constantine/tests/test_finite_fields_powinv.nim

218 lines
6.4 KiB
Nim
Raw Normal View History

2020-02-22 15:37:31 +00:00
# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
import ../constantine/arithmetic,
../constantine/io/[io_bigints, io_fields],
../constantine/config/curves,
# Test utilities
../helpers/prng,
# Standard library
std/unittest, std/times
2020-02-22 15:37:31 +00:00
static: doAssert defined(testingCurves), "This modules requires the -d:testingCurves compile option"
const Iters = 512
var rng: RngState
let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32
rng.seed(seed)
echo "test_finite_fields_powinv xoshiro512** seed: ", seed
2020-02-22 15:37:31 +00:00
proc main() =
suite "Modular exponentiation over finite fields":
test "n² mod 101":
let exponent = BigInt[64].fromUint(2'u64)
2020-02-29 13:49:38 +00:00
block: # 1*1 mod 101
var n, expected: Fp[Fake101]
n.fromUint(1'u32)
expected = n
var r: Fp[Fake101]
r.prod(n, n)
var r_bytes: array[8, byte]
r_bytes.exportRawUint(r, cpuEndian)
let rU64 = cast[uint64](r_bytes)
check:
# Check equality in the Montgomery domain
bool(r == expected)
# Check equality when converting back to natural domain
1'u64 == rU64
2020-02-22 15:37:31 +00:00
block: # 1^2 mod 101
2020-02-24 16:10:09 +00:00
var n, expected: Fp[Fake101]
2020-02-22 15:37:31 +00:00
n.fromUint(1'u32)
expected = n
n.pow(exponent)
var n_bytes: array[8, byte]
n_bytes.exportRawUint(n, cpuEndian)
let r = cast[uint64](n_bytes)
check:
# Check equality in the Montgomery domain
bool(n == expected)
# Check equality when converting back to natural domain
1'u64 == r
block: # 2^2 mod 101
2020-02-24 16:10:09 +00:00
var n, expected: Fp[Fake101]
2020-02-22 15:37:31 +00:00
n.fromUint(2'u32)
2020-02-22 15:39:57 +00:00
expected.fromUint(4'u32)
2020-02-22 15:37:31 +00:00
n.pow(exponent)
var n_bytes: array[8, byte]
n_bytes.exportRawUint(n, cpuEndian)
let r = cast[uint64](n_bytes)
check:
# Check equality in the Montgomery domain
bool(n == expected)
# Check equality when converting back to natural domain
4'u64 == r
block: # 10^2 mod 101
2020-02-24 16:10:09 +00:00
var n, expected: Fp[Fake101]
2020-02-22 15:37:31 +00:00
n.fromUint(10'u32)
2020-02-22 15:39:57 +00:00
expected.fromUint(100'u32)
2020-02-22 15:37:31 +00:00
n.pow(exponent)
var n_bytes: array[8, byte]
n_bytes.exportRawUint(n, cpuEndian)
let r = cast[uint64](n_bytes)
check:
# Check equality in the Montgomery domain
bool(n == expected)
# Check equality when converting back to natural domain
100'u64 == r
block: # 11^2 mod 101
2020-02-24 16:10:09 +00:00
var n, expected: Fp[Fake101]
2020-02-22 15:37:31 +00:00
2020-02-22 15:39:57 +00:00
n.fromUint(11'u32)
expected.fromUint(20'u32)
2020-02-22 15:37:31 +00:00
n.pow(exponent)
var n_bytes: array[8, byte]
n_bytes.exportRawUint(n, cpuEndian)
let r = cast[uint64](n_bytes)
check:
# Check equality in the Montgomery domain
bool(n == expected)
# Check equality when converting back to natural domain
20'u64 == r
test "x^(p-2) mod p (modular inversion if p prime)":
block:
2020-02-24 16:10:09 +00:00
var x: Fp[BLS12_381]
# BN254 field modulus
x.fromHex("0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47")
# BLS12-381 prime - 2
let exponent = BigInt[381].fromHex("0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaa9")
let expected = "0x0636759a0f3034fa47174b2c0334902f11e9915b7bd89c6a2b3082b109abbc9837da17201f6d8286fe6203caa1b9d4c8"
x.pow(exponent)
let computed = x.toHex()
check:
computed == expected
block:
2020-02-24 16:10:09 +00:00
var x: Fp[BLS12_381]
# BN254 field modulus
x.fromHex("0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47")
# BLS12-381 prime - 2
let exponent = BigInt[381].fromHex("0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaa9")
let expected = "0x0636759a0f3034fa47174b2c0334902f11e9915b7bd89c6a2b3082b109abbc9837da17201f6d8286fe6203caa1b9d4c8"
x.powUnsafeExponent(exponent)
let computed = x.toHex()
check:
computed == expected
2020-02-22 18:50:24 +00:00
suite "Modular inversion over prime fields":
test "Specific test on Fp[BLS12_381]":
var r, x: Fp[BLS12_381]
2020-02-22 18:50:24 +00:00
# BN254 field modulus
x.fromHex("0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47")
2020-02-22 18:50:24 +00:00
let expected = "0x0636759a0f3034fa47174b2c0334902f11e9915b7bd89c6a2b3082b109abbc9837da17201f6d8286fe6203caa1b9d4c8"
r.inv(x)
let computed = r.toHex()
check:
computed == expected
test "Specific tests on Fp[BN254_Snarks]":
block:
var r, x: Fp[BN254_Snarks]
x.setOne()
2020-03-20 22:03:52 +00:00
r.inv(x)
check: bool r.isOne()
2020-02-22 18:50:24 +00:00
block:
var r, x, expected: Fp[BN254_Snarks]
x.fromHex"0x076ef96647587df443d86a7ac8aa12f3f52d5d775287a6f5e47764a59d378309"
expected.fromHex"2d2ef0cd23dd8ec9e9b47c130942ecd7d7fda5e2dd5af19114bc34565ee355b8"
r.inv(x)
check: bool(r == expected)
block:
var r, x, expected: Fp[BN254_Snarks]
x.fromHex"0x0d2007d8aaface1b8501bfbe792974166e8f9ad6106e5b563604f0aea9ab06f6"
expected.fromHex"1b632d8aa572c4356debe80f772228dee49c203f34066a998fba5194b98e56c3"
r.inv(x)
check: bool(r == expected)
proc testRandomInv(curve: static Curve) =
test "Random inversion testing on " & $Curve(curve):
var aInv, r: Fp[curve]
for _ in 0 ..< Iters:
let a = rng.random(Fp[curve])
aInv.inv(a)
r.prod(a, aInv)
check: bool r.isOne()
r.prod(aInv, a)
check: bool r.isOne()
testRandomInv P224
testRandomInv BN254_Nogami
testRandomInv BN254_Snarks
testRandomInv Curve25519
testRandomInv P256
testRandomInv Secp256k1
testRandomInv BLS12_377
testRandomInv BLS12_381
testRandomInv BN446
testRandomInv FKM12_447
testRandomInv BLS12_461
testRandomInv BN462
2020-02-22 18:50:24 +00:00
2020-02-22 15:37:31 +00:00
main()