An analysis of Supra's "decentralized VRF" implementation. The conclusion: under the actual trust model, it fails to provide not just the "d" (decentralized), but also the "V" (verifiable) and "R" (random) properties that define a VRF.
From Supra's website:
| #!/usr/bin/env python3 | |
| """ | |
| BLE Advertisement Monitor for FMDN Device Debugging | |
| Monitors all BLE advertisements and tracks devices broadcasting FMDN/Eddystone | |
| service data. Helps identify what data is being broadcast and timing patterns. | |
| Usage: | |
| python ble_monitor.py [--identity-key KEY] [--pair-date TIMESTAMP] [--mac MAC] |
| # Bootstrap code that reads zipapp from stdin and executes it (single line for -c) | |
| # Uses chr(10) for newline to avoid shell/JSON escaping issues | |
| # Bootstrap code: reads size + zipapp from stdin, passes remaining stdin to inner script | |
| # Format: <size>\n<zipapp_bytes><optional_cgi_body> | |
| # Args after '--' are passed to the inner script as sys.argv[1:] | |
| # Usage: python -c 'BOOTSTRAP' -- arg1 arg2 | |
| BOOTSTRAP_CODE := import sys,os,io,zipfile;NL=chr(10).encode();raw=sys.stdin.buffer.read();nl=raw.find(NL);sz=int(raw[:nl]);zb=raw[nl+1:nl+1+sz];sys.stdin=io.TextIOWrapper(io.BytesIO(raw[nl+1+sz:]));sys.argv=["__main__.py"]+[a for a in sys.argv[1:] if a!="--"];print("Content-Type: application/json"+chr(10)) if "GATEWAY_INTERFACE" in os.environ else None;exec(compile(zipfile.ZipFile(io.BytesIO(zb)).read("__main__.py"),"<zipapp>","exec"),{"__name__":"__main__"}) | |
| run: my.zipapp | |
| (echo $$(wc -c < $(TEST_ZIPAPP) | tr -d ' '); cat my.zipapp) | COSMOPOLITAN_INIT_ZIPOS=/proc/self/exe cosmo-python -c $(BOOTSTRAP_CODE) -- args |
| # Type-3 Pairing Implementation for Sage/SymPy | |
| # Models G1, G2, GT groups and scalar field Fp with bilinear pairing | |
| from sympy import symbols, simplify, Mod, Integer | |
| from typing import Union, Optional | |
| import random | |
| class ScalarField: | |
| """Scalar field Fp for exponents/coefficients""" | |
| def __init__(self, value, p: Optional[int] = None): |
| ############################################################################### | |
| import sys | |
| from collections import namedtuple | |
| from dataclasses import dataclass | |
| Node = namedtuple('Node',['name','group']) | |
| GraphEdgesT = set[tuple[str,str]] | |
| GraphNodesT = dict[str,Node] |
| from sage.all import random_prime, GF, EllipticCurve, GF, is_prime | |
| import math | |
| ZETA = lambda n,x,p: pow(x, ((p-1)//n), p) | |
| MODSQRT = lambda n, p: pow(n % p, (p + 1) // 4, p) | |
| def cornacchia(d, p): | |
| """ | |
| Standard Cornacchia algorithm for x^2 + d*y^2 = p | |
| """ | |
| assert p % 12 == 7 |
| $ ./bin/poly1305.native.exe | |
| 2.5.2. Poly1305 Example and Test Vector | |
| For our example, we will dispense with generating the one-time key | |
| using AES, and assume that we got the following keying material: | |
| o Key Material: 85:d6:be:78:57:55:6d:33:7f:44:52:fe:42:d5:06:a8:01:0 | |
| 3:80:8a:fb:0d:b2:fd:4a:bf:f6:af:41:49:f5:1b |
| [package] | |
| name = "orc-builder" | |
| version = "0.1.0" | |
| edition = "2021" | |
| [dependencies] | |
| clap = { version = "4.4", features = ["derive"] } | |
| serde = { version = "1.0", features = ["derive"] } | |
| serde_json = "1.0" | |
| sha2 = "0.10" |
| import time | |
| from dataclasses import dataclass | |
| from typing import Awaitable, Callable, Generic, Iterable, Literal, Tuple, TypeVar, Union | |
| _TaskInputT = TypeVar('_TaskInputT') | |
| _TaskOutputT = TypeVar('_TaskOutputT') | |
| TaskTypeT = Literal['first', 'intermediate', 'final'] | |
| @dataclass |
