constantine/tests/t_pairing_template.nim
2022-01-01 19:17:04 +01:00

102 lines
3.4 KiB
Nim

# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
import
# Standard library
std/unittest, times,
# Internals
../constantine/config/common,
../constantine/[arithmetic, primitives],
../constantine/towers,
../constantine/config/curves,
../constantine/elliptic/[ec_shortweierstrass_affine, ec_shortweierstrass_projective],
../constantine/hash_to_curve/cofactors,
# Test utilities
../helpers/prng_unsafe
export
prng_unsafe, times, unittest,
ec_shortweierstrass_affine, ec_shortweierstrass_projective,
arithmetic, towers,
primitives
type
RandomGen* = enum
Uniform
HighHammingWeight
Long01Sequence
template affineType[F; G: static Subgroup](
ec: ECP_ShortW_Prj[F, G]): type =
ECP_ShortW_Aff[F, G]
func clearCofactorReference[F; G: static Subgroup](
ec: var ECP_ShortW_Aff[F, G]) =
# For now we don't have any affine operation defined
var t {.noInit.}: ECP_ShortW_Prj[F, G]
t.projectiveFromAffine(ec)
t.clearCofactorReference()
ec.affineFromProjective(t)
func random_point*(rng: var RngState, EC: typedesc, randZ: bool, gen: RandomGen): EC {.noInit.} =
if gen == Uniform:
result = rng.random_unsafe(EC)
result.clearCofactorReference()
elif gen == HighHammingWeight:
result = rng.random_highHammingWeight(EC)
result.clearCofactorReference()
else:
result = rng.random_long01Seq(EC)
result.clearCofactorReference()
template runPairingTests*(Iters: static int, C: static Curve, G1, G2, GT: typedesc, pairing_fn: untyped): untyped {.dirty.}=
bind affineType
var rng: RngState
let timeseed = uint32(toUnix(getTime()) and (1'i64 shl 32 - 1)) # unixTime mod 2^32
seed(rng, timeseed)
echo "\n------------------------------------------------------\n"
echo "test_pairing_",$C,"_optate xoshiro512** seed: ", timeseed
proc test_bilinearity_double_impl(randZ: bool, gen: RandomGen) =
for _ in 0 ..< Iters:
let P = rng.random_point(G1, randZ, gen)
let Q = rng.random_point(G2, randZ, gen)
var P2: typeof(P)
var Q2: typeof(Q)
var r {.noInit.}, r2 {.noInit.}, r3 {.noInit.}: GT
P2.double(P)
Q2.double(Q)
var Pa {.noInit.}, Pa2 {.noInit.}: affineType(P)
var Qa {.noInit.}, Qa2 {.noInit.}: affineType(Q)
Pa.affineFromProjective(P)
Pa2.affineFromProjective(P2)
Qa.affineFromProjective(Q)
Qa2.affineFromProjective(Q2)
r.pairing_fn(Pa, Qa)
r.square()
r2.pairing_fn(Pa2, Qa)
r3.pairing_fn(Pa, Qa2)
doAssert bool(not r.isZero())
doAssert bool(not r.isOne())
doAssert bool(r == r2)
doAssert bool(r == r3)
doAssert bool(r2 == r3)
suite "Pairing - Optimal Ate on " & $C & " [" & $WordBitwidth & "-bit mode]":
test "Bilinearity e([2]P, Q) = e(P, [2]Q) = e(P, Q)^2":
test_bilinearity_double_impl(randZ = false, gen = Uniform)
test_bilinearity_double_impl(randZ = false, gen = HighHammingWeight)
test_bilinearity_double_impl(randZ = false, gen = Long01Sequence)