github.com/phillinzzz/newBsc@v1.1.6/crypto/bls12381/pairing_test.go (about) 1 package bls12381 2 3 import ( 4 "math/big" 5 "testing" 6 7 "github.com/phillinzzz/newBsc/common" 8 ) 9 10 func TestPairingExpected(t *testing.T) { 11 bls := NewPairingEngine() 12 G1, G2 := bls.G1, bls.G2 13 GT := bls.GT() 14 expected, err := GT.FromBytes( 15 common.FromHex("" + 16 "0f41e58663bf08cf068672cbd01a7ec73baca4d72ca93544deff686bfd6df543d48eaa24afe47e1efde449383b676631" + 17 "04c581234d086a9902249b64728ffd21a189e87935a954051c7cdba7b3872629a4fafc05066245cb9108f0242d0fe3ef" + 18 "03350f55a7aefcd3c31b4fcb6ce5771cc6a0e9786ab5973320c806ad360829107ba810c5a09ffdd9be2291a0c25a99a2" + 19 "11b8b424cd48bf38fcef68083b0b0ec5c81a93b330ee1a677d0d15ff7b984e8978ef48881e32fac91b93b47333e2ba57" + 20 "06fba23eb7c5af0d9f80940ca771b6ffd5857baaf222eb95a7d2809d61bfe02e1bfd1b68ff02f0b8102ae1c2d5d5ab1a" + 21 "19f26337d205fb469cd6bd15c3d5a04dc88784fbb3d0b2dbdea54d43b2b73f2cbb12d58386a8703e0f948226e47ee89d" + 22 "018107154f25a764bd3c79937a45b84546da634b8f6be14a8061e55cceba478b23f7dacaa35c8ca78beae9624045b4b6" + 23 "01b2f522473d171391125ba84dc4007cfbf2f8da752f7c74185203fcca589ac719c34dffbbaad8431dad1c1fb597aaa5" + 24 "193502b86edb8857c273fa075a50512937e0794e1e65a7617c90d8bd66065b1fffe51d7a579973b1315021ec3c19934f" + 25 "1368bb445c7c2d209703f239689ce34c0378a68e72a6b3b216da0e22a5031b54ddff57309396b38c881c4c849ec23e87" + 26 "089a1c5b46e5110b86750ec6a532348868a84045483c92b7af5af689452eafabf1a8943e50439f1d59882a98eaa0170f" + 27 "1250ebd871fc0a92a7b2d83168d0d727272d441befa15c503dd8e90ce98db3e7b6d194f60839c508a84305aaca1789b6", 28 ), 29 ) 30 if err != nil { 31 t.Fatal(err) 32 } 33 r := bls.AddPair(G1.One(), G2.One()).Result() 34 if !r.Equal(expected) { 35 t.Fatal("bad pairing") 36 } 37 if !GT.IsValid(r) { 38 t.Fatal("element is not in correct subgroup") 39 } 40 } 41 42 func TestPairingNonDegeneracy(t *testing.T) { 43 bls := NewPairingEngine() 44 G1, G2 := bls.G1, bls.G2 45 g1Zero, g2Zero, g1One, g2One := G1.Zero(), G2.Zero(), G1.One(), G2.One() 46 GT := bls.GT() 47 // e(g1^a, g2^b) != 1 48 bls.Reset() 49 { 50 bls.AddPair(g1One, g2One) 51 e := bls.Result() 52 if e.IsOne() { 53 t.Fatal("pairing result is not expected to be one") 54 } 55 if !GT.IsValid(e) { 56 t.Fatal("pairing result is not valid") 57 } 58 } 59 // e(g1^a, 0) == 1 60 bls.Reset() 61 { 62 bls.AddPair(g1One, g2Zero) 63 e := bls.Result() 64 if !e.IsOne() { 65 t.Fatal("pairing result is expected to be one") 66 } 67 } 68 // e(0, g2^b) == 1 69 bls.Reset() 70 { 71 bls.AddPair(g1Zero, g2One) 72 e := bls.Result() 73 if !e.IsOne() { 74 t.Fatal("pairing result is expected to be one") 75 } 76 } 77 // 78 bls.Reset() 79 { 80 bls.AddPair(g1Zero, g2One) 81 bls.AddPair(g1One, g2Zero) 82 bls.AddPair(g1Zero, g2Zero) 83 e := bls.Result() 84 if !e.IsOne() { 85 t.Fatal("pairing result is expected to be one") 86 } 87 } 88 // 89 bls.Reset() 90 { 91 expected, err := GT.FromBytes( 92 common.FromHex("" + 93 "0f41e58663bf08cf068672cbd01a7ec73baca4d72ca93544deff686bfd6df543d48eaa24afe47e1efde449383b676631" + 94 "04c581234d086a9902249b64728ffd21a189e87935a954051c7cdba7b3872629a4fafc05066245cb9108f0242d0fe3ef" + 95 "03350f55a7aefcd3c31b4fcb6ce5771cc6a0e9786ab5973320c806ad360829107ba810c5a09ffdd9be2291a0c25a99a2" + 96 "11b8b424cd48bf38fcef68083b0b0ec5c81a93b330ee1a677d0d15ff7b984e8978ef48881e32fac91b93b47333e2ba57" + 97 "06fba23eb7c5af0d9f80940ca771b6ffd5857baaf222eb95a7d2809d61bfe02e1bfd1b68ff02f0b8102ae1c2d5d5ab1a" + 98 "19f26337d205fb469cd6bd15c3d5a04dc88784fbb3d0b2dbdea54d43b2b73f2cbb12d58386a8703e0f948226e47ee89d" + 99 "018107154f25a764bd3c79937a45b84546da634b8f6be14a8061e55cceba478b23f7dacaa35c8ca78beae9624045b4b6" + 100 "01b2f522473d171391125ba84dc4007cfbf2f8da752f7c74185203fcca589ac719c34dffbbaad8431dad1c1fb597aaa5" + 101 "193502b86edb8857c273fa075a50512937e0794e1e65a7617c90d8bd66065b1fffe51d7a579973b1315021ec3c19934f" + 102 "1368bb445c7c2d209703f239689ce34c0378a68e72a6b3b216da0e22a5031b54ddff57309396b38c881c4c849ec23e87" + 103 "089a1c5b46e5110b86750ec6a532348868a84045483c92b7af5af689452eafabf1a8943e50439f1d59882a98eaa0170f" + 104 "1250ebd871fc0a92a7b2d83168d0d727272d441befa15c503dd8e90ce98db3e7b6d194f60839c508a84305aaca1789b6", 105 ), 106 ) 107 if err != nil { 108 t.Fatal(err) 109 } 110 bls.AddPair(g1Zero, g2One) 111 bls.AddPair(g1One, g2Zero) 112 bls.AddPair(g1Zero, g2Zero) 113 bls.AddPair(g1One, g2One) 114 e := bls.Result() 115 if !e.Equal(expected) { 116 t.Fatal("bad pairing") 117 } 118 } 119 } 120 121 func TestPairingBilinearity(t *testing.T) { 122 bls := NewPairingEngine() 123 g1, g2 := bls.G1, bls.G2 124 gt := bls.GT() 125 // e(a*G1, b*G2) = e(G1, G2)^c 126 { 127 a, b := big.NewInt(17), big.NewInt(117) 128 c := new(big.Int).Mul(a, b) 129 G1, G2 := g1.One(), g2.One() 130 e0 := bls.AddPair(G1, G2).Result() 131 P1, P2 := g1.New(), g2.New() 132 g1.MulScalar(P1, G1, a) 133 g2.MulScalar(P2, G2, b) 134 e1 := bls.AddPair(P1, P2).Result() 135 gt.Exp(e0, e0, c) 136 if !e0.Equal(e1) { 137 t.Fatal("bad pairing, 1") 138 } 139 } 140 // e(a * G1, b * G2) = e((a + b) * G1, G2) 141 { 142 // scalars 143 a, b := big.NewInt(17), big.NewInt(117) 144 c := new(big.Int).Mul(a, b) 145 // LHS 146 G1, G2 := g1.One(), g2.One() 147 g1.MulScalar(G1, G1, c) 148 bls.AddPair(G1, G2) 149 // RHS 150 P1, P2 := g1.One(), g2.One() 151 g1.MulScalar(P1, P1, a) 152 g2.MulScalar(P2, P2, b) 153 bls.AddPairInv(P1, P2) 154 // should be one 155 if !bls.Check() { 156 t.Fatal("bad pairing, 2") 157 } 158 } 159 // e(a * G1, b * G2) = e((a + b) * G1, G2) 160 { 161 // scalars 162 a, b := big.NewInt(17), big.NewInt(117) 163 c := new(big.Int).Mul(a, b) 164 // LHS 165 G1, G2 := g1.One(), g2.One() 166 g2.MulScalar(G2, G2, c) 167 bls.AddPair(G1, G2) 168 // RHS 169 H1, H2 := g1.One(), g2.One() 170 g1.MulScalar(H1, H1, a) 171 g2.MulScalar(H2, H2, b) 172 bls.AddPairInv(H1, H2) 173 // should be one 174 if !bls.Check() { 175 t.Fatal("bad pairing, 3") 176 } 177 } 178 } 179 180 func TestPairingMulti(t *testing.T) { 181 // e(G1, G2) ^ t == e(a01 * G1, a02 * G2) * e(a11 * G1, a12 * G2) * ... * e(an1 * G1, an2 * G2) 182 // where t = sum(ai1 * ai2) 183 bls := NewPairingEngine() 184 g1, g2 := bls.G1, bls.G2 185 numOfPair := 100 186 targetExp := new(big.Int) 187 // RHS 188 for i := 0; i < numOfPair; i++ { 189 // (ai1 * G1, ai2 * G2) 190 a1, a2 := randScalar(q), randScalar(q) 191 P1, P2 := g1.One(), g2.One() 192 g1.MulScalar(P1, P1, a1) 193 g2.MulScalar(P2, P2, a2) 194 bls.AddPair(P1, P2) 195 // accumulate targetExp 196 // t += (ai1 * ai2) 197 a1.Mul(a1, a2) 198 targetExp.Add(targetExp, a1) 199 } 200 // LHS 201 // e(t * G1, G2) 202 T1, T2 := g1.One(), g2.One() 203 g1.MulScalar(T1, T1, targetExp) 204 bls.AddPairInv(T1, T2) 205 if !bls.Check() { 206 t.Fatal("fail multi pairing") 207 } 208 } 209 210 func TestPairingEmpty(t *testing.T) { 211 bls := NewPairingEngine() 212 if !bls.Check() { 213 t.Fatal("empty check should be accepted") 214 } 215 if !bls.Result().IsOne() { 216 t.Fatal("empty pairing result should be one") 217 } 218 } 219 220 func BenchmarkPairing(t *testing.B) { 221 bls := NewPairingEngine() 222 g1, g2, gt := bls.G1, bls.G2, bls.GT() 223 bls.AddPair(g1.One(), g2.One()) 224 e := gt.New() 225 t.ResetTimer() 226 for i := 0; i < t.N; i++ { 227 e = bls.calculate() 228 } 229 _ = e 230 }