, sig3])
sig_bytes = agg_sig_final.serialize()
agg_sig_final = Signature.from_bytes(sig_bytes)
a1 = AggregationInfo.from_msg(pk1, msg)
a2 = AggregationInfo.from_msg(pk2, msg)
a3 = AggregationInfo.from_msg(pk3, msg2)
a1a2 = AggregationInfo.merge_infos([a1, a2])
a_final = AggregationInfo.merge_infos([a1a2, a3])
print(a_final)
agg_sig_final.set_aggregation_info(a_final)
ok = agg_sig_final.verify()
ok = agg_sig_l.verify()
agg_sig_final = agg_sig_final.divide_by([agg_sig_l])
ok = agg_sig_final.verify()
agg_sk = PrivateKey.aggregate([sk1, sk2], [pk1, pk2])
agg_sk.sign(msg)
seed = bytes([
1, 50, 6, 244, 24, 199, 1, 25, 52, 88, 192, 19, 18, 12, 89, 6, 220, 18,
102, 58, 209, 82, 12, 62, 89, 110, 182, 9, 44, 20, 254, 22
])
esk = ExtendedPrivateKey.from_seed(seed)
epk = esk.get_extended_public_key()
sk_child = esk.private_child(0).private_child(5)
pk_child = epk.public_child(0).public_child(5)
buffer1 = pk_child.serialize()
buffer2 = sk_child.serialize()
print(len(buffer1), buffer1)
print(len(buffer2), buffer2)
assert (sk_child.get_extended_public_key() == pk_child)
def aggregate(signatures):
"""
Aggregates many (aggregate) signatures, using a combination of simple
and secure aggregation. Signatures are grouped based on which ones
share common messages, and these are all merged securely.
"""
public_keys = [] # List of lists
message_hashes = [] # List of lists
for signature in signatures:
if signature.aggregation_info.empty():
raise Exception(
"Each signature must have a valid aggregation " + "info")
public_keys.append(signature.aggregation_info.public_keys)
message_hashes.append(signature.aggregation_info.message_hashes)
# Find colliding vectors, save colliding messages
messages_set = set()
colliding_messages_set = set()
for msg_vector in message_hashes:
messages_set_local = set()
for msg in msg_vector:
if msg in messages_set and msg not in messages_set_local:
colliding_messages_set.add(msg)
messages_set.add(msg)
messages_set_local.add(msg)
if len(colliding_messages_set) == 0:
# There are no colliding messages between the groups, so we
# will just aggregate them all simply. Note that we assume
# that every group is a valid aggregate signature. If an invalid
# or insecure signature is given, and invalid signature will
# be created. We don't verify for performance reasons.
final_sig = Signature.aggregate_sigs_simple(signatures)
aggregation_infos = [sig.aggregation_info for sig in signatures]
final_agg_info = AggregationInfo.merge_infos(aggregation_infos)
final_sig.set_aggregation_info(final_agg_info)
return final_sig
# There are groups that share messages, therefore we need
# to use a secure form of aggregation. First we find which
# groups collide, and securely aggregate these. Then, we
# use simple aggregation at the end.
colliding_sigs = []
non_colliding_sigs = []
colliding_message_hashes = [] # List of lists
colliding_public_keys = [] # List of lists
for i in range(len(signatures)):
group_collides = False
for msg in message_hashes[i]:
if msg in colliding_messages_set:
group_collides = True
colliding_sigs.append(signatures[i])
colliding_message_hashes.append(message_hashes[i])
colliding_public_keys.append(public_keys[i])
break
if not group_collides:
non_colliding_sigs.append(signatures[i])
# Arrange all signatures, sorted by their aggregation info
colliding_sigs.sort(key=lambda s: s.aggregation_info)
# Arrange all public keys in sorted order, by (m, pk)
sort_keys_sorted = []
for i in range(len(colliding_public_keys)):
for j in range(len(colliding_public_keys[i])):
sort_keys_sorted.append((colliding_message_hashes[i][j],
colliding_public_keys[i][j]))
sort_keys_sorted.sort()
sorted_public_keys = [pk for (mh, pk) in sort_keys_sorted]
computed_Ts = BLS.hash_pks(len(colliding_sigs), sorted_public_keys)
# Raise each sig to a power of each t,
# and multiply all together into agg_sig
ec = sorted_public_keys[0].value.ec
agg_sig = JacobianPoint(Fq2.one(ec.q), Fq2.one(ec.q), Fq2.zero(ec.q),
True, ec)
for i, signature in enumerate(colliding_sigs):
agg_sig += signature.value * computed_Ts[i]
for signature in non_colliding_sigs:
agg_sig += signature.value
final_sig = Signature.from_g2(agg_sig)
aggregation_infos = [sig.aggregation_info for sig in signatures]
final_agg_info = AggregationInfo.merge_infos(aggregation_infos)
final_sig.set_aggregation_info(final_agg_info)
return final_sig