Add a test vector generator for BN254 on G2 and pass the tests
This commit is contained in:
parent
d22d981e9e
commit
dc83855f26
|
@ -9,6 +9,8 @@
|
|||
import
|
||||
./io_bigints, ./io_fields, ./io_towers,
|
||||
../config/curves,
|
||||
../arithmetic,
|
||||
../towers,
|
||||
../elliptic/[
|
||||
ec_weierstrass_affine,
|
||||
ec_weierstrass_projective
|
||||
|
@ -48,11 +50,23 @@ func toHex*(P: ECP_SWei_Proj): string =
|
|||
result &= "\n)"
|
||||
|
||||
func fromHex*(dst: var ECP_SWei_Proj, x, y: string): bool {.raises: [ValueError].}=
|
||||
## Convert hex strings to a curve point
|
||||
## Convert hex strings to a G1 curve point
|
||||
## Returns `false`
|
||||
## if there is no point with coordinates (`x`, `y`) on the curve
|
||||
## In that case, `dst` content is undefined.
|
||||
static: doAssert dst.F is Fp, "dst must be on G1, an elliptic curve over 𝔽p"
|
||||
dst.x.fromHex(x)
|
||||
dst.y.fromHex(y)
|
||||
dst.z.setOne()
|
||||
return bool(isOnCurve(dst.x, dst.y))
|
||||
|
||||
func fromHex*(dst: var ECP_SWei_Proj, x0, x1, y0, y1: string): bool {.raises: [ValueError].}=
|
||||
## Convert hex strings to a G2 curve point
|
||||
## Returns `false`
|
||||
## if there is no point with coordinates (`x`, `y`) on the curve
|
||||
## In that case, `dst` content is undefined.
|
||||
static: doAssert dst.F is Fp2, "dst must be on G2, an elliptic curve over 𝔽p2"
|
||||
dst.x.fromHex(x0, x1)
|
||||
dst.y.fromHex(y0, y1)
|
||||
dst.z.setOne()
|
||||
return bool(isOnCurve(dst.x, dst.y))
|
||||
|
|
|
@ -46,3 +46,10 @@ func toHex*(f: Fp2 or Fp6 or Fp12, order: static Endianness = bigEndian): string
|
|||
## CT:
|
||||
## - no leaks
|
||||
result.appendHex(f, order)
|
||||
|
||||
func fromHex*(dst: var Fp2, c0, c1: string) {.raises: [ValueError].}=
|
||||
## Convert 2 coordinates to an element of 𝔽p2
|
||||
## with dst = c0 + β * c1
|
||||
## β is the quadratic non-residue chosen to construct 𝔽p2
|
||||
dst.c0.fromHex(c0)
|
||||
dst.c1.fromHex(c1)
|
||||
|
|
|
@ -13,35 +13,37 @@
|
|||
# ############################################################
|
||||
|
||||
# Parameters
|
||||
u = Integer('0x44E992B44A6909F1')
|
||||
p = 36*u^4 + 36*u^3 + 24*u^2 + 6*u + 1
|
||||
r = 36*u^4 + 36*u^3 + 18*u^2 + 6*u + 1
|
||||
x = Integer('0x44E992B44A6909F1')
|
||||
p = 36*x^4 + 36*x^3 + 24*x^2 + 6*x + 1
|
||||
r = 36*x^4 + 36*x^3 + 18*x^2 + 6*x + 1
|
||||
cofactor = 1
|
||||
|
||||
# Finite fields
|
||||
F = GF(p)
|
||||
K2.<u> = PolynomialRing(F)
|
||||
# F2.<beta> = F.extension(u^2+9)
|
||||
# K6.<v> = PolynomialRing(F2)
|
||||
# F6.<eta> = F2.extension(v^3-beta)
|
||||
Fp = GF(p)
|
||||
K2.<u> = PolynomialRing(Fp)
|
||||
Fp2.<beta> = Fp.extension(u^2+1)
|
||||
# K6.<v> = PolynomialRing(Fp2)
|
||||
# Fp6.<eta> = Fp2.extension(v^3-Fp2([9, 1]))
|
||||
# K12.<w> = PolynomialRing(F6)
|
||||
# K12.<gamma> = F6.extension(w^2-eta)
|
||||
# K12.<gamma> = Fp6.extension(w^2-eta)
|
||||
|
||||
# Curves
|
||||
b = 3
|
||||
G1 = EllipticCurve(F, [0, b])
|
||||
# G2 = EllipticCurve(F2, [0, b/beta])
|
||||
SNR = Fp2([9, 1])
|
||||
G1 = EllipticCurve(Fp, [0, b])
|
||||
G2 = EllipticCurve(Fp2, [0, b/SNR])
|
||||
|
||||
# Test generator
|
||||
set_random_seed(1337)
|
||||
|
||||
print('=========================================')
|
||||
print('G1 vectors: ')
|
||||
for i in range(10):
|
||||
print('---------------------------------------')
|
||||
P = G1.random_point()
|
||||
(Px, Py, Pz) = P
|
||||
print('Px: ' + Integer(Px).hex())
|
||||
print('Py: ' + Integer(Py).hex())
|
||||
print('Pz: ' + Integer(Pz).hex())
|
||||
# print('Pz: ' + Integer(Pz).hex())
|
||||
exponent = randrange(r) # Pick an integer below curve order
|
||||
print('scalar: ' + Integer(exponent).hex())
|
||||
|
||||
|
@ -49,7 +51,30 @@ for i in range(10):
|
|||
(Qx, Qy, Qz) = Q
|
||||
print('Qx: ' + Integer(Qx).hex())
|
||||
print('Qy: ' + Integer(Qy).hex())
|
||||
print('Qz: ' + Integer(Qz).hex())
|
||||
# print('Qz: ' + Integer(Qz).hex())
|
||||
print('---------------------------------------')
|
||||
print('=========================================')
|
||||
print('G2 vectors: ')
|
||||
|
||||
for i in range(10):
|
||||
P = G2.random_point()
|
||||
(Px, Py, Pz) = P
|
||||
vPx = vector(Px)
|
||||
vPy = vector(Py)
|
||||
# Pz = vector(Pz)
|
||||
print('Px: ' + Integer(vPx[0]).hex() + ' + β * ' + Integer(vPx[1]).hex())
|
||||
print('Py: ' + Integer(vPy[0]).hex() + ' + β * ' + Integer(vPy[1]).hex())
|
||||
|
||||
exponent = randrange(r) # Pick an integer below curve order
|
||||
print('scalar: ' + Integer(exponent).hex())
|
||||
|
||||
Q = exponent * P
|
||||
(Qx, Qy, Qz) = Q
|
||||
Qx = vector(Qx)
|
||||
Qy = vector(Qy)
|
||||
print('Qx: ' + Integer(Qx[0]).hex() + ' + β * ' + Integer(Qx[1]).hex())
|
||||
print('Qy: ' + Integer(Qy[0]).hex() + ' + β * ' + Integer(Qy[1]).hex())
|
||||
print('---------------------------------------')
|
||||
print('=========================================')
|
||||
|
||||
# CurveOrder sanity check
|
||||
|
|
|
@ -12,6 +12,7 @@ import
|
|||
# Internals
|
||||
../constantine/config/[common, curves],
|
||||
../constantine/arithmetic,
|
||||
../constantine/towers,
|
||||
../constantine/io/[io_bigints, io_ec],
|
||||
../constantine/elliptic/[ec_weierstrass_projective, ec_scalar_mul, ec_endomorphism_accel],
|
||||
# Test utilities
|
||||
|
@ -53,7 +54,7 @@ proc test(
|
|||
doAssert: bool(Q == impl)
|
||||
doAssert: bool(Q == endo)
|
||||
|
||||
suite "Scalar Multiplication: BN254 implementation vs SageMath" & " [" & $WordBitwidth & "-bit mode]":
|
||||
suite "Scalar Multiplication G1: BN254 implementation vs SageMath" & " [" & $WordBitwidth & "-bit mode]":
|
||||
# Generated via sage sage/testgen_bn254_snarks.sage
|
||||
test(
|
||||
id = 1,
|
||||
|
@ -154,3 +155,179 @@ suite "Scalar Multiplication: BN254 implementation vs SageMath" & " [" & $WordBi
|
|||
Qx = "305d7692b141962a4a92038adfacc0d2691e5589ed097a1c661cc48c84e2b64e",
|
||||
Qy = "bafa230a0f5cc2fa3cf07fa46312cb724fc944b097890fa60f2cf42a1be7963"
|
||||
)
|
||||
|
||||
proc test(
|
||||
id: int,
|
||||
EC: typedesc[ECP_SWei_Proj],
|
||||
Px0, Px1, Py0, Py1: string,
|
||||
scalar: string,
|
||||
Qx0, Qx1, Qy0, Qy1: string
|
||||
) =
|
||||
|
||||
test "test " & $id:
|
||||
var P: EC
|
||||
let pOK = P.fromHex(Px0, Px1, Py0, Py1)
|
||||
doAssert pOK
|
||||
|
||||
var Q: EC
|
||||
let qOK = Q.fromHex(Qx0, Qx1, Qy0, Qy1)
|
||||
|
||||
let exponent = BigInt[EC.F.C.getCurveOrderBitwidth()].fromHex(scalar)
|
||||
var exponentCanonical: array[(exponent.bits+7) div 8, byte]
|
||||
exponentCanonical.exportRawUint(exponent, bigEndian)
|
||||
|
||||
var
|
||||
impl = P
|
||||
reference = P
|
||||
endo = P
|
||||
scratchSpace: array[1 shl 4, EC]
|
||||
|
||||
impl.scalarMulGeneric(exponentCanonical, scratchSpace)
|
||||
reference.unsafe_ECmul_double_add(exponentCanonical)
|
||||
# endo.scalarMulGLV(exponent) # TODO GLV+GLS on G2
|
||||
|
||||
doAssert: bool(Q == reference)
|
||||
doAssert: bool(Q == impl)
|
||||
# doAssert: bool(Q == endo)
|
||||
|
||||
suite "Scalar Multiplication G2: BN254 implementation vs SageMath" & " [" & $WordBitwidth & "-bit mode]":
|
||||
# Generated via sage sage/testgen_bn254_snarks.sage
|
||||
test(
|
||||
id = 1,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "d4ff42fc6d0febc88c9e1bc568d72c80c58438f6295dc598d798c1285f974ed",
|
||||
Px1 = "3845ad0148f76bdf14f752268eafb065c7272721784a8c6bd3a5fa736332b94",
|
||||
Py0 = "13fea1d73f8e06ea57a110f9156a8c876ba42251c7dcf9f203f90839bea3e462",
|
||||
Py1 = "1b722e9557c77e1a74a2ad7236b9b0194dbf80a5c03021ce55649e3082c0cbaf",
|
||||
scalar = "3075e23caee5579e5c96f1ca7b206862c2cf3ce21d79182d58b140074b7bd34",
|
||||
Qx0 = "1811e020b970e8c87c63acc020a27e99e97236f9dd01475ece959fb679c3e2d",
|
||||
Qx1 = "2e7c501387b25ab6fc9b45c8e0944d9685364f5c448b954f370ac80751a25de5",
|
||||
Qy0 = "8d73969c1c49878b450c829a7574d7df69fb0f44f158f1a84a8dda940453f30",
|
||||
Qy1 = "14eda105095dd606285a3b7a2aa9bd269b9193c22726d5a4d8708e02ae217807"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 2,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "c4bff378e0e78a9094bc8cb224ad7d89266c28d1289098f03226fa84e7905b0",
|
||||
Px1 = "208afbcdfa4243045ad02aea93f275c60e9f838d6a933e9ad5732235e93cec84",
|
||||
Py0 = "178fd343e358c869df8c3b2e2e90c68cb2352c1ce6a6e51516a2ccab5bc191e3",
|
||||
Py1 = "23d122142470d7a5b9a9b456dcd1898ab5130f2274e010a67c0b59d8a06c98a3",
|
||||
scalar = "1eac341ad699cba0cb13ae35b8215bfe0f34e931f8e51e33bf90d9849767bb",
|
||||
Qx0 = "7d2b09ccebc6ea3ab685a2938c3b594bd1e500eb2ab2a4e0337e7f6587026fb",
|
||||
Qx1 = "ac5a99b924aebdbe4ff277ff5c8e1a209059c646fcac221917fbcbf738039ca",
|
||||
Qy0 = "2be1aebafff712ffd677fe1ac78eb2e838fe3bfc0051afb4e1b446b9aecb5939",
|
||||
Qy1 = "16bf0803d6e1d68be0e3e10d25e358e1f89a28c211cdc61def5ef10ea3abec94"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 3,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "15dd63cf4d0c2d0e21368a72b93f72ed172c413782db489f5d7b4dfcdee061c7",
|
||||
Px1 = "26e5ca7f4b418fc9eb7d7b7f44ed1c4357fa71695ad59299d4404c55a295d64",
|
||||
Py0 = "df8c4bcbb5518b1ea51967f69f61b743be8e58bc9b597b398b51ca7820940af",
|
||||
Py1 = "8a36e75e7058969f4aef0724d9f6317b8b6028870f0e7412baece8073be3477",
|
||||
scalar = "b29535765163b5d5f2d01c8fcde010d11f3f0f250a2cc84b8bc13dd9083356c",
|
||||
Qx0 = "1c329c496b4cb95ee511277fd514a07fb98e313c61f256116d9c071ecc9d9a3a",
|
||||
Qx1 = "11d64f0b3301b18b969f58664801c0de67a295943034e5946b27065ac56581a0",
|
||||
Qy0 = "54787e9bdec726f06896ed90b12a346a2f92e44688b1663911931cd225a1cf3",
|
||||
Qy1 = "1303456cc596e033f1f32f2041bd83fabb8566744c0b4a358097270baa734a48"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 4,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "9a26b213edf4d6b8b8026e934436d2a99d5cc23a9153abdb101a9bc67ab0b74",
|
||||
Px1 = "1654d9658fb77c7836ef3b41431282834c348d922d424ec4205cc62599b1cff4",
|
||||
Py0 = "13359cc29af8ed4d2a8b3acdc2e1c257bb738a365b020075a0cf387fadc9ee96",
|
||||
Py1 = "16dd9e23d0e5a92a98c57eeb0438412185e602bfb87c464e088933fd418e83fb",
|
||||
scalar = "2c02275a71bb41c911faf48cab4f7ac7fc6672a5c15586185c8cff3203181da0",
|
||||
Qx0 = "263a3327dbcd1d29dc43c428f6f03638a146ae40e06974f2a2bdc97c2239adcc",
|
||||
Qx1 = "21d7f34d76f4b71b3e35138f219af27709c0337d1bcd3a680de34ad191a2ddab",
|
||||
Qy0 = "1b0f2d2d9be7fc91bec9dad3294159834e506cf0d24d319b8282bfde26aa4268",
|
||||
Qy1 = "1bceb12af58dd453e801b6036fad5cf63ee511b00c6b8c5cee7bb3846ef3eb05"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 5,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "1a4fb241cdcd2415acca073eaae81ea2e75fbe3122d91a113ee60d6a1f2a882c",
|
||||
Px1 = "1cfac3eb7f51ef5c90fe33469dd55b0641eaf4597cfde95f01fe8d0c16613599",
|
||||
Py0 = "112e05efd8fae9654a20c4a53cb31207176bb6ea7c5ed4c8464a9846e4c6bd56",
|
||||
Py1 = "2b9b15b98d8a2116ffea8886e9399fadf6998f89e2037c423d78c6145beaaed8",
|
||||
scalar = "24c5b2ce21615dca82231f5fb0fc8d05aa07c6df4bb5aa7c2381ac7b61a6290c",
|
||||
Qx0 = "27c16e9546b4383b7d7df55ccc33737866e1e9d12d4f5135bcdbc95514bc5b23",
|
||||
Qx1 = "2e451f8f8f5163dbbd1bf48dce686204511d8cea5bc504a4fcb13d76490589f2",
|
||||
Qy0 = "1c66b04bb04c139b5a6bd40a2a5b20706620b5b54aa69ffc9075dfe14fbbba70",
|
||||
Qy1 = "139f9a895e3e68e57a15b0d6cb01c4101317b4554e196f305f88212ce5cef640"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 6,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "249d33d9b24b0b9d72753345239bc59ae80557dfb0c86a1f86ec92e749c8722a",
|
||||
Px1 = "cfba4d7f339870b12f9f83eb31a791ae3333d1e984919f5a128f72377f70756",
|
||||
Py0 = "1cc869e4e50855a0c09d6da00687007702f5d8fd9c1b1abc17dc643d5dd40825",
|
||||
Py1 = "19a0e1f64ae604d4591905d73cbeae6e644ddda04628a035d941dd0f94e8a33",
|
||||
scalar = "263e44e282fe22216cc054a39e40d4e38e71780bdc84563c340bdaaf4562534b",
|
||||
Qx0 = "2534d84cba98b2aa589b912f5be6dca6f8bf5fc0538fb0a3bc126c109af36aa8",
|
||||
Qx1 = "13921f40b39312b5a62dd8c2b49f153c331c32fa1d1d5cf31e71e1111ffdc947",
|
||||
Qy0 = "2a61adb49770d50ccc0e84b3561746cd3672a292e4d8e2dc8cb0a48dfc678adc",
|
||||
Qy1 = "d2564831641fd45cd073146cc061b2811d1d1b56289887eeed4ce07827dd3cc"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 7,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "210e0d4ae81d5a5108ecc70c5ea0317455f6d5ae6853938a8fd832b055fb8d4d",
|
||||
Px1 = "d1a120ec549f63e2b67043d5c6a3b7a9a7682ebac87cfda91dcc696c425eee8",
|
||||
Py0 = "830c793ad790d61b9b0cbc83bc63869a1c6dc629e7d8c3bec7049ebe68fbad9",
|
||||
Py1 = "129a312b5e866a67ab15ba01fabbb533dd5a7fd5ba976cad0d0e44743d6efb15",
|
||||
scalar = "1471f378000d557f0c33c1f8c8313edd53422479440cbd0fdc4cc55f1163deec",
|
||||
Qx0 = "2c16f3ee75dcdad425ee694342de2ef1c4f07b29c1b5366173d93013ef426692",
|
||||
Qx1 = "3b7d1258cb99bb20857605d9cd5132c82189f98d78a267e80c583bf840c6eeb",
|
||||
Qy0 = "2afabef1030af27bc3ba6cc378b0f7dcb84a09cae301e580d9103daad28ba71f",
|
||||
Qy1 = "117a37aee6704e3fc36d0dba37822658350c48bde5a0968d9ecf45e346caff22"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 8,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "116f9cd5018206c9e0c20bfd684995d42941ba7d4eff87aec228d5fc593e8893",
|
||||
Px1 = "211a34b8228f4bc48f0849e2e721cdaeb416e5be421e942339b751c5edaed7e7",
|
||||
Py0 = "1a888b9355886760acab22c5f35de566d9f521e28cfde8ef5c6cd771b4c19716",
|
||||
Py1 = "4935e0ab136c85ede2a70c3a4a2429b10e1ee9b259d0ffc5ccd0cbcdcba1351",
|
||||
scalar = "411315458c0c0cb27a058faf15dcbf2e467128f9c958d92de37902e1912f81",
|
||||
Qx0 = "175bcd9b7ac109968b88118e93aac3e44446b8abb9e9a2d50eacc2475f245106",
|
||||
Qx1 = "295dd179211b165f3096be9c44248a525976d9f3757c56083a9f0f69cd9eb75",
|
||||
Qy0 = "f67730f5ced93a2a7dbcd57b073505b496a7eba5eb5b1f6170cfea145ce2f15",
|
||||
Qy1 = "903a6681d15626728d7e36af65fe5d96ae314433de84321410579cba5e5dbec"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 9,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "16181913b3c03bd61b7e3ba2e05541b492626046533440bced33420cb1d0cfc2",
|
||||
Px1 = "3d505402f6d6eab342473ed2b07313c5b02e2c63f2218e5773df0aa839ce9ba",
|
||||
Py0 = "8b40ff9ba82fbf42f02628600894d112640223759570e87bb721a93da0c2c22",
|
||||
Py1 = "2d8df108c6cb25384b748480f99b9c3e72c256839e227fb22eadc4148e6398eb",
|
||||
scalar = "111e6f761ce48e22970752bd56cab93d47caa252d52948367b21163591f7b7b1",
|
||||
Qx0 = "2a8ea2288308fd73ffa423dbe971e45e4cbadfc977d75cd4ea015adf80f25bac",
|
||||
Qx1 = "491f281ad2faf5b41cb5da93b114310222c6356469b7fb51a8166e8ccc4ab01",
|
||||
Qy0 = "386ae4175f00ba59c45b07f1f47fbeb0359e8fa52f70cc7396d58f2ef06abd9",
|
||||
Qy1 = "525877a41155f9dbd541f5833b0d1543a07089cb4a1842990d01dbb3068e8db"
|
||||
)
|
||||
|
||||
test(
|
||||
id = 10,
|
||||
EC = ECP_SWei_Proj[Fp2[BN254_Snarks]],
|
||||
Px0 = "1ea8eb841a242b478d5ed96da30eb78ac5588964dd0f3405b419747d44795ae8",
|
||||
Px1 = "ee64b54258e687fc9887ca2362b71c50539c881d43097a0578b58c487fd26ca",
|
||||
Py0 = "2ab3b56d071b0ca9934fc031e26dd0ef777b42018e9afa632ba5af8fec4ddeb8",
|
||||
Py1 = "cdf8de134912bb9e9b1e9deec26066028ef099def9c4f3e157cec48f5919295",
|
||||
scalar = "6223903d4bc2adea7b0a0db92822b6c2638691e4388df93f567e11edd6f23",
|
||||
Qx0 = "1f30a3adabf28b22f0ca4088fb9cd48688c7c360098d33d0a93800d5b22433db",
|
||||
Qx1 = "e436556e8cf709b4cceb314bf387326f824afdfdc13638dcd5212822543fb1d",
|
||||
Qy0 = "28329f3dff9158be7d166e6063ee6964f2d04810a46ef1e05732fa377b6302b4",
|
||||
Qy1 = "dea3c3263a5914c54be5abcbf9d1aad995dac6a82b88ff46f0a314e8a0c2925"
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue