Skip to content

Instantly share code, notes, and snippets.

@tjade273
Forked from anonymous/BLS.sol
Created Mar 8, 2018
Embed
What would you like to do?
Created using browser-solidity: Realtime Ethereum Contract Compiler and Runtime. Load this file by pasting this gists URL or ID at https://ethereum.github.io/browser-solidity/#version=soljson-v0.4.21+commit.dfe3193c.js&optimize=false&gist=
contract BailliePSW {
function sprp(uint a) pure returns (bool iscomposite) {
}
function modexp() constant returns (bytes32 o){
assembly {
let m := mload(0x40)
mstore(m,1)
mstore(add(m, 0x20),2)
mstore(add(m,0x40), 0x20)
mstore(add(m, 0x60), 0x03ffff8000000000000000000000000000000000000000000000000000000000)
if iszero(call(10000, 5, 0, m, 0x80, m, 0x20)) {revert(0,0)}
o := mload(m)
mstore(0x40, add(0x80, m))
}
}
}
contract BLS {
uint public nonce;
uint[4] public pubkey;
// sig[0:1] is h^-x, sig[2] is the y-component of h
function forward(uint[3] sig, uint gas, address addr, uint value, bytes data) returns (bool) {
bytes32 msg = keccak256(nonce, gas, addr, value, data);
bool success;
assembly {
let m := mload(0x40)
mstore(m, mload(sig))
mstore(add(m, 0x20), mload(add(sig, 32)))
mstore(add(m, 0x40), 11559732032986387107991004021392285783925812861821192530917403151452391805634)
mstore(add(m, 0x60), 10857046999023057135944570762232829481370756359578518086990519993285655852781)
mstore(add(m, 0x80), 4082367875863433681332203403145435568316851327593401208105741076214120093531)
mstore(add(m, 0xa0), 8495653923123431417604973247489272438418190587263600148770280649306958101930)
mstore(add(m, 0xc0), msg)
mstore(add(m, 0xe0), mload(add(sig, 0x40)))
mstore(add(m, 0x100), mload(pubkey_slot))
mstore(add(m,0x120), mload(add(pubkey_slot, 0x20)))
mstore(add(m,0x140), mload(add(pubkey_slot, 0x40)))
mstore(add(m,0x160), mload(add(pubkey_slot, 0x60)))
if iszero(call(500000,0x08,0,m,0x180,0,0x20)) {invalid}
success := mload(0)
}
require(success);
return addr.call.gas(gas).value(value)(data);
}
}
contract Fermat_witness{
function witness()
}
contract QEth {
/*
* Quantum-safe proxy contract, based on
* Winternitz One-time Signatures
* with 30 8-bit chunks
* Gives 120 bit security
*
* Based on:
* Ralph Merkle. "A certified digital signature". Ph.D. dissertation, Stanford University, 1979
*/
bytes32 public pubkey_hash;
function QEth(bytes32 _pubkey) public {
// Initialize to first pubkey hash
pubkey_hash = _pubkey;
}
function send_transaction(bytes32[32] sig, bytes32 next_key, uint g, address a, uint v, bytes data) external {
uint s; // \sum_{i = 0}^30 message_i
bytes32 phash; // phash_{i+1} = sha3(phash_i, pkey[i])
bytes32 message = keccak256(next_key, g, a, v, data);
for(uint i = 0; i < 30; i++){
s += uint(message[i]);
}
// Append checksum: msg[30:] == 256*30 - sum(msg[:30])
message &= 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000;
message |= bytes32(256*30 - s);
// H^(256-v)(H^v(priv)) == pub
for(i = 0; i < 32; i++){
bytes32 sig_chunk = sig[i];
byte vi = message[i];
for(uint j = 0; j < 256 - uint(vi); j++){
sig_chunk = keccak256(sig_chunk);
}
phash = keccak256(phash, sig_chunk);
}
assert(phash == pubkey_hash);
a.call.gas(g).value(v)(data);
// Update public key (Don't reuse keys...)
pubkey_hash = next_key;
}
// Optimized assembly version
function send_asm(bytes32[32] sig, bytes32 next_key, uint g, address a, uint v, bytes data) external {
assembly{
let s := 0
let m := mload(0x40) // Free memory pointer
let l := calldataload(1188) // len(data)
calldatacopy(m, 1028, 64) // Copy [next_key, g]
calldatacopy(add(m, 64), 1104, 52) // Copy [a, v]
calldatacopy(add(m, 116), 1220, l) // Copy [data]
let message := keccak256(m, add(116, l))
v := byte(0, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(1, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x20)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(2, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x40)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(3, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x60)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(4, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x80)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(5, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0xa0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(6, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0xc0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(7, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0xe0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(8, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x100)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(9, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x120)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(10, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x140)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(11, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x160)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(12, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x180)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(13, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x1a0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(14, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x1c0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(15, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x1e0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(16, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x200)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(17, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x220)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(18, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x240)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(19, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x260)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(20, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x280)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(21, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x2a0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(22, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x2c0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(23, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x2e0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(24, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x300)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(25, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x320)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(26, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x340)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(27, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x360)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(28, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x380)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
v := byte(29, message)
s := add(v, s)
mstore(32, calldataload(add(4, 0x3a0)))
for {let j := 0} lt(j, sub(256, v)) {j := add(j, 1)}
{
mstore(32, keccak256(32,32))
}
mstore(0, keccak256(0, 64))
s := sub(7680, s)
mstore(32, calldataload(964))
for {let j := 0} lt(j, sub(256, div(s, 256))) {j := add(j, 1)}
{
mstore(32, keccak256(32, 32))
}
mstore(0, keccak256(0, 64))
mstore(32, calldataload(996))
for {let j := 0} lt(j, sub(256, and(s, 0xFF))) {j := add(j, 1)}
{
mstore(32, keccak256(32, 32))
}
let pubkey := keccak256(0, 64)
if iszero(eq(pubkey, sload(pubkey_hash_slot))) {
return(0,0)
}
call(g, a, v, add(m, 1112), l, 0,0)
pop
sstore(0, next_key)
}
}
}
contract PairingTest {
function test() constant returns (bool){
var (a1_x, a1_y) = (0x1936f7b07be20ac4b7faac53aba252c44112b369f437c12d75b8157882b390aa, 0x55c38c27b1dc7fbbdfbb7b4795e92d0d838126c25b6771908f9a23c35c8921a);
var (a2_x, a2_y) = (0x1936f7b07be20ac4b7faac53aba252c44112b369f437c12d75b8157882b390aa, 0x2b0815b06613d82dfa548e020822c58cbf49582542bb53743326e9daa2b46b2d);
var (bx_i, bx) = (0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2, 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed);
var (by_i, by) = (0x90689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b, 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7dab);
bool s;
uint m;
assembly{
m := mload(0x40)
mstore(m, a1_x)
mstore(add(m, 0x20), a1_y)
mstore(add(m, 0x40), bx)
mstore(add(m, 0x60), bx_i)
mstore(add(m, 0x80), by)
mstore(add(m, 0xa0), by_i)
mstore(add(m, 0xc0), a2_x)
mstore(add(m, 0xe0), a2_y)
mstore(add(m, 0x100), bx)
mstore(add(m, 0x120), bx_i)
mstore(add(m, 0x140), by)
mstore(add(m, 0x160), by_i)
mstore(0, 1234)
let c := call(sub(gas, 10000), 0x8, 0, m, 0x180, 0, 0x20)
if iszero(c) {invalid}
s := eq(mload(0), 1)
mstore(0x40, add(m, 0x180))
}
return s;
}
function empty_call() constant returns (bool s){
assembly {
if iszero(call(gas, 8, 0, 32, 0, 0, 0x20)){invalid}
s := mload(0)
}
}
}
contract Test {
function test(){
assembly{
function f (a) -> result { result := add(a, 1)}
f(1)
f(2)
f(3)
f(4)
f(5)
pop pop pop pop pop
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment