You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
1.6 KiB
82 lines
1.6 KiB
# toy implementation of BLS signatures in Sage
|
|
#
|
|
# Scheme overview: https://arnaucube.com/blog/kzg-commitments.html
|
|
# Go implementation: https://github.com/arnaucube/kzg-commitments-study
|
|
|
|
load("bls12-381.sage")
|
|
|
|
e = Pairing()
|
|
|
|
def new_ts(l):
|
|
Fr = GF(e.r)
|
|
s = Fr.random_element()
|
|
print("s", s)
|
|
tauG1 = [None] * l
|
|
tauG2 = [None] * l
|
|
for i in range(0, l): # TODO probably duplicate G1 & G2 instead of first powering s^i and then * G_j
|
|
sPow = Integer(s)^i
|
|
tauG1[i] = sPow * e.G1
|
|
tauG2[i] = sPow * e.G2
|
|
|
|
return (tauG1, tauG2)
|
|
|
|
def commit(taus, p):
|
|
return evaluate_at_tau(p, taus)
|
|
|
|
# evaluates p at tau
|
|
def evaluate_at_tau(p, taus):
|
|
e = 0
|
|
for i in range(0, len(p.list())):
|
|
e = e + p[i] * taus[i]
|
|
return e
|
|
|
|
def evaluation_proof(tau, p, z, y):
|
|
# (p - y)
|
|
n = p - y
|
|
# (t - z)
|
|
d = (t-z)
|
|
# q, rem = n / d
|
|
q = n / d
|
|
print("q", q)
|
|
q = q.numerator()
|
|
den = q.denominator()
|
|
print("q", q)
|
|
print("den", den)
|
|
# check that den = 1
|
|
assert(den==1) # rem=0
|
|
# proof: e = [q(t)]₁
|
|
return evaluate_at_tau(q, tau)
|
|
|
|
def verify(tau, c, proof, z, y):
|
|
# [t]₂ - [z]₂
|
|
sz = tau[1] - z*e.G2
|
|
|
|
# c - [y]₁
|
|
cy = c - y*e.G1
|
|
|
|
print("proof", proof)
|
|
print("sz", sz)
|
|
print("cy", cy)
|
|
lhs = e.pair(proof, sz)
|
|
rhs = e.pair(cy, e.G2)
|
|
print("lhs", lhs)
|
|
print("rhs", rhs)
|
|
return lhs == rhs
|
|
|
|
|
|
(tauG1, tauG2) = new_ts(5)
|
|
|
|
R.<t> = PolynomialRing(e.F1)
|
|
p = t^3 + t + 5
|
|
|
|
c = commit(tauG1, p)
|
|
|
|
z = 3
|
|
y = p(z) # = 35
|
|
|
|
proof = evaluation_proof(tauG1, p, z, y)
|
|
print("proof", proof)
|
|
|
|
v = verify(tauG2, c, proof, z, y)
|
|
print(v)
|
|
assert(v)
|