Fix #131, inversion tests didn't take into account that the RNG can produce a 0 input and so a.inv can be different from 1

This commit is contained in:
Mamy André-Ratsimbazafy 2021-01-24 12:37:02 +01:00
parent 7e97cd4ac5
commit 75493dfb5b
No known key found for this signature in database
GPG Key ID: 7B88AD1FE79492E1
1 changed files with 6 additions and 6 deletions

View File

@ -257,25 +257,25 @@ proc main() =
let a = rng.random_unsafe(Fp[curve]) let a = rng.random_unsafe(Fp[curve])
aInv.inv(a) aInv.inv(a)
r.prod(a, aInv) r.prod(a, aInv)
check: bool r.isOne() check: bool r.isOne() or (a.isZero() and r.isZero())
r.prod(aInv, a) r.prod(aInv, a)
check: bool r.isOne() check: bool r.isOne() or (a.isZero() and r.isZero())
for _ in 0 ..< Iters: for _ in 0 ..< Iters:
let a = rng.randomHighHammingWeight(Fp[curve]) let a = rng.randomHighHammingWeight(Fp[curve])
aInv.inv(a) aInv.inv(a)
r.prod(a, aInv) r.prod(a, aInv)
check: bool r.isOne() check: bool r.isOne() or (a.isZero() and r.isZero())
r.prod(aInv, a) r.prod(aInv, a)
check: bool r.isOne() check: bool r.isOne() or (a.isZero() and r.isZero())
for _ in 0 ..< Iters: for _ in 0 ..< Iters:
let a = rng.random_long01Seq(Fp[curve]) let a = rng.random_long01Seq(Fp[curve])
aInv.inv(a) aInv.inv(a)
r.prod(a, aInv) r.prod(a, aInv)
check: bool r.isOne() check: bool r.isOne() or (a.isZero() and r.isZero())
r.prod(aInv, a) r.prod(aInv, a)
check: bool r.isOne() check: bool r.isOne() or (a.isZero() and r.isZero())
testRandomInv P224 testRandomInv P224
testRandomInv BN254_Nogami testRandomInv BN254_Nogami