constantine/tests/t_fp12_anti_regression.nim

# Constantine
# Copyright (c) 2018-2019    Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
#   * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
#   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.

import
  # stdlib
  std/unittest,
  # Internals
  ../constantine/config/[common, type_ff],
  ../constantine/towers,
  ../constantine/config/curves,
  ../constantine/io/io_towers,
  ../constantine/towers

# ###############################################################
#
#   Edge cases highlighted by property-based testing or fuzzing
#
# ###############################################################

# Fuzzing failure #114: Fp12 BN254 Mul and add/sub are consistent
# Highlighted by the Long01Seq skewed RNG
# with random seeds
# - 1611183150
# - 1611267611
# - 1611393788
# - 1611420927
# - 1611402369

proc test114(factor: int, a: Fp12[BN254_Snarks]): bool =
  var sum{.noInit.}, one{.noInit.}, f{.noInit.}: Fp12[BN254_Snarks]
  one.setOne()

  if factor < 0:
    sum.neg(a)
    f.neg(one)
    for i in 1 ..< -factor:
      sum -= a
      f -= one
  else:
    sum = a
    f = one
    for i in 1 ..< factor:
      sum += a
      f += one

  var r{.noInit.}: Fp12[BN254_Snarks]

  r.prod(a, f)

  result = bool(r == sum)

  if not result:
    echo "Failure for"
    echo "==================="
    echo "r:   ", r.toHex()
    echo "-------------------"
    echo "sum: ", sum.toHex()
    echo "-------------------"
    debug:
      echo "r (raw montgomery):  ", $r
      echo "-------------------"
      echo "sum (raw montgomery):", $sum
      echo "-------------------"
    echo "\n\n"

# Requires a Fp -> Fp2 -> Fp4 -> Fp12 towering
var t114_cases: seq[tuple[factor: int, a: Fp12[BN254_Snarks]]]

t114_cases.add (
  # seed 1611183150
  -13,
  Fp12[BN254_Snarks].fromHex(
    "0x0000000000ffffffffffffffff3f00c00100000000fcffff0700000000000000",
    "0x0000000000ffffffffffff7f000000e0ffff03000000fcff07e0ffffff9fffff",
    "0x0080ffffffffff1f00f00080ffffffffffffffffffffffffffffffffffffffff",
    "0x0c0a77c19a07df2f666ea36f7899461c0a78ec28b5d70b3dd35d430dc58f0d9d",
    "0x000007fc00000000000000000000003ffffffffffff1ffffff8000000001ffff",
    "0x000000c0ffffffdfffffffff0100feffff03c0ffffffffffffffff3f00000000",
    "0x000000000000000000000080ffffffffff3f0000f0dfff0f80ffffffffff0700",
    "0x0000000000000000000000000000000000000000000000000000000000000000",
    "0x0e0a77c199c7df2f666ee36f7879422c0a78ed28f5c70b3dd2dd448dc58eed9d",
    "0x0e0a77a19a07df2f866ea36f7839462c0a78eb28f5d70b3dd3dd438dc58f0d9c",
    "0x000000000000000000000000003fc0000003f80000000000000007ffffffffff",
    "0x0000001fff0000000000000000038000003ffffffffffff800000000000ff000"
  )
)

var x = Fp12[BN254_Snarks].fromHex(
    "0x30644e72d431a029b85045b68b4e4e9d8a816a915b98ca99e1208c16d87cfd47",
    "0x30644e72d431a029b8504c4381814cf0978e43916864f199d5b38c16dd5cfd54",
    "0x29d74e72e131ab96ac203f298181585d97816a916871ca8d3c208c16d87cfd54",
    "0x250924f6b2602b3eada2ca30e63cd209d5e1ac3465db981134c5c8a859b04423",
    "0x3063e6a6e131a029b85045b68181551d97816a916927ca8d42a08c16d862fd54",
    "0x306444a5e131a1c9b85045c37474655da4509d916871ca8d3c2095e3d87cfd47",
    "0x30644e72e131a029b8503f298181585da14e6a852d11d6c3af208c16d889a247",
    "0x0000000000000000000000000000000000000000000000000000000000000000",
    "0x0b0924f6b5a02b3ead9f8a30e7dd0539d5e19f3126ab98113b45b52859b1e423",
    "0x0b092696b2602b3d0da2ca30eb1cd139d5e1b93125db98112e45c22859b04430",
    "0x30644e72e131a029b85045b67e44985d974dd2916871ca8d3c202416d87cfd54",
    "0x30644cd2ee31a029b85045b68153d85d94416a916871caf53c208c16d7adcd47"
  )

t114_cases.add (
  # seed 1611267611
  -7,
  Fp12[BN254_Snarks].fromHex(
    "0x0000000000000000000000000000000000000000000000000000000000000000",
    "0x0e0477c19a07de6e666ea46eb77947290a786a28f5c70b3dd35d4486c58f0cdc",
    "0x00fffffffffffffffffffffff80000000003ffffffffffffc0000000007fffff",
    "0x00ffff00000080ffffffffffffffffffffff1f00000000000000000000c03f00",
    "0x00000000c0ff00c0ff07000000000000000000000000000000feffffffffffff",
    "0x000000000007ffffffffff000000e003f83fffffe0000000001ffff803ffc000",
    "0x0000003fffffffffffffffffffffffffffff801fffffffc01f00000007ffffff",
    "0x00000000003fffffffe00000000000ffffffe08003fff800007fffffffffffff",
    "0x0e0a57c19a47dfaf666ea36f787945ac8a78eb28f5c70b3dd2dd438dc58f0d9d",
    "0x0000000000feffffffffff1f0000000000000000000080ffff03f8ffffffffff",
    "0x000000f87f0000c0ffffffffffffffffffffffffffffffffffffff07fcffffff",
    "0x01fffffffe0000000001fcffffffffffffffffc003ffffff8001ffffffffffff"
  )
)

t114_cases.add (
  # seed 1611393788
  -15,
  Fp12[BN254_Snarks].fromHex(
    "0x0e0a77c192085f2f666e63777879462c0a78eb08f5c70b3dd35d438dd58f0d9c",
    "0x0fffe03ffe0000000000000000001fffffff0000000fffffe0000fffffffffff",
    "0x000000000003ffffffffffff00000000000000000000000000000ffffffeffff",
    "0x00f0ffffffff3f0000f0ffffffffff0700000000000000000000600000001f00",
    "0x0f9bb18c1ece5fd647afba4d7e7ea7a0687ebd6a978e3572c3df73e9278306b8",
    "0x00e0ff3f00f0ffffffffff010000000080ffffffffffffffffffff000000ffff",
    "0x0000000000000000000000000000000000000000000000000000000000000000",
    "0x0dca77c19a07e02f6666a56f7878462c0a792b28f5c6cb3dd35d438dcd8f0d80",
    "0x0e0a76c19a07df2f6e6ea36f7879462c0a78eb28f5c70b3dd359438dc59f0d7d",
    "0x0e0a77c11a07df2f666ea36f8075462c0a78eb28f5c70b3dd35d538dc58f0dac",
    "0x0e0a77819a083f2f766e9b6f7879462c0a78eb28f5c70b3dd35d438dc592119c",
    "0x000000000ffffffffffffe000000003ffffc0000000000000000000000000000"
  )
)

t114_cases.add (
  # seed 1611420927
  -25,
  Fp12[BN254_Snarks].fromHex(
    "0x0000000000ffffc00000000000000fffffffffffffffffffff00007fffe003ff",
    "0x00000000ffff1fc0ffffff1ff8ffffffffffff00fc010000feffffffff0300f0",
    "0x000000000000001800000000e00300feffffffffffff1f00f0ffffffffffffff",
    "0x0e0a75c1da07df2f666ea36f7879461c0a78ec28f5c70b35d35d438dc590ed9d",
    "0x0e09f6c19a085f30666f846f7780c72c097feb29f5c70b3cd65dc48d44900cbc",
    "0x0000000001ffffe7e0000000000000003fffffffffffff000000000001fff800",
    "0x0000000000000000000000000000000000000000000000000000000000000000",
    "0x0e09b6c28b07df2f666ea36f7879462c0a780ae9f5c70b3dd35c638cc48f0da3",
    "0x0e0a77c19a07df2f666da46f7879462c0a78eb2976c60a7cd35d438eb68f0c9d",
    "0x0007f00007fffff00000000000000003ffffffff8000000fffffc001ffffffff",
    "0x0e0a77c19a07df2f666ea36f7879462c0a68ec28f5c70b3dd35c438dcd4f0e1c",
    "0x1ffffffffffffffffffffffffffffff000000000000000000fc000ffffffffff"
  )
)

t114_cases.add (
  # seed 1611402369
  -10,
  Fp12[BN254_Snarks].fromHex(
    "0x0000000000000000000000000000000000000000000000000000000000000000",
    "0x00000000000020000007fffff800000000000001ffffffffffffffffffffe000",
    "0x0000000000000000000000f8fffffffffffffff7ffffffffffff1f0000000200",
    "0x0000030000000003fffc00000000003ffffffe000000000000ffc00000000000",
    "0x0e0a76e09a07df2f666ea3705881432c0a78e828f5c70b3d125e348d058f0cbc",
    "0x0000000f01fffc7fffffffffffffffffffffffe000000000000fffffc0000000",
    "0x0e0a77c0b907e02c666ea36f77f8462c0a78eb28f5c70b3e545d438dc58f0d9c",
    "0x0e0a77a19a07df2f668ea36f78793a2c0a78eb2875c74b3dd355438dc59f0d9c",
    "0x0e0a75c19a07df31662ea36f7879462c0a78eb28f5c70c1dd361438dc58f0d9c",
    "0x00000000000000000000000000feffff00001c000007e0ffffffffff07000000",
    "0x00001ffffffff000007fffffffff0000007f000000000000ffffffffffffffff",
    "0x0e0996c19a08d02e756ea36f7879462c0a78eb28f5c70b3dd43dc28dc58f0d9d"
  )
)

suite "Fuzzing failure #114: Fp12 BN254 Mul and add/sub are consistent":
  test $t114_cases.len & " failure cases are now successful":
    for i in 0..<t114_cases.len:
      check: test114(t114_cases[i].factor, t114_cases[i].a)