py_ecc.bls package
Submodules
py_ecc.bls.ciphersuites module
- class py_ecc.bls.ciphersuites.BaseG2Ciphersuite
Bases:
ABC- classmethod Aggregate(signatures: Sequence[BLSSignature]) BLSSignature
The Aggregate algorithm aggregates multiple signatures into one.
Raise ValidationError when there is input validation error.
- abstractmethod classmethod AggregateVerify(PKs: Sequence[BLSPubkey], messages: Sequence[bytes], signature: BLSSignature) bool
- DST = b''
- classmethod SkToPk(privkey: int) BLSPubkey
The SkToPk algorithm takes a secret key SK and outputs the corresponding public key PK.
Raise ValidationError when there is input validation error.
- xmd_hash_function(data=b'', *, usedforsecurity=True, string=None)
Returns a sha256 hash object; optionally initialized with a string
- class py_ecc.bls.ciphersuites.G2Basic
Bases:
BaseG2Ciphersuite- classmethod AggregateVerify(PKs: Sequence[BLSPubkey], messages: Sequence[bytes], signature: BLSSignature) bool
- DST = b'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_'
- class py_ecc.bls.ciphersuites.G2MessageAugmentation
Bases:
BaseG2Ciphersuite- classmethod AggregateVerify(PKs: Sequence[BLSPubkey], messages: Sequence[bytes], signature: BLSSignature) bool
- DST = b'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_AUG_'
- class py_ecc.bls.ciphersuites.G2ProofOfPossession
Bases:
BaseG2Ciphersuite- classmethod AggregateVerify(PKs: Sequence[BLSPubkey], messages: Sequence[bytes], signature: BLSSignature) bool
- DST = b'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_'
- classmethod FastAggregateVerify(PKs: Sequence[BLSPubkey], message: bytes, signature: BLSSignature) bool
- POP_TAG = b'BLS_POP_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_'
py_ecc.bls.constants module
py_ecc.bls.g2_primitives module
- py_ecc.bls.g2_primitives.G1_to_pubkey(pt: Tuple[optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ]) BLSPubkey
- py_ecc.bls.g2_primitives.G2_to_signature(pt: Tuple[optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2]) BLSSignature
- py_ecc.bls.g2_primitives.pubkey_to_G1(pubkey: BLSPubkey) Tuple[optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ]
- py_ecc.bls.g2_primitives.signature_to_G2(signature: BLSSignature) Tuple[optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2]
py_ecc.bls.hash module
- py_ecc.bls.hash.expand_message_xmd(msg: bytes, DST: bytes, len_in_bytes: int, hash_function: HASH) bytes
- py_ecc.bls.hash.hkdf_expand(prk: bytes | bytearray, info: bytes | bytearray, length: int) bytes
HKDF-Expand
- py_ecc.bls.hash.i2osp(x: int, xlen: int) bytes
Convert a nonnegative integer x to an octet string of a specified length xlen. https://tools.ietf.org/html/rfc8017#section-4.1
- py_ecc.bls.hash.os2ip(x: bytes) int
Convert an octet string x to a nonnegative integer. https://tools.ietf.org/html/rfc8017#section-4.2
py_ecc.bls.hash_to_curve module
- py_ecc.bls.hash_to_curve.clear_cofactor_G1(p: Tuple[optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ]) Tuple[optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ]
Clear Cofactor via Multiplication
Ensure a point falls in the correct subgroup of the curve.
- py_ecc.bls.hash_to_curve.clear_cofactor_G2(p: Tuple[optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2]) Tuple[optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2]
Clear Cofactor via Multiplication
Ensure a point falls in the correct sub group of the curve.
- py_ecc.bls.hash_to_curve.hash_to_G1(message: bytes, DST: bytes, hash_function: HASH) Tuple[optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ]
Convert a message to a point on G1 as defined here: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-6.6.3
The idea is to first hash into FQ and then use SSWU to map the result into G1.
Contents and inputs follow the ciphersuite
BLS12381G1_XMD:SHA-256_SSWU_RO_defined here: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-09#section-8.8.1
- py_ecc.bls.hash_to_curve.hash_to_G2(message: bytes, DST: bytes, hash_function: HASH) Tuple[optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2]
Convert a message to a point on G2 as defined here: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-6.6.3
The idea is to first hash into FQ2 and then use SSWU to map the result into G2.
Contents and inputs follow the ciphersuite
BLS12381G2_XMD:SHA-256_SSWU_RO_defined here: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-8.8.2
- py_ecc.bls.hash_to_curve.hash_to_field_FQ(message: bytes, count: int, DST: bytes, hash_function: HASH) Tuple[optimized_bls12_381_FQ, ...]
Hash To Base Field for FQ
Convert a message to a point in the finite field as defined here: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-5.3
- py_ecc.bls.hash_to_curve.hash_to_field_FQ2(message: bytes, count: int, DST: bytes, hash_function: HASH) Tuple[optimized_bls12_381_FQ2, ...]
Hash To Base Field for FQ2
Convert a message to a point in the finite field as defined here: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-5.3
- py_ecc.bls.hash_to_curve.map_to_curve_G1(u: optimized_bls12_381_FQ) Tuple[optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ]
Map To Curve for G1
First, convert FQ point to a point on the 11-Isogeny curve. SWU Map: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-6.6.3
Second, map 11-Isogeny curve to BLS12-381-G1 curve. 11-Isogeny Map: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-09#name-11-isogeny-map-for-bls12-38
- py_ecc.bls.hash_to_curve.map_to_curve_G2(u: optimized_bls12_381_FQ2) Tuple[optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2]
Map To Curve for G2
First, convert FQ2 point to a point on the 3-Isogeny curve. SWU Map: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-6.6.3
Second, map 3-Isogeny curve to BLS12-381-G2 curve. 3-Isogeny Map: https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#appendix-C.3
py_ecc.bls.point_compression module
- py_ecc.bls.point_compression.compress_G1(pt: Tuple[optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ]) G1Compressed
A compressed point is a 384-bit integer with the bit order (c_flag, b_flag, a_flag, x), where the c_flag bit is always set to 1, the b_flag bit indicates infinity when set to 1, the a_flag bit helps determine the y-coordinate when decompressing, and the 381-bit integer x is the x-coordinate of the point.
- py_ecc.bls.point_compression.compress_G2(pt: Tuple[optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2]) G2Compressed
The compressed point (z1, z2) has the bit order: z1: (c_flag1, b_flag1, a_flag1, x1) z2: (c_flag2, b_flag2, a_flag2, x2) where - c_flag1 is always set to 1 - b_flag1 indicates infinity when set to 1 - a_flag1 helps determine the y-coordinate when decompressing, - a_flag2, b_flag2, and c_flag2 are always set to 0
- py_ecc.bls.point_compression.decompress_G1(z: G1Compressed) Tuple[optimized_bls12_381_FQ, optimized_bls12_381_FQ, optimized_bls12_381_FQ]
Recovers x and y coordinates from the compressed point.
- py_ecc.bls.point_compression.decompress_G2(p: G2Compressed) Tuple[optimized_bls12_381_FQ2, optimized_bls12_381_FQ2, optimized_bls12_381_FQ2]
Recovers x and y coordinates from the compressed point (z1, z2).
- py_ecc.bls.point_compression.is_point_at_infinity(z1: int, z2: int | None = None) bool
If z2 is None, the given z1 is a G1 point. Else, (z1, z2) is a G2 point.
- py_ecc.bls.point_compression.modular_squareroot_in_FQ2(value: optimized_bls12_381_FQ2) optimized_bls12_381_FQ2 | None
Given value=``x``, returns the value
ysuch thaty**2 % q == x, and None if this is not possible. In cases where there are two solutions, the value with higher imaginary component is favored; if both solutions have equal imaginary component the value with higher real component is favored.