Merge pull request #138 from NethermindEth/anshu/test-bls-wip

Test BLS signature checks
NethermindEth · Sep 21, 2024 · a193662 · a193662
2 parents 4d20cdd + 420f1e9
commit a193662
Show file tree

Hide file tree

Showing 6 changed files with 317 additions and 12 deletions.
diff --git a/SmartContracts/src/avs/utils/BLSSignatureChecker.sol b/SmartContracts/src/avs/utils/BLSSignatureChecker.sol
@@ -27,6 +27,6 @@ contract BLSSignatureChecker {
         BLS12381.G2Point memory msgG2 = message.hashToCurveG2(dst());
 
         // Return the pairing check result
-        return BLS12381.pairing(BLS12381.generatorG1().negate(), sig, pubkey, msgG2);
+        return BLS12381.pairing(pubkey, msgG2, BLS12381.negGeneratorG1(), sig);
     }
 }
diff --git a/SmartContracts/src/libraries/BLS12381.sol b/SmartContracts/src/libraries/BLS12381.sol
@@ -32,15 +32,15 @@ library BLS12381 {
     }
 
     /// @dev Referenced from https://eips.ethereum.org/EIPS/eip-2537#curve-parameters
-    function generatorG1() internal pure returns (G1Point memory) {
+    function negGeneratorG1() internal pure returns (G1Point memory) {
         return G1Point({
             x: [
                 0x0000000000000000000000000000000017f1d3a73197d7942695638c4fa9ac0f,
                 0xc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb
             ],
             y: [
-                0x0000000000000000000000000000000008b3f481e3aaa0f1a09e30ed741d8ae4,
-                0xfcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1
+                0x00000000000000000000000000000000114d1d6855d545a8aa7d76c8cf2e21f2,
+                0x67816aef1db507c96655b9d5caac42364e6f38ba0ecb751bad54dcd6b939c2ca
             ]
         });
     }
@@ -56,7 +56,7 @@ library BLS12381 {
 
         // Perform word-wise elementary subtraction
         if (fieldModulus[1] < point.y[1]) {
-            yNeg[1] = type(uint256).max - (point.y[1] - fieldModulus[1]);
+            yNeg[1] = type(uint256).max - (point.y[1] - fieldModulus[1]) + 1;
             fieldModulus[0] -= 1; // borrow
         } else {
             yNeg[1] = fieldModulus[1] - point.y[1];
@@ -82,7 +82,7 @@ library BLS12381 {
         // 4. R = Q0 + Q1
         r = q0.plus(q1);
         // 5. P = clear_cofactor(R)
-        // Not needed as map fp to g1 already does it
+        // Not needed as map fp to g2 already does it
     }
 
     /**
@@ -145,7 +145,7 @@ library BLS12381 {
      * @notice Adds two G2 points using the precompile at 0x0e
      */
     function plus(G2Point memory point1, G2Point memory point2) internal view returns (G2Point memory) {
-        G2Point memory r;
+        uint256[8] memory r;
 
         uint256[16] memory input = [
             point1.x[0],
@@ -182,14 +182,14 @@ library BLS12381 {
             if iszero(success) { revert(0, 0) }
         }
 
-        return r;
+        return _resolveG2Point(r);
     }
 
     /**
      * @notice Maps an element of the FP2 field to a G2 point using the precompile at 0x13
      */
     function mapToG2(FieldPoint2 memory fp2) internal view returns (G2Point memory) {
-        G2Point memory r;
+        uint256[8] memory r;
 
         uint256[4] memory input = [fp2.u[0], fp2.u[1], fp2.u_I[0], fp2.u_I[1]];
 
@@ -209,7 +209,7 @@ library BLS12381 {
             if iszero(success) { revert(0, 0) }
         }
 
-        return r;
+        return _resolveG2Point(r);
     }
 
     /**
@@ -220,7 +220,7 @@ library BLS12381 {
         view
         returns (bool)
     {
-        bool r;
+        bool[1] memory r;
 
         uint256[24] memory input = [
             a1.x[0],
@@ -266,7 +266,7 @@ library BLS12381 {
             if iszero(success) { revert(0, 0) }
         }
 
-        return r;
+        return r[0];
     }
 
     //=========
@@ -411,4 +411,13 @@ library BLS12381 {
 
         return false;
     }
+
+    function _resolveG2Point(uint256[8] memory flattened) internal pure returns (G2Point memory) {
+        return G2Point({
+            x: [flattened[0], flattened[1]],
+            x_I: [flattened[2], flattened[3]],
+            y: [flattened[4], flattened[5]],
+            y_I: [flattened[6], flattened[7]]
+        });
+    }
 }
diff --git a/SmartContracts/test/bls/BLSExpandMsgXmd.t.sol b/SmartContracts/test/bls/BLSExpandMsgXmd.t.sol
@@ -0,0 +1,101 @@
+// SPDX-License-Identifier: UNLICENSED
+// Test has been referenced from https://github.com/ethyla/bls12-381-hash-to-curve/blob/main/test/expandMsgXmd.sol
+pragma solidity 0.8.25;
+
+import {BaseTest} from "../BaseTest.sol";
+import {BLS12381} from "src/libraries/BLS12381.sol";
+
+contract BLSExpendMsgXmd is BaseTest {
+    bytes internal expand_msg_dst = "QUUX-V01-CS02-with-expander-SHA256-128";
+
+    function test_expandMsgXmd_empty_msg_0x20() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd("", expand_msg_dst, 0x20);
+        uint256 expected = 0x68a985b87eb6b46952128911f2a4412bbc302a9d759667f87f7a21d803f07235;
+
+        vm.assertEq(result[0], expected);
+    }
+
+    function testExpandMsgXmd_abc_0x20() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd("abc", expand_msg_dst, 0x20);
+        uint256 expected = 0xd8ccab23b5985ccea865c6c97b6e5b8350e794e603b4b97902f53a8a0d605615;
+
+        assertEq(result[0], expected);
+    }
+
+    function testExpandMsgXmd_abcdef0123456789_0x20() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd("abcdef0123456789", expand_msg_dst, 0x20);
+        uint256 expected = 0xeff31487c770a893cfb36f912fbfcbff40d5661771ca4b2cb4eafe524333f5c1;
+
+        assertEq(result[0], expected);
+    }
+
+    function testExpandMsgXmd_q128_0x20() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd(
+            "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq",
+            expand_msg_dst,
+            0x20
+        );
+        uint256 expected = 0xb23a1d2b4d97b2ef7785562a7e8bac7eed54ed6e97e29aa51bfe3f12ddad1ff9;
+
+        assertEq(result[0], expected);
+    }
+
+    function testExpandMsgXmd_a512_0x20() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd(
+            "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+            expand_msg_dst,
+            0x20
+        );
+        uint256 expected = 0x4623227bcc01293b8c130bf771da8c298dede7383243dc0993d2d94823958c4c;
+
+        assertEq(result[0], expected);
+    }
+
+    function testExpandMsgXmd_empty_msg_0x80() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd("", expand_msg_dst, 0x80);
+        bytes memory expected =
+            hex"af84c27ccfd45d41914fdff5df25293e221afc53d8ad2ac06d5e3e29485dadbee0d121587713a3e0dd4d5e69e93eb7cd4f5df4cd103e188cf60cb02edc3edf18eda8576c412b18ffb658e3dd6ec849469b979d444cf7b26911a08e63cf31f9dcc541708d3491184472c2c29bb749d4286b004ceb5ee6b9a7fa5b646c993f0ced";
+
+        assertEq(bytes.concat(bytes32(result[0]), bytes32(result[1]), bytes32(result[2]), bytes32(result[3])), expected);
+    }
+
+    function testExpandMsgXmd_abc_0x80() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd("abc", expand_msg_dst, 0x80);
+        bytes memory expected =
+            hex"abba86a6129e366fc877aab32fc4ffc70120d8996c88aee2fe4b32d6c7b6437a647e6c3163d40b76a73cf6a5674ef1d890f95b664ee0afa5359a5c4e07985635bbecbac65d747d3d2da7ec2b8221b17b0ca9dc8a1ac1c07ea6a1e60583e2cb00058e77b7b72a298425cd1b941ad4ec65e8afc50303a22c0f99b0509b4c895f40";
+
+        assertEq(bytes.concat(bytes32(result[0]), bytes32(result[1]), bytes32(result[2]), bytes32(result[3])), expected);
+    }
+
+    function testExpandMsgXmd_abcdef0123456789_0x80() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd("abcdef0123456789", expand_msg_dst, 0x80);
+        bytes memory expected =
+            hex"ef904a29bffc4cf9ee82832451c946ac3c8f8058ae97d8d629831a74c6572bd9ebd0df635cd1f208e2038e760c4994984ce73f0d55ea9f22af83ba4734569d4bc95e18350f740c07eef653cbb9f87910d833751825f0ebefa1abe5420bb52be14cf489b37fe1a72f7de2d10be453b2c9d9eb20c7e3f6edc5a60629178d9478df";
+
+        assertEq(bytes.concat(bytes32(result[0]), bytes32(result[1]), bytes32(result[2]), bytes32(result[3])), expected);
+    }
+
+    function testExpandMsgXmd_q128_0x80() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd(
+            "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq",
+            expand_msg_dst,
+            0x80
+        );
+        bytes memory expected =
+            hex"80be107d0884f0d881bb460322f0443d38bd222db8bd0b0a5312a6fedb49c1bbd88fd75d8b9a09486c60123dfa1d73c1cc3169761b17476d3c6b7cbbd727acd0e2c942f4dd96ae3da5de368d26b32286e32de7e5a8cb2949f866a0b80c58116b29fa7fabb3ea7d520ee603e0c25bcaf0b9a5e92ec6a1fe4e0391d1cdbce8c68a";
+
+        assertEq(bytes.concat(bytes32(result[0]), bytes32(result[1]), bytes32(result[2]), bytes32(result[3])), expected);
+    }
+
+    function testExpandMsgXmd_a512_0x80() public view {
+        uint256[] memory result = BLS12381._expandMsgXmd(
+            "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+            expand_msg_dst,
+            0x80
+        );
+        bytes memory expected =
+            hex"546aff5444b5b79aa6148bd81728704c32decb73a3ba76e9e75885cad9def1d06d6792f8a7d12794e90efed817d96920d728896a4510864370c207f99bd4a608ea121700ef01ed879745ee3e4ceef777eda6d9e5e38b90c86ea6fb0b36504ba4a45d22e86f6db5dd43d98a294bebb9125d5b794e9d2a81181066eb954966a487";
+
+        assertEq(bytes.concat(bytes32(result[0]), bytes32(result[1]), bytes32(result[2]), bytes32(result[3])), expected);
+    }
+}
diff --git a/SmartContracts/test/bls/BLSHashToFieldFp2.t.sol b/SmartContracts/test/bls/BLSHashToFieldFp2.t.sol
@@ -0,0 +1,101 @@
+// SPDX-License-Identifier: UNLICENSED
+// Test has been referenced from https://github.com/ethyla/bls12-381-hash-to-curve/blob/main/test/hashToField.sol
+pragma solidity 0.8.25;
+
+import {BaseTest} from "../BaseTest.sol";
+import {BLS12381} from "src/libraries/BLS12381.sol";
+
+contract BLSHashToFieldFp2 is BaseTest {
+    bytes internal hash_to_dst = "QUUX-V01-CS02-with-BLS12381G2_XMD:SHA-256_SSWU_RO_";
+
+    function test_hashToFieldFp2_empty_msg() public view {
+        BLS12381.FieldPoint2[2] memory result = BLS12381.hashToFieldFp2("", hash_to_dst);
+        bytes memory expected_u0 =
+            hex"0000000000000000000000000000000003dbc2cce174e91ba93cbb08f26b917f98194a2ea08d1cce75b2b9cc9f21689d80bd79b594a613d0a68eb807dfdc1cf8";
+        bytes memory expected_u0_I =
+            hex"0000000000000000000000000000000005a2acec64114845711a54199ea339abd125ba38253b70a92c876df10598bd1986b739cad67961eb94f7076511b3b39a";
+        bytes memory expected_u1 =
+            hex"0000000000000000000000000000000002f99798e8a5acdeed60d7e18e9120521ba1f47ec090984662846bc825de191b5b7641148c0dbc237726a334473eee94";
+        bytes memory expected_u1_I =
+            hex"00000000000000000000000000000000145a81e418d4010cc027a68f14391b30074e89e60ee7a22f87217b2f6eb0c4b94c9115b436e6fa4607e95a98de30a435";
+
+        assertEq(bytes.concat(bytes32(result[0].u[0]), bytes32(result[0].u[1])), expected_u0);
+        assertEq(bytes.concat(bytes32(result[0].u_I[0]), bytes32(result[0].u_I[1])), expected_u0_I);
+        assertEq(bytes.concat(bytes32(result[1].u[0]), bytes32(result[1].u[1])), expected_u1);
+        assertEq(bytes.concat(bytes32(result[1].u_I[0]), bytes32(result[1].u_I[1])), expected_u1_I);
+    }
+
+    function test_hashToFieldFp2_msg_abc() public view {
+        BLS12381.FieldPoint2[2] memory result = BLS12381.hashToFieldFp2("abc", hash_to_dst);
+        bytes memory expected_u0 =
+            hex"0000000000000000000000000000000015f7c0aa8f6b296ab5ff9c2c7581ade64f4ee6f1bf18f55179ff44a2cf355fa53dd2a2158c5ecb17d7c52f63e7195771";
+        bytes memory expected_u0_I =
+            hex"0000000000000000000000000000000001c8067bf4c0ba709aa8b9abc3d1cef589a4758e09ef53732d670fd8739a7274e111ba2fcaa71b3d33df2a3a0c8529dd";
+        bytes memory expected_u1 =
+            hex"00000000000000000000000000000000187111d5e088b6b9acfdfad078c4dacf72dcd17ca17c82be35e79f8c372a693f60a033b461d81b025864a0ad051a06e4";
+        bytes memory expected_u1_I =
+            hex"0000000000000000000000000000000008b852331c96ed983e497ebc6dee9b75e373d923b729194af8e72a051ea586f3538a6ebb1e80881a082fa2b24df9f566";
+
+        assertEq(bytes.concat(bytes32(result[0].u[0]), bytes32(result[0].u[1])), expected_u0);
+        assertEq(bytes.concat(bytes32(result[0].u_I[0]), bytes32(result[0].u_I[1])), expected_u0_I);
+        assertEq(bytes.concat(bytes32(result[1].u[0]), bytes32(result[1].u[1])), expected_u1);
+        assertEq(bytes.concat(bytes32(result[1].u_I[0]), bytes32(result[1].u_I[1])), expected_u1_I);
+    }
+
+    function test_hash_to_field_msg_fp2_abcdef0123456789() public view {
+        BLS12381.FieldPoint2[2] memory result = BLS12381.hashToFieldFp2("abcdef0123456789", hash_to_dst);
+        bytes memory expected_u0 =
+            hex"000000000000000000000000000000000313d9325081b415bfd4e5364efaef392ecf69b087496973b229303e1816d2080971470f7da112c4eb43053130b785e1";
+        bytes memory expected_u0_I =
+            hex"00000000000000000000000000000000062f84cb21ed89406890c051a0e8b9cf6c575cf6e8e18ecf63ba86826b0ae02548d83b483b79e48512b82a6c0686df8f";
+        bytes memory expected_u1 =
+            hex"000000000000000000000000000000001739123845406baa7be5c5dc74492051b6d42504de008c635f3535bb831d478a341420e67dcc7b46b2e8cba5379cca97";
+        bytes memory expected_u1_I =
+            hex"0000000000000000000000000000000001897665d9cb5db16a27657760bbea7951f67ad68f8d55f7113f24ba6ddd82caef240a9bfa627972279974894701d975";
+
+        assertEq(bytes.concat(bytes32(result[0].u[0]), bytes32(result[0].u[1])), expected_u0);
+        assertEq(bytes.concat(bytes32(result[0].u_I[0]), bytes32(result[0].u_I[1])), expected_u0_I);
+        assertEq(bytes.concat(bytes32(result[1].u[0]), bytes32(result[1].u[1])), expected_u1);
+        assertEq(bytes.concat(bytes32(result[1].u_I[0]), bytes32(result[1].u_I[1])), expected_u1_I);
+    }
+
+    function test_hashToFieldFp2_msg_q128() public view {
+        BLS12381.FieldPoint2[2] memory result = BLS12381.hashToFieldFp2(
+            "q128_qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq",
+            hash_to_dst
+        );
+        bytes memory expected_u0 =
+            hex"00000000000000000000000000000000025820cefc7d06fd38de7d8e370e0da8a52498be9b53cba9927b2ef5c6de1e12e12f188bbc7bc923864883c57e49e253";
+        bytes memory expected_u0_I =
+            hex"00000000000000000000000000000000034147b77ce337a52e5948f66db0bab47a8d038e712123bb381899b6ab5ad20f02805601e6104c29df18c254b8618c7b";
+        bytes memory expected_u1 =
+            hex"000000000000000000000000000000000930315cae1f9a6017c3f0c8f2314baa130e1cf13f6532bff0a8a1790cd70af918088c3db94bda214e896e1543629795";
+        bytes memory expected_u1_I =
+            hex"0000000000000000000000000000000010c4df2cacf67ea3cb3108b00d4cbd0b3968031ebc8eac4b1ebcefe84d6b715fde66bef0219951ece29d1facc8a520ef";
+
+        assertEq(bytes.concat(bytes32(result[0].u[0]), bytes32(result[0].u[1])), expected_u0);
+        assertEq(bytes.concat(bytes32(result[0].u_I[0]), bytes32(result[0].u_I[1])), expected_u0_I);
+        assertEq(bytes.concat(bytes32(result[1].u[0]), bytes32(result[1].u[1])), expected_u1);
+        assertEq(bytes.concat(bytes32(result[1].u_I[0]), bytes32(result[1].u_I[1])), expected_u1_I);
+    }
+
+    function test_hashToFieldFp2_msg_a512() public view {
+        BLS12381.FieldPoint2[2] memory result = BLS12381.hashToFieldFp2(
+            "a512_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+            hash_to_dst
+        );
+        bytes memory expected_u0 =
+            hex"00000000000000000000000000000000190b513da3e66fc9a3587b78c76d1d132b1152174d0b83e3c1114066392579a45824c5fa17649ab89299ddd4bda54935";
+        bytes memory expected_u0_I =
+            hex"0000000000000000000000000000000012ab625b0fe0ebd1367fe9fac57bb1168891846039b4216b9d94007b674de2d79126870e88aeef54b2ec717a887dcf39";
+        bytes memory expected_u1 =
+            hex"000000000000000000000000000000000e6a42010cf435fb5bacc156a585e1ea3294cc81d0ceb81924d95040298380b164f702275892cedd81b62de3aba3f6b5";
+        bytes memory expected_u1_I =
+            hex"00000000000000000000000000000000117d9a0defc57a33ed208428cb84e54c85a6840e7648480ae428838989d25d97a0af8e3255be62b25c2a85630d2dddd8";
+
+        assertEq(bytes.concat(bytes32(result[0].u[0]), bytes32(result[0].u[1])), expected_u0);
+        assertEq(bytes.concat(bytes32(result[0].u_I[0]), bytes32(result[0].u_I[1])), expected_u0_I);
+        assertEq(bytes.concat(bytes32(result[1].u[0]), bytes32(result[1].u[1])), expected_u1);
+        assertEq(bytes.concat(bytes32(result[1].u_I[0]), bytes32(result[1].u_I[1])), expected_u1_I);
+    }
+}
diff --git a/SmartContracts/test/bls/script-test/BLSHashToCurveG2.sol b/SmartContracts/test/bls/script-test/BLSHashToCurveG2.sol
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: UNLICENSED
+// solhint-disable-next-line
+pragma solidity 0.8.25;
+
+import {BaseScript} from "../../../scripts/BaseScript.sol";
+import {BLS12381} from "src/libraries/BLS12381.sol";
+
+/**
+ * @dev At the time of writing this (Sept, 2024) foundry does not support the BLS12381 precompile, thus
+ * thus a traditional foundry test is not possible for hash to curve functionality. Instead, we test it
+ * manually by sending a transaction to a pectra upgrade devnet and verifying the outputs on the explorer.
+ */
+contract BLSHashToCurveG2 is BaseScript {
+    function run() external broadcast {
+        Target target = new Target();
+        target.hashToCurveG2();
+    }
+}
+
+contract Target {
+    bytes internal HASH_TO_G2_DST = "QUUX-V01-CS02-with-BLS12381G2_XMD:SHA-256_SSWU_RO_";
+
+    event Output(BLS12381.G2Point);
+
+    function hashToCurveG2() external {
+        /**
+         * Expected output:
+         * 0x0000000000000000000000000000000002c2d18e033b960562aae3cab37a27ce00d80ccd5ba4b7fe0e7a210245129dbec7780ccc7954725f4168aff2787776e600000000000000000000000000000000139cddbccdc5e91b9623efd38c49f81a6f83f175e80b06fc374de9eb4b41dfe4ca3a230ed250fbe3a2acf73a41177fd8000000000000000000000000000000001787327b68159716a37440985269cf584bcb1e621d3a7202be6ea05c4cfe244aeb197642555a0645fb87bf7466b2ba480000000000000000000000000000000000aa65dae3c8d732d10ecd2c50f8a1baf3001578f71c694e03866e9f3d49ac1e1ce70dd94a733534f106d4cec0eddd16
+         */
+        emit Output(BLS12381.hashToCurveG2("abc", HASH_TO_G2_DST));
+    }
+}