Started full PoS / BLS implementation
from hashlib import blake2s
blake = lambda x: blake2s(x).digest()
from py_ecc.optimized_bn128 import G1, G2, add, multiply, FQ, FQ2, pairing, \
normalize, field_modulus, b, b2, is_on_curve, curve_order
def compress_G1(pt):
x, y = normalize(pt)
return x.n + 2**255 * (y.n % 2)
def decompress_G1(p):
if p == 0:
return (FQ(1), FQ(1), FQ(0))
x = p % 2**255
y_mod_2 = p // 2**255
y = pow((x**3 + b.n) % field_modulus, (field_modulus+1)//4, field_modulus)
assert pow(y, 2, field_modulus) == (x**3 + b.n) % field_modulus
if y%2 != y_mod_2:
y = field_modulus - y
return (FQ(x), FQ(y), FQ(1))
# 16th root of unity
hex_root = FQ2([21573744529824266246521972077326577680729363968861965890554801909984373949499,
assert hex_root ** 8 != FQ2([1,0])
assert hex_root ** 16 == FQ2([1,0])
def sqrt_fq2(x):
y = x ** ((field_modulus ** 2 + 15) // 32)
while y**2 != x:
y *= hex_root
return y
def hash_to_G2(m):
k2 = m
while 1:
k1 = blake(k2)
k2 = blake(k1)
x1 = int.from_bytes(k1, 'big') % field_modulus
x2 = int.from_bytes(k2, 'big') % field_modulus
x = FQ2([x1, x2])
xcb = x**3 + b2
if xcb ** ((field_modulus ** 2 - 1) // 2) == FQ2([1,0]):
y = sqrt_fq2(xcb)
return multiply((x, y, FQ2([1,0])), 2*field_modulus-curve_order)
def compress_G2(pt):
assert is_on_curve(pt, b2)
x, y = normalize(pt)
return (x.coeffs[0] + 2**255 * (y.coeffs[0] % 2), x.coeffs[1])
def decompress_G2(p):
x1 = p[0] % 2**255
y1_mod_2 = p[0] // 2**255
x2 = p[1]
x = FQ2([x1, x2])
if x == FQ2([0, 0]):
return FQ2([1,0]), FQ2([1,0]), FQ2([0,0])
y = sqrt_fq2(x**3 + b2)
if y.coeffs[0] % 2 != y1_mod_2:
y = y * -1
assert is_on_curve((x, y, FQ2([1,0])), b2)
return x, y, FQ2([1,0])
def sign(m, k):
return compress_G2(multiply(hash_to_G2(m), k))
def privtopub(k):
return compress_G1(multiply(G1, k))
def verify(m, pub, sig):
return pairing(decompress_G2(sig), G1) == pairing(hash_to_G2(m), decompress_G1(pub))
def aggregate_sigs(sigs):
o = FQ2([1,0]), FQ2([1,0]), FQ2([0,0])
for s in sigs:
o = add(o, decompress_G2(s))
return compress_G2(o)
def aggregate_pubs(pubs):
o = FQ(1), FQ(1), FQ(0)
for p in pubs:
o = add(o, decompress_G1(p))
return compress_G1(o)
for x in (1, 5, 124, 735, 127409812145, 90768492698215092512159, 0):
print('Testing with privkey %d' % x)
p1 = multiply(G1, x)
p2 = multiply(G2, x)
msg = str(x).encode('utf-8')
msghash = hash_to_G2(msg)
assert normalize(decompress_G1(compress_G1(p1))) == normalize(p1)
assert normalize(decompress_G2(compress_G2(p2))) == normalize(p2)
assert normalize(decompress_G2(compress_G2(msghash))) == normalize(msghash)
sig = sign(msg, x)
pub = privtopub(x)
assert verify(msg, pub, sig)
print('Testing signature aggregation')
msg = b'cow'
keys = [1, 5, 124, 735, 127409812145, 90768492698215092512159, 0]
sigs = [sign(msg, k) for k in keys]
pubs = [privtopub(k) for k in keys]
aggsig = aggregate_sigs(sigs)
aggpub = aggregate_pubs(pubs)
assert verify(msg, aggpub, aggsig)
@ -0,0 +1,68 @@
from hashlib import blake2s
blake = lambda x: blake2s(x).digest()
from ethereum.utils import normalize_address, hash32, trie_root, \
big_endian_int, address, int256, encode_hex, decode_hex, encode_int, \
from rlp.sedes import big_endian_int, Binary, binary, CountableList
import rlp
import bls
import random
class BeaconBlock(rlp.Serializable):
fields = [
('parent_hash', hash32),
('skip_count', int256),
('randao_reveal', hash32),
('attestation_bitmask', binary),
('attestation_aggregate_sig', int256),
('ffg_signer_list', binary),
('ffg_aggregate_sig', int256),
('main_chain_ref', hash32),
('state_hash', hash32),
('height', int256),
('sig', int256)
def __init__(self,
parent_hash=b'\x00'*32, skip_count=0, randao_reveal=b'\x00'*32,
attestation_bitmask=b'', attestation_aggregate_sig=0,
ffg_signer_list=b'', ffg_aggregate_sig=0, main_chain_ref=b'\x00'*32,
state_hash=b'\x00'*32, height=0, sig=0):
# at the beginning of a method, locals() is a dict of all arguments
fields = {k: v for k, v in locals().items() if k != 'self'}
super(BlockHeader, self).__init__(**fields)
def quick_sample(seed, validator_count, sample_count):
k = 0
while 256**k < n:
k += 1
o = []; source = seed; pos = 0
while len(o) < sample_count:
if pos + k > 32:
source = blake(source)
pos = 0
m = big_endian_to_int(source[pos:pos+k])
if n * (m // n + 1) <= 256**k:
o.append(m % n)
pos += k
return o
privkeys = [int.from_bytes(blake2s(str(i).encode('utf-8'))) for i in range(3000)]
def mock_make_child(parent_state, skips, ):
fields = [
('parent_hash', hash32),
('skip_count', int256),
('randao_reveal', hash32),
('attestation_bitmask', binary),
('attestation_aggregate_sig', int256),
('ffg_signer_list', binary),
('ffg_aggregate_sig', int256),
('main_chain_ref', hash32),
('state_hash', hash32),
('height', int256),
('sig', int256)
@ -1,16 +1,18 @@
@ -18,15 +20,22 @@ import random
@ -1,363 +0,0 @@
