diff --git a/sage/testgen_bls12_381.sage b/sage/testgen_bls12_381.sage index d681f64..4ec2f94 100644 --- a/sage/testgen_bls12_381.sage +++ b/sage/testgen_bls12_381.sage @@ -13,30 +13,35 @@ # ############################################################ # Parameters -u = -(2^63 + 2^62 + 2^60 + 2^57 + 2^48 + 2^16) -p = (u - 1)^2 * (u^4 - u^2 + 1)//3 + u -r = u^4 - u^2 + 1 +x = -(2^63 + 2^62 + 2^60 + 2^57 + 2^48 + 2^16) +p = (x - 1)^2 * (x^4 - x^2 + 1)//3 + x +r = x^4 - x^2 + 1 cofactor = Integer('0x396c8c005555e1568c00aaab0000aaab') +# Effective cofactor for the G2 curve (that leads to equivalent hashToG2 when using endomorphisms) +g2_h_eff = Integer('0xbc69f08f2ee75b3584c6a0ea91b352888e2a8e9145ad7689986ff031508ffe1329c2f178731db956d82bf015d1212b02ec0ec69d7477c1ae954cbc06689f6a359894c0adebbf6b4e8020005aaa95551') + # Finite fields -F = GF(p) -K2. = PolynomialRing(F) -# F2. = F.extension(u^2+1) -# K6. = PolynomialRing(F2) -# F6. = F2.extension(v^3-beta) -# K12. = PolynomialRing(F6) +Fp = GF(p) +K2. = PolynomialRing(Fp) +Fp2. = Fp.extension(u^2+1) +# K6. = PolynomialRing(Fp2) +# Fp6. = Fp2.extension(v^3-Fp2([1, 1]) +# K12. = PolynomialRing(Fp6) # K12. = F6.extension(w^2-eta) # Curves b = 4 -G1 = EllipticCurve(F, [0, b]) -# G2 = EllipticCurve(F2, [0, b*beta]) +SNR = Fp2([1, 1]) +G1 = EllipticCurve(Fp, [0, b]) +G2 = EllipticCurve(Fp2, [0, b*SNR]) # Test generator set_random_seed(1337) +print('=========================================') +print('G1 vectors: ') for i in range(10): - print('---------------------------------------') Prand = G1.random_point() # Clear cofactor @@ -45,7 +50,7 @@ for i in range(10): (Px, Py, Pz) = P print('Px: ' + Integer(Px).hex()) print('Py: ' + Integer(Py).hex()) - print('Pz: ' + Integer(Pz).hex()) + # print('Pz: ' + Integer(Pz).hex()) exponent = randrange(r) # Pick an integer below curve order print('scalar: ' + Integer(exponent).hex()) @@ -53,7 +58,34 @@ for i in range(10): (Qx, Qy, Qz) = Q print('Qx: ' + Integer(Qx).hex()) print('Qy: ' + Integer(Qy).hex()) - print('Qz: ' + Integer(Qz).hex()) + # print('Qz: ' + Integer(Qz).hex()) + print('---------------------------------------') +print('=========================================') +print('G2 vectors: ') + +for i in range(10): + Prand = G2.random_point() + + # Clear cofactor + P = Prand * g2_h_eff + + (Px, Py, Pz) = P + vPx = vector(Px) + vPy = vector(Py) + # Pz = vector(Pz) + print('Px: ' + Integer(vPx[0]).hex() + ' + β * ' + Integer(vPx[1]).hex()) + print('Py: ' + Integer(vPy[0]).hex() + ' + β * ' + Integer(vPy[1]).hex()) + + exponent = randrange(r) # Pick an integer below curve order + print('scalar: ' + Integer(exponent).hex()) + + Q = exponent * P + (Qx, Qy, Qz) = Q + Qx = vector(Qx) + Qy = vector(Qy) + print('Qx: ' + Integer(Qx[0]).hex() + ' + β * ' + Integer(Qx[1]).hex()) + print('Qy: ' + Integer(Qy[0]).hex() + ' + β * ' + Integer(Qy[1]).hex()) + print('---------------------------------------') print('=========================================') # CurveOrder sanity check diff --git a/tests/t_ec_sage_bls12_381 b/tests/t_ec_sage_bls12_381 new file mode 100755 index 0000000..a40778a Binary files /dev/null and b/tests/t_ec_sage_bls12_381 differ diff --git a/tests/t_ec_sage_bls12_381.nim b/tests/t_ec_sage_bls12_381.nim index 9b38f8e..9ed6076 100644 --- a/tests/t_ec_sage_bls12_381.nim +++ b/tests/t_ec_sage_bls12_381.nim @@ -12,6 +12,7 @@ import # Internals ../constantine/config/[common, curves], ../constantine/arithmetic, + ../constantine/towers, ../constantine/io/[io_bigints, io_ec], ../constantine/elliptic/[ec_weierstrass_projective, ec_scalar_mul, ec_endomorphism_accel], # Test utilities @@ -154,3 +155,180 @@ suite "Scalar Multiplication (cofactor cleared): BLS12_381 implementation vs Sag Qx = "c72bc7087cd22993b7f6d2e49026abfde678a384073ed373b95df722b1ab658eb5ae42211e5528af606e38b59511bc6", Qy = "96d80593b42fe44e64793e490b1257af0aa26b36773aac93c3686fdb14975917cf60a1a19e32623218d0722dbb88a85" ) + + +proc test( + id: int, + EC: typedesc[ECP_SWei_Proj], + Px0, Px1, Py0, Py1: string, + scalar: string, + Qx0, Qx1, Qy0, Qy1: string + ) = + + test "test " & $id: + var P: EC + let pOK = P.fromHex(Px0, Px1, Py0, Py1) + doAssert pOK + + var Q: EC + let qOK = Q.fromHex(Qx0, Qx1, Qy0, Qy1) + + let exponent = BigInt[EC.F.C.getCurveOrderBitwidth()].fromHex(scalar) + var exponentCanonical: array[(exponent.bits+7) div 8, byte] + exponentCanonical.exportRawUint(exponent, bigEndian) + + var + impl = P + reference = P + endo = P + scratchSpace: array[1 shl 4, EC] + + impl.scalarMulGeneric(exponentCanonical, scratchSpace) + reference.unsafe_ECmul_double_add(exponentCanonical) + # endo.scalarMulGLV(exponent) # TODO GLV+GLS on G2 + + doAssert: bool(Q == reference) + doAssert: bool(Q == impl) + # doAssert: bool(Q == endo) + +suite "Scalar Multiplication G2: BLS12-381 implementation vs SageMath" & " [" & $WordBitwidth & "-bit mode]": + # Generated via sage sage/testgen_bls12_381.sage + test( + id = 1, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "989f16bcb9da60ef72383e6134ba194f57e30109806304336c0c995e2857ed20bf5b6e03d6fe1424332e9c666cbd10a", + Px1 = "16692643cb5e7466e3730d3ea775c7741ac34d670b3be685761a7d6ab722a2673ce374ddab87b7c4d2675ba2199f9121", + Py0 = "931e416488bef7cb4a053e4bd86ef44818bc03a5be5b04606b2a4dc1d139a3a452f5f7172f24eeaad84702b73b155bb", + Py1 = "192c3e2a6619473216b7bb2447448cdbeb9f7e3c9486b0a05aadf6dcd91d7cb275a5d84c1a362628efffbc8711a62a67", + scalar = "1f7bef2a74f3bf8ac0225a9edfa514bb5666b15e7be3e929059f2ef75f0035a6", + Qx0 = "110c9c96525cccb2c9045ab5bc1d2c5629b06e225cd63802d2f81c7ee7920483a74653e44289dfe5e69b979b049badad", + Qx1 = "189cb0e86e6b8886911107969afc8e807f9abbe20ab7063bddefa2fbfc85bc4e851598daeada33b8e1be6dd430fb9c0c", + Qy0 = "91d2176e98a4122466ac0d6c19c6de17b5b27f30dd760b8f644b17291f050ccfe8c1d47462052e95fd9a7aca90a78e1", + Qy1 = "25c5b7fe0fbf854f5e3af9146dfc706113de79eee220ede03491fcbadb47a89ee7179b6db8b06619e0369ec2a2e80fd" + ) + + test( + id = 2, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "1677db8e7f654fa225ad1fae79177a9ebf72dd2c1c731a4abd0ab80b2225bf0bb99cc998bc43dd3b1f75f8ff977111ba", + Px1 = "b1b3cd03ed2e49475c371fbe24e64bd97a89b28a4e7103c0203951e12763497d1c1d142de1a018fe5bd7edb57b9a88f", + Py0 = "a8ec2afc4424099cef745c6636a9db54ed11f83e98a3e7537349bea1146733d0d2d223e09492912e9b866c88c76a6b7", + Py1 = "33f45142e67aaa076379eb6c09b35509279f8b68d545729c22a51593db1d08ae1874a9b29b85a968af279c752f5b73a", + scalar = "b500f1fa8ffa8d1c0aa7d65054a9aaa0d9ed2fff83b40516def10b03cc80026", + Qx0 = "75d6b24552b5d3ae5937d17717c492160a32b01245e1351caca5e8ab9f973b356bdc1776c06c86d50924574cbcbcd04", + Qx1 = "c35b4d49b562727eda2212c6740a5a0c39343c213338c97cc9a9b3cf75624e45fb02830863f32cea6d37ddcea3dcabb", + Qy0 = "9c4107fce5315f306a70658e74f470b86ac863314efd118dca3c0c4ddd7391a5eef6999d024d927b1b1c690205a171d", + Qy1 = "124fc330b4e7d361c4c90d9e39933b3c635e6a5d7a98e73ace3a2c55cc6360e5e80b5828b3fb17aaba4bd18da5316a7a" + ) + + test( + id = 3, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "55d8f0f0af28084eb7050b403b1d10513931ca3245c047f21c51f9648b7573237f75c8617750cf8d3aea96b858893ad", + Px1 = "125272cdaeac32cb5f255c3ef073630ae80c43c3413e8a22ede153368b44b1e8cb98100304ebc621c49096b26f6f9c11", + Py0 = "67dce3c5bf2a9ff812436f25920d207f7b32b6392ea5b2288f759c813486ff0b97f95bbdb2a6efb487bc369ee1f4a4", + Py1 = "118ded28f46124289428802b5d97f7445d7efdd74db9b3a89597718c34b6433916110c86aa025a45d7e34e056ecad1dc", + scalar = "3638a1f09b542c9c14706bddf9bd411747489f3d398a5c286d28f3a950e33406", + Qx0 = "8c045276467c6ecbc26816d7639f196cdd129d7a7e8cee8d3c787aabc95959360b2e2f9f8f63e2db8b76ed228fb6e83", + Qx1 = "181b41e88accd20a6a05deef15997b14c1cdd17ad0ac75ce0f95e48b773095853aee0808f8fb4dd5c29757656c521232", + Qy0 = "178b8034e50e6bffbbac00717d7ef96f027e1c0e07b850174e20034c3a89f0e1f41108449f2c3e7be0d637936f84202a", + Qy1 = "19dae3659e65fcae08b2fd620178b4d78e9099a78f5fc9db941a9456de9eed2e4a208570adc296b43e4297b238aadbf9" + ) + + test( + id = 4, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "13b3476e05a61f9c273046d68dc0aff412695115189caa49964c3d794fb99dd153ec357bb553150ce7a3d6a5d3fa89fb", + Px1 = "3453cfc3fff2d649db5141e76b0248acd9e1593138b44e5e4da516a3c0ee5f1cef8bbc2611fa8969eaa5bb3534544ed", + Py0 = "1054487252835dfc8ce3e8845ab420e6b746353f70e2447e32d92b6816f94ad2e245d3484cf2fb984e6e3f7c8c786d07", + Py1 = "14c4f0b21d5381d7c50f8b02f5bad3af23b76729fe12b42b33bdfae87cb0fa452a447096a29c9ca8f951d24f02d9fdd7", + scalar = "6448f296d9b1a8d81319a0b789df04c587c6165776ccf39f50a354204aabe0da", + Qx0 = "15201587a5a6644f04c8818e70da24f8ed94403bc8f69e4a26923646c86faaea7e5538079ad870e4928484f682101e49", + Qx1 = "17eec094b4ffa3b28e2a07069107b1ca3efb458d09fa719baf7229d1ed30cd137ca7c1897f84b4ba26aac99b7a5628fe", + Qy0 = "19d32d85db24064e48ee7d1348df69e4f409f8f43e34f9d2f37077929975199049bcc5a1cf86358f539f034d14c882f2", + Qy1 = "122226ac41a6f2de2347a59657d707092c6becb7fc4991695631cfa9f2caaed9cee9701562fb99c2a85bd56122305bd3" + ) + + test( + id = 5, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "a16c8f0c124b0a76e53900b8e1b0cb0aa7b4280656ecebbd4cfdd8a09a40a06be8844081b3d359791391d7985a73078", + Px1 = "a639f83aa058b7a2f8e8c6272c1d03d72d37061b9586e965dd3cf2839baf2575caa276871aa8263cb56a27fc02c209d", + Py0 = "1c722e4e7e4784327296624871326f84de14e034f6a523eaaaa6e4352e22b9956ce2fede2d771a4d29b13d24742850b", + Py1 = "109fe8ea84c839a4877120495cef7c054f37192fd87b4ff44ec9581230904ec7e4b90dbd767040c74137ab9963d005b6", + scalar = "150caebc321c53c0658c5cecb45e564620b57bfbad0f5d5a277be71a184937b7", + Qx0 = "121d86aa00cec80f3e00437247902d97ef5d4867d3ae725170c1f29a9f2837c07f0fe778a9ff30f8911b84b3203cb8c2", + Qx1 = "f08808972239bde0fd4b8d498a92d08fa1d5f5b87d8a3f5f5b2c9a467745784e01defc5b55325f5707c532639b81d4c", + Qy0 = "19b484b4a366edfb6e7c3fde7e607928ed0b8a138568bbcdfd55bce47baf070759229df7a7a2b386693f23a4664cb478", + Qy1 = "92527a036c8ce2f4a592681a2f35db20917b5709c42da7c6e987c8f592837a3dfbc596667d033c8a313ac1ac28be8e1" + ) + + test( + id = 6, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "9315bb59e19f21e198f30d32a876b0f922ac4c444977f4ca0a6f8f07f7a6c6353d197ff0213cb835d2685675e931250", + Px1 = "4c3ce432c9e6f542d0a54593eeccfe923f679e448fd81b98aa28f542b5cef88ea4c822ddc8f78fb64a2e9695ea7c85", + Py0 = "e0027be110ad0f7e1d2415fffb1ded7567cb37f106c9ad5eced2aa38b9e44742c8cb5f3b1c73d935bb51a86df733ac8", + Py1 = "1275ba7b78e3063c0efe7b9a9ce5b64c713530071c52da0ec8496f47cf8546f83e50faddea736a1d495ee324ec2c290b", + scalar = "138ecc47a9d5b6cf2a052731b8f016734614949862a9f2be703935a5e0cd43bd", + Qx0 = "7a7508613526ef10773c9bb6b61310647a0401988ca80bb116748e7db49148db455c5032abc985545d8e082f3445e72", + Qx1 = "15b0a9ebfb75288e5efd5defc731bbff2d90722dfd6560284078d2886fd2254e27329be5cbe85276dcfa653f2c768337", + Qy0 = "134961d307616db7353ceb6ad61dee0fb579ebfc4256dccc8c0da35af93db90a84f87cc8cb8c14a8cb524e3dbc8efa46", + Qy1 = "d672894cc2a42dab3fc420de576c96f3585eb77e037fc3b0b2cc74c6a0e4a197b8a55dc525022289f6cad381c9adadf" + ) + + test( + id = 7, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "17d02c0921a613211e805a053056f3c32ca517c60220f2a71ff5fb4db0a2645b2fc75edbcc224ec6cd0935074e1a665", + Px1 = "3ca6158f4cff81eec3a4ce63c3250f6e7dffb9657d7d6b12c49e011ba983e425a9543a4cfda9bf27e57237d7ef2aa28", + Py0 = "11997fbd203fd972944490bec60ddb023f16e9895fffb93548ad284b3593dd70bcfd6f1efe665f30efd102339f6e59b6", + Py1 = "84336a1eb009f9173d1c4d2d74b3df6bdd05194208a81a068f1296d26049974014d8b39f5d66ea97ed8cffe177bcfe1", + scalar = "5668a2332db27199dcfb7cbdfca6317c2ff128db26d7df68483e0a095ec8e88f", + Qx0 = "1690a2bd0da82c969a43f71ec908921a65b87459eb516e16f27bc43118acb1b5bb5b91c9eeca7afacb4aa2ff5097160f", + Qx1 = "16ae56ed58e06176173246ecb865f797219f420675e49a789979be0a032108e159fa72a885222f18a4142ee808cab4e1", + Qy0 = "a44729556da9f1d4adf297e4f4b8de53274bf2d42257ea387185ea245bdabc7fc554b866c14b5100dcd0faf4ddf4079", + Qy1 = "e94f2652d0bc97087a04e4d9ab638f8b43e99b214f120d08ebb64a401ad6ab1c538d1524540fc37c76601ecc3425529" + ) + + test( + id = 8, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "7fd385cc4200ad11b1983a9399007cec30ea7de4aebaa3d65347f0566634372d89c0744c95639db223c72d994de816", + Px1 = "83ce6c36676aa56e2cd615d5617df16514cdf0d2ca11eea21f429649cf65010acd466c93e51e68088bdc16aef189472", + Py0 = "6407f7f0da8ebf27813e1f1b7339f694d0d134a281aa58855d7d102e2364900b89033904799e3b4d0dcda7946dc9f5a", + Py1 = "14d1947a7c6ce9e4f146637ba5cab3aa7a50579288f2df221dce1c0ee930c48a9f164b405b72b44c45c971608b1b97d", + scalar = "45b4bca2f783bba42b2d41a8d00f4c5f18a78738a5678fc3707523e7c62dafcb", + Qx0 = "b961dddb0fc6b6bdec4119fbfa6c7be6e568fe2ab1ec9d52442ac947f5e99172eef578af5001bcffc293d35b95a5958", + Qx1 = "13f2abd7f650404eaceeff3f834b3b8f20ed0fb05a4962d9e5798cddae5d107231655b61af5fce76403ff80dc7efebf3", + Qy0 = "2e45d6e716abe3daed8dba4fd2c030cecd2a3aadf33902d01492d221ac7704d095857a70397aedea783c0cda1624c4f", + Qy1 = "99785f9572b79e79defdf4cba35e248bd454521227dc7fdaf34d3bfb124a179b219dc69d1521f2c2af9ec0a7b82b0df" + ) + + test( + id = 9, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "1874fee7c4d207403afb01b5a2d15260e3eb1edd6ee5c3dff6c36dd652c1c34dd2e387671c8663204667e0334699cd43", + Px1 = "8abd6d2f87e58696a5c1a1d59c852d5a38c4c862f14d5bbf7db139dc7f9d6b19301fdae3c237fe77114b53c2b5a38b0", + Py0 = "14d126e9f035c55dedf47bb9c784e32866effc223fd450b8415c55b1d7b082ebbcd984d5329d3a3ab400955b908447b0", + Py1 = "7d41e011283732bdbc704f90d2f41735a7b17362ca0e0b12ca9eacd6a2f1f478bc09922aa7c3c77ef00a5e975a31bc4", + scalar = "6083671fcc66dc084ad73eba100830555fcfcc5eccaa6acb27cda0d3fa8d6f64", + Qx0 = "9f62bc139137190c2a04b8334679cd8830a6f9a7fde746397129b5518ef61ac907b39a39200834870dab6f579766cc3", + Qx1 = "f24da37709b5949766a6fccb28a316ed885c47be935044367fd7418a672e3193f68cffbf7052a33227faa8e453c5e00", + Qy0 = "410ddc02ae4c5f4cd264252a3f3ee720c9cfce1dd1b844076fa9fa55e4f9802a95e8fd130010b6d9a5ed6011239e9ce", + Qy1 = "15004542a02d1439838bdb579cba1a4f3258b14d998e4c3e198b9e27c5799c8e1b5a059f731d6380510bb9ff4d6bce00" + ) + + test( + id = 10, + EC = ECP_SWei_Proj[Fp2[BLS12_381]], + Px0 = "171597b604848dac1eea6908b849ed35ab1ea768683ff4cbf299c64da208953c7b95db0e7a514a31b3ea64ffd6bd634", + Px1 = "1679d3ec65d141fd38c8eeffdce9200d250f38e1dd3a714685d4b01ae677d7ac5c7dd452c768cdfc55249e8352c9f27e", + Py0 = "c16d445bf20a50baa06f0dba778a013e02c3c619a8b434ec463f79a9c5ec1a069c66bded745420bc5ebccc46ba0cc3e", + Py1 = "158281e1c97208e3d1388bf85b96fe75072b9ff5f628cb84e8f837ad587b414be3900be35e4df46fd0b4d517ed73a144", + scalar = "644dc62869683f0c93f38eaef2ba6912569dc91ec2806e46b4a3dd6a4421dad1", + Qx0 = "e4b186929f609e5d36451d6b62736c0bd7d4e6ed9d7ed14d33cfd715cec150e2f27224756d9f70cf78e72bb41b0ee12", + Qx1 = "1290bc5038c3ed9ed393e27edc9202751c3533ad2320802f951573f0d6da960572ce57481ab4bcf18c1525e52fd4f4e1", + Qy0 = "46260daa3ab7f1a855223127450b1963bb594930b59fd627b17275aca76533e9aab01253b5b9d5be2ac18eafbe39ea8", + Qy1 = "8b2a1941c24f3c0d7a9920f14d4e3066ed0d36839d524494db34e31f386b2523b33dfe1455e04018ef46e44e2ee6886" + )