frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more tests

Browse Source
This commit is contained in:
Pieter Wuille 2013-03-11 01:19:24 +01:00
parent cbd3617ea1
commit 4e0ed53985
4 changed files with 74 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ecmult.h
View File

@ -8,7 +8,7 @@
#include "num.h" #include "num.h"
#define WINDOW_A 5 #define WINDOW_A 5
#define WINDOW_G 15 #define WINDOW_G 13
namespace secp256k1 { namespace secp256k1 {
@ -51,6 +51,7 @@ private:
int used; int used;
void PushNAF(int num, int zeroes) { void PushNAF(int num, int zeroes) {
assert(used < B+1);
for (int i=0; i<zeroes; i++) { for (int i=0; i<zeroes; i++) {
naf[used++]=0; naf[used++]=0;
} }
@ -73,7 +74,7 @@ public:
zeroes++; zeroes++;
x.Shift1(); x.Shift1();
} }
int word = x.ShiftLowBits(ctx,w); int word = x.ShiftLowBits(ct,w);
if (word & (1 << (w-1))) { if (word & (1 << (w-1))) {
x.Inc(); x.Inc();
PushNAF(sign * (word - (1 << w)), zeroes); PushNAF(sign * (word - (1 << w)), zeroes);
@ -112,7 +113,6 @@ public:
WNAFPrecomp<GroupElem,WINDOW_G> wpg128; WNAFPrecomp<GroupElem,WINDOW_G> wpg128;
ECMultConsts() { ECMultConsts() {
printf("Precomputing G multiplies...\n");
const GroupElem &g = GetGroupConst().g; const GroupElem &g = GetGroupConst().g;
GroupElemJac g128j(g); GroupElemJac g128j(g);
for (int i=0; i<128; i++) for (int i=0; i<128; i++)
@ -120,7 +120,6 @@ public:
GroupElem g128; g128.SetJac(g128j); GroupElem g128; g128.SetJac(g128j);
wpg.Build(g); wpg.Build(g);
wpg128.Build(g128); wpg128.Build(g128);
printf("Done precomputing\n");
} }
}; };
@ -129,7 +128,7 @@ const ECMultConsts &GetECMultConsts() {
return ecmult_consts; return ecmult_consts;
} }
void ECMult(Context &ctx, GroupElemJac &out, const GroupElemJac &a, Number &an, Number &gn) { void ECMult(Context &ctx, GroupElemJac &out, const GroupElemJac &a, const Number &an, const Number &gn) {
Context ct(ctx); Context ct(ctx);
Number an1(ct), an2(ct); Number an1(ct), an2(ct);
Number gn1(ct), gn2(ct); Number gn1(ct), gn2(ct);

2
group.h
View File

@ -78,7 +78,7 @@ public:
} }
/** Checks whether this is a non-infinite point on the curve */ /** Checks whether this is a non-infinite point on the curve */
bool IsValid() { bool IsValid() const {
if (IsInfinity()) if (IsInfinity())
return false; return false;
// y^2 = x^3 + 7 // y^2 = x^3 + 7

5
num_openssl.h
View File

@ -74,7 +74,12 @@ public:
BN_bn2bin(bn, bin + size - len); BN_bn2bin(bn, bin + size - len);
} }
void SetInt(int x) { void SetInt(int x) {
if (x >= 0) {
BN_set_word(bn, x); BN_set_word(bn, x);
} else {
BN_set_word(bn, -x);
BN_set_negative(bn, 1);
}
} }
void SetModInverse(Context &ctx, const Number &x, const Number &m) { void SetModInverse(Context &ctx, const Number &x, const Number &m) {
BN_mod_inverse(bn, x.bn, m.bn, ctx); BN_mod_inverse(bn, x.bn, m.bn, ctx);

65
tests.cpp
View File

@ -8,7 +8,7 @@
using namespace secp256k1; using namespace secp256k1;
void test_ecmult() { void test_run_ecmult_chain() {
Context ctx; Context ctx;
// random starting point A (on the curve) // random starting point A (on the curve)
FieldElem ax; ax.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004"); FieldElem ax; ax.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004");
@ -47,8 +47,69 @@ void test_ecmult() {
assert(res == res2); assert(res == res2);
} }
void test_point_times_order(const GroupElemJac &point) {
// either the point is not on the curve, or multiplying it by the order results in O
if (!point.IsValid())
return;
const GroupConstants &c = GetGroupConst();
Context ctx;
Number zero(ctx); zero.SetInt(0);
GroupElemJac res;
ECMult(ctx, res, point, c.order, zero); // calc res = order * point + 0 * G;
assert(res.IsInfinity());
}
void test_run_point_times_order() {
Context ctx;
FieldElem x; x.SetHex("0000000000000000000000000000000000000000000000000000000000000002");
for (int i=0; i<500; i++) {
GroupElemJac j; j.SetCompressed(x, true);
test_point_times_order(j);
x.SetSquare(x);
}
}
void test_wnaf(const Number &number, int w) {
Context ctx;
Number x(ctx), two(ctx), t(ctx);
x.SetInt(0);
two.SetInt(2);
WNAF<1023> wnaf(ctx, number, w);
int zeroes = -1;
for (int i=wnaf.GetSize()-1; i>=0; i--) {
x.SetMult(ctx, x, two);
int v = wnaf.Get(i);
if (v) {
assert(zeroes == -1 || zeroes >= w-1); // check that distance between non-zero elements is at least w-1
zeroes=0;
assert((v & 1) == 1); // check non-zero elements are odd
assert(v <= (1 << (w-1)) - 1); // check range below
assert(v >= -(1 << (w-1)) - 1); // check range above
} else {
assert(zeroes != -1); // check that no unnecessary zero padding exists
zeroes++;
}
t.SetInt(v);
x.SetAdd(ctx, x, t);
}
assert(x.Compare(number) == 0); // check that wnaf represents number
}
void test_run_wnaf() {
Context ctx;
Number range(ctx), min(ctx), n(ctx);
range.SetHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
min = range; min.Shift1(); min.Negate();
for (int i=0; i<100; i++) {
n.SetPseudoRand(range); n.SetAdd(ctx,n,min);
test_wnaf(n, 4+(i%10));
}
}
int main(void) { int main(void) {
test_ecmult(); test_run_wnaf();
test_run_point_times_order();
test_run_ecmult_chain();
return 0; return 0;
} }