frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ellswift: fix probabilistic test failure when swapping sides

Browse Source 
When configured with `--disable-module-ecdh --enable-module-recovery`, then
`./tests  64 81af32fd7ab8c9cbc2e62a689f642106` fails with
```
src/modules/ellswift/tests_impl.h:396: test condition failed: secp256k1_memcmp_var(share32_bad, share32a, 32) != 0
```

This tests verifies that changing the `party` bit of the
`secp256k1_ellswift_xdh` function results in a different share. However, that's
not the case when the secret keys of both parties are the same and this is
actually what happens in the observed test failure. The keys can be equal in
this test case because they are created by the `random_scalar_order_test`
function whose output is not uniformly random (it's biased towards 0).

This commit restores the assummption that the secret keys differ.
This commit is contained in:
Jonas Nick 2023-07-17 09:28:09 +00:00
parent 907a67212e
commit c424e2fb43
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/modules/ellswift/tests_impl.h
View File

@ -322,7 +322,9 @@ void run_ellswift_tests(void) {
secp256k1_testrand256_test(auxrnd32a); secp256k1_testrand256_test(auxrnd32a);
secp256k1_testrand256_test(auxrnd32b); secp256k1_testrand256_test(auxrnd32b);
random_scalar_order_test(&seca); random_scalar_order_test(&seca);
random_scalar_order_test(&secb); /* Draw secb uniformly at random to make sure that the secret keys
* differ */
random_scalar_order(&secb);
secp256k1_scalar_get_b32(sec32a, &seca); secp256k1_scalar_get_b32(sec32a, &seca);
secp256k1_scalar_get_b32(sec32b, &secb); secp256k1_scalar_get_b32(sec32b, &secb);