solidity上实现BLS签名机制

2024-06-15 08:38

本文主要是介绍solidity上实现BLS签名机制,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

 原文地址:https://ethereum.stackexchange.com/questions/59293/does-ethereum-support-pairing-operations

BLS签名机制说明:http://www.ymcall.com/artinfo/698628886830280666.html

 

pragma solidity ^0.4.14;/*
Example of how to verify BLS signatures and BGLS aggregate signatures in Ethereum.Signatures are generated using https://github.com/Project-Arda/bgls
Code is based on https://github.com/jstoxrocky/zksnarks_example
*/contract BLSExample {struct G1Point {uint X;uint Y;}// Encoding of field elements is: X[0] * z + X[1]struct G2Point {uint[2] X;uint[2] Y;}//P1,P2根据 https://github.com/ethereum/EIPs/blob/df132cd37efb3986f9cd3ef4922b15a767d2c54a/EIPS/eip-197.md#specification/// @return the generator of G1function P1() internal returns (G1Point) {return G1Point(1, 2);}/// @return the generator of G2function P2() internal returns (G2Point) {return G2Point([11559732032986387107991004021392285783925812861821192530917403151452391805634,10857046999023057135944570762232829481370756359578518086990519993285655852781],[4082367875863433681332203403145435568316851327593401208105741076214120093531,8495653923123431417604973247489272438418190587263600148770280649306958101930]);}//Example of BLS signature verificationfunction verifyBLSTest() returns (bool) {bytes memory message = hex"7b0a2020226f70656e223a207b0a20202020227072696365223a2039353931372c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333134323430302c0a2020202020202269736f223a2022323031362d31322d33315430303a30303a30302e3030305a220a202020207d0a20207d2c0a202022636c6f7365223a207b0a20202020227072696365223a2039363736302c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d2c0a2020226c6f6f6b7570223a207b0a20202020227072696365223a2039363736302c0a20202020226b223a20312c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d0a7d0a6578616d706c652e636f6d2f6170692f31";G1Point memory signature = G1Point(11181692345848957662074290878138344227085597134981019040735323471731897153462, 6479746447046570360435714249272776082787932146211764251347798668447381926167);G2Point memory v = G2Point([18523194229674161632574346342370534213928970227736813349975332190798837787897, 5725452645840548248571879966249653216818629536104756116202892528545334967238],[3816656720215352836236372430537606984911914992659540439626020770732736710924, 677280212051826798882467475639465784259337739185938192379192340908771705870]);G1Point memory h = hashToG1(message);return pairing2(negate(signature), P2(), h, v);}//Example of BGLS signature verification with 2 signers//Note that the messages differ in their last character.function verifyBGLS2() returns (bool) {uint numberOfSigners = 2;G1Point memory signature = G1Point(7985250684665362734034207174567341000146996823387166378141631317099216977152, 5471024627060516972461571110176333017668072838695251726406965080926450112048);bytes memory message0 = hex"7b0a2020226f70656e223a207b0a20202020227072696365223a2039353931372c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333134323430302c0a2020202020202269736f223a2022323031362d31322d33315430303a30303a30302e3030305a220a202020207d0a20207d2c0a202022636c6f7365223a207b0a20202020227072696365223a2039363736302c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d2c0a2020226c6f6f6b7570223a207b0a20202020227072696365223a2039363736302c0a20202020226b223a20312c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d0a7d0a6578616d706c652e636f6d2f6170692f30";bytes memory message1 = hex"7b0a2020226f70656e223a207b0a20202020227072696365223a2039353931372c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333134323430302c0a2020202020202269736f223a2022323031362d31322d33315430303a30303a30302e3030305a220a202020207d0a20207d2c0a202022636c6f7365223a207b0a20202020227072696365223a2039363736302c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d2c0a2020226c6f6f6b7570223a207b0a20202020227072696365223a2039363736302c0a20202020226b223a20312c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d0a7d0a6578616d706c652e636f6d2f6170692f31";G2Point memory v0 = G2Point([15516709285352539082439213720585739724329002971882390582209636960597958801449, 19324541677661060388134143597417835654030498723817274130329567224531700170734],[16550775633156536193089672538964908973667410921848053632462693002610771214528, 10154483139478025296468271477739414260393126999813603835827647034319242387010]);G2Point memory v1 = G2Point([14125383697019450293340447180826714775062600193406387386692146468060627933203, 10886345395648455940547500614900453787797209052692168129177801883734751834552],[13494666809312056575532152175382485778895768300692817869062640713829304801648, 10580958449683540742032499469496205826101096579572266360455646078388895706251]);G1Point memory h0 = hashToG1(message0);G1Point memory h1 = hashToG1(message1);G1Point[] memory a = new G1Point[](numberOfSigners + 1);G2Point[] memory b = new G2Point[](numberOfSigners + 1);a[0] = negate(signature);a[1] = h0;a[2] = h1;b[0] = P2();b[1] = v0;b[2] = v1;return pairing(a, b);}//Example of BGLS signature verification with 3 signers//Note that the messages differ in their last character.function verifyBGLS3() returns (bool) {uint numberOfSigners = 3;G1Point memory signature = G1Point(385846518441062319503502284295243290270560187383398932887791670182362540842, 19731933537428695151702009864745685458233056709189425720845387511061953267292);bytes memory message0 = hex"7b0a2020226f70656e223a207b0a20202020227072696365223a2039353931372c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333134323430302c0a2020202020202269736f223a2022323031362d31322d33315430303a30303a30302e3030305a220a202020207d0a20207d2c0a202022636c6f7365223a207b0a20202020227072696365223a2039363736302c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d2c0a2020226c6f6f6b7570223a207b0a20202020227072696365223a2039363736302c0a20202020226b223a20312c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d0a7d0a6578616d706c652e636f6d2f6170692f30";bytes memory message1 = hex"7b0a2020226f70656e223a207b0a20202020227072696365223a2039353931372c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333134323430302c0a2020202020202269736f223a2022323031362d31322d33315430303a30303a30302e3030305a220a202020207d0a20207d2c0a202022636c6f7365223a207b0a20202020227072696365223a2039363736302c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d2c0a2020226c6f6f6b7570223a207b0a20202020227072696365223a2039363736302c0a20202020226b223a20312c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d0a7d0a6578616d706c652e636f6d2f6170692f31";bytes memory message2 = hex"7b0a2020226f70656e223a207b0a20202020227072696365223a2039353931372c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333134323430302c0a2020202020202269736f223a2022323031362d31322d33315430303a30303a30302e3030305a220a202020207d0a20207d2c0a202022636c6f7365223a207b0a20202020227072696365223a2039363736302c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d2c0a2020226c6f6f6b7570223a207b0a20202020227072696365223a2039363736302c0a20202020226b223a20312c0a202020202274696d65223a207b0a20202020202022756e6978223a20313438333232383830302c0a2020202020202269736f223a2022323031372d30312d30315430303a30303a30302e3030305a220a202020207d0a20207d0a7d0a6578616d706c652e636f6d2f6170692f32";G2Point memory v0 = G2Point([1787282038370667094324364195810339512415273589223814213215040505578200405366, 414568866548933554513940840943382696902163788831396286279770126458218272940],[6560020551439455112781785895092032589010633560844445112872109862153018855017, 19411093226570397520343120724285433000937737461010544490862811136406407315543]);G2Point memory v1 = G2Point([14831125462625540363404323739936082597729714855858291605999144010730542058037, 8342129546329626371616639780890580451066604883761980695690870205390518348707],[808186590373043742842665711030588185456231663895663328011864547134240543671, 1856705676948889458735296604372981546875220644939188415241687241562401814459]);G2Point memory v2 = G2Point([12507030828714819990408995725310388936101611986473926829733453468215798265704, 16402225253711577242710704509153100189802817297679524801952098990526969620006],[18717845356690477533392378472300056893077745517009561191866660997312973511514, 20124563173642533900823905467925868861151292863229012000403558815142682516349]);G1Point memory h0 = hashToG1(message0);G1Point memory h1 = hashToG1(message1);G1Point memory h2 = hashToG1(message2);G1Point[] memory a = new G1Point[](numberOfSigners + 1);G2Point[] memory b = new G2Point[](numberOfSigners + 1);a[0] = negate(signature);a[1] = h0;a[2] = h1;a[3] = h2;b[0] = P2();b[1] = v0;b[2] = v1;b[3] = v2;return pairing(a, b);}/// @return the result of computing the pairing check/// e(p1[0], p2[0]) *  .... * e(p1[n], p2[n]) == 1/// For example pairing([P1(), P1().negate()], [P2(), P2()]) should/// return true.function pairing(G1Point[] p1, G2Point[] p2) internal returns (bool) {require(p1.length == p2.length);uint elements = p1.length;uint inputSize = elements * 6;uint[] memory input = new uint[](inputSize);for (uint i = 0; i < elements; i++){input[i * 6 + 0] = p1[i].X;input[i * 6 + 1] = p1[i].Y;input[i * 6 + 2] = p2[i].X[0];input[i * 6 + 3] = p2[i].X[1];input[i * 6 + 4] = p2[i].Y[0];input[i * 6 + 5] = p2[i].Y[1];}uint[1] memory out;bool success;assembly {success := call(sub(gas, 2000), 8, 0, add(input, 0x20), mul(inputSize, 0x20), out, 0x20)// Use "invalid" to make gas estimation workswitch success case 0 {invalid}}require(success);return out[0] != 0;}/// Convenience method for a pairing check for two pairs.function pairing2(G1Point a1, G2Point a2, G1Point b1, G2Point b2) internal returns (bool) {G1Point[] memory p1 = new G1Point[](2);G2Point[] memory p2 = new G2Point[](2);p1[0] = a1;p1[1] = b1;p2[0] = a2;p2[1] = b2;return pairing(p1, p2);}function hashToG1(bytes message) internal returns (G1Point) {uint256 h = uint256(keccak256(message));return mul(P1(), h);}function modPow(uint256 base, uint256 exponent, uint256 modulus) internal returns (uint256) {uint256[6] memory input = [32, 32, 32, base, exponent, modulus];uint256[1] memory result;assembly {if iszero(call(not(0), 0x05, 0, input, 0xc0, result, 0x20)) {revert(0, 0)}}return result[0];}/// @return the negation of p, i.e. p.add(p.negate()) should be zero.function negate(G1Point p) internal returns (G1Point) {// The prime q in the base field F_q for G1uint q = 21888242871839275222246405745257275088696311157297823662689037894645226208583;if (p.X == 0 && p.Y == 0)return G1Point(0, 0);return G1Point(p.X, q - (p.Y % q));}/// @return the sum of two points of G1function add(G1Point p1, G1Point p2) internal returns (G1Point r) {uint[4] memory input;input[0] = p1.X;input[1] = p1.Y;input[2] = p2.X;input[3] = p2.Y;bool success;assembly {success := call(sub(gas, 2000), 6, 0, input, 0xc0, r, 0x60)// Use "invalid" to make gas estimation workswitch success case 0 {invalid}}require(success);}/*common.BytesToAddress([]byte{1}): &ecrecover{},common.BytesToAddress([]byte{2}): &sha256hash{},common.BytesToAddress([]byte{3}): &ripemd160hash{},common.BytesToAddress([]byte{4}): &dataCopy{},common.BytesToAddress([]byte{5}): &bigModExp{},common.BytesToAddress([]byte{6}): &bn256Add{},common.BytesToAddress([]byte{7}): &bn256ScalarMul{},common.BytesToAddress([]byte{8}): &bn256Pairing{}, *//// @return the product of a point on G1 and a scalar, i.e./// p == p.mul(1) and p.add(p) == p.mul(2) for all points p.function mul(G1Point p, uint s) internal returns (G1Point r) {uint[3] memory input;input[0] = p.X;input[1] = p.Y;input[2] = s;bool success;assembly {//call(g, a, v, in, insize, out, outsize)/*call contract at address a with input mem[in…(in+insize)) providing g gas and v wei and output area mem[out…(out+outsize)) returning 0 on error (eg. out of gas) and 1 on success*///gas: still available to executionsuccess := call(sub(gas, 2000), 7, 0, input, 0x80, r, 0x60)// Use "invalid" to make gas estimation workswitch success case 0 {invalid}  //end execution with invalid instruction}require(success);}}

 

这篇关于solidity上实现BLS签名机制的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/1062960

相关文章

JVM 的类初始化机制

前言 当你在 Java 程序中new对象时,有没有考虑过 JVM 是如何把静态的字节码(byte code)转化为运行时对象的呢,这个问题看似简单,但清楚的同学相信也不会太多,这篇文章首先介绍 JVM 类初始化的机制,然后给出几个易出错的实例来分析,帮助大家更好理解这个知识点。 JVM 将字节码转化为运行时对象分为三个阶段,分别是:loading 、Linking、initialization

hdu1043(八数码问题,广搜 + hash(实现状态压缩) )

利用康拓展开将一个排列映射成一个自然数,然后就变成了普通的广搜题。 #include<iostream>#include<algorithm>#include<string>#include<stack>#include<queue>#include<map>#include<stdio.h>#include<stdlib.h>#include<ctype.h>#inclu

【C++】_list常用方法解析及模拟实现

相信自己的力量,只要对自己始终保持信心,尽自己最大努力去完成任何事,就算事情最终结果是失败了,努力了也不留遗憾。💓💓💓 目录   ✨说在前面 🍋知识点一:什么是list? •🌰1.list的定义 •🌰2.list的基本特性 •🌰3.常用接口介绍 🍋知识点二:list常用接口 •🌰1.默认成员函数 🔥构造函数(⭐) 🔥析构函数 •🌰2.list对象

【Prometheus】PromQL向量匹配实现不同标签的向量数据进行运算

✨✨ 欢迎大家来到景天科技苑✨✨ 🎈🎈 养成好习惯,先赞后看哦~🎈🎈 🏆 作者简介:景天科技苑 🏆《头衔》:大厂架构师,华为云开发者社区专家博主,阿里云开发者社区专家博主,CSDN全栈领域优质创作者,掘金优秀博主,51CTO博客专家等。 🏆《博客》:Python全栈,前后端开发,小程序开发,人工智能,js逆向,App逆向,网络系统安全,数据分析,Django,fastapi

让树莓派智能语音助手实现定时提醒功能

最初的时候是想直接在rasa 的chatbot上实现,因为rasa本身是带有remindschedule模块的。不过经过一番折腾后,忽然发现,chatbot上实现的定时,语音助手不一定会有响应。因为,我目前语音助手的代码设置了长时间无应答会结束对话,这样一来,chatbot定时提醒的触发就不会被语音助手获悉。那怎么让语音助手也具有定时提醒功能呢? 我最后选择的方法是用threading.Time

Android实现任意版本设置默认的锁屏壁纸和桌面壁纸(两张壁纸可不一致)

客户有些需求需要设置默认壁纸和锁屏壁纸  在默认情况下 这两个壁纸是相同的  如果需要默认的锁屏壁纸和桌面壁纸不一样 需要额外修改 Android13实现 替换默认桌面壁纸: 将图片文件替换frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.*  (注意不能是bmp格式) 替换默认锁屏壁纸: 将图片资源放入vendo

C#实战|大乐透选号器[6]:实现实时显示已选择的红蓝球数量

哈喽,你好啊,我是雷工。 关于大乐透选号器在前面已经记录了5篇笔记,这是第6篇; 接下来实现实时显示当前选中红球数量,蓝球数量; 以下为练习笔记。 01 效果演示 当选择和取消选择红球或蓝球时,在对应的位置显示实时已选择的红球、蓝球的数量; 02 标签名称 分别设置Label标签名称为:lblRedCount、lblBlueCount

Kubernetes PodSecurityPolicy:PSP能实现的5种主要安全策略

Kubernetes PodSecurityPolicy:PSP能实现的5种主要安全策略 1. 特权模式限制2. 宿主机资源隔离3. 用户和组管理4. 权限提升控制5. SELinux配置 💖The Begin💖点点关注,收藏不迷路💖 Kubernetes的PodSecurityPolicy(PSP)是一个关键的安全特性,它在Pod创建之前实施安全策略,确保P

Java ArrayList扩容机制 (源码解读)

结论:初始长度为10,若所需长度小于1.5倍原长度,则按照1.5倍扩容。若不够用则按照所需长度扩容。 一. 明确类内部重要变量含义         1:数组默认长度         2:这是一个共享的空数组实例,用于明确创建长度为0时的ArrayList ,比如通过 new ArrayList<>(0),ArrayList 内部的数组 elementData 会指向这个 EMPTY_EL

工厂ERP管理系统实现源码(JAVA)

工厂进销存管理系统是一个集采购管理、仓库管理、生产管理和销售管理于一体的综合解决方案。该系统旨在帮助企业优化流程、提高效率、降低成本,并实时掌握各环节的运营状况。 在采购管理方面,系统能够处理采购订单、供应商管理和采购入库等流程,确保采购过程的透明和高效。仓库管理方面,实现库存的精准管理,包括入库、出库、盘点等操作,确保库存数据的准确性和实时性。 生产管理模块则涵盖了生产计划制定、物料需求计划、