Merge elementsproject/secp256k1-zkp#230: norm arg: add prove test vectors
f3126fdfec7c4dbfab3acf01714325b027110aff norm arg: remove prove edge tests which are now covered by vectors (Jonas Nick)
847ed9ecb2233f1e233fae1791b5adcdeb3be52b norm arg: add verification to prove vectors (Jonas Nick)
cf797ed2a4ccc7422de2f4081a6d6bcf536d72c8 norm arg: add prove test vectors (Jonas Nick)
095c1e749c106285e8252d6490073974dd4d8fcc norm arg: add prove_const to tests (Jonas Nick)
bf7bf8a64fa7a7256ad64f75ae0bcb9fccbd0ea4 norm arg: split norm_arg_zero into prove_edge and verify_zero_len (Jonas Nick)
a70c4d4a8a6970f8e299de541cc75f2fc2e39e76 norm arg: add test vector for |n| = 0 (Jonas Nick)
f5e4b16f0f96ae871d221900673f426e9c9ce85e norm arg: add test vector for sign bit malleability (Jonas Nick)
c0de361fc53dbfb0b058895f4824eba4d423e191 norm arg: allow X and R to be the point at infinity (Jonas Nick)
f22834f20252f9ca3e17f36093940e2aa2735790 norm arg: add verify vector for n = [0], l = [0] (Jonas Nick)
d8e7f3763bac9e52d07643a01c8352cadded64d2 musig: move ge_{serialize,parse}_ext to module-independent file (Jonas Nick)
Pull request description:
ACKs for top commit:
Liam-Eagen:
ACK f3126fd
Tree-SHA512: 1aad86521fce74435beabe7690c7fcc38ad9ae7a884ddcab69ef825b573433f700723a7672d29df1b4465bc33d5957b6a46f657f988cfd2cc73fa94a3472357d
This commit is contained in:
Jonas Nick
commit
4eab2c2fd8
@ -300,17 +300,8 @@ static int secp256k1_bppp_rangeproof_norm_product_prove(
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We only fail here because we cannot serialize points at infinity. */
|
|
||||||
if (secp256k1_gej_is_infinity(&xj) || secp256k1_gej_is_infinity(&rj)) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
secp256k1_ge_set_gej_var(&x_ge, &xj);
|
secp256k1_ge_set_gej_var(&x_ge, &xj);
|
||||||
secp256k1_fe_normalize_var(&x_ge.x);
|
|
||||||
secp256k1_fe_normalize_var(&x_ge.y);
|
|
||||||
secp256k1_ge_set_gej_var(&r_ge, &rj);
|
secp256k1_ge_set_gej_var(&r_ge, &rj);
|
||||||
secp256k1_fe_normalize_var(&r_ge.x);
|
|
||||||
secp256k1_fe_normalize_var(&r_ge.y);
|
|
||||||
secp256k1_bppp_serialize_points(&proof[proof_idx], &x_ge, &r_ge);
|
secp256k1_bppp_serialize_points(&proof[proof_idx], &x_ge, &r_ge);
|
||||||
proof_idx += 65;
|
proof_idx += 65;
|
||||||
|
|
||||||
@ -379,16 +370,12 @@ static int ec_mult_verify_cb1(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx
|
|||||||
}
|
}
|
||||||
idx -= 1;
|
idx -= 1;
|
||||||
if (idx % 2 == 0) {
|
if (idx % 2 == 0) {
|
||||||
unsigned char pk_buf[33];
|
|
||||||
idx /= 2;
|
idx /= 2;
|
||||||
*sc = data->gammas[idx];
|
*sc = data->gammas[idx];
|
||||||
pk_buf[0] = 2 | (data->proof[65*idx] >> 1);
|
if (!secp256k1_bppp_parse_one_of_points(pt, &data->proof[65*idx], 0)) {
|
||||||
memcpy(&pk_buf[1], &data->proof[65*idx + 1], 32);
|
|
||||||
if (!secp256k1_eckey_pubkey_parse(pt, pk_buf, sizeof(pk_buf))) {
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
unsigned char pk_buf[33];
|
|
||||||
secp256k1_scalar neg_one;
|
secp256k1_scalar neg_one;
|
||||||
idx /= 2;
|
idx /= 2;
|
||||||
secp256k1_scalar_set_int(&neg_one, 1);
|
secp256k1_scalar_set_int(&neg_one, 1);
|
||||||
@ -396,9 +383,7 @@ static int ec_mult_verify_cb1(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx
|
|||||||
*sc = data->gammas[idx];
|
*sc = data->gammas[idx];
|
||||||
secp256k1_scalar_sqr(sc, sc);
|
secp256k1_scalar_sqr(sc, sc);
|
||||||
secp256k1_scalar_add(sc, sc, &neg_one);
|
secp256k1_scalar_add(sc, sc, &neg_one);
|
||||||
pk_buf[0] = 2 | data->proof[65*idx];
|
if (!secp256k1_bppp_parse_one_of_points(pt, &data->proof[65*idx], 1)) {
|
||||||
memcpy(&pk_buf[1], &data->proof[65*idx + 33], 32);
|
|
||||||
if (!secp256k1_eckey_pubkey_parse(pt, pk_buf, sizeof(pk_buf))) {
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -15,10 +15,33 @@
|
|||||||
/* Outputs a pair of points, amortizing the parity byte between them
|
/* Outputs a pair of points, amortizing the parity byte between them
|
||||||
* Assumes both points' coordinates have been normalized.
|
* Assumes both points' coordinates have been normalized.
|
||||||
*/
|
*/
|
||||||
static void secp256k1_bppp_serialize_points(unsigned char *output, const secp256k1_ge *lpt, const secp256k1_ge *rpt) {
|
static void secp256k1_bppp_serialize_points(unsigned char *output, secp256k1_ge *lpt, secp256k1_ge *rpt) {
|
||||||
output[0] = (secp256k1_fe_is_odd(&lpt->y) << 1) + secp256k1_fe_is_odd(&rpt->y);
|
unsigned char tmp[33];
|
||||||
secp256k1_fe_get_b32(&output[1], &lpt->x);
|
secp256k1_ge_serialize_ext(tmp, lpt);
|
||||||
secp256k1_fe_get_b32(&output[33], &rpt->x);
|
output[0] = (tmp[0] & 1) << 1;
|
||||||
|
memcpy(&output[1], &tmp[1], 32);
|
||||||
|
secp256k1_ge_serialize_ext(tmp, rpt);
|
||||||
|
output[0] |= (tmp[0] & 1);
|
||||||
|
memcpy(&output[33], &tmp[1], 32);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int secp256k1_bppp_parse_one_of_points(secp256k1_ge *pt, const unsigned char *in65, int idx) {
|
||||||
|
unsigned char tmp[33] = { 0 };
|
||||||
|
if (in65[0] > 3) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
/* Check if the input array encodes the point at infinity */
|
||||||
|
if ((secp256k1_memcmp_var(tmp, &in65[1 + 32*idx], 32)) != 0) {
|
||||||
|
tmp[0] = 2 | ((in65[0] & (2 - idx)) >> (1 - idx));
|
||||||
|
memcpy(&tmp[1], &in65[1 + 32*idx], 32);
|
||||||
|
} else {
|
||||||
|
/* If we're parsing the point at infinity, enforce that the sign bit is
|
||||||
|
* 0. */
|
||||||
|
if ((in65[0] & (2 - idx)) != 0) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return secp256k1_ge_parse_ext(pt, tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Outputs a serialized point in compressed form. Returns 0 at point at infinity.
|
/* Outputs a serialized point in compressed form. Returns 0 at point at infinity.
|
||||||
|
|||||||
47
src/modules/bppp/test_vectors/prove.h
Normal file
47
src/modules/bppp/test_vectors/prove.h
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
static const unsigned char prove_vector_gens[264] = { 0x03, 0xAF, 0x2C, 0x40, 0xAD, 0x03, 0xCD, 0xC5, 0x76, 0x8C, 0x07, 0x1E, 0x58, 0xD6, 0x8C, 0x73, 0x45, 0xBA, 0xEB, 0xB5, 0x3F, 0x40, 0xFA, 0x8B, 0xBF, 0x73, 0x6E, 0x7B, 0x4A, 0x54, 0x06, 0xED, 0x32, 0x03, 0xCC, 0x11, 0x19, 0x22, 0x2C, 0xA1, 0x0A, 0x45, 0x23, 0xAF, 0x9B, 0x40, 0x0D, 0xA4, 0x5E, 0x06, 0x24, 0xF4, 0x5F, 0x07, 0x89, 0x88, 0xCD, 0x71, 0xAE, 0x77, 0xC1, 0xF5, 0x87, 0x4E, 0xFC, 0xA5, 0x03, 0xDE, 0x61, 0xB1, 0x8F, 0x2C, 0xAC, 0x18, 0xF5, 0xE4, 0x06, 0x8F, 0x65, 0x55, 0xA1, 0x30, 0x5E, 0xF5, 0xF4, 0x84, 0xED, 0x6B, 0xDD, 0xC2, 0xCC, 0xE8, 0x51, 0x38, 0xB8, 0xA5, 0x4C, 0x43, 0xBD, 0x02, 0xA5, 0xF9, 0x8C, 0x1F, 0x82, 0x2D, 0xC6, 0xF3, 0x0F, 0x53, 0xDB, 0x74, 0x77, 0xC7, 0x91, 0x04, 0xB0, 0xB1, 0xA6, 0x17, 0xB2, 0x91, 0xF4, 0x8B, 0x93, 0x3E, 0xBB, 0x73, 0x15, 0x3E, 0x5A, 0xD1, 0x02, 0x44, 0xF5, 0xC6, 0x4E, 0x77, 0x60, 0x81, 0x83, 0xFF, 0xC2, 0x8E, 0x06, 0xFE, 0x67, 0x0C, 0x9A, 0x4B, 0xF2, 0x34, 0xB9, 0xEA, 0xE9, 0x37, 0xDA, 0x30, 0xE2, 0x32, 0x27, 0xF3, 0x88, 0x5F, 0x2A, 0x02, 0x1D, 0x49, 0x5D, 0x04, 0xED, 0x61, 0x95, 0x37, 0xDD, 0x95, 0xB1, 0x4F, 0x64, 0x0E, 0x1E, 0xFB, 0x47, 0x9F, 0xA7, 0xD7, 0xE0, 0x7A, 0xB1, 0x02, 0x81, 0x95, 0xD1, 0xA5, 0x7E, 0xB2, 0x74, 0x8F, 0x03, 0x26, 0xA5, 0xEC, 0xE9, 0x71, 0x46, 0x37, 0xAC, 0x3D, 0x74, 0x84, 0x26, 0xCB, 0x7C, 0xE8, 0xFE, 0x4E, 0xB0, 0x6D, 0x70, 0x3D, 0x00, 0x10, 0x1A, 0x3A, 0x5B, 0xB8, 0xAA, 0x29, 0x59, 0x93, 0x15, 0x03, 0xE1, 0xA5, 0x39, 0x44, 0x75, 0x16, 0x28, 0x5F, 0xBA, 0x69, 0xA2, 0x4A, 0x2A, 0xC3, 0x5B, 0x63, 0x1F, 0x40, 0x10, 0x36, 0xF9, 0x4C, 0xD2, 0x76, 0x0F, 0xCF, 0x7F, 0x50, 0x30, 0x6E, 0x2B, 0x1D };
|
||||||
|
static const unsigned char prove_vector_0_n_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3F } };
|
||||||
|
static secp256k1_scalar prove_vector_0_n_vec[1];
|
||||||
|
static const unsigned char prove_vector_0_l_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3E } };
|
||||||
|
static secp256k1_scalar prove_vector_0_l_vec[1];
|
||||||
|
static const unsigned char prove_vector_0_c_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C } };
|
||||||
|
static secp256k1_scalar prove_vector_0_c_vec[1];
|
||||||
|
static const unsigned char prove_vector_0_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3A };
|
||||||
|
static const unsigned char prove_vector_0_proof[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3E };
|
||||||
|
static const int prove_vector_0_result = 1;
|
||||||
|
static const unsigned char prove_vector_1_n_vec32[2][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3F }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } };
|
||||||
|
static secp256k1_scalar prove_vector_1_n_vec[2];
|
||||||
|
static const unsigned char prove_vector_1_l_vec32[4][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3E }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 }, { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0B } };
|
||||||
|
static secp256k1_scalar prove_vector_1_l_vec[4];
|
||||||
|
static const unsigned char prove_vector_1_c_vec32[4][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 }, { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x30 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D } };
|
||||||
|
static secp256k1_scalar prove_vector_1_c_vec[4];
|
||||||
|
static const unsigned char prove_vector_1_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3A };
|
||||||
|
static const unsigned char prove_vector_1_proof[] = { 0x00, 0xD2, 0xEC, 0xE2, 0x53, 0x97, 0x28, 0x68, 0x22, 0x59, 0x34, 0xEF, 0xE4, 0x7B, 0x87, 0x4D, 0xE9, 0x57, 0xD5, 0xB7, 0xC7, 0x72, 0xF4, 0xC9, 0xEA, 0x66, 0x14, 0x59, 0xE1, 0xA9, 0xD5, 0xB2, 0x10, 0xDF, 0xE2, 0xFF, 0xF5, 0xA4, 0x38, 0x6B, 0xFE, 0x36, 0x89, 0xE4, 0x9D, 0x90, 0x9F, 0x71, 0x19, 0xE6, 0xA3, 0x1E, 0xAA, 0xAA, 0x4E, 0xFE, 0xC2, 0xD3, 0x37, 0xBB, 0xDE, 0xDB, 0x46, 0x43, 0xC2, 0x01, 0x42, 0x5F, 0xFC, 0xC6, 0x25, 0xA0, 0xB4, 0xF0, 0x76, 0x99, 0xF4, 0x7C, 0xE9, 0x83, 0x82, 0xED, 0x7C, 0x95, 0xBA, 0xD0, 0xE6, 0x5B, 0x88, 0xFD, 0x38, 0xEA, 0x23, 0x54, 0xD4, 0xBD, 0xD4, 0x37, 0xB8, 0x2B, 0x49, 0xAF, 0x81, 0xFD, 0xBE, 0x88, 0xB2, 0xE5, 0x3F, 0xF4, 0x30, 0x52, 0x00, 0x63, 0x9D, 0xAE, 0x82, 0x44, 0xE9, 0x62, 0x87, 0x2A, 0x23, 0x89, 0x10, 0xE4, 0x9A, 0x64, 0x9F, 0x71, 0xD9, 0x32, 0x57, 0x3B, 0xCB, 0xAC, 0x30, 0xAE, 0x71, 0x61, 0xE9, 0x50, 0x1F, 0xCB, 0x49, 0x9C, 0x52, 0xBA, 0x0C, 0xC4, 0x00, 0x58, 0x73, 0x63, 0xD3, 0x42, 0xDE, 0x42, 0x5E, 0xC5, 0x97, 0xE5, 0xDA, 0x88, 0x76, 0x49, 0x6C, 0x8B, 0x92, 0x99, 0xEE, 0xD0, 0xA9, 0xEB, 0x6E, 0xCA, 0xE1, 0x93, 0x81, 0x56, 0x2E, 0xCA, 0xF3, 0x8E, 0xF0, 0x04, 0xD2, 0x96, 0xD8, 0xDB, 0xEE, 0xEE, 0x1C, 0x44 };
|
||||||
|
static const int prove_vector_1_result = 1;
|
||||||
|
static const unsigned char prove_vector_2_n_vec32[4][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3F }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0B } };
|
||||||
|
static secp256k1_scalar prove_vector_2_n_vec[4];
|
||||||
|
static const unsigned char prove_vector_2_l_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3E } };
|
||||||
|
static secp256k1_scalar prove_vector_2_l_vec[1];
|
||||||
|
static const unsigned char prove_vector_2_c_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C } };
|
||||||
|
static secp256k1_scalar prove_vector_2_c_vec[1];
|
||||||
|
static const unsigned char prove_vector_2_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
||||||
|
static const unsigned char prove_vector_2_proof[] = { 0x00, 0xBC, 0x4C, 0x42, 0x67, 0x71, 0x69, 0x52, 0x6A, 0x65, 0xFE, 0xA0, 0xCB, 0x3F, 0x58, 0x8B, 0x48, 0x48, 0x6E, 0x59, 0xFC, 0x55, 0x51, 0x10, 0xB9, 0xBF, 0x6A, 0x7D, 0xBF, 0x32, 0x34, 0x4E, 0x7D, 0xBA, 0xD5, 0xCB, 0xCC, 0x19, 0xED, 0xAA, 0x9F, 0x8D, 0x93, 0x26, 0x5E, 0x3F, 0x3E, 0xAA, 0xDF, 0x0B, 0x1C, 0xB3, 0xDC, 0x37, 0xB6, 0xDB, 0xAE, 0x43, 0x63, 0x92, 0xB5, 0xFF, 0x0D, 0x1C, 0x77, 0x02, 0x7E, 0x2B, 0xB8, 0x87, 0x85, 0x81, 0x13, 0x70, 0x1F, 0x03, 0x65, 0x7D, 0xD8, 0x91, 0x83, 0xE5, 0x7E, 0x8B, 0x9E, 0x6F, 0x1C, 0x08, 0x9C, 0x9C, 0x5F, 0xA4, 0x12, 0x5F, 0xD3, 0xEE, 0xE2, 0x74, 0x7A, 0x2C, 0x58, 0x3A, 0x29, 0x4F, 0x64, 0x10, 0xE7, 0x89, 0xBF, 0xB2, 0xE5, 0xD9, 0xD5, 0xC5, 0x62, 0x83, 0x0C, 0xA8, 0xDD, 0x1E, 0x24, 0x6D, 0xD1, 0x58, 0x8D, 0x80, 0x74, 0xF3, 0xD9, 0x3A, 0x68, 0x7B, 0xF5, 0x12, 0xC6, 0xC2, 0x3F, 0x71, 0x47, 0xDF, 0xCF, 0xC8, 0xE2, 0xC4, 0x59, 0xDF, 0x4F, 0xEC, 0x86, 0xE9, 0xF9, 0x31, 0x94, 0x6A, 0x5F, 0xD9, 0x1E, 0x6B, 0x09, 0xCD, 0xCF, 0x5D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3E };
|
||||||
|
static const int prove_vector_2_result = 1;
|
||||||
|
static const unsigned char prove_vector_3_n_vec32[1][32] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
|
||||||
|
static secp256k1_scalar prove_vector_3_n_vec[1];
|
||||||
|
static const unsigned char prove_vector_3_l_vec32[1][32] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
|
||||||
|
static secp256k1_scalar prove_vector_3_l_vec[1];
|
||||||
|
static const unsigned char prove_vector_3_c_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C } };
|
||||||
|
static secp256k1_scalar prove_vector_3_c_vec[1];
|
||||||
|
static const unsigned char prove_vector_3_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
||||||
|
static const unsigned char prove_vector_3_proof[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||||
|
static const int prove_vector_3_result = 1;
|
||||||
|
static const unsigned char prove_vector_4_n_vec32[2][32] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } };
|
||||||
|
static secp256k1_scalar prove_vector_4_n_vec[2];
|
||||||
|
static const unsigned char prove_vector_4_l_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3A } };
|
||||||
|
static secp256k1_scalar prove_vector_4_l_vec[1];
|
||||||
|
static const unsigned char prove_vector_4_c_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C } };
|
||||||
|
static secp256k1_scalar prove_vector_4_c_vec[1];
|
||||||
|
static const unsigned char prove_vector_4_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
||||||
|
static const unsigned char prove_vector_4_proof[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3A };
|
||||||
|
static const int prove_vector_4_result = 1;
|
||||||
|
|
||||||
@ -62,4 +62,32 @@ static secp256k1_scalar verify_vector_8_c_vec[1];
|
|||||||
static const unsigned char verify_vector_8_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
static const unsigned char verify_vector_8_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
||||||
static const unsigned char verify_vector_8_proof[] = { 0x00, 0xBC, 0x4C, 0x42, 0x67, 0x71, 0x69, 0x52, 0x6A, 0x65, 0xFE, 0xA0, 0xCB, 0x3F, 0x58, 0x8B, 0x48, 0x48, 0x6E, 0x59, 0xFC, 0x55, 0x51, 0x10, 0xB9, 0xBF, 0x6A, 0x7D, 0xBF, 0x32, 0x34, 0x4E, 0x7D, 0xBA, 0xD5, 0xCB, 0xCC, 0x19, 0xED, 0xAA, 0x9F, 0x8D, 0x93, 0x26, 0x5E, 0x3F, 0x3E, 0xAA, 0xDF, 0x0B, 0x1C, 0xB3, 0xDC, 0x37, 0xB6, 0xDB, 0xAE, 0x43, 0x63, 0x92, 0xB5, 0xFF, 0x0D, 0x1C, 0x77, 0x02, 0x7E, 0x2B, 0xB8, 0x87, 0x85, 0x81, 0x13, 0x70, 0x1F, 0x03, 0x65, 0x7D, 0xD8, 0x91, 0x83, 0xE5, 0x7E, 0x8B, 0x9E, 0x6F, 0x1C, 0x08, 0x9C, 0x9C, 0x5F, 0xA4, 0x12, 0x5F, 0xD3, 0xEE, 0xE2, 0x74, 0x7A, 0x2C, 0x58, 0x3A, 0x29, 0x4F, 0x64, 0x10, 0xE7, 0x89, 0xBF, 0xB2, 0xE5, 0xD9, 0xD5, 0xC5, 0x62, 0x83, 0x0C, 0xA8, 0xDD, 0x1E, 0x24, 0x6D, 0xD1, 0x58, 0x8D, 0x80, 0x74, 0xF3, 0xD9, 0x3A, 0x68, 0x7B, 0xF5, 0x12, 0xC6, 0xC2, 0x3F, 0x71, 0x47, 0xDF, 0xCF, 0xC8, 0xE2, 0xC4, 0x59, 0xDF, 0x4F, 0xEC, 0x86, 0xE9, 0xF9, 0x31, 0x94, 0x6A, 0x5F, 0xD9, 0x1E, 0x6B, 0x09, 0xCD, 0xCF, 0x5D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3E };
|
static const unsigned char verify_vector_8_proof[] = { 0x00, 0xBC, 0x4C, 0x42, 0x67, 0x71, 0x69, 0x52, 0x6A, 0x65, 0xFE, 0xA0, 0xCB, 0x3F, 0x58, 0x8B, 0x48, 0x48, 0x6E, 0x59, 0xFC, 0x55, 0x51, 0x10, 0xB9, 0xBF, 0x6A, 0x7D, 0xBF, 0x32, 0x34, 0x4E, 0x7D, 0xBA, 0xD5, 0xCB, 0xCC, 0x19, 0xED, 0xAA, 0x9F, 0x8D, 0x93, 0x26, 0x5E, 0x3F, 0x3E, 0xAA, 0xDF, 0x0B, 0x1C, 0xB3, 0xDC, 0x37, 0xB6, 0xDB, 0xAE, 0x43, 0x63, 0x92, 0xB5, 0xFF, 0x0D, 0x1C, 0x77, 0x02, 0x7E, 0x2B, 0xB8, 0x87, 0x85, 0x81, 0x13, 0x70, 0x1F, 0x03, 0x65, 0x7D, 0xD8, 0x91, 0x83, 0xE5, 0x7E, 0x8B, 0x9E, 0x6F, 0x1C, 0x08, 0x9C, 0x9C, 0x5F, 0xA4, 0x12, 0x5F, 0xD3, 0xEE, 0xE2, 0x74, 0x7A, 0x2C, 0x58, 0x3A, 0x29, 0x4F, 0x64, 0x10, 0xE7, 0x89, 0xBF, 0xB2, 0xE5, 0xD9, 0xD5, 0xC5, 0x62, 0x83, 0x0C, 0xA8, 0xDD, 0x1E, 0x24, 0x6D, 0xD1, 0x58, 0x8D, 0x80, 0x74, 0xF3, 0xD9, 0x3A, 0x68, 0x7B, 0xF5, 0x12, 0xC6, 0xC2, 0x3F, 0x71, 0x47, 0xDF, 0xCF, 0xC8, 0xE2, 0xC4, 0x59, 0xDF, 0x4F, 0xEC, 0x86, 0xE9, 0xF9, 0x31, 0x94, 0x6A, 0x5F, 0xD9, 0x1E, 0x6B, 0x09, 0xCD, 0xCF, 0x5D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3E };
|
||||||
static const int verify_vector_8_result = 0;
|
static const int verify_vector_8_result = 0;
|
||||||
|
static const unsigned char verify_vector_9_commit33[33] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||||
|
static const size_t verify_vector_9_n_vec_len = 1;
|
||||||
|
static const unsigned char verify_vector_9_c_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C } };
|
||||||
|
static secp256k1_scalar verify_vector_9_c_vec[1];
|
||||||
|
static const unsigned char verify_vector_9_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
||||||
|
static const unsigned char verify_vector_9_proof[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||||
|
static const int verify_vector_9_result = 1;
|
||||||
|
static const unsigned char verify_vector_10_commit33[33] = { 0x03, 0x62, 0x8A, 0xC2, 0xF1, 0xF2, 0x00, 0xE0, 0x81, 0xBD, 0xA0, 0xA9, 0x6D, 0x25, 0x53, 0xB4, 0x17, 0xC1, 0x02, 0x93, 0x50, 0x3E, 0x91, 0xD4, 0xD1, 0x3A, 0x82, 0x89, 0x02, 0x24, 0x78, 0x49, 0xA5 };
|
||||||
|
static const size_t verify_vector_10_n_vec_len = 2;
|
||||||
|
static const unsigned char verify_vector_10_c_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C } };
|
||||||
|
static secp256k1_scalar verify_vector_10_c_vec[1];
|
||||||
|
static const unsigned char verify_vector_10_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
||||||
|
static const unsigned char verify_vector_10_proof[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3A };
|
||||||
|
static const int verify_vector_10_result = 1;
|
||||||
|
static const unsigned char verify_vector_11_commit33[33] = { 0x03, 0x62, 0x8A, 0xC2, 0xF1, 0xF2, 0x00, 0xE0, 0x81, 0xBD, 0xA0, 0xA9, 0x6D, 0x25, 0x53, 0xB4, 0x17, 0xC1, 0x02, 0x93, 0x50, 0x3E, 0x91, 0xD4, 0xD1, 0x3A, 0x82, 0x89, 0x02, 0x24, 0x78, 0x49, 0xA5 };
|
||||||
|
static const size_t verify_vector_11_n_vec_len = 2;
|
||||||
|
static const unsigned char verify_vector_11_c_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C } };
|
||||||
|
static secp256k1_scalar verify_vector_11_c_vec[1];
|
||||||
|
static const unsigned char verify_vector_11_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
||||||
|
static const unsigned char verify_vector_11_proof[] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3A };
|
||||||
|
static const int verify_vector_11_result = 0;
|
||||||
|
static const unsigned char verify_vector_12_commit33[33] = { 0x02, 0x7D, 0x5F, 0x4B, 0x11, 0xC0, 0xE4, 0x2E, 0x4C, 0x1B, 0x56, 0xAE, 0xF0, 0x5F, 0xAA, 0xD8, 0x77, 0x0C, 0x93, 0x71, 0xA2, 0x92, 0xF9, 0x89, 0xA2, 0xB4, 0x69, 0x9B, 0x46, 0x8A, 0x03, 0xF1, 0x50 };
|
||||||
|
static const size_t verify_vector_12_n_vec_len = 0;
|
||||||
|
static const unsigned char verify_vector_12_c_vec32[1][32] = { { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3C } };
|
||||||
|
static secp256k1_scalar verify_vector_12_c_vec[1];
|
||||||
|
static const unsigned char verify_vector_12_r32[32] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34 };
|
||||||
|
static const unsigned char verify_vector_12_proof[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x34, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x3A };
|
||||||
|
static const int verify_vector_12_result = 0;
|
||||||
|
|
||||||
|
|||||||
@ -14,6 +14,7 @@
|
|||||||
#include "bppp_util.h"
|
#include "bppp_util.h"
|
||||||
#include "bppp_transcript_impl.h"
|
#include "bppp_transcript_impl.h"
|
||||||
#include "test_vectors/verify.h"
|
#include "test_vectors/verify.h"
|
||||||
|
#include "test_vectors/prove.h"
|
||||||
|
|
||||||
static void test_bppp_generators_api(void) {
|
static void test_bppp_generators_api(void) {
|
||||||
/* The BP generator API requires no precomp */
|
/* The BP generator API requires no precomp */
|
||||||
@ -212,6 +213,80 @@ void test_norm_util_helpers(void) {
|
|||||||
secp256k1_scalar_set_int(&res, 256); CHECK(secp256k1_scalar_eq(&res, &rho_pows[3]));
|
secp256k1_scalar_set_int(&res, 256); CHECK(secp256k1_scalar_eq(&res, &rho_pows[3]));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void test_serialize_two_points_roundtrip(secp256k1_ge *X, secp256k1_ge *R) {
|
||||||
|
secp256k1_ge X_tmp, R_tmp;
|
||||||
|
unsigned char buf[65];
|
||||||
|
secp256k1_bppp_serialize_points(buf, X, R);
|
||||||
|
CHECK(secp256k1_bppp_parse_one_of_points(&X_tmp, buf, 0));
|
||||||
|
CHECK(secp256k1_bppp_parse_one_of_points(&R_tmp, buf, 1));
|
||||||
|
ge_equals_ge(X, &X_tmp);
|
||||||
|
ge_equals_ge(R, &R_tmp);
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_serialize_two_points(void) {
|
||||||
|
secp256k1_ge X, R;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for (i = 0; i < count; i++) {
|
||||||
|
random_group_element_test(&X);
|
||||||
|
random_group_element_test(&R);
|
||||||
|
test_serialize_two_points_roundtrip(&X, &R);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; i < count; i++) {
|
||||||
|
random_group_element_test(&X);
|
||||||
|
secp256k1_ge_set_infinity(&R);
|
||||||
|
test_serialize_two_points_roundtrip(&X, &R);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (i = 0; i < count; i++) {
|
||||||
|
secp256k1_ge_set_infinity(&X);
|
||||||
|
random_group_element_test(&R);
|
||||||
|
test_serialize_two_points_roundtrip(&X, &R);
|
||||||
|
}
|
||||||
|
|
||||||
|
secp256k1_ge_set_infinity(&X);
|
||||||
|
secp256k1_ge_set_infinity(&R);
|
||||||
|
test_serialize_two_points_roundtrip(&X, &R);
|
||||||
|
|
||||||
|
/* Test invalid sign byte */
|
||||||
|
{
|
||||||
|
secp256k1_ge X_tmp, R_tmp;
|
||||||
|
unsigned char buf[65];
|
||||||
|
random_group_element_test(&X);
|
||||||
|
random_group_element_test(&R);
|
||||||
|
secp256k1_bppp_serialize_points(buf, &X, &R);
|
||||||
|
buf[0] |= 4 + (unsigned char)secp256k1_testrandi64(4, 255);
|
||||||
|
CHECK(!secp256k1_bppp_parse_one_of_points(&X_tmp, buf, 0));
|
||||||
|
CHECK(!secp256k1_bppp_parse_one_of_points(&R_tmp, buf, 0));
|
||||||
|
}
|
||||||
|
/* Check that sign bit is 0 for point at infinity */
|
||||||
|
for (i = 0; i < count; i++) {
|
||||||
|
secp256k1_ge X_tmp, R_tmp;
|
||||||
|
unsigned char buf[65];
|
||||||
|
int expect;
|
||||||
|
random_group_element_test(&X);
|
||||||
|
random_group_element_test(&R);
|
||||||
|
secp256k1_bppp_serialize_points(buf, &X, &R);
|
||||||
|
memset(&buf[1], 0, 32);
|
||||||
|
if ((buf[0] & 2) == 0) {
|
||||||
|
expect = 1;
|
||||||
|
} else {
|
||||||
|
expect = 0;
|
||||||
|
}
|
||||||
|
CHECK(secp256k1_bppp_parse_one_of_points(&X_tmp, buf, 0) == expect);
|
||||||
|
CHECK(secp256k1_bppp_parse_one_of_points(&R_tmp, buf, 1));
|
||||||
|
memset(&buf[33], 0, 32);
|
||||||
|
if ((buf[0] & 1) == 0) {
|
||||||
|
expect = 1;
|
||||||
|
} else {
|
||||||
|
expect = 0;
|
||||||
|
}
|
||||||
|
CHECK(secp256k1_bppp_parse_one_of_points(&R_tmp, buf, 1) == expect);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static void secp256k1_norm_arg_commit_initial_data(
|
static void secp256k1_norm_arg_commit_initial_data(
|
||||||
secp256k1_sha256* transcript,
|
secp256k1_sha256* transcript,
|
||||||
const secp256k1_scalar* rho,
|
const secp256k1_scalar* rho,
|
||||||
@ -273,6 +348,50 @@ static void copy_vectors_into_scratch(secp256k1_scratch_space* scratch,
|
|||||||
memcpy(*gs, gens_vec, (g_len + h_len) * sizeof(secp256k1_ge));
|
memcpy(*gs, gens_vec, (g_len + h_len) * sizeof(secp256k1_ge));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Same as secp256k1_bppp_rangeproof_norm_product_prove but does not modify the inputs */
|
||||||
|
static int secp256k1_bppp_rangeproof_norm_product_prove_const(
|
||||||
|
secp256k1_scratch_space* scratch,
|
||||||
|
unsigned char* proof,
|
||||||
|
size_t *proof_len,
|
||||||
|
secp256k1_sha256 *transcript,
|
||||||
|
const secp256k1_scalar* rho,
|
||||||
|
const secp256k1_ge* g_vec,
|
||||||
|
size_t g_vec_len,
|
||||||
|
const secp256k1_scalar* n_vec,
|
||||||
|
size_t n_vec_len,
|
||||||
|
const secp256k1_scalar* l_vec,
|
||||||
|
size_t l_vec_len,
|
||||||
|
const secp256k1_scalar* c_vec,
|
||||||
|
size_t c_vec_len
|
||||||
|
) {
|
||||||
|
secp256k1_scalar *ns, *ls, *cs;
|
||||||
|
secp256k1_ge *gs;
|
||||||
|
size_t scratch_checkpoint;
|
||||||
|
size_t g_len = n_vec_len, h_len = l_vec_len;
|
||||||
|
int res;
|
||||||
|
|
||||||
|
scratch_checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch);
|
||||||
|
copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, g_vec, g_len, h_len);
|
||||||
|
res = secp256k1_bppp_rangeproof_norm_product_prove(
|
||||||
|
ctx,
|
||||||
|
scratch,
|
||||||
|
proof,
|
||||||
|
proof_len,
|
||||||
|
transcript, /* Transcript hash of the parent protocol */
|
||||||
|
rho,
|
||||||
|
gs,
|
||||||
|
g_vec_len,
|
||||||
|
ns,
|
||||||
|
n_vec_len,
|
||||||
|
ls,
|
||||||
|
l_vec_len,
|
||||||
|
cs,
|
||||||
|
c_vec_len
|
||||||
|
);
|
||||||
|
secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint);
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
/* A complete norm argument. In contrast to secp256k1_bppp_rangeproof_norm_product_prove, this is meant
|
/* A complete norm argument. In contrast to secp256k1_bppp_rangeproof_norm_product_prove, this is meant
|
||||||
to be used as a standalone norm argument.
|
to be used as a standalone norm argument.
|
||||||
This is a simple wrapper around secp256k1_bppp_rangeproof_norm_product_prove
|
This is a simple wrapper around secp256k1_bppp_rangeproof_norm_product_prove
|
||||||
@ -293,38 +412,10 @@ static int secp256k1_norm_arg_prove(
|
|||||||
size_t c_vec_len,
|
size_t c_vec_len,
|
||||||
const secp256k1_ge* commit
|
const secp256k1_ge* commit
|
||||||
) {
|
) {
|
||||||
secp256k1_scalar *ns, *ls, *cs;
|
|
||||||
secp256k1_ge *gs, comm = *commit;
|
|
||||||
size_t scratch_checkpoint;
|
|
||||||
size_t g_len = n_vec_len, h_len = l_vec_len;
|
|
||||||
int res;
|
|
||||||
secp256k1_sha256 transcript;
|
secp256k1_sha256 transcript;
|
||||||
|
secp256k1_norm_arg_commit_initial_data(&transcript, rho, gens_vec, n_vec_len, c_vec, c_vec_len, commit);
|
||||||
|
|
||||||
scratch_checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch);
|
return secp256k1_bppp_rangeproof_norm_product_prove_const(scratch, proof, proof_len, &transcript, rho, gens_vec->gens, gens_vec->n, n_vec, n_vec_len, l_vec, l_vec_len, c_vec, c_vec_len);
|
||||||
|
|
||||||
copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, gens_vec->gens, g_len, h_len);
|
|
||||||
|
|
||||||
/* Commit to the initial public values */
|
|
||||||
secp256k1_norm_arg_commit_initial_data(&transcript, rho, gens_vec, g_len, c_vec, c_vec_len, &comm);
|
|
||||||
|
|
||||||
res = secp256k1_bppp_rangeproof_norm_product_prove(
|
|
||||||
ctx,
|
|
||||||
scratch,
|
|
||||||
proof,
|
|
||||||
proof_len,
|
|
||||||
&transcript, /* Transcript hash of the parent protocol */
|
|
||||||
rho,
|
|
||||||
gs,
|
|
||||||
gens_vec->n,
|
|
||||||
ns,
|
|
||||||
n_vec_len,
|
|
||||||
ls,
|
|
||||||
l_vec_len,
|
|
||||||
cs,
|
|
||||||
c_vec_len
|
|
||||||
);
|
|
||||||
secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint);
|
|
||||||
return res;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Verify the proof */
|
/* Verify the proof */
|
||||||
@ -362,81 +453,30 @@ static int secp256k1_norm_arg_verify(
|
|||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
void norm_arg_zero(void) {
|
/* Verify |c| = 0 */
|
||||||
|
void norm_arg_verify_zero_len(void) {
|
||||||
secp256k1_scalar n_vec[64], l_vec[64], c_vec[64];
|
secp256k1_scalar n_vec[64], l_vec[64], c_vec[64];
|
||||||
secp256k1_scalar rho, mu;
|
secp256k1_scalar rho, mu;
|
||||||
secp256k1_ge commit;
|
secp256k1_ge commit;
|
||||||
size_t i;
|
|
||||||
secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*10); /* shouldn't need much */
|
secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*10); /* shouldn't need much */
|
||||||
unsigned char proof[1000];
|
unsigned char proof[1000];
|
||||||
secp256k1_sha256 transcript;
|
unsigned int n_vec_len = 1;
|
||||||
|
unsigned int c_vec_len = 1;
|
||||||
|
secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len);
|
||||||
|
size_t plen = sizeof(proof);
|
||||||
|
|
||||||
random_scalar_order(&rho);
|
random_scalar_order(&rho);
|
||||||
secp256k1_scalar_sqr(&mu, &rho);
|
secp256k1_scalar_sqr(&mu, &rho);
|
||||||
|
|
||||||
/* l is zero vector and n is zero vectors of length 1 each. */
|
random_scalar_order(&n_vec[0]);
|
||||||
{
|
random_scalar_order(&c_vec[0]);
|
||||||
size_t plen = sizeof(proof);
|
random_scalar_order(&l_vec[0]);
|
||||||
unsigned int n_vec_len = 1;
|
CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu));
|
||||||
unsigned int c_vec_len = 1;
|
CHECK(secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit));
|
||||||
secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len);
|
CHECK(secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit));
|
||||||
|
CHECK(!secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, 0, &commit));
|
||||||
|
|
||||||
secp256k1_scalar_set_int(&n_vec[0], 0);
|
secp256k1_bppp_generators_destroy(ctx, gs);
|
||||||
secp256k1_scalar_set_int(&l_vec[0], 0);
|
|
||||||
random_scalar_order(&c_vec[0]);
|
|
||||||
|
|
||||||
secp256k1_sha256_initialize(&transcript); /* No challenges used in n = 1, l = 1, but we set transcript as a good practice*/
|
|
||||||
CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gens, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu));
|
|
||||||
{
|
|
||||||
secp256k1_scalar *ns, *ls, *cs;
|
|
||||||
secp256k1_ge *gs;
|
|
||||||
size_t scratch_checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch);
|
|
||||||
copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, gens->gens, n_vec_len, c_vec_len);
|
|
||||||
CHECK(secp256k1_bppp_rangeproof_norm_product_prove(ctx, scratch, proof, &plen, &transcript, &rho, gs, gens->n, ns, n_vec_len, ls, c_vec_len, cs, c_vec_len));
|
|
||||||
secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint);
|
|
||||||
}
|
|
||||||
secp256k1_sha256_initialize(&transcript);
|
|
||||||
CHECK(secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &rho, gens, c_vec_len, c_vec, c_vec_len, &commit));
|
|
||||||
|
|
||||||
secp256k1_bppp_generators_destroy(ctx, gens);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* l is the zero vector and longer than n. This results in one of the
|
|
||||||
* internal commitments X or R to be the point at infinity. */
|
|
||||||
{
|
|
||||||
unsigned int n_vec_len = 1;
|
|
||||||
unsigned int c_vec_len = 2;
|
|
||||||
secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len);
|
|
||||||
size_t plen = sizeof(proof);
|
|
||||||
for (i = 0; i < n_vec_len; i++) {
|
|
||||||
random_scalar_order(&n_vec[i]);
|
|
||||||
}
|
|
||||||
for (i = 0; i < c_vec_len; i++) {
|
|
||||||
secp256k1_scalar_set_int(&l_vec[i], 0);
|
|
||||||
random_scalar_order(&c_vec[i]);
|
|
||||||
}
|
|
||||||
CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu));
|
|
||||||
CHECK(!secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit));
|
|
||||||
secp256k1_bppp_generators_destroy(ctx, gs);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Verify vectors of length 0 */
|
|
||||||
{
|
|
||||||
unsigned int n_vec_len = 1;
|
|
||||||
unsigned int c_vec_len = 1;
|
|
||||||
secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len);
|
|
||||||
size_t plen = sizeof(proof);
|
|
||||||
random_scalar_order(&n_vec[0]);
|
|
||||||
random_scalar_order(&c_vec[0]);
|
|
||||||
random_scalar_order(&l_vec[0]);
|
|
||||||
CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu));
|
|
||||||
CHECK(secp256k1_norm_arg_prove(scratch, proof, &plen, &rho, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit));
|
|
||||||
CHECK(secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit));
|
|
||||||
CHECK(!secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, 0, c_vec, c_vec_len, &commit));
|
|
||||||
CHECK(!secp256k1_norm_arg_verify(scratch, proof, plen, &rho, gs, n_vec_len, c_vec, 0, &commit));
|
|
||||||
|
|
||||||
secp256k1_bppp_generators_destroy(ctx, gs);
|
|
||||||
}
|
|
||||||
|
|
||||||
secp256k1_scratch_space_destroy(ctx, scratch);
|
secp256k1_scratch_space_destroy(ctx, scratch);
|
||||||
}
|
}
|
||||||
@ -535,7 +575,7 @@ int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned ch
|
|||||||
secp256k1_scalar_set_b32(&c_vec[i], c_vec32[i], &overflow);
|
secp256k1_scalar_set_b32(&c_vec[i], c_vec32[i], &overflow);
|
||||||
CHECK(!overflow);
|
CHECK(!overflow);
|
||||||
}
|
}
|
||||||
CHECK(secp256k1_eckey_pubkey_parse(&commit, commit33, 33));
|
CHECK(secp256k1_ge_parse_ext(&commit, commit33));
|
||||||
ret = secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit);
|
ret = secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit);
|
||||||
|
|
||||||
secp256k1_bppp_generators_destroy(ctx, gs);
|
secp256k1_bppp_generators_destroy(ctx, gs);
|
||||||
@ -557,20 +597,89 @@ void norm_arg_verify_vectors(void) {
|
|||||||
CHECK(IDX_TO_TEST(6));
|
CHECK(IDX_TO_TEST(6));
|
||||||
CHECK(IDX_TO_TEST(7));
|
CHECK(IDX_TO_TEST(7));
|
||||||
CHECK(IDX_TO_TEST(8));
|
CHECK(IDX_TO_TEST(8));
|
||||||
|
CHECK(IDX_TO_TEST(9));
|
||||||
|
CHECK(IDX_TO_TEST(10));
|
||||||
|
CHECK(IDX_TO_TEST(11));
|
||||||
|
CHECK(IDX_TO_TEST(12));
|
||||||
|
|
||||||
CHECK(alloc == scratch->alloc_size);
|
CHECK(alloc == scratch->alloc_size);
|
||||||
secp256k1_scratch_space_destroy(ctx, scratch);
|
secp256k1_scratch_space_destroy(ctx, scratch);
|
||||||
}
|
}
|
||||||
#undef IDX_TO_TEST
|
#undef IDX_TO_TEST
|
||||||
|
|
||||||
|
void norm_arg_prove_vectors_helper(secp256k1_scratch *scratch, const unsigned char *gens, const unsigned char *proof, size_t plen, const unsigned char *r32, const unsigned char n_vec32[][32], secp256k1_scalar *n_vec, size_t n_vec_len, const unsigned char l_vec32[][32], secp256k1_scalar *l_vec, const unsigned char c_vec32[][32], secp256k1_scalar *c_vec, size_t c_vec_len, int result) {
|
||||||
|
secp256k1_sha256 transcript;
|
||||||
|
secp256k1_bppp_generators *gs = bppp_generators_parse_regular(gens, 33*(n_vec_len + c_vec_len));
|
||||||
|
secp256k1_scalar rho, mu;
|
||||||
|
secp256k1_ge commit;
|
||||||
|
unsigned char myproof[1024];
|
||||||
|
size_t myplen = sizeof(myproof);
|
||||||
|
int overflow;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
CHECK(gs != NULL);
|
||||||
|
secp256k1_sha256_initialize(&transcript);
|
||||||
|
secp256k1_scalar_set_b32(&rho, r32, &overflow);
|
||||||
|
CHECK(!overflow);
|
||||||
|
secp256k1_scalar_sqr(&mu, &rho);
|
||||||
|
|
||||||
|
for (i = 0; i < (int)n_vec_len; i++) {
|
||||||
|
secp256k1_scalar_set_b32(&n_vec[i], n_vec32[i], &overflow);
|
||||||
|
CHECK(!overflow);
|
||||||
|
}
|
||||||
|
for (i = 0; i < (int)c_vec_len; i++) {
|
||||||
|
secp256k1_scalar_set_b32(&l_vec[i], l_vec32[i], &overflow);
|
||||||
|
CHECK(!overflow);
|
||||||
|
secp256k1_scalar_set_b32(&c_vec[i], c_vec32[i], &overflow);
|
||||||
|
CHECK(!overflow);
|
||||||
|
}
|
||||||
|
|
||||||
|
CHECK(secp256k1_bppp_rangeproof_norm_product_prove_const(scratch, myproof, &myplen, &transcript, &rho, gs->gens, gs->n, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len) == result);
|
||||||
|
if (!result) {
|
||||||
|
secp256k1_bppp_generators_destroy(ctx, gs);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
CHECK(plen == myplen);
|
||||||
|
CHECK(secp256k1_memcmp_var(proof, myproof, plen) == 0);
|
||||||
|
|
||||||
|
CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &mu));
|
||||||
|
secp256k1_sha256_initialize(&transcript);
|
||||||
|
CHECK(secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &rho, gs, n_vec_len, c_vec, c_vec_len, &commit));
|
||||||
|
secp256k1_bppp_generators_destroy(ctx, gs);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#define IDX_TO_TEST(i) (norm_arg_prove_vectors_helper(scratch, prove_vector_gens, prove_vector_##i##_proof, sizeof(prove_vector_##i##_proof), prove_vector_##i##_r32,\
|
||||||
|
prove_vector_##i##_n_vec32, prove_vector_##i##_n_vec, sizeof(prove_vector_##i##_n_vec)/sizeof(secp256k1_scalar),\
|
||||||
|
prove_vector_##i##_l_vec32, prove_vector_##i##_l_vec,\
|
||||||
|
prove_vector_##i##_c_vec32, prove_vector_##i##_c_vec, sizeof(prove_vector_##i##_c_vec)/sizeof(secp256k1_scalar), \
|
||||||
|
prove_vector_##i##_result))
|
||||||
|
|
||||||
|
void norm_arg_prove_vectors(void) {
|
||||||
|
secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */
|
||||||
|
size_t alloc = scratch->alloc_size;
|
||||||
|
|
||||||
|
IDX_TO_TEST(0);
|
||||||
|
IDX_TO_TEST(1);
|
||||||
|
IDX_TO_TEST(2);
|
||||||
|
IDX_TO_TEST(3);
|
||||||
|
IDX_TO_TEST(4);
|
||||||
|
|
||||||
|
CHECK(alloc == scratch->alloc_size);
|
||||||
|
secp256k1_scratch_space_destroy(ctx, scratch);
|
||||||
|
}
|
||||||
|
|
||||||
|
#undef IDX_TO_TEST
|
||||||
|
|
||||||
void run_bppp_tests(void) {
|
void run_bppp_tests(void) {
|
||||||
test_log_exp();
|
test_log_exp();
|
||||||
test_norm_util_helpers();
|
test_norm_util_helpers();
|
||||||
|
test_serialize_two_points();
|
||||||
test_bppp_generators_api();
|
test_bppp_generators_api();
|
||||||
test_bppp_generators_fixed();
|
test_bppp_generators_fixed();
|
||||||
test_bppp_tagged_hash();
|
test_bppp_tagged_hash();
|
||||||
|
|
||||||
norm_arg_zero();
|
norm_arg_verify_zero_len();
|
||||||
norm_arg_test(1, 1);
|
norm_arg_test(1, 1);
|
||||||
norm_arg_test(1, 64);
|
norm_arg_test(1, 64);
|
||||||
norm_arg_test(64, 1);
|
norm_arg_test(64, 1);
|
||||||
@ -578,7 +687,9 @@ void run_bppp_tests(void) {
|
|||||||
norm_arg_test(32, 64);
|
norm_arg_test(32, 64);
|
||||||
norm_arg_test(64, 32);
|
norm_arg_test(64, 32);
|
||||||
norm_arg_test(64, 64);
|
norm_arg_test(64, 64);
|
||||||
|
|
||||||
norm_arg_verify_vectors();
|
norm_arg_verify_vectors();
|
||||||
|
norm_arg_prove_vectors();
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -200,32 +200,6 @@ int secp256k1_musig_pubnonce_parse(const secp256k1_context* ctx, secp256k1_musig
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Outputs 33 zero bytes if the given group element is the point at infinity and
|
|
||||||
* otherwise outputs the compressed serialization */
|
|
||||||
static void secp256k1_ge_serialize_ext(unsigned char *out33, secp256k1_ge* ge) {
|
|
||||||
if (secp256k1_ge_is_infinity(ge)) {
|
|
||||||
memset(out33, 0, 33);
|
|
||||||
} else {
|
|
||||||
int ret;
|
|
||||||
size_t size = 33;
|
|
||||||
ret = secp256k1_eckey_pubkey_serialize(ge, out33, &size, 1);
|
|
||||||
/* Serialize must succeed because the point is not at infinity */
|
|
||||||
VERIFY_CHECK(ret && size == 33);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Outputs the point at infinity if the given byte array is all zero, otherwise
|
|
||||||
* attempts to parse compressed point serialization. */
|
|
||||||
static int secp256k1_ge_parse_ext(secp256k1_ge* ge, const unsigned char *in33) {
|
|
||||||
unsigned char zeros[33] = { 0 };
|
|
||||||
|
|
||||||
if (memcmp(in33, zeros, sizeof(zeros)) == 0) {
|
|
||||||
secp256k1_ge_set_infinity(ge);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
return secp256k1_eckey_pubkey_parse(ge, in33, 33);
|
|
||||||
}
|
|
||||||
|
|
||||||
int secp256k1_musig_aggnonce_serialize(const secp256k1_context* ctx, unsigned char *out66, const secp256k1_musig_aggnonce* nonce) {
|
int secp256k1_musig_aggnonce_serialize(const secp256k1_context* ctx, unsigned char *out66, const secp256k1_musig_aggnonce* nonce) {
|
||||||
secp256k1_ge ge[2];
|
secp256k1_ge ge[2];
|
||||||
int i;
|
int i;
|
||||||
|
|||||||
@ -800,6 +800,32 @@ int secp256k1_tagged_sha256(const secp256k1_context* ctx, unsigned char *hash32,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Outputs 33 zero bytes if the given group element is the point at infinity and
|
||||||
|
* otherwise outputs the compressed serialization */
|
||||||
|
static void secp256k1_ge_serialize_ext(unsigned char *out33, secp256k1_ge* ge) {
|
||||||
|
if (secp256k1_ge_is_infinity(ge)) {
|
||||||
|
memset(out33, 0, 33);
|
||||||
|
} else {
|
||||||
|
int ret;
|
||||||
|
size_t size = 33;
|
||||||
|
ret = secp256k1_eckey_pubkey_serialize(ge, out33, &size, 1);
|
||||||
|
/* Serialize must succeed because the point is not at infinity */
|
||||||
|
VERIFY_CHECK(ret && size == 33);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Outputs the point at infinity if the given byte array is all zero, otherwise
|
||||||
|
* attempts to parse compressed point serialization. */
|
||||||
|
static int secp256k1_ge_parse_ext(secp256k1_ge* ge, const unsigned char *in33) {
|
||||||
|
unsigned char zeros[33] = { 0 };
|
||||||
|
|
||||||
|
if (memcmp(in33, zeros, sizeof(zeros)) == 0) {
|
||||||
|
secp256k1_ge_set_infinity(ge);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return secp256k1_eckey_pubkey_parse(ge, in33, 33);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef ENABLE_MODULE_BPPP
|
#ifdef ENABLE_MODULE_BPPP
|
||||||
# include "modules/bppp/main_impl.h"
|
# include "modules/bppp/main_impl.h"
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user