github.com/aigarnetwork/aigar@v0.0.0-20191115204914-d59a6eb70f8e/crypto/bn256/google/bn256_test.go (about)

     1  //  Copyright 2018 The go-ethereum Authors
     2  //  Copyright 2019 The go-aigar Authors
     3  //  This file is part of the go-aigar library.
     4  //
     5  //  The go-aigar library is free software: you can redistribute it and/or modify
     6  //  it under the terms of the GNU Lesser General Public License as published by
     7  //  the Free Software Foundation, either version 3 of the License, or
     8  //  (at your option) any later version.
     9  //
    10  //  The go-aigar library is distributed in the hope that it will be useful,
    11  //  but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    13  //  GNU Lesser General Public License for more details.
    14  //
    15  //  You should have received a copy of the GNU Lesser General Public License
    16  //  along with the go-aigar library. If not, see <http://www.gnu.org/licenses/>.
    17  
    18  package bn256
    19  
    20  import (
    21  	"bytes"
    22  	"crypto/rand"
    23  	"math/big"
    24  	"testing"
    25  )
    26  
    27  func TestGFp2Invert(t *testing.T) {
    28  	pool := new(bnPool)
    29  
    30  	a := newGFp2(pool)
    31  	a.x.SetString("23423492374", 10)
    32  	a.y.SetString("12934872398472394827398470", 10)
    33  
    34  	inv := newGFp2(pool)
    35  	inv.Invert(a, pool)
    36  
    37  	b := newGFp2(pool).Mul(inv, a, pool)
    38  	if b.x.Int64() != 0 || b.y.Int64() != 1 {
    39  		t.Fatalf("bad result for a^-1*a: %s %s", b.x, b.y)
    40  	}
    41  
    42  	a.Put(pool)
    43  	b.Put(pool)
    44  	inv.Put(pool)
    45  
    46  	if c := pool.Count(); c > 0 {
    47  		t.Errorf("Pool count non-zero: %d\n", c)
    48  	}
    49  }
    50  
    51  func isZero(n *big.Int) bool {
    52  	return new(big.Int).Mod(n, P).Int64() == 0
    53  }
    54  
    55  func isOne(n *big.Int) bool {
    56  	return new(big.Int).Mod(n, P).Int64() == 1
    57  }
    58  
    59  func TestGFp6Invert(t *testing.T) {
    60  	pool := new(bnPool)
    61  
    62  	a := newGFp6(pool)
    63  	a.x.x.SetString("239487238491", 10)
    64  	a.x.y.SetString("2356249827341", 10)
    65  	a.y.x.SetString("082659782", 10)
    66  	a.y.y.SetString("182703523765", 10)
    67  	a.z.x.SetString("978236549263", 10)
    68  	a.z.y.SetString("64893242", 10)
    69  
    70  	inv := newGFp6(pool)
    71  	inv.Invert(a, pool)
    72  
    73  	b := newGFp6(pool).Mul(inv, a, pool)
    74  	if !isZero(b.x.x) ||
    75  		!isZero(b.x.y) ||
    76  		!isZero(b.y.x) ||
    77  		!isZero(b.y.y) ||
    78  		!isZero(b.z.x) ||
    79  		!isOne(b.z.y) {
    80  		t.Fatalf("bad result for a^-1*a: %s", b)
    81  	}
    82  
    83  	a.Put(pool)
    84  	b.Put(pool)
    85  	inv.Put(pool)
    86  
    87  	if c := pool.Count(); c > 0 {
    88  		t.Errorf("Pool count non-zero: %d\n", c)
    89  	}
    90  }
    91  
    92  func TestGFp12Invert(t *testing.T) {
    93  	pool := new(bnPool)
    94  
    95  	a := newGFp12(pool)
    96  	a.x.x.x.SetString("239846234862342323958623", 10)
    97  	a.x.x.y.SetString("2359862352529835623", 10)
    98  	a.x.y.x.SetString("928836523", 10)
    99  	a.x.y.y.SetString("9856234", 10)
   100  	a.x.z.x.SetString("235635286", 10)
   101  	a.x.z.y.SetString("5628392833", 10)
   102  	a.y.x.x.SetString("252936598265329856238956532167968", 10)
   103  	a.y.x.y.SetString("23596239865236954178968", 10)
   104  	a.y.y.x.SetString("95421692834", 10)
   105  	a.y.y.y.SetString("236548", 10)
   106  	a.y.z.x.SetString("924523", 10)
   107  	a.y.z.y.SetString("12954623", 10)
   108  
   109  	inv := newGFp12(pool)
   110  	inv.Invert(a, pool)
   111  
   112  	b := newGFp12(pool).Mul(inv, a, pool)
   113  	if !isZero(b.x.x.x) ||
   114  		!isZero(b.x.x.y) ||
   115  		!isZero(b.x.y.x) ||
   116  		!isZero(b.x.y.y) ||
   117  		!isZero(b.x.z.x) ||
   118  		!isZero(b.x.z.y) ||
   119  		!isZero(b.y.x.x) ||
   120  		!isZero(b.y.x.y) ||
   121  		!isZero(b.y.y.x) ||
   122  		!isZero(b.y.y.y) ||
   123  		!isZero(b.y.z.x) ||
   124  		!isOne(b.y.z.y) {
   125  		t.Fatalf("bad result for a^-1*a: %s", b)
   126  	}
   127  
   128  	a.Put(pool)
   129  	b.Put(pool)
   130  	inv.Put(pool)
   131  
   132  	if c := pool.Count(); c > 0 {
   133  		t.Errorf("Pool count non-zero: %d\n", c)
   134  	}
   135  }
   136  
   137  func TestCurveImpl(t *testing.T) {
   138  	pool := new(bnPool)
   139  
   140  	g := &curvePoint{
   141  		pool.Get().SetInt64(1),
   142  		pool.Get().SetInt64(-2),
   143  		pool.Get().SetInt64(1),
   144  		pool.Get().SetInt64(0),
   145  	}
   146  
   147  	x := pool.Get().SetInt64(32498273234)
   148  	X := newCurvePoint(pool).Mul(g, x, pool)
   149  
   150  	y := pool.Get().SetInt64(98732423523)
   151  	Y := newCurvePoint(pool).Mul(g, y, pool)
   152  
   153  	s1 := newCurvePoint(pool).Mul(X, y, pool).MakeAffine(pool)
   154  	s2 := newCurvePoint(pool).Mul(Y, x, pool).MakeAffine(pool)
   155  
   156  	if s1.x.Cmp(s2.x) != 0 ||
   157  		s2.x.Cmp(s1.x) != 0 {
   158  		t.Errorf("DH points don't match: (%s, %s) (%s, %s)", s1.x, s1.y, s2.x, s2.y)
   159  	}
   160  
   161  	pool.Put(x)
   162  	X.Put(pool)
   163  	pool.Put(y)
   164  	Y.Put(pool)
   165  	s1.Put(pool)
   166  	s2.Put(pool)
   167  	g.Put(pool)
   168  
   169  	if c := pool.Count(); c > 0 {
   170  		t.Errorf("Pool count non-zero: %d\n", c)
   171  	}
   172  }
   173  
   174  func TestOrderG1(t *testing.T) {
   175  	g := new(G1).ScalarBaseMult(Order)
   176  	if !g.p.IsInfinity() {
   177  		t.Error("G1 has incorrect order")
   178  	}
   179  
   180  	one := new(G1).ScalarBaseMult(new(big.Int).SetInt64(1))
   181  	g.Add(g, one)
   182  	g.p.MakeAffine(nil)
   183  	if g.p.x.Cmp(one.p.x) != 0 || g.p.y.Cmp(one.p.y) != 0 {
   184  		t.Errorf("1+0 != 1 in G1")
   185  	}
   186  }
   187  
   188  func TestOrderG2(t *testing.T) {
   189  	g := new(G2).ScalarBaseMult(Order)
   190  	if !g.p.IsInfinity() {
   191  		t.Error("G2 has incorrect order")
   192  	}
   193  
   194  	one := new(G2).ScalarBaseMult(new(big.Int).SetInt64(1))
   195  	g.Add(g, one)
   196  	g.p.MakeAffine(nil)
   197  	if g.p.x.x.Cmp(one.p.x.x) != 0 ||
   198  		g.p.x.y.Cmp(one.p.x.y) != 0 ||
   199  		g.p.y.x.Cmp(one.p.y.x) != 0 ||
   200  		g.p.y.y.Cmp(one.p.y.y) != 0 {
   201  		t.Errorf("1+0 != 1 in G2")
   202  	}
   203  }
   204  
   205  func TestOrderGT(t *testing.T) {
   206  	gt := Pair(&G1{curveGen}, &G2{twistGen})
   207  	g := new(GT).ScalarMult(gt, Order)
   208  	if !g.p.IsOne() {
   209  		t.Error("GT has incorrect order")
   210  	}
   211  }
   212  
   213  func TestBilinearity(t *testing.T) {
   214  	for i := 0; i < 2; i++ {
   215  		a, p1, _ := RandomG1(rand.Reader)
   216  		b, p2, _ := RandomG2(rand.Reader)
   217  		e1 := Pair(p1, p2)
   218  
   219  		e2 := Pair(&G1{curveGen}, &G2{twistGen})
   220  		e2.ScalarMult(e2, a)
   221  		e2.ScalarMult(e2, b)
   222  
   223  		minusE2 := new(GT).Neg(e2)
   224  		e1.Add(e1, minusE2)
   225  
   226  		if !e1.p.IsOne() {
   227  			t.Fatalf("bad pairing result: %s", e1)
   228  		}
   229  	}
   230  }
   231  
   232  func TestG1Marshal(t *testing.T) {
   233  	g := new(G1).ScalarBaseMult(new(big.Int).SetInt64(1))
   234  	form := g.Marshal()
   235  	_, err := new(G1).Unmarshal(form)
   236  	if err != nil {
   237  		t.Fatalf("failed to unmarshal")
   238  	}
   239  
   240  	g.ScalarBaseMult(Order)
   241  	form = g.Marshal()
   242  
   243  	g2 := new(G1)
   244  	if _, err = g2.Unmarshal(form); err != nil {
   245  		t.Fatalf("failed to unmarshal ∞")
   246  	}
   247  	if !g2.p.IsInfinity() {
   248  		t.Fatalf("∞ unmarshaled incorrectly")
   249  	}
   250  }
   251  
   252  func TestG2Marshal(t *testing.T) {
   253  	g := new(G2).ScalarBaseMult(new(big.Int).SetInt64(1))
   254  	form := g.Marshal()
   255  	_, err := new(G2).Unmarshal(form)
   256  	if err != nil {
   257  		t.Fatalf("failed to unmarshal")
   258  	}
   259  
   260  	g.ScalarBaseMult(Order)
   261  	form = g.Marshal()
   262  	g2 := new(G2)
   263  	if _, err = g2.Unmarshal(form); err != nil {
   264  		t.Fatalf("failed to unmarshal ∞")
   265  	}
   266  	if !g2.p.IsInfinity() {
   267  		t.Fatalf("∞ unmarshaled incorrectly")
   268  	}
   269  }
   270  
   271  func TestG1Identity(t *testing.T) {
   272  	g := new(G1).ScalarBaseMult(new(big.Int).SetInt64(0))
   273  	if !g.p.IsInfinity() {
   274  		t.Error("failure")
   275  	}
   276  }
   277  
   278  func TestG2Identity(t *testing.T) {
   279  	g := new(G2).ScalarBaseMult(new(big.Int).SetInt64(0))
   280  	if !g.p.IsInfinity() {
   281  		t.Error("failure")
   282  	}
   283  }
   284  
   285  func TestTripartiteDiffieHellman(t *testing.T) {
   286  	a, _ := rand.Int(rand.Reader, Order)
   287  	b, _ := rand.Int(rand.Reader, Order)
   288  	c, _ := rand.Int(rand.Reader, Order)
   289  
   290  	pa := new(G1)
   291  	pa.Unmarshal(new(G1).ScalarBaseMult(a).Marshal())
   292  	qa := new(G2)
   293  	qa.Unmarshal(new(G2).ScalarBaseMult(a).Marshal())
   294  	pb := new(G1)
   295  	pb.Unmarshal(new(G1).ScalarBaseMult(b).Marshal())
   296  	qb := new(G2)
   297  	qb.Unmarshal(new(G2).ScalarBaseMult(b).Marshal())
   298  	pc := new(G1)
   299  	pc.Unmarshal(new(G1).ScalarBaseMult(c).Marshal())
   300  	qc := new(G2)
   301  	qc.Unmarshal(new(G2).ScalarBaseMult(c).Marshal())
   302  
   303  	k1 := Pair(pb, qc)
   304  	k1.ScalarMult(k1, a)
   305  	k1Bytes := k1.Marshal()
   306  
   307  	k2 := Pair(pc, qa)
   308  	k2.ScalarMult(k2, b)
   309  	k2Bytes := k2.Marshal()
   310  
   311  	k3 := Pair(pa, qb)
   312  	k3.ScalarMult(k3, c)
   313  	k3Bytes := k3.Marshal()
   314  
   315  	if !bytes.Equal(k1Bytes, k2Bytes) || !bytes.Equal(k2Bytes, k3Bytes) {
   316  		t.Errorf("keys didn't agree")
   317  	}
   318  }
   319  
   320  func BenchmarkPairing(b *testing.B) {
   321  	for i := 0; i < b.N; i++ {
   322  		Pair(&G1{curveGen}, &G2{twistGen})
   323  	}
   324  }