add aggregated test

paradigmxyz · Sep 26, 2024 · 90e8991 · 90e8991
1 parent 825d42e
commit 90e8991
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 6 deletions.
diff --git a/src/sign/BLS.sol b/src/sign/BLS.sol
@@ -7,30 +7,30 @@ pragma solidity ^0.8.23;
 /// @dev Precompile addresses come from the BLS addresses submodule in AlphaNet, see
 ///      <https://github.com/paradigmxyz/alphanet/blob/main/crates/precompile/src/addresses.rs>
 library BLS {
-    /// @dev A base field element (Fp) is encoded as 64 bytes by performing the 
-    /// BigEndian encoding of the corresponding (unsigned) integer. Due to the size of p, 
+    /// @dev A base field element (Fp) is encoded as 64 bytes by performing the
+    /// BigEndian encoding of the corresponding (unsigned) integer. Due to the size of p,
     /// the top 16 bytes are always zeroes.
     struct Fp {
         uint256 a;
         uint256 b;
     }
 
-    /// @dev For elements of the quadratic extension field (Fp2), encoding is byte concatenation of 
-    /// individual encoding of the coefficients totaling in 128 bytes for a total encoding. 
+    /// @dev For elements of the quadratic extension field (Fp2), encoding is byte concatenation of
+    /// individual encoding of the coefficients totaling in 128 bytes for a total encoding.
     /// c0 + c1 * v
     struct Fp2 {
         Fp c0;
         Fp c1;
     }
 
-    /// @dev Points of G1 and G2 are encoded as byte concatenation of the respective 
+    /// @dev Points of G1 and G2 are encoded as byte concatenation of the respective
     /// encodings of the x and y coordinates.
     struct G1Point {
         Fp x;
         Fp y;
     }
 
-    /// @dev Points of G1 and G2 are encoded as byte concatenation of the respective 
+    /// @dev Points of G1 and G2 are encoded as byte concatenation of the respective
     /// encodings of the x and y coordinates.
     struct G2Point {
         Fp2 x;

diff --git a/test/BLS.t.sol b/test/BLS.t.sol
@@ -30,6 +30,7 @@ contract BLSTest is Test {
         )
     );
 
+    /// @dev Demonstrates the signing and verification of a message.
     function test() public {
         // Obtain the private key as a random scalar.
         uint256 privateKey = vm.randomUint();
@@ -55,4 +56,39 @@ contract BLSTest is Test {
 
         assertTrue(BLS.Pairing(g1Points, g2Points));
     }
+
+    /// @dev Demonstrates the aggregation and verification of two signatures.
+    function testAggregated() public {
+        // private keys
+        uint256 sk1 = vm.randomUint();
+        uint256 sk2 = vm.randomUint();
+
+        // public keys
+        BLS.G1Point memory pk1 = BLS.G1Mul(G1_GENERATOR, sk1);
+        BLS.G1Point memory pk2 = BLS.G1Mul(G1_GENERATOR, sk2);
+
+        // Compute the message point by mapping message's keccak256 hash to a point in G2.
+        bytes memory message = "hello world";
+        BLS.G2Point memory messagePoint = BLS.MapFp2ToG2(BLS.Fp2(BLS.Fp(0, 0), BLS.Fp(0, uint256(keccak256(message)))));
+
+        // signatures
+        BLS.G2Point memory sig1 = BLS.G2Mul(messagePoint, sk1);
+        BLS.G2Point memory sig2 = BLS.G2Mul(messagePoint, sk2);
+
+        // aggregated signature
+        BLS.G2Point memory sig = BLS.G2Add(sig1, sig2);
+
+        // Invoke the pairing check to verify the signature.
+        BLS.G1Point[] memory g1Points = new BLS.G1Point[](3);
+        g1Points[0] = NEGATED_G1_GENERATOR;
+        g1Points[1] = pk1;
+        g1Points[2] = pk2;
+
+        BLS.G2Point[] memory g2Points = new BLS.G2Point[](3);
+        g2Points[0] = sig;
+        g2Points[1] = messagePoint;
+        g2Points[2] = messagePoint;
+
+        assertTrue(BLS.Pairing(g1Points, g2Points));
+    }
 }