proof_verify test compatibility passing

hashcloak · Dec 22, 2024 · 79cd177 · 79cd177
1 parent 835441b
commit 79cd177
Show file tree

Hide file tree

Showing 3 changed files with 184 additions and 186 deletions.
diff --git a/src/bbs_verify.sol b/src/bbs_verify.sol
@@ -630,7 +630,7 @@ contract BBS_Verifier {
         Pairing.G1Point memory t1 = Pairing.plus(Pairing.scalar_mul(proof.bBar, proof.challenge), temp1);
 
         Pairing.G1Point memory bv1 = Pairing.scalar_mul(BBS.generators()[0], domain);
-        Pairing.G1Point memory bv = Pairing.plus(BBS.BP1(), bv1);
+        Pairing.G1Point memory bv = Pairing.plus(BBS.P1(), bv1);
 
         for (uint256 i = 0; i < disclosedIndices.length; i++) {
             Pairing.G1Point memory t = Pairing.scalar_mul(BBS.generators()[disclosedIndices[i] + 1], disclosedMsg[i]);
@@ -675,7 +675,7 @@ contract BBS_Verifier {
     ) public pure returns (uint256) {
         require(disclosedMsg.length == disclosedIndices.length, "invalid length");
 
-        uint256 totalLength = 8 + disclosedMsg.length * (8 + 32) + initProof.points.length * 64 + 32 + 8;
+        uint256 totalLength = 8 + disclosedMsg.length * (8 + 32) + initProof.points.length * 32 + 32 + 8;
         bytes memory serializeBytes = new bytes(totalLength);
 
         uint256 serializeBytesPtr;
@@ -693,7 +693,7 @@ contract BBS_Verifier {
         // Serialize disclosedIndices and disclosedMsg
         for (uint256 i = 0; i < disclosedMsg.length; i++) {
             bytes memory indexBytes = uint64ToBytes(uint64(disclosedIndices[i]));
-            bytes memory msgBytes = reverseBytes(uintToBytes(disclosedMsg[i]));
+            bytes memory msgBytes = uintToBytes(disclosedMsg[i]);
 
             assembly {
                 let indexPtr := add(indexBytes, 0x20)
@@ -711,18 +711,18 @@ contract BBS_Verifier {
 
         // Serialize G1 points
         for (uint256 i = 0; i < initProof.points.length; i++) {
-            bytes memory pointBytes = g1ToBytes(initProof.points[i]);
+            bytes memory pointBytes = serializeCompressed(initProof.points[i]);
 
             assembly {
                 let pointPtr := add(pointBytes, 0x20)
                 mstore(serializeBytesPtr, mload(pointPtr))
                 mstore(add(serializeBytesPtr, 0x20), mload(add(pointPtr, 0x20))) // Copy 64 bytes for G1 point
-                serializeBytesPtr := add(serializeBytesPtr, 64)
+                serializeBytesPtr := add(serializeBytesPtr, 32)
             }
         }
 
         // Serialize scalar (32 bytes)
-        bytes memory scalarBytes = reverseBytes(uintToBytes(initProof.scalar));
+        bytes memory scalarBytes = uintToBytes(initProof.scalar);
         assembly {
             let scalarPtr := add(scalarBytes, 0x20)
             mstore(serializeBytesPtr, mload(scalarPtr)) // Copy 32 bytes

diff --git a/test/bbs_verify.t.sol b/test/bbs_verify.t.sol
@@ -68,82 +68,82 @@ contract BBS_VerifierTest is Test {
             ]
         );
 
-        // proof.aBar = Pairing.G1Point(
-        //     uint256(17705900040482640200318765868397816899423300068827258330107828571873441470719),
-        //     uint256(7713906401864379473036154127800301923576930562959621253303600800199073334118)
-        // );
-        // proof.bBar = Pairing.G1Point(
-        //     uint256(21727344193746663605105815693486793700736011477614477583899999224491814279994),
-        //     uint256(3107868243865832229708730395440182823160504417487161073020576660932813536129)
-        // );
-        // proof.d = Pairing.G1Point(
-        //     uint256(15259877521667048732653966731531866330870155623999372073511953831671978329220),
-        //     uint256(10346279138881905705140583326619164208036592391424952436660826945178815367429)
-        // );
-        // proof.eCap = uint256(895560299474401253372773501875631392367182095767290314841076259590095084586);
-        // proof.r1Cap = uint256(11193219439787925012791936928927829256760578552338662201715987339199095941227);
-        // proof.r3Cap = uint256(15267152252107021640270952755495037380174121953972815385187286027940019996824);
-        // proof.challenge = uint256(17070931957668459394149291496811547077907740596908548642717845173554837520766);
-
-        // proof.commitments = new uint256[](28);
-        // proof.commitments[0] = uint256(19095727655211535891907424632625597788660896504069139787113033189477200901164);
-        // proof.commitments[1] = uint256(19376086836081848875356199522059787747649523185103503820918546873546803656837);
-        // proof.commitments[2] = uint256(294630661519046963443548105138813757424736295965011860489516719425258301868);
-        // proof.commitments[3] = uint256(2669991038723578516998124743106790553264755193437596445025159197580315246913);
-        // proof.commitments[4] = uint256(9347384312453102707431895387088312145715418559983462799650963982682084827252);
-        // proof.commitments[5] = uint256(10423402888507524428295410032922396350307052955495214158940561611559586857682);
-        // proof.commitments[6] = uint256(21667666739487631443855567302732869873626852318523924021971922974064015548203);
-        // proof.commitments[7] = uint256(2391574914373737044908304675905879726184592881619003159020770247137231086890);
-        // proof.commitments[8] = uint256(6278153666110445575600940082413845807068412500507616321015839605239269964481);
-        // proof.commitments[9] = uint256(17407116680557453084774309595190475554418201715886488721842472385513811947490);
-        // proof.commitments[10] = uint256(8501318769770573792305740921919152496772914721536223890699332307683117426648);
-        // proof.commitments[11] = uint256(10051701914974888853862296233599397109887353152719520271166239879253384300084);
-        // proof.commitments[12] = uint256(4629893339370850175540759987958849789651933707400277961494579665229717132314);
-        // proof.commitments[13] = uint256(19733193495966317727151773873301557383437837661981698399123721056474042649121);
-        // proof.commitments[14] = uint256(16581440502746205531254170374821787090797536920805429488227888885103068899696);
-        // proof.commitments[15] = uint256(4648351001408854396093087060766510007903087217506064759222363505293687917509);
-        // proof.commitments[16] = uint256(5232978090956285957326199431497654863020266920439885149705611444557525841377);
-        // proof.commitments[17] = uint256(10378971376370607204122093933171648619962601242767826857548254941729314144779);
-        // proof.commitments[18] = uint256(10636096558455749185044536222842024797504005940994930068820626467354940043941);
-        // proof.commitments[19] = uint256(13014117807481833912707217404666717118061234026083047800320547313575178119938);
-        // proof.commitments[20] = uint256(9468061149785714375845841584548255079305964111362932915002031399165874890540);
-        // proof.commitments[21] = uint256(12080296571110568157656356440360410776064799132442611756186811013992503842789);
-        // proof.commitments[22] = uint256(8406199401805359744205934469936213843102959323070335564794326616494411213164);
-        // proof.commitments[23] = uint256(13146762841746050965674929823955906169083360848059985425714661251008235930384);
-        // proof.commitments[24] = uint256(18062184243758250054044805146678460481140799371280738494887026946927689738624);
-        // proof.commitments[25] = uint256(4689669766214571146361709842956272925578589085257066757670840626355289827344);
-        // proof.commitments[26] = uint256(19717012933748023731747259246552232456988022985282562051094427191782572854304);
-        // proof.commitments[27] = uint256(19403246504848923420955727303103540860884754495247099508968984133479080201474);
-
-        // disclosed_msg[0] = 2266124219189018131;
-        // disclosed_msg[1] = 15553430782966677989;
-        // disclosed_msg[2] = 4743228516788447402;
-
-        // disclosed_indices[0] = 0;
-        // disclosed_indices[1] = 1;
-        // disclosed_indices[2] = 5;
-
-        // initProof.points[0] = Pairing.G1Point(
-        //     uint256(17705900040482640200318765868397816899423300068827258330107828571873441470719),
-        //     uint256(7713906401864379473036154127800301923576930562959621253303600800199073334118)
-        // );
-        // initProof.points[1] = Pairing.G1Point(
-        //     uint256(21727344193746663605105815693486793700736011477614477583899999224491814279994),
-        //     uint256(3107868243865832229708730395440182823160504417487161073020576660932813536129)
-        // );
-        // initProof.points[2] = Pairing.G1Point(
-        //     uint256(15259877521667048732653966731531866330870155623999372073511953831671978329220),
-        //     uint256(10346279138881905705140583326619164208036592391424952436660826945178815367429)
-        // );
-        // initProof.points[3] = Pairing.G1Point(
-        //     uint256(9450541227839351281812164523351865265510569098677555890572077252104786626690),
-        //     uint256(9197258858130081208441965628507147760561818479091872534935021928583764617680)
-        // );
-        // initProof.points[4] = Pairing.G1Point(
-        //     uint256(5816804290213296793101908964222774752394739247046217083058295650122051844227),
-        //     uint256(1590091680226237410825658942611263221992039739303345139797440692938537664171)
-        // );
-        // initProof.scalar = uint256(4661402122534330745222086575742781481159552639583525480514127238648290568236);
+        proof.aBar = Pairing.G1Point(
+            uint256(4589785035873902068341417873604960519481583897204418666058475414382012351726),
+            uint256(20970208301589133985681742138243432057150518795105541875968436518067907451482)
+        );
+        proof.bBar = Pairing.G1Point(
+            uint256(494789428909681690645146828013689108054268116392169451749293989761121075245),
+            uint256(17297246765270096457246040057082908839232893598408280949545770226231264303008)
+        );
+        proof.d = Pairing.G1Point(
+            uint256(5753637097923463694110512927335594432498285696036803043736622864645821893845),
+            uint256(7763217521923340286337553713448633798372460063374344530579106705314907885993)
+        );
+        proof.eCap = uint256(8042842032282577185618742748178918605750601718643454931428492117343952039038);
+        proof.r1Cap = uint256(19579446147797020085082626411591675595364051185016480545372113683170864922634);
+        proof.r3Cap = uint256(4516230118140551297436429895004240856013832273141665011691749625884080207354);
+        proof.challenge = uint256(9170523218553528937204975447093012127133495368757073227285674220594594974338);
+
+        proof.commitments = new uint256[](28);
+        proof.commitments[0] = uint256(17792881980202731787526234274937780058085069479191903238906823842716306214812);
+        proof.commitments[1] = uint256(5490119514502333332729615463314122543383712208334755349752023587140211405697);
+        proof.commitments[2] = uint256(8889159508660262338321863253616291933494922456025680962524206950677875551279);
+        proof.commitments[3] = uint256(9069561048618705417723902927725352725947307230585332809698064781724968067034);
+        proof.commitments[4] = uint256(20969893955715799675734152993110834546643706880157866605773662861880465651067);
+        proof.commitments[5] = uint256(18992254795544495368514124342807525827274043235883918021842172730625926706813);
+        proof.commitments[6] = uint256(14107066283288679410313948191605430336257599969829422378683949903409387241861);
+        proof.commitments[7] = uint256(12798941174073416197818145838604285932385561094171703550406719941108730266040);
+        proof.commitments[8] = uint256(7707483228209930435601220614428470260454979817369328511181148436441189364252);
+        proof.commitments[9] = uint256(11262475290933883039391017742343262691566224782110744908836640737065755077740);
+        proof.commitments[10] = uint256(20025099778222518728998013782354089583639902533963312481516779660434642391386);
+        proof.commitments[11] = uint256(10756483111048549875162036903848810583245448777908829437837498721453052300981);
+        proof.commitments[12] = uint256(5647152189167844700359734420476822971758687100169609521874338153743197477480);
+        proof.commitments[13] = uint256(6597777520175410638237560299448047126090708484661051367609535243803437578595);
+        proof.commitments[14] = uint256(2842749640235199581966772189142285932173353551113407861190259580874923768210);
+        proof.commitments[15] = uint256(8100729913959445213266603261363507349758311134743628864205342530610132032731);
+        proof.commitments[16] = uint256(18464513909237023511808358407416412607248496403674383674269261481921398236651);
+        proof.commitments[17] = uint256(20804683512780541730456550307292592384947875235703111243674677825086272759966);
+        proof.commitments[18] = uint256(3429593186662195935096221738432760090703045873994959001388531410854056609164);
+        proof.commitments[19] = uint256(20454320943614726678297451940346778110920218678288721887823293454833947818188);
+        proof.commitments[20] = uint256(6857251212744083045997730459448394274381066615951269234611492745730845498418);
+        proof.commitments[21] = uint256(14742257749293642622734794076507628340506139847594980214581451413113499961427);
+        proof.commitments[22] = uint256(12246699489562568425338334745874046921145259134913765828527381619293537499424);
+        proof.commitments[23] = uint256(13417706375138770649263189175295971157348919314915824794971570392768751224714);
+        proof.commitments[24] = uint256(14932843913903189152044822214369631098581507006906059224083721437059566611948);
+        proof.commitments[25] = uint256(16736877594037174310126934822629376254973535401043750021946965372895587488488);
+        proof.commitments[26] = uint256(9510282590851897620616131906689045795242783177500978291791620055703189601120);
+        proof.commitments[27] = uint256(16287576082505117925628461501366254697615855474701713406049352554328601724125);
+
+        disclosed_msg[0] = 2266124219189018131;
+        disclosed_msg[1] = 15553430782966677989;
+        disclosed_msg[2] = 4743228516788447402;
+
+        disclosed_indices[0] = 0;
+        disclosed_indices[1] = 1;
+        disclosed_indices[2] = 5;
+
+        initProof.points[0] = Pairing.G1Point(
+            uint256(4589785035873902068341417873604960519481583897204418666058475414382012351726),
+            uint256(20970208301589133985681742138243432057150518795105541875968436518067907451482)
+        );
+        initProof.points[1] = Pairing.G1Point(
+            uint256(494789428909681690645146828013689108054268116392169451749293989761121075245),
+            uint256(17297246765270096457246040057082908839232893598408280949545770226231264303008)
+        );
+        initProof.points[2] = Pairing.G1Point(
+            uint256(5753637097923463694110512927335594432498285696036803043736622864645821893845),
+            uint256(7763217521923340286337553713448633798372460063374344530579106705314907885993)
+        );
+        initProof.points[3] = Pairing.G1Point(
+            uint256(6611873073341182289283590762314481902854760470835093185430710671814862240453),
+            uint256(14440086804843035476175025645886595973522367063881962137027138447185139043896)
+        );
+        initProof.points[4] = Pairing.G1Point(
+            uint256(437030025586557310626084667197385398060437403959818122971050293505038543942),
+            uint256(14826402650986166312056692107563140793238833337671477194368246954293532362573)
+        );
+        initProof.scalar = uint256(10292285624696250102528155226431512323443546267207964357395200222618557155767);
     }
 
     function test_verify() public {
@@ -192,38 +192,37 @@ contract BBS_VerifierTest is Test {
         }
     }
 
+    function test_proof_verify_init() public {
+        BBS_Verifier verifier;
+        verifier = new BBS_Verifier();
+        BBS_Verifier.InitProof memory init_output =
+            verifier.proofVerifyInit(pk, proof, disclosed_msg, disclosed_indices);
+        assert(initProof.scalar == init_output.scalar);
+        assert(initProof.points[3].X == init_output.points[3].X);
+        assert(initProof.points[3].Y == init_output.points[3].Y);
+        assert(initProof.points[4].X == init_output.points[4].X);
+        assert(initProof.points[4].Y == init_output.points[4].Y);
+    }
+
     function test_calculateDomain() public {
         BBS_Verifier verifier;
         verifier = new BBS_Verifier();
         uint256 domain = verifier.calculate_domain(pk, 31);
         assert(domain == uint256(10292285624696250102528155226431512323443546267207964357395200222618557155767));
     }
 
-    // function test_proof_verify_init() public {
-    //     BBS_Verifier verifier;
-    //     verifier = new BBS_Verifier();
-    //     BBS_Verifier.InitProof memory init_output =
-    //         verifier.proofVerifyInit(pk, proof, disclosed_msg, disclosed_indices);
-
-    //     assert(initProof.scalar == init_output.scalar);
-    //     assert(initProof.points[3].X == init_output.points[3].X);
-    //     assert(initProof.points[3].Y == init_output.points[3].Y);
-    //     assert(initProof.points[4].X == init_output.points[4].X);
-    //     assert(initProof.points[4].Y == init_output.points[4].Y);
-    // }
-
-    // function testProofChallengeCalculate() public {
-    //     BBS_Verifier verifier;
-    //     verifier = new BBS_Verifier();
-    //     uint256 challenge = verifier.calculateProofChallenge(initProof, disclosed_msg, disclosed_indices);
-
-    //     assert(challenge == uint256(17070931957668459394149291496811547077907740596908548642717845173554837520766));
-    // }
-
-    // function testProofVerify() public {
-    //     BBS_Verifier verifier;
-    //     verifier = new BBS_Verifier();
-    //     bool res = verifier.verifyProof(pk, proof, disclosed_msg, disclosed_indices);
-    //     assert(res);
-    // }
+    function testProofChallengeCalculate() public {
+        BBS_Verifier verifier;
+        verifier = new BBS_Verifier();
+        uint256 challenge = verifier.calculateProofChallenge(initProof, disclosed_msg, disclosed_indices);
+
+        assert(challenge == proof.challenge);
+    }
+
+    function testProofVerify() public {
+        BBS_Verifier verifier;
+        verifier = new BBS_Verifier();
+        bool res = verifier.verifyProof(pk, proof, disclosed_msg, disclosed_indices);
+        assert(res);
+    }
 }