def testKeyAggregation():
n = 20
startPK = 35
pks = [x for x in range(startPK, startPK + 35)]
pubs = [multiply(G2, x) for x in pks]
for i in range(len(pubs)):
print([pubs[i]], "\n")
print(pubs)
pubKeyAgg = pubs[0]
for i in range(1, 35):
pubKeyAgg = add(pubKeyAgg, pubs[i])
h = 12312312345
H = multiply(G1, h)
sigs = []
for i in range(0, 35):
sigs.append(multiply(H, pks[i]))
aggSign = sigs[0]
for i in range(1, 35):
aggSign = add(aggSign, sigs[i])
# G2, G1
pairing1 = pairing(pubKeyAgg, H)
# G2 , G1
pairing2 = pairing(G2, aggSign)
assert pairing1 == pairing2 # test sign Aggregation
print("yey")
def check_pairing(participantG1, participantG2, previousParticipantG1):
# G1 point for participant
participant_g1_x = FQ(int(participantG1['x']))
participant_g1_y = FQ(int(participantG1['y']))
participant_g1 = (participant_g1_x, participant_g1_y)
# G2 point for participant
participant_g2_x = FQ2(
[int(participantG2['x']['c0']),
int(participantG2['x']['c1'])])
participant_g2_y = FQ2(
[int(participantG2['y']['c0']),
int(participantG2['y']['c1'])])
participant_g2 = (participant_g2_x, participant_g2_y)
# G1 point for previous participant
previous_participant_g1_x = FQ(int(previousParticipantG1['x']))
previous_participant_g1_y = FQ(int(previousParticipantG1['y']))
previous_participant_g1 = (previous_participant_g1_x,
previous_participant_g1_y)
e1 = bn128.final_exponentiate(bn128.pairing(G2, participant_g1))
e2 = bn128.final_exponentiate(
bn128.pairing(participant_g2, previous_participant_g1))
pairing_result = (e1 == e2)
assert (pairing_result == True)
def check_pairing_equality(P1: PointG1, Q1: PointG2, P2: PointG1,
Q2: PointG2) -> bool:
""" checks if the pairing equality e(P1, Q1) == e(P2, Q2) holds
"""
P1 = _wrap(P1)
Q1 = _wrap(Q1)
P2 = _wrap(P2)
Q2 = _wrap(Q2)
return bn128.pairing(Q1, P1) == bn128.pairing(Q2, P2)
def testKeyAggregation():
privKey1 = 31
privKey2 = 35
privKey3 = 37
pubKey1 = multiply(G1, privKey1)
pubKey2 = multiply(G1, privKey2)
pubKey3 = multiply(G1, privKey3)
pubKeyAgg = add(add(pubKey1, pubKey2), pubKey3)
h = 12312312345
H = multiply(G2, h)
sign1 = multiply(H, privKey1)
sign2 = multiply(H, privKey2)
sign3 = multiply(H, privKey3)
aggSign = add(add(sign1, sign2), sign3)
pairing1 = pairing(H, pubKeyAgg)
pairing2 = pairing(aggSign, G1)
assert pairing1 == pairing2 # test sign Aggregation
# for 400/n validators
# n = 400
# startPK = 500
# pks = [x for x in range(startPK, startPK + n)]
#
# pubs = [multiply(G1, x) for x in pks]
# # for i in range(len(pubs)):
# # print([pubs[i]], "\n")
# # print(pubs)
#
# pubKeyAgg = pubs[0]
# for i in range(1, n):
# pubKeyAgg = add(pubKeyAgg, pubs[i])
# h = 12312312345
# H = multiply(G2, h)
# sigs = []
# for i in range(0, n):
# sigs.append(multiply(H,pks[i]))
#
#
# aggSign = sigs[0]
# for i in range(1, n):
# aggSign = add(aggSign, sigs[i])
#
# pairing1 = pairing(H, pubKeyAgg)
# pairing2 = pairing(aggSign, G1)
# assert pairing1 == pairing2 # test sign Aggregation
# x = pubKeyAgg
print("yey")
def check_pairing(P1: PointG1, Q1: PointG2, P2: PointG1, Q2: PointG2) -> bool:
""" performs the pairing check as specified in https://github.com/ethereum/EIPs/blob/master/EIPS/eip-197.md
this check is compatible with the implementation in the precompiled solidity contract
NOTICE THIS IS DIFFERENT FROM WHAT ONE WOULD ACTUALLY THINK OF WHEN CHECKING THE PAIRING
seed __check_pairing_equality for the intuitive understanding of a pairing check
"""
P1 = _wrap(P1)
Q1 = _wrap(Q1)
P2 = bn128.neg(_wrap(P2))
Q2 = _wrap(Q2)
return bn128.pairing(Q1, P1) == bn128.pairing(Q2, P2)
def ismember(AkX, my_item, W_x):
"""
Verify membership by pairing equality
e(G2, AkX) = e(G2^x, W_x)
@param AkX: G1 point accumulator
@param my_item: Your item
@param W_x: G1 point witness
"""
x = hashsn(my_item)
e1 = pairing(G2, AkX)
e2 = pairing(multiply(G2, x), W_x)
return e1 == e2
def main():
# resource.setrlimit(resource.RLIMIT_STACK, (resource.RLIM_INFINITY, resource.RLIM_INFINITY))
# sys.setrecursionlimit(10**6)
g1 = ec.G1
g2 = ec.G2
e12 = ec.pairing(g2, g1)
print(e12)
def pairingProd(*inputs):
"""
The Ethereum pairing opcode works like:
e(p1[0],p2[0]) * ... * e(p1[n],p2[n]) == 1
See: EIP 212
>>> assert True == pairingProd((G1, G2), (G1, neg(G2)))
"""
product = FQ12.one()
for p1, p2 in inputs:
product *= pairing(p2, p1)
return product == FQ12.one()
def test_pairing_check_pyecc():
sk = random_scalar(seed=1)
pk = bn128.multiply(bn128.G1, sk)
bls_pk = bn128.multiply(bn128.G2, sk)
assert bn128.pairing(bn128.G2, pk) == bn128.pairing(bls_pk, bn128.G1)
def test_pairing_python_neg():
assert pairing(G2, multiply(G1, 5)) != pairing(multiply(G2, 5), neg(G1))
def test_pairing_python():
assert pairing(G2, multiply(G1, 5)) == pairing(multiply(G2, 5), G1)
# miller_loop :: Point2D[FQ12] -> Point2D[FQ12] -> FQ12
# twist :: Point2D[FQ2] -> Point2D[FQ12]
# cast_point_to_fq12 :: Point2D[FQ] -> Point2D[FQ12]
# a = randsp()
# # g^a
# g_a = multiply(bn128.G1, a)
# # g^a^2 = g^2a
# g_2_a = multiply(g_a, 2)
# # g^2a + g^a = g^3a
# assert add(g_a, g_2_a) == multiply(g_a, 3)
e_gpprime_g = pairing(g_theta_alpha_p_s, bn128.G1)
e_gp_galpha = pairing(g_theta_p_s, g_alpha)
passed_poly_restrict = e_gpprime_g == e_gp_galpha
print(f'Polynomial restrictions passed: {passed_poly_restrict}')
e_gp_g = pairing(g_theta_p_s, bn128.G1)
e_gts_gh = pairing(
g_theta_h_s,
g_t_s,
)
passed_poly_cofactors = e_gp_g == e_gts_gh
print(f'Polynomial cofactors passed: {passed_poly_cofactors}')
