def test_backward_compatibility_py_evm():
from py_ecc import optimized_bn128 as bn128
from py_ecc.optimized_bn128 import (
FQP,
FQ2,
)
FQ = bn128.FQ
p1 = (FQ(0), FQ(0), FQ(1))
bn128.is_on_curve(p1, bn128.b)
def ec_pair(data: List[int]) -> List[int]:
if len(data) % 192:
return []
zero = (bn128.FQ2.one(), bn128.FQ2.one(), bn128.FQ2.zero())
exponent = bn128.FQ12.one()
bytes_data = bytearray(data)
for i in range(0, len(bytes_data), 192):
x1 = extract32(bytes_data, i)
y1 = extract32(bytes_data, i + 32)
x2_i = extract32(bytes_data, i + 64)
x2_r = extract32(bytes_data, i + 96)
y2_i = extract32(bytes_data, i + 128)
y2_r = extract32(bytes_data, i + 160)
p1 = validate_point(x1, y1)
if p1 is False:
return []
for v in (x2_i, x2_r, y2_i, y2_r):
if v >= bn128.field_modulus:
return []
fq2_x = bn128.FQ2([x2_r, x2_i])
fq2_y = bn128.FQ2([y2_r, y2_i])
if (fq2_x, fq2_y) != (bn128.FQ2.zero(), bn128.FQ2.zero()):
p2 = (fq2_x, fq2_y, bn128.FQ2.one())
if not bn128.is_on_curve(p2, bn128.b2):
return []
else:
p2 = zero
if bn128.multiply(p2, bn128.curve_order)[-1] != bn128.FQ2.zero():
return []
exponent *= bn128.pairing(p2, p1, final_exponentiate=False)
result = bn128.final_exponentiate(exponent) == bn128.FQ12.one()
return [0] * 31 + [1 if result else 0]
def decompress_G2(p: bytes) -> Tuple[FQP, FQP, FQP]:
x1 = p[0] % 2**255
y1_mod_2 = p[0] // 2**255
x2 = p[1]
x = FQ2([x1, x2])
if x == FQ2([0, 0]):
return FQ2([1, 0]), FQ2([1, 0]), FQ2([0, 0])
y = sqrt_fq2(x**3 + b2)
if y.coeffs[0] % 2 != y1_mod_2:
y = FQ2((y * -1).coeffs)
assert is_on_curve((x, y, FQ2([1, 0])), b2)
return x, y, FQ2([1, 0])
def map_to_g2(raw_hash: FQ2) -> G2Point:
one = FQ2.one()
x = raw_hash
while True:
y = x * x * x + b2
y = sqrt(y)
if y is not None:
break
x += one
h = multiply((x, y, one), COFACTOR_G2)
assert is_on_curve(h, b2)
return h
def map_to_g1(raw_hash: FQ) -> G1Point:
one = FQ.one()
x = raw_hash
while True:
y = x * x * x + b
y = sqrt(y)
if y is not None:
break
x += one
h = (x, y, FQ.one())
assert is_on_curve(h, b)
return h
def decompress_G2(p):
x1 = p[0] % 2**255
y1_mod_2 = p[0] // 2**255
x2 = p[1]
x = FQ2([x1, x2])
if x == FQ2([0, 0]):
return FQ2([1, 0]), FQ2([1, 0]), FQ2([0, 0])
y = sqrt_fq2(x**3 + b2)
if y.coeffs[0] % 2 != y1_mod_2:
y = y * -1
assert is_on_curve((x, y, FQ2([1, 0])), b2)
return x, y, FQ2([1, 0])
def validate_point(x, y):
import py_ecc.optimized_bn128 as bn128
FQ = bn128.FQ
if x >= bn128.field_modulus or y >= bn128.field_modulus:
return False
if (x, y) != (0, 0):
p1 = (FQ(x), FQ(y), FQ(1))
if not bn128.is_on_curve(p1, bn128.b):
return False
else:
p1 = (FQ(1), FQ(1), FQ(0))
return p1
def validate_point(x: int, y: int) -> Tuple[bn128.FQ, bn128.FQ, bn128.FQ]:
FQ = bn128.FQ
if x >= bn128.field_modulus:
raise ValidationError("Point x value is greater than field modulus")
elif y >= bn128.field_modulus:
raise ValidationError("Point y value is greater than field modulus")
if (x, y) != (0, 0):
p1 = (FQ(x), FQ(y), FQ(1))
if not bn128.is_on_curve(p1, bn128.b):
raise ValidationError("Point is not on the curve")
else:
p1 = (FQ(1), FQ(1), FQ(0))
return p1
def validate_point(x, y):
FQ = bn128.FQ
if x >= bn128.field_modulus:
raise ValidationError("Point x value is greater than field modulus")
elif y >= bn128.field_modulus:
raise ValidationError("Point y value is greater than field modulus")
if (x, y) != (0, 0):
p1 = (FQ(x), FQ(y), FQ(1))
if not bn128.is_on_curve(p1, bn128.b):
raise ValidationError("Point is not on the curve")
else:
p1 = (FQ(1), FQ(1), FQ(0))
return p1
def _process_point(data_buffer: bytes, exponent: int) -> bn128.FQP:
x1, y1, x2_i, x2_r, y2_i, y2_r = _extract_point(data_buffer)
p1 = validate_point(x1, y1)
for v in (x2_i, x2_r, y2_i, y2_r):
if v >= bn128.field_modulus:
raise ValidationError("value greater than field modulus")
fq2_x = bn128.FQ2([x2_r, x2_i])
fq2_y = bn128.FQ2([y2_r, y2_i])
p2 = ZERO
if (fq2_x, fq2_y) != (bn128.FQ2.zero(), bn128.FQ2.zero()):
p2 = (fq2_x, fq2_y, bn128.FQ2.one())
if not bn128.is_on_curve(p2, bn128.b2):
raise ValidationError("point is not on curve")
if bn128.multiply(p2, bn128.curve_order)[-1] != bn128.FQ2.zero():
raise ValidationError("TODO: what case is this?????")
return exponent * bn128.pairing(FQP_point_to_FQ2_point(p2), p1, final_exponentiate=False)
def proc_ecpairing(ext, msg):
if not ext.post_metropolis_hardfork():
return 1, msg.gas, []
import py_ecc.optimized_bn128 as bn128
FQ = bn128.FQ
print('pairing proc', msg.gas)
# Data must be an exact multiple of 192 byte
if msg.data.size % 192:
return 0, 0, []
gascost = opcodes.GPAIRINGBASE + msg.data.size // 192 * opcodes.GPAIRINGPERPOINT
if msg.gas < gascost:
return 0, 0, []
zero = (bn128.FQ2.one(), bn128.FQ2.one(), bn128.FQ2.zero())
exponent = bn128.FQ12.one()
for i in range(0, msg.data.size, 192):
x1 = msg.data.extract32(i)
y1 = msg.data.extract32(i + 32)
x2_i = msg.data.extract32(i + 64)
x2_r = msg.data.extract32(i + 96)
y2_i = msg.data.extract32(i + 128)
y2_r = msg.data.extract32(i + 160)
p1 = validate_point(x1, y1)
if p1 is False:
return 0, 0, []
for v in (x2_i, x2_r, y2_i, y2_r):
if v >= bn128.field_modulus:
return 0, 0, []
fq2_x = bn128.FQ2([x2_r, x2_i])
fq2_y = bn128.FQ2([y2_r, y2_i])
if (fq2_x, fq2_y) != (bn128.FQ2.zero(), bn128.FQ2.zero()):
p2 = (fq2_x, fq2_y, bn128.FQ2.one())
if not bn128.is_on_curve(p2, bn128.b2):
return 0, 0, []
else:
p2 = zero
if bn128.multiply(p2, bn128.curve_order)[-1] != bn128.FQ2.zero():
return 0, 0, []
exponent *= bn128.pairing(p2, p1, final_exponentiate=False)
result = bn128.final_exponentiate(exponent) == bn128.FQ12.one()
return 1, msg.gas - gascost, [0] * 31 + [1 if result else 0]
def _process_point(data_buffer, exponent):
x1, y1, x2_i, x2_r, y2_i, y2_r = _extract_point(data_buffer)
p1 = validate_point(x1, y1)
for v in (x2_i, x2_r, y2_i, y2_r):
if v >= bn128.field_modulus:
raise ValidationError("value greater than field modulus")
fq2_x = bn128.FQ2([x2_r, x2_i])
fq2_y = bn128.FQ2([y2_r, y2_i])
if (fq2_x, fq2_y) != (bn128.FQ2.zero(), bn128.FQ2.zero()):
p2 = (fq2_x, fq2_y, bn128.FQ2.one())
if not bn128.is_on_curve(p2, bn128.b2):
raise ValidationError("point is not on curve")
else:
p2 = ZERO
if bn128.multiply(p2, bn128.curve_order)[-1] != bn128.FQ2.zero():
raise ValidationError("TODO: what case is this?????")
return exponent * bn128.pairing(p2, p1, final_exponentiate=False)
def compress_G2(pt: Tuple[FQP, FQP, FQP]) -> Tuple[int, int]:
assert is_on_curve(pt, b2)
x, y = normalize(pt)
return (int(x.coeffs[0] + 2**255 * (y.coeffs[0] % 2)), int(x.coeffs[1]))
def compress_G2(pt):
assert is_on_curve(pt, b2)
x, y = normalize(pt)
return (x.coeffs[0] + 2**255 * (y.coeffs[0] % 2), x.coeffs[1])
def is_g2_on_curve(p: G2Point):
return is_on_curve(p, b2)
def is_g1_on_curve(p: G1Point):
return is_on_curve(p, b)
def is_valid_g2_point(p: G2Point) -> bool:
return is_on_curve(p, b2)
from examine_trans_logs import max_gas_usage, gas_usage
# 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
verbose = True
verbose_print = print if verbose else lambda *a, **k: None
for n in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]:
# generate token
# Generate values from EqualityTest
master_keys, check_keys = equality_test.setup(n)
test_token = equality_test.gen_token(master_keys, [3 for _ in range(n)], n)
listG2 = []
for x in range(n):
listG2.append(test_token[0][x]['u_multiplied'])
assert fast_pairing.is_on_curve(test_token[0][x]['u_multiplied'],
fast_pairing.b2)
for x in range(n):
listG2.append(test_token[0][x]['alpha_mul_g2_mul_prp'])
assert fast_pairing.is_on_curve(
test_token[0][x]['alpha_mul_g2_mul_prp'], fast_pairing.b2)
listG2.append(test_token[1])
listG2 = list(map(fast_pairing.normalize, listG2))
g2_x_i, g2_x_r, g2_y_i, g2_y_r = split_g2_points(listG2)
args = [g2_x_i, g2_x_r, g2_y_i, g2_y_r]
# Deploy contract
web3 = Web3(HTTPProvider(URL))
contract_file = "store_token_equality_test.sol"
def is_valid_g1_point(p: G1Point) -> bool:
return is_on_curve(p, b)