def testKeyAggregation(): n = 20 startPK = 35 pks = [x for x in range(startPK, startPK + 35)] pubs = [multiply(G2, x) for x in pks] for i in range(len(pubs)): print([pubs[i]], "\n") print(pubs) pubKeyAgg = pubs[0] for i in range(1, 35): pubKeyAgg = add(pubKeyAgg, pubs[i]) h = 12312312345 H = multiply(G1, h) sigs = [] for i in range(0, 35): sigs.append(multiply(H, pks[i])) aggSign = sigs[0] for i in range(1, 35): aggSign = add(aggSign, sigs[i]) # G2, G1 pairing1 = pairing(pubKeyAgg, H) # G2 , G1 pairing2 = pairing(G2, aggSign) assert pairing1 == pairing2 # test sign Aggregation print("yey")
def check_pairing(participantG1, participantG2, previousParticipantG1): # G1 point for participant participant_g1_x = FQ(int(participantG1['x'])) participant_g1_y = FQ(int(participantG1['y'])) participant_g1 = (participant_g1_x, participant_g1_y) # G2 point for participant participant_g2_x = FQ2( [int(participantG2['x']['c0']), int(participantG2['x']['c1'])]) participant_g2_y = FQ2( [int(participantG2['y']['c0']), int(participantG2['y']['c1'])]) participant_g2 = (participant_g2_x, participant_g2_y) # G1 point for previous participant previous_participant_g1_x = FQ(int(previousParticipantG1['x'])) previous_participant_g1_y = FQ(int(previousParticipantG1['y'])) previous_participant_g1 = (previous_participant_g1_x, previous_participant_g1_y) e1 = bn128.final_exponentiate(bn128.pairing(G2, participant_g1)) e2 = bn128.final_exponentiate( bn128.pairing(participant_g2, previous_participant_g1)) pairing_result = (e1 == e2) assert (pairing_result == True)
def check_pairing_equality(P1: PointG1, Q1: PointG2, P2: PointG1, Q2: PointG2) -> bool: """ checks if the pairing equality e(P1, Q1) == e(P2, Q2) holds """ P1 = _wrap(P1) Q1 = _wrap(Q1) P2 = _wrap(P2) Q2 = _wrap(Q2) return bn128.pairing(Q1, P1) == bn128.pairing(Q2, P2)
def testKeyAggregation(): privKey1 = 31 privKey2 = 35 privKey3 = 37 pubKey1 = multiply(G1, privKey1) pubKey2 = multiply(G1, privKey2) pubKey3 = multiply(G1, privKey3) pubKeyAgg = add(add(pubKey1, pubKey2), pubKey3) h = 12312312345 H = multiply(G2, h) sign1 = multiply(H, privKey1) sign2 = multiply(H, privKey2) sign3 = multiply(H, privKey3) aggSign = add(add(sign1, sign2), sign3) pairing1 = pairing(H, pubKeyAgg) pairing2 = pairing(aggSign, G1) assert pairing1 == pairing2 # test sign Aggregation # for 400/n validators # n = 400 # startPK = 500 # pks = [x for x in range(startPK, startPK + n)] # # pubs = [multiply(G1, x) for x in pks] # # for i in range(len(pubs)): # # print([pubs[i]], "\n") # # print(pubs) # # pubKeyAgg = pubs[0] # for i in range(1, n): # pubKeyAgg = add(pubKeyAgg, pubs[i]) # h = 12312312345 # H = multiply(G2, h) # sigs = [] # for i in range(0, n): # sigs.append(multiply(H,pks[i])) # # # aggSign = sigs[0] # for i in range(1, n): # aggSign = add(aggSign, sigs[i]) # # pairing1 = pairing(H, pubKeyAgg) # pairing2 = pairing(aggSign, G1) # assert pairing1 == pairing2 # test sign Aggregation # x = pubKeyAgg print("yey")
def check_pairing(P1: PointG1, Q1: PointG2, P2: PointG1, Q2: PointG2) -> bool: """ performs the pairing check as specified in https://github.com/ethereum/EIPs/blob/master/EIPS/eip-197.md this check is compatible with the implementation in the precompiled solidity contract NOTICE THIS IS DIFFERENT FROM WHAT ONE WOULD ACTUALLY THINK OF WHEN CHECKING THE PAIRING seed __check_pairing_equality for the intuitive understanding of a pairing check """ P1 = _wrap(P1) Q1 = _wrap(Q1) P2 = bn128.neg(_wrap(P2)) Q2 = _wrap(Q2) return bn128.pairing(Q1, P1) == bn128.pairing(Q2, P2)
def ismember(AkX, my_item, W_x): """ Verify membership by pairing equality e(G2, AkX) = e(G2^x, W_x) @param AkX: G1 point accumulator @param my_item: Your item @param W_x: G1 point witness """ x = hashsn(my_item) e1 = pairing(G2, AkX) e2 = pairing(multiply(G2, x), W_x) return e1 == e2
def main(): # resource.setrlimit(resource.RLIMIT_STACK, (resource.RLIM_INFINITY, resource.RLIM_INFINITY)) # sys.setrecursionlimit(10**6) g1 = ec.G1 g2 = ec.G2 e12 = ec.pairing(g2, g1) print(e12)
def pairingProd(*inputs): """ The Ethereum pairing opcode works like: e(p1[0],p2[0]) * ... * e(p1[n],p2[n]) == 1 See: EIP 212 >>> assert True == pairingProd((G1, G2), (G1, neg(G2))) """ product = FQ12.one() for p1, p2 in inputs: product *= pairing(p2, p1) return product == FQ12.one()
def test_pairing_check_pyecc(): sk = random_scalar(seed=1) pk = bn128.multiply(bn128.G1, sk) bls_pk = bn128.multiply(bn128.G2, sk) assert bn128.pairing(bn128.G2, pk) == bn128.pairing(bls_pk, bn128.G1)
def test_pairing_python_neg(): assert pairing(G2, multiply(G1, 5)) != pairing(multiply(G2, 5), neg(G1))
def test_pairing_python(): assert pairing(G2, multiply(G1, 5)) == pairing(multiply(G2, 5), G1)
# miller_loop :: Point2D[FQ12] -> Point2D[FQ12] -> FQ12 # twist :: Point2D[FQ2] -> Point2D[FQ12] # cast_point_to_fq12 :: Point2D[FQ] -> Point2D[FQ12] # a = randsp() # # g^a # g_a = multiply(bn128.G1, a) # # g^a^2 = g^2a # g_2_a = multiply(g_a, 2) # # g^2a + g^a = g^3a # assert add(g_a, g_2_a) == multiply(g_a, 3) e_gpprime_g = pairing(g_theta_alpha_p_s, bn128.G1) e_gp_galpha = pairing(g_theta_p_s, g_alpha) passed_poly_restrict = e_gpprime_g == e_gp_galpha print(f'Polynomial restrictions passed: {passed_poly_restrict}') e_gp_g = pairing(g_theta_p_s, bn128.G1) e_gts_gh = pairing( g_theta_h_s, g_t_s, ) passed_poly_cofactors = e_gp_g == e_gts_gh print(f'Polynomial cofactors passed: {passed_poly_cofactors}')