github.com/consensys/gnark-crypto@v0.14.0/ecc/bls12-378/twistededwards/eddsa/eddsa_test.go (about)

     1  // Copyright 2020 Consensys Software Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Code generated by consensys/gnark-crypto DO NOT EDIT
    16  
    17  package eddsa
    18  
    19  import (
    20  	"crypto/sha256"
    21  	"math/big"
    22  	"math/rand"
    23  	"testing"
    24  
    25  	crand "crypto/rand"
    26  
    27  	"fmt"
    28  
    29  	"github.com/consensys/gnark-crypto/ecc/bls12-378/fr"
    30  	"github.com/consensys/gnark-crypto/ecc/bls12-378/twistededwards"
    31  	"github.com/consensys/gnark-crypto/hash"
    32  )
    33  
    34  func Example() {
    35  	// instantiate hash function
    36  	hFunc := hash.MIMC_BLS12_378.New()
    37  
    38  	// create a eddsa key pair
    39  	privateKey, _ := GenerateKey(crand.Reader)
    40  	publicKey := privateKey.PublicKey
    41  
    42  	// generate a message (the size must be a multiple of the size of Fr)
    43  	var _msg fr.Element
    44  	_msg.SetRandom()
    45  	msg := _msg.Marshal()
    46  
    47  	// sign the message
    48  	signature, _ := privateKey.Sign(msg, hFunc)
    49  
    50  	// verifies signature
    51  	isValid, _ := publicKey.Verify(signature, msg, hFunc)
    52  	if !isValid {
    53  		fmt.Println("1. invalid signature")
    54  	} else {
    55  		fmt.Println("1. valid signature")
    56  	}
    57  
    58  	// Output: 1. valid signature
    59  }
    60  
    61  func TestNonMalleability(t *testing.T) {
    62  
    63  	// buffer too big
    64  	t.Run("buffer_overflow", func(t *testing.T) {
    65  		bsig := make([]byte, 2*sizeFr+1)
    66  		var sig Signature
    67  		_, err := sig.SetBytes(bsig)
    68  		if err != errWrongSize {
    69  			t.Fatal("should raise wrong size error")
    70  		}
    71  	})
    72  
    73  	// R overflows p_mod
    74  	t.Run("R_overflow", func(t *testing.T) {
    75  		bsig := make([]byte, 2*sizeFr)
    76  		frMod := fr.Modulus()
    77  		r := big.NewInt(1)
    78  		r.Add(frMod, r)
    79  		buf := r.Bytes()
    80  		for i := 0; i < sizeFr; i++ {
    81  			bsig[sizeFr-1-i] = buf[i]
    82  		}
    83  
    84  		var sig Signature
    85  		_, err := sig.SetBytes(bsig)
    86  		if err != errRBiggerThanPMod {
    87  			t.Fatal("should raise error r >= p_mod")
    88  		}
    89  	})
    90  
    91  	// S overflows r_mod
    92  	t.Run("S_overflow", func(t *testing.T) {
    93  		bsig := make([]byte, 2*sizeFr)
    94  		o := big.NewInt(1)
    95  		cp := twistededwards.GetEdwardsCurve()
    96  		o.Add(&cp.Order, o)
    97  		buf := o.Bytes()
    98  		copy(bsig[sizeFr:], buf[:])
    99  		big.NewInt(1).FillBytes(bsig[:sizeFr])
   100  
   101  		var sig Signature
   102  		_, err := sig.SetBytes(bsig)
   103  		if err != errSBiggerThanRMod {
   104  			t.Fatal("should raise error s >= r_mod")
   105  		}
   106  	})
   107  
   108  }
   109  
   110  func TestNoZeros(t *testing.T) {
   111  	t.Run("R.Y=0", func(t *testing.T) {
   112  		// R points are 0
   113  		var sig Signature
   114  		sig.R.X.SetInt64(1)
   115  		sig.R.Y.SetInt64(0)
   116  		s := big.NewInt(1)
   117  		s.FillBytes(sig.S[:])
   118  		bts := sig.Bytes()
   119  		var newSig Signature
   120  		_, err := newSig.SetBytes(bts)
   121  		if err != errZero {
   122  			t.Fatal("expected error for zero R.Y")
   123  		}
   124  	})
   125  	t.Run("S=0", func(t *testing.T) {
   126  		// S is 0
   127  		var R twistededwards.PointAffine
   128  		cp := twistededwards.GetEdwardsCurve()
   129  		R.ScalarMultiplication(&cp.Base, big.NewInt(1))
   130  		var sig Signature
   131  		sig.R.Set(&R)
   132  		bts := sig.Bytes()
   133  		var newSig Signature
   134  		_, err := newSig.SetBytes(bts)
   135  		if err != errZero {
   136  			t.Fatal("expected error for zero S")
   137  		}
   138  	})
   139  }
   140  
   141  func TestSerialization(t *testing.T) {
   142  
   143  	src := rand.NewSource(0)
   144  	r := rand.New(src) //#nosec G404 weak rng is fine here
   145  
   146  	privKey1, err := GenerateKey(r)
   147  	if err != nil {
   148  		t.Fatal(err)
   149  	}
   150  	pubKey1 := privKey1.PublicKey
   151  
   152  	privKey2, err := GenerateKey(r)
   153  	if err != nil {
   154  		t.Fatal(err)
   155  	}
   156  	pubKey2 := privKey2.PublicKey
   157  
   158  	pubKeyBin1 := pubKey1.Bytes()
   159  	pubKey2.SetBytes(pubKeyBin1)
   160  	pubKeyBin2 := pubKey2.Bytes()
   161  	if len(pubKeyBin1) != len(pubKeyBin2) {
   162  		t.Fatal("Inconsistent size")
   163  	}
   164  	for i := 0; i < len(pubKeyBin1); i++ {
   165  		if pubKeyBin1[i] != pubKeyBin2[i] {
   166  			t.Fatal("Error serialize(deserialize(.))")
   167  		}
   168  	}
   169  
   170  	privKeyBin1 := privKey1.Bytes()
   171  	privKey2.SetBytes(privKeyBin1)
   172  	privKeyBin2 := privKey2.Bytes()
   173  	if len(privKeyBin1) != len(privKeyBin2) {
   174  		t.Fatal("Inconsistent size")
   175  	}
   176  	for i := 0; i < len(privKeyBin1); i++ {
   177  		if privKeyBin1[i] != privKeyBin2[i] {
   178  			t.Fatal("Error serialize(deserialize(.))")
   179  		}
   180  	}
   181  }
   182  
   183  func TestEddsaMIMC(t *testing.T) {
   184  
   185  	src := rand.NewSource(0)
   186  	r := rand.New(src) //#nosec G404 weak rng is fine here
   187  
   188  	// create eddsa obj and sign a message
   189  	privKey, err := GenerateKey(r)
   190  	if err != nil {
   191  		t.Fatal(nil)
   192  	}
   193  	pubKey := privKey.PublicKey
   194  	hFunc := hash.MIMC_BLS12_378.New()
   195  
   196  	var frMsg fr.Element
   197  	frMsg.SetString("44717650746155748460101257525078853138837311576962212923649547644148297035978")
   198  	msgBin := frMsg.Bytes()
   199  	signature, err := privKey.Sign(msgBin[:], hFunc)
   200  	if err != nil {
   201  		t.Fatal(err)
   202  	}
   203  
   204  	// verifies correct msg
   205  	res, err := pubKey.Verify(signature, msgBin[:], hFunc)
   206  	if err != nil {
   207  		t.Fatal(err)
   208  	}
   209  	if !res {
   210  		t.Fatal("Verify correct signature should return true")
   211  	}
   212  
   213  	// verifies wrong msg
   214  	frMsg.SetString("44717650746155748460101257525078853138837311576962212923649547644148297035979")
   215  	msgBin = frMsg.Bytes()
   216  	res, err = pubKey.Verify(signature, msgBin[:], hFunc)
   217  	if err != nil {
   218  		t.Fatal(err)
   219  	}
   220  	if res {
   221  		t.Fatal("Verify wrong signature should be false")
   222  	}
   223  
   224  }
   225  
   226  func TestEddsaSHA256(t *testing.T) {
   227  
   228  	src := rand.NewSource(0)
   229  	r := rand.New(src) //#nosec G404 weak rng is fine here
   230  
   231  	hFunc := sha256.New()
   232  
   233  	// create eddsa obj and sign a message
   234  	// create eddsa obj and sign a message
   235  
   236  	privKey, err := GenerateKey(r)
   237  	pubKey := privKey.PublicKey
   238  	if err != nil {
   239  		t.Fatal(err)
   240  	}
   241  
   242  	signature, err := privKey.Sign([]byte("message"), hFunc)
   243  	if err != nil {
   244  		t.Fatal(err)
   245  	}
   246  
   247  	// verifies correct msg
   248  	res, err := pubKey.Verify(signature, []byte("message"), hFunc)
   249  	if err != nil {
   250  		t.Fatal(err)
   251  	}
   252  	if !res {
   253  		t.Fatal("Verify correct signature should return true")
   254  	}
   255  
   256  	// verifies wrong msg
   257  	res, err = pubKey.Verify(signature, []byte("wrong_message"), hFunc)
   258  	if err != nil {
   259  		t.Fatal(err)
   260  	}
   261  	if res {
   262  		t.Fatal("Verify wrong signature should be false")
   263  	}
   264  
   265  }
   266  
   267  // benchmarks
   268  
   269  func BenchmarkVerify(b *testing.B) {
   270  
   271  	src := rand.NewSource(0)
   272  	r := rand.New(src) //#nosec G404 weak rng is fine here
   273  
   274  	hFunc := hash.MIMC_BLS12_378.New()
   275  
   276  	// create eddsa obj and sign a message
   277  	privKey, err := GenerateKey(r)
   278  	pubKey := privKey.PublicKey
   279  	if err != nil {
   280  		b.Fatal(err)
   281  	}
   282  	var frMsg fr.Element
   283  	frMsg.SetString("44717650746155748460101257525078853138837311576962212923649547644148297035978")
   284  	msgBin := frMsg.Bytes()
   285  	signature, _ := privKey.Sign(msgBin[:], hFunc)
   286  
   287  	b.ResetTimer()
   288  	for i := 0; i < b.N; i++ {
   289  		pubKey.Verify(signature, msgBin[:], hFunc)
   290  	}
   291  }