def aggregate_verify(pks, msgs, sig, ciphersuite): assert len(pks) == len(msgs), "FAIL: aggregate_verify needs same number of sigs and msgs" if not subgroup_check_g1(sig): return False Ps = [None] * (1 + len(msgs)) for (idx, (msg, pk)) in enumerate(zip(msgs, pks)): if not subgroup_check_g2(pk): return False Ps[idx] = map2curve_osswu(msg, ciphersuite) Ps[-1] = sig Qs = chain(pks, (point_neg(g2gen),)) return multi_pairing(Ps, Qs) == 1
def pop_verify(pk, proof, ciphersuite): pk_bytes = serialize(pk, True) # serialize in compressed form P = map2curve_osswu(pk_bytes, ciphersuite) pk_ok = subgroup_check_g2(pk) proof_ok = multi_pairing((P, proof), (pk, point_neg(g2gen))) == 1 return pk_ok and proof_ok
def pop_prove(x_prime, pk, ciphersuite): pk_bytes = serialize(pk, True) # serialize in compressed form P = map2curve_osswu(pk_bytes, ciphersuite) return point_mul(x_prime, P)
def verify(pk, sig, msg, ciphersuite): P = map2curve_osswu(msg, ciphersuite) if not (subgroup_check_g2(pk) and subgroup_check_g1(sig)): return False return multi_pairing((P, sig), (pk, point_neg(g2gen))) == 1
def pop_verify(pk, proof, ciphersuite): pk_bytes = serialize(pk, True) # serialize in compressed form P = map2curve_osswu(pk_bytes, ciphersuite) if not (subgroup_check_g2(pk) and subgroup_check_g1(proof)): return False return multi_pairing((P, proof), (pk, point_neg(g2gen))) == 1
def verify(pk, sig, msg, ciphersuite): P = map2curve_osswu(msg, ciphersuite) return multi_pairing((P, sig), (pk, point_neg(g2gen))) == 1
def sign(x_prime, msg, ciphersuite): P = map2curve_osswu(msg, ciphersuite) return point_mul(x_prime, P)