2019-03-27 16:32:13 +00:00
|
|
|
"""
|
|
|
|
|
BLS test vectors generator
|
|
|
|
|
"""
|
|
|
|
|
|
2019-07-27 01:07:37 +00:00
|
|
|
from typing import Tuple, Iterable, Any, Callable, Dict
|
2019-03-27 16:32:13 +00:00
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
from eth_utils import (
|
2019-07-16 06:27:34 +00:00
|
|
|
encode_hex,
|
|
|
|
|
int_to_big_endian,
|
2019-04-11 09:15:23 +00:00
|
|
|
)
|
2019-07-27 01:07:37 +00:00
|
|
|
from gen_base import gen_runner, gen_typing
|
2019-03-27 16:32:13 +00:00
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
from py_ecc import bls
|
2019-09-08 18:36:09 +00:00
|
|
|
from hashlib import sha256
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def hash(x):
|
|
|
|
|
return sha256(x).digest()
|
|
|
|
|
|
2019-03-27 16:32:13 +00:00
|
|
|
|
2019-06-14 16:15:54 +00:00
|
|
|
F2Q_COEFF_LEN = 48
|
|
|
|
|
G2_COMPRESSED_Z_LEN = 48
|
2020-01-16 18:09:58 +00:00
|
|
|
DST = b'BLS_SIG_BLS12381G2-SHA256-SSWU-RO_POP_'
|
2019-06-14 16:15:54 +00:00
|
|
|
|
|
|
|
|
|
2019-07-27 01:07:37 +00:00
|
|
|
def int_to_hex(n: int, byte_length: int = None) -> str:
|
2019-06-14 16:15:54 +00:00
|
|
|
byte_value = int_to_big_endian(n)
|
|
|
|
|
if byte_length:
|
|
|
|
|
byte_value = byte_value.rjust(byte_length, b'\x00')
|
2019-07-16 06:27:34 +00:00
|
|
|
return encode_hex(byte_value)
|
2019-03-27 16:32:13 +00:00
|
|
|
|
|
|
|
|
|
2020-01-16 18:09:58 +00:00
|
|
|
def int_to_bytes(n: int, byte_length: int = None) -> bytes:
|
|
|
|
|
byte_value = int_to_big_endian(n)
|
|
|
|
|
if byte_length:
|
|
|
|
|
byte_value = byte_value.rjust(byte_length, b'\x00')
|
|
|
|
|
return byte_value
|
|
|
|
|
|
|
|
|
|
|
2019-03-27 16:32:13 +00:00
|
|
|
def hex_to_int(x: str) -> int:
|
|
|
|
|
return int(x, 16)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DOMAINS = [
|
2019-07-16 06:27:34 +00:00
|
|
|
b'\x00\x00\x00\x00\x00\x00\x00\x00',
|
|
|
|
|
b'\x00\x00\x00\x00\x00\x00\x00\x01',
|
2019-07-27 01:07:37 +00:00
|
|
|
b'\x01\x00\x00\x00\x00\x00\x00\x00',
|
|
|
|
|
b'\x80\x00\x00\x00\x00\x00\x00\x00',
|
|
|
|
|
b'\x01\x23\x45\x67\x89\xab\xcd\xef',
|
2019-07-16 06:27:34 +00:00
|
|
|
b'\xff\xff\xff\xff\xff\xff\xff\xff'
|
2019-03-27 16:32:13 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
MESSAGES = [
|
2019-04-11 09:15:23 +00:00
|
|
|
bytes(b'\x00' * 32),
|
|
|
|
|
bytes(b'\x56' * 32),
|
|
|
|
|
bytes(b'\xab' * 32),
|
2019-03-27 16:32:13 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
PRIVKEYS = [
|
|
|
|
|
# Curve order is 256 so private keys are 32 bytes at most.
|
|
|
|
|
# Also not all integers is a valid private key, so using pre-generated keys
|
|
|
|
|
hex_to_int('0x00000000000000000000000000000000263dbd792f5b1be47ed85f8938c0f29586af0d3ac7b977f21c278fe1462040e3'),
|
|
|
|
|
hex_to_int('0x0000000000000000000000000000000047b8192d77bf871b62e87859d653922725724a5c031afeabc60bcef5ff665138'),
|
|
|
|
|
hex_to_int('0x00000000000000000000000000000000328388aff0d4a5b7dc9205abd374e7e98f3cd9f3418edb4eafda5fb16473d216'),
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
2020-01-16 18:09:58 +00:00
|
|
|
def hash_message(msg: bytes) -> Tuple[Tuple[str, str], Tuple[str, str], Tuple[str, str]]:
|
2019-03-27 16:32:13 +00:00
|
|
|
"""
|
|
|
|
|
Hash message
|
|
|
|
|
Input:
|
2019-07-16 06:27:34 +00:00
|
|
|
- Message as bytes32
|
2019-03-27 16:32:13 +00:00
|
|
|
Output:
|
|
|
|
|
- Message hash as a G2 point
|
|
|
|
|
"""
|
|
|
|
|
return [
|
|
|
|
|
[
|
2019-06-14 16:15:54 +00:00
|
|
|
int_to_hex(fq2.coeffs[0], F2Q_COEFF_LEN),
|
|
|
|
|
int_to_hex(fq2.coeffs[1], F2Q_COEFF_LEN),
|
2019-03-27 16:32:13 +00:00
|
|
|
]
|
2020-01-16 18:09:58 +00:00
|
|
|
for fq2 in bls.hash_to_curve.hash_to_G2(msg, DST)
|
2019-03-27 16:32:13 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
2020-01-16 18:09:58 +00:00
|
|
|
def hash_message_compressed(msg: bytes) -> Tuple[str, str]:
|
2019-03-27 16:32:13 +00:00
|
|
|
"""
|
|
|
|
|
Hash message
|
|
|
|
|
Input:
|
2019-07-16 06:27:34 +00:00
|
|
|
- Message as bytes32
|
2019-03-27 16:32:13 +00:00
|
|
|
Output:
|
|
|
|
|
- Message hash as a compressed G2 point
|
|
|
|
|
"""
|
2020-01-16 18:09:58 +00:00
|
|
|
z1, z2 = bls.point_compression.compress_G2(bls.hash_to_curve.hash_to_G2(msg, DST))
|
2019-06-14 16:15:54 +00:00
|
|
|
return [int_to_hex(z1, G2_COMPRESSED_Z_LEN), int_to_hex(z2, G2_COMPRESSED_Z_LEN)]
|
2019-03-27 16:32:13 +00:00
|
|
|
|
|
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
def case01_message_hash_G2_uncompressed():
|
2019-03-27 16:32:13 +00:00
|
|
|
for msg in MESSAGES:
|
2020-01-16 18:09:58 +00:00
|
|
|
yield f'uncom_g2_hash_{encode_hex(msg)}', {
|
|
|
|
|
'input': {
|
|
|
|
|
'message': encode_hex(msg),
|
|
|
|
|
},
|
|
|
|
|
'output': hash_message(msg)
|
|
|
|
|
}
|
2019-03-27 16:32:13 +00:00
|
|
|
|
2019-07-27 01:07:37 +00:00
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
def case02_message_hash_G2_compressed():
|
2019-03-27 16:32:13 +00:00
|
|
|
for msg in MESSAGES:
|
2020-01-16 18:09:58 +00:00
|
|
|
yield f'com_g2_hash_{encode_hex(msg)}', {
|
|
|
|
|
'input': {
|
|
|
|
|
'message': encode_hex(msg),
|
|
|
|
|
},
|
|
|
|
|
'output': hash_message_compressed(msg)
|
|
|
|
|
}
|
2019-03-27 16:32:13 +00:00
|
|
|
|
2019-07-27 01:07:37 +00:00
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
def case03_private_to_public_key():
|
2020-01-16 18:09:58 +00:00
|
|
|
pubkeys = [bls.G2Basic.PrivToPub(privkey) for privkey in PRIVKEYS]
|
2019-03-27 16:32:13 +00:00
|
|
|
pubkeys_serial = ['0x' + pubkey.hex() for pubkey in pubkeys]
|
2019-04-11 09:15:23 +00:00
|
|
|
for privkey, pubkey_serial in zip(PRIVKEYS, pubkeys_serial):
|
2019-07-27 01:07:37 +00:00
|
|
|
yield f'priv_to_pub_{int_to_hex(privkey)}', {
|
2019-03-27 16:32:13 +00:00
|
|
|
'input': int_to_hex(privkey),
|
|
|
|
|
'output': pubkey_serial,
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-27 01:07:37 +00:00
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
def case04_sign_messages():
|
2019-03-27 16:32:13 +00:00
|
|
|
for privkey in PRIVKEYS:
|
|
|
|
|
for message in MESSAGES:
|
2020-01-16 18:09:58 +00:00
|
|
|
sig = bls.G2ProofOfPossession.Sign(privkey, message)
|
|
|
|
|
full_name = f'{int_to_hex(privkey)}_{encode_hex(message)}'
|
|
|
|
|
yield f'sign_msg_case_{(hash(bytes(full_name, "utf-8"))[:8]).hex()}', {
|
|
|
|
|
'input': {
|
|
|
|
|
'privkey': int_to_hex(privkey),
|
|
|
|
|
'message': encode_hex(message),
|
|
|
|
|
},
|
|
|
|
|
'output': encode_hex(sig)
|
|
|
|
|
}
|
2019-04-11 09:15:23 +00:00
|
|
|
|
2019-07-27 01:07:37 +00:00
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
# TODO: case05_verify_messages: Verify messages signed in case04
|
|
|
|
|
# It takes too long, empty for now
|
2019-03-27 16:32:13 +00:00
|
|
|
|
|
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
def case06_aggregate_sigs():
|
2020-01-16 18:09:58 +00:00
|
|
|
for message in MESSAGES:
|
|
|
|
|
sigs = [bls.G2ProofOfPossession.Sign(privkey, message) for privkey in PRIVKEYS]
|
|
|
|
|
yield f'agg_sigs_{encode_hex(message)}', {
|
|
|
|
|
'input': [encode_hex(sig) for sig in sigs],
|
|
|
|
|
'output': encode_hex(bls.G2ProofOfPossession.Aggregate(sigs)),
|
|
|
|
|
}
|
2019-04-11 09:15:23 +00:00
|
|
|
|
2019-07-27 01:07:37 +00:00
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
def case07_aggregate_pubkeys():
|
2020-01-16 18:09:58 +00:00
|
|
|
pubkeys = [bls.G2Basic.PrivToPub(privkey) for privkey in PRIVKEYS]
|
2019-07-16 06:27:34 +00:00
|
|
|
pubkeys_serial = [encode_hex(pubkey) for pubkey in pubkeys]
|
2019-07-27 01:07:37 +00:00
|
|
|
yield f'agg_pub_keys', {
|
2019-04-11 09:15:23 +00:00
|
|
|
'input': pubkeys_serial,
|
2020-01-16 18:09:58 +00:00
|
|
|
'output': encode_hex(bls.G2ProofOfPossession._AggregatePKs(pubkeys)),
|
2019-04-11 09:15:23 +00:00
|
|
|
}
|
2019-03-27 16:32:13 +00:00
|
|
|
|
|
|
|
|
|
2019-04-11 09:15:23 +00:00
|
|
|
# TODO
|
|
|
|
|
# Aggregate verify
|
|
|
|
|
|
|
|
|
|
# TODO
|
|
|
|
|
# Proof-of-possession
|
|
|
|
|
|
|
|
|
|
|
2019-07-27 01:07:37 +00:00
|
|
|
def create_provider(handler_name: str,
|
|
|
|
|
test_case_fn: Callable[[], Iterable[Tuple[str, Dict[str, Any]]]]) -> gen_typing.TestProvider:
|
|
|
|
|
|
|
|
|
|
def prepare_fn(configs_path: str) -> str:
|
2019-07-30 01:11:59 +00:00
|
|
|
# Nothing to load / change in spec. Maybe in future forks.
|
|
|
|
|
# Put the tests into the general config category, to not require any particular configuration.
|
|
|
|
|
return 'general'
|
2019-07-27 01:07:37 +00:00
|
|
|
|
|
|
|
|
def cases_fn() -> Iterable[gen_typing.TestCase]:
|
|
|
|
|
for data in test_case_fn():
|
|
|
|
|
print(data)
|
|
|
|
|
(case_name, case_content) = data
|
|
|
|
|
yield gen_typing.TestCase(
|
|
|
|
|
fork_name='phase0',
|
|
|
|
|
runner_name='bls',
|
|
|
|
|
handler_name=handler_name,
|
|
|
|
|
suite_name='small',
|
|
|
|
|
case_name=case_name,
|
|
|
|
|
case_fn=lambda: [('data', 'data', case_content)]
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return gen_typing.TestProvider(prepare=prepare_fn, make_cases=cases_fn)
|
2019-04-11 09:15:23 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
2019-04-11 09:25:00 +00:00
|
|
|
gen_runner.run_generator("bls", [
|
2019-07-27 01:07:37 +00:00
|
|
|
create_provider('msg_hash_uncompressed', case01_message_hash_G2_uncompressed),
|
|
|
|
|
create_provider('msg_hash_compressed', case02_message_hash_G2_compressed),
|
|
|
|
|
create_provider('priv_to_pub', case03_private_to_public_key),
|
|
|
|
|
create_provider('sign_msg', case04_sign_messages),
|
|
|
|
|
create_provider('aggregate_sigs', case06_aggregate_sigs),
|
|
|
|
|
create_provider('aggregate_pubkeys', case07_aggregate_pubkeys),
|
2019-04-11 09:15:23 +00:00
|
|
|
])
|
