def OpBLS_G1_Add(arg):
op = json.loads(arg)
a_x = to_int(op['a_x'])
a_y = to_int(op['a_y'])
b_x = to_int(op['b_x'])
b_y = to_int(op['b_y'])
if (a_x % MOD, a_y % MOD) == (0, 0):
return
if (b_x % MOD, b_y % MOD) == (0, 0):
return
A = [FQ(a_x), FQ(a_y), FQ.one()]
B = [FQ(b_x), FQ(b_y), FQ.one()]
if not (is_on_curve(A, b) and subgroup_check(A)):
return
if not (is_on_curve(B, b) and subgroup_check(B)):
return
result = add(A, B)
result = [str(result[0] / result[2]), str(result[1] / result[2])]
r = json.dumps(result)
return bytes(r, 'utf-8')
def OpBLS_Verify(arg):
op = json.loads(arg)
verified = False
g1_x = to_int(op['g1_x'])
g1_y = to_int(op['g1_y'])
g1 = [FQ(g1_x), FQ(g1_y), FQ.one()]
if is_on_curve(g1, b) == False:
r = json.dumps(verified)
return bytes(r, 'utf-8')
g1 = G1_to_pubkey(g1)
g2_v = to_int(op['g2_v'])
g2_w = to_int(op['g2_w'])
g2_x = to_int(op['g2_x'])
g2_y = to_int(op['g2_y'])
g2 = (FQ2((g2_v, g2_x)), FQ2((g2_w, g2_y)), FQ2.one())
try:
g2 = G2_to_signature(g2)
except:
r = json.dumps(verified)
return bytes(r, 'utf-8')
msg = bytes.fromhex(op['cleartext'])
verified = bls_pop.Verify(g1, msg, g2)
r = json.dumps(verified)
return bytes(r, 'utf-8')
def OpBLS_G1_IsEq(arg):
op = json.loads(arg)
a_x = to_int(op['a_x'])
a_y = to_int(op['a_y'])
b_x = to_int(op['b_x'])
b_y = to_int(op['b_y'])
if (a_x % MOD, a_y % MOD) == (0, 0):
return
if (b_x % MOD, b_y % MOD) == (0, 0):
return
A = [FQ(a_x), FQ(a_y), FQ.one()]
B = [FQ(b_x), FQ(b_y), FQ.one()]
r = json.dumps(A == B)
return bytes(r, 'utf-8')
def OpBLS_IsG1OnCurve(arg):
op = json.loads(arg)
x = to_int(op['g1_x'])
y = to_int(op['g1_y'])
g1 = [FQ(x), FQ(y), FQ.one()]
if is_valid([x, y]) == False:
return
#r = json.dumps(is_on_curve(g2, b2))
r = json.dumps(is_on_curve(g1, b) and subgroup_check(g1))
return bytes(r, 'utf-8')
def OpBLS_G1_Neg(arg):
op = json.loads(arg)
a_x = to_int(op['a_x'])
a_y = to_int(op['a_y'])
if (a_x % MOD, a_y % MOD) == (0, 0):
return
A = [FQ(a_x), FQ(a_y), FQ.one()]
result = neg(A)
result = [str(result[0] / result[2]), str(result[1] / result[2])]
r = json.dumps(result)
return bytes(r, 'utf-8')
def OpBLS_Compress_G1(arg):
op = json.loads(arg)
x = to_int(op['g1_x'])
y = to_int(op['g1_y'])
if (x % MOD, y % MOD) == (0, 0):
return
g1 = [FQ(x), FQ(y), FQ.one()]
compressed = compress_G1(g1)
if is_valid([x, y]) == True and is_on_curve(g1, b):
decompressed = decompress_G1(compressed)
assert g1[0] == decompressed[0] and g1[1] == decompressed[1]
r = json.dumps(str(compressed))
return bytes(r, 'utf-8')
FQ(1),
)
# Generator for twisted curve over FQ2
G2 = (
FQ2((
352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160, # noqa: E501
3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758, # noqa: E501
)),
FQ2((
1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905, # noqa: E501
927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582, # noqa: E501
)),
FQ2.one(),
)
# Point at infinity over FQ
Z1 = (FQ.one(), FQ.one(), FQ.zero())
# Point at infinity for twisted curve over FQ2
Z2 = (FQ2.one(), FQ2.one(), FQ2.zero())
# Check if a point is the point at infinity
def is_inf(pt: Optimized_Point3D[Optimized_Field]) -> bool:
return pt[-1] == pt[-1].__class__.zero()
# Check that a point is on the curve defined by y**2 == x**3 + b
def is_on_curve(pt: Optimized_Point3D[Optimized_Field],
b: Optimized_Field) -> bool:
if is_inf(pt):
return True
x, y, z = pt
def test_decompress_G2_with_no_modular_square_root_found():
with pytest.raises(ValueError,
match="Failed to find a modular squareroot"):
signature_to_G2(b'\x11' * 96)
@pytest.mark.parametrize(
'pt,on_curve,is_infinity',
[
# On curve points
(G1, True, False),
(multiply(G1, 5), True, False),
# Infinity point but still on curve
(Z1, True, True),
# Not on curve
((FQ(5566), FQ(5566), FQ.one()), False, None),
])
def test_G1_compress_and_decompress_flags(pt, on_curve, is_infinity):
assert on_curve == is_on_curve(pt, b)
z = compress_G1(pt)
if on_curve:
x = z % POW_2_381
c_flag = (z % 2**384) // POW_2_383
b_flag = (z % POW_2_383) // POW_2_382
a_flag = (z % POW_2_382) // POW_2_381
assert x < q
assert c_flag == 1
if is_infinity:
assert b_flag == 1
assert a_flag == x == 0
else: