You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

531 lines
16 KiB

4 years ago
  1. #![allow(unused)]
  2. use ark_ec::{
  3. AffineCurve, MontgomeryModelParameters, ProjectiveCurve, SWModelParameters, TEModelParameters,
  4. };
  5. use ark_ff::{Field, One, PrimeField, UniformRand, Zero};
  6. use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SWFlags, SerializationError};
  7. use ark_std::{io::Cursor, vec::Vec};
  8. use rand::SeedableRng;
  9. use rand_xorshift::XorShiftRng;
  10. pub const ITERATIONS: usize = 10;
  11. fn random_addition_test<G: ProjectiveCurve>() {
  12. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  13. for _ in 0..ITERATIONS {
  14. let a = G::rand(&mut rng);
  15. let b = G::rand(&mut rng);
  16. let c = G::rand(&mut rng);
  17. let a_affine = a.into_affine();
  18. let b_affine = b.into_affine();
  19. let c_affine = c.into_affine();
  20. // a + a should equal the doubling
  21. {
  22. let mut aplusa = a;
  23. aplusa.add_assign(&a);
  24. let mut aplusamixed = a;
  25. aplusamixed.add_assign_mixed(&a.into_affine());
  26. let mut adouble = a;
  27. adouble.double_in_place();
  28. assert_eq!(aplusa, adouble);
  29. assert_eq!(aplusa, aplusamixed);
  30. }
  31. let mut tmp = vec![G::zero(); 6];
  32. // (a + b) + c
  33. tmp[0] = (a + &b) + &c;
  34. // a + (b + c)
  35. tmp[1] = a + &(b + &c);
  36. // (a + c) + b
  37. tmp[2] = (a + &c) + &b;
  38. // Mixed addition
  39. // (a + b) + c
  40. tmp[3] = a_affine.into_projective();
  41. tmp[3].add_assign_mixed(&b_affine);
  42. tmp[3].add_assign_mixed(&c_affine);
  43. // a + (b + c)
  44. tmp[4] = b_affine.into_projective();
  45. tmp[4].add_assign_mixed(&c_affine);
  46. tmp[4].add_assign_mixed(&a_affine);
  47. // (a + c) + b
  48. tmp[5] = a_affine.into_projective();
  49. tmp[5].add_assign_mixed(&c_affine);
  50. tmp[5].add_assign_mixed(&b_affine);
  51. // Comparisons
  52. for i in 0..6 {
  53. for j in 0..6 {
  54. if tmp[i] != tmp[j] {
  55. println!("{} \n{}", tmp[i], tmp[j]);
  56. }
  57. assert_eq!(tmp[i], tmp[j], "Associativity failed {} {}", i, j);
  58. assert_eq!(
  59. tmp[i].into_affine(),
  60. tmp[j].into_affine(),
  61. "Associativity failed"
  62. );
  63. }
  64. assert!(tmp[i] != a);
  65. assert!(tmp[i] != b);
  66. assert!(tmp[i] != c);
  67. assert!(a != tmp[i]);
  68. assert!(b != tmp[i]);
  69. assert!(c != tmp[i]);
  70. }
  71. }
  72. }
  73. fn random_multiplication_test<G: ProjectiveCurve>() {
  74. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  75. for _ in 0..ITERATIONS {
  76. let mut a = G::rand(&mut rng);
  77. let mut b = G::rand(&mut rng);
  78. let a_affine = a.into_affine();
  79. let b_affine = b.into_affine();
  80. let s = G::ScalarField::rand(&mut rng);
  81. // s ( a + b )
  82. let mut tmp1 = a;
  83. tmp1.add_assign(&b);
  84. tmp1.mul_assign(s);
  85. // sa + sb
  86. a.mul_assign(s);
  87. b.mul_assign(s);
  88. let mut tmp2 = a;
  89. tmp2.add_assign(&b);
  90. // Affine multiplication
  91. let mut tmp3 = a_affine.mul(s.into_repr());
  92. tmp3.add_assign(&b_affine.mul(s.into_repr()));
  93. assert_eq!(tmp1, tmp2);
  94. assert_eq!(tmp1, tmp3);
  95. }
  96. }
  97. fn random_doubling_test<G: ProjectiveCurve>() {
  98. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  99. for _ in 0..ITERATIONS {
  100. let mut a = G::rand(&mut rng);
  101. let mut b = G::rand(&mut rng);
  102. // 2(a + b)
  103. let mut tmp1 = a;
  104. tmp1.add_assign(&b);
  105. tmp1.double_in_place();
  106. // 2a + 2b
  107. a.double_in_place();
  108. b.double_in_place();
  109. let mut tmp2 = a;
  110. tmp2.add_assign(&b);
  111. let mut tmp3 = a;
  112. tmp3.add_assign_mixed(&b.into_affine());
  113. assert_eq!(tmp1, tmp2);
  114. assert_eq!(tmp1, tmp3);
  115. }
  116. }
  117. fn random_negation_test<G: ProjectiveCurve>() {
  118. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  119. for _ in 0..ITERATIONS {
  120. let r = G::rand(&mut rng);
  121. let s = G::ScalarField::rand(&mut rng);
  122. let sneg = -s;
  123. assert!((s + &sneg).is_zero());
  124. let mut t1 = r;
  125. t1.mul_assign(s);
  126. let mut t2 = r;
  127. t2.mul_assign(sneg);
  128. let mut t3 = t1;
  129. t3.add_assign(&t2);
  130. assert!(t3.is_zero());
  131. let mut t4 = t1;
  132. t4.add_assign_mixed(&t2.into_affine());
  133. assert!(t4.is_zero());
  134. t1 = -t1;
  135. assert_eq!(t1, t2);
  136. }
  137. }
  138. fn random_transformation_test<G: ProjectiveCurve>() {
  139. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  140. for _ in 0..ITERATIONS {
  141. let g = G::rand(&mut rng);
  142. let g_affine = g.into_affine();
  143. let g_projective = g_affine.into_projective();
  144. assert_eq!(g, g_projective);
  145. }
  146. // Batch normalization
  147. for _ in 0..10 {
  148. let mut v = (0..ITERATIONS)
  149. .map(|_| G::rand(&mut rng))
  150. .collect::<Vec<_>>();
  151. for i in &v {
  152. assert!(!i.is_normalized());
  153. }
  154. use rand::distributions::{Distribution, Uniform};
  155. let between = Uniform::from(0..ITERATIONS);
  156. // Sprinkle in some normalized points
  157. for _ in 0..5 {
  158. v[between.sample(&mut rng)] = G::zero();
  159. }
  160. for _ in 0..5 {
  161. let s = between.sample(&mut rng);
  162. v[s] = v[s].into_affine().into_projective();
  163. }
  164. let expected_v = v
  165. .iter()
  166. .map(|v| v.into_affine().into_projective())
  167. .collect::<Vec<_>>();
  168. G::batch_normalization(&mut v);
  169. for i in &v {
  170. assert!(i.is_normalized());
  171. }
  172. assert_eq!(v, expected_v);
  173. }
  174. }
  175. pub fn curve_tests<G: ProjectiveCurve>() {
  176. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  177. // Negation edge case with zero.
  178. {
  179. let z = -G::zero();
  180. assert!(z.is_zero());
  181. }
  182. // Doubling edge case with zero.
  183. {
  184. let mut z = -G::zero();
  185. z.double_in_place();
  186. assert!(z.is_zero());
  187. }
  188. // Addition edge cases with zero
  189. {
  190. let mut r = G::rand(&mut rng);
  191. let rcopy = r;
  192. r.add_assign(&G::zero());
  193. assert_eq!(r, rcopy);
  194. r.add_assign_mixed(&G::Affine::zero());
  195. assert_eq!(r, rcopy);
  196. let mut z = G::zero();
  197. z.add_assign(&G::zero());
  198. assert!(z.is_zero());
  199. z.add_assign_mixed(&G::Affine::zero());
  200. assert!(z.is_zero());
  201. let mut z2 = z;
  202. z2.add_assign(&r);
  203. z.add_assign_mixed(&r.into_affine());
  204. assert_eq!(z, z2);
  205. assert_eq!(z, r);
  206. }
  207. // Transformations
  208. {
  209. let a = G::rand(&mut rng);
  210. let b = a.into_affine().into_projective();
  211. let c = a
  212. .into_affine()
  213. .into_projective()
  214. .into_affine()
  215. .into_projective();
  216. assert_eq!(a, b);
  217. assert_eq!(b, c);
  218. }
  219. // Test COFACTOR and COFACTOR_INV
  220. {
  221. let a = G::rand(&mut rng);
  222. let b = a.into_affine();
  223. let c = b.mul_by_cofactor_inv().mul_by_cofactor();
  224. assert_eq!(b, c);
  225. }
  226. random_addition_test::<G>();
  227. random_multiplication_test::<G>();
  228. random_doubling_test::<G>();
  229. random_negation_test::<G>();
  230. random_transformation_test::<G>();
  231. }
  232. pub fn sw_tests<P: SWModelParameters>() {
  233. sw_curve_serialization_test::<P>();
  234. sw_from_random_bytes::<P>();
  235. }
  236. pub fn sw_from_random_bytes<P: SWModelParameters>() {
  237. use ark_ec::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective};
  238. let buf_size = GroupAffine::<P>::zero().serialized_size();
  239. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  240. for _ in 0..ITERATIONS {
  241. let a = GroupProjective::<P>::rand(&mut rng);
  242. let mut a = a.into_affine();
  243. {
  244. let mut serialized = vec![0; buf_size];
  245. let mut cursor = Cursor::new(&mut serialized[..]);
  246. a.serialize(&mut cursor).unwrap();
  247. let mut cursor = Cursor::new(&serialized[..]);
  248. let p1 = GroupAffine::<P>::deserialize(&mut cursor).unwrap();
  249. let p2 = GroupAffine::<P>::from_random_bytes(&serialized).unwrap();
  250. assert_eq!(p1, p2);
  251. }
  252. }
  253. }
  254. pub fn sw_curve_serialization_test<P: SWModelParameters>() {
  255. use ark_ec::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective};
  256. let buf_size = GroupAffine::<P>::zero().serialized_size();
  257. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  258. for _ in 0..ITERATIONS {
  259. let a = GroupProjective::<P>::rand(&mut rng);
  260. let mut a = a.into_affine();
  261. {
  262. let mut serialized = vec![0; buf_size];
  263. let mut cursor = Cursor::new(&mut serialized[..]);
  264. a.serialize(&mut cursor).unwrap();
  265. let mut cursor = Cursor::new(&serialized[..]);
  266. let b = GroupAffine::<P>::deserialize(&mut cursor).unwrap();
  267. assert_eq!(a, b);
  268. }
  269. {
  270. a.y = -a.y;
  271. let mut serialized = vec![0; buf_size];
  272. let mut cursor = Cursor::new(&mut serialized[..]);
  273. a.serialize(&mut cursor).unwrap();
  274. let mut cursor = Cursor::new(&serialized[..]);
  275. let b = GroupAffine::<P>::deserialize(&mut cursor).unwrap();
  276. assert_eq!(a, b);
  277. }
  278. {
  279. let a = GroupAffine::<P>::zero();
  280. let mut serialized = vec![0; buf_size];
  281. let mut cursor = Cursor::new(&mut serialized[..]);
  282. a.serialize(&mut cursor).unwrap();
  283. let mut cursor = Cursor::new(&serialized[..]);
  284. let b = GroupAffine::<P>::deserialize(&mut cursor).unwrap();
  285. assert_eq!(a, b);
  286. }
  287. {
  288. let a = GroupAffine::<P>::zero();
  289. let mut serialized = vec![0; buf_size - 1];
  290. let mut cursor = Cursor::new(&mut serialized[..]);
  291. a.serialize(&mut cursor).unwrap_err();
  292. }
  293. {
  294. let serialized = vec![0; buf_size - 1];
  295. let mut cursor = Cursor::new(&serialized[..]);
  296. GroupAffine::<P>::deserialize(&mut cursor).unwrap_err();
  297. }
  298. {
  299. let mut serialized = vec![0; a.uncompressed_size()];
  300. let mut cursor = Cursor::new(&mut serialized[..]);
  301. a.serialize_uncompressed(&mut cursor).unwrap();
  302. let mut cursor = Cursor::new(&serialized[..]);
  303. let b = GroupAffine::<P>::deserialize_uncompressed(&mut cursor).unwrap();
  304. assert_eq!(a, b);
  305. }
  306. {
  307. a.y = -a.y;
  308. let mut serialized = vec![0; a.uncompressed_size()];
  309. let mut cursor = Cursor::new(&mut serialized[..]);
  310. a.serialize_uncompressed(&mut cursor).unwrap();
  311. let mut cursor = Cursor::new(&serialized[..]);
  312. let b = GroupAffine::<P>::deserialize_uncompressed(&mut cursor).unwrap();
  313. assert_eq!(a, b);
  314. }
  315. {
  316. let a = GroupAffine::<P>::zero();
  317. let mut serialized = vec![0; a.uncompressed_size()];
  318. let mut cursor = Cursor::new(&mut serialized[..]);
  319. a.serialize_uncompressed(&mut cursor).unwrap();
  320. let mut cursor = Cursor::new(&serialized[..]);
  321. let b = GroupAffine::<P>::deserialize_uncompressed(&mut cursor).unwrap();
  322. assert_eq!(a, b);
  323. }
  324. }
  325. }
  326. pub fn montgomery_conversion_test<P>()
  327. where
  328. P: TEModelParameters,
  329. {
  330. // A = 2 * (a + d) / (a - d)
  331. let a = P::BaseField::one().double()
  332. * &(P::COEFF_A + &P::COEFF_D)
  333. * &(P::COEFF_A - &P::COEFF_D).inverse().unwrap();
  334. // B = 4 / (a - d)
  335. let b = P::BaseField::one().double().double() * &(P::COEFF_A - &P::COEFF_D).inverse().unwrap();
  336. assert_eq!(a, P::MontgomeryModelParameters::COEFF_A);
  337. assert_eq!(b, P::MontgomeryModelParameters::COEFF_B);
  338. }
  339. pub fn edwards_tests<P: TEModelParameters>()
  340. where
  341. P::BaseField: PrimeField,
  342. {
  343. edwards_curve_serialization_test::<P>();
  344. edwards_from_random_bytes::<P>();
  345. }
  346. pub fn edwards_from_random_bytes<P: TEModelParameters>()
  347. where
  348. P::BaseField: PrimeField,
  349. {
  350. use ark_ec::models::twisted_edwards_extended::{GroupAffine, GroupProjective};
  351. use ark_ff::{to_bytes, ToBytes};
  352. let buf_size = GroupAffine::<P>::zero().serialized_size();
  353. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  354. for _ in 0..ITERATIONS {
  355. let a = GroupProjective::<P>::rand(&mut rng);
  356. let mut a = a.into_affine();
  357. {
  358. let mut serialized = vec![0; buf_size];
  359. let mut cursor = Cursor::new(&mut serialized[..]);
  360. a.serialize(&mut cursor).unwrap();
  361. let mut cursor = Cursor::new(&serialized[..]);
  362. let p1 = GroupAffine::<P>::deserialize(&mut cursor).unwrap();
  363. let p2 = GroupAffine::<P>::from_random_bytes(&serialized).unwrap();
  364. assert_eq!(p1, p2);
  365. }
  366. }
  367. for _ in 0..ITERATIONS {
  368. let mut biginteger =
  369. <<GroupAffine<P> as AffineCurve>::BaseField as PrimeField>::BigInt::rand(&mut rng);
  370. let mut bytes = to_bytes![biginteger].unwrap();
  371. let mut g = GroupAffine::<P>::from_random_bytes(&bytes);
  372. while g.is_none() {
  373. bytes.iter_mut().for_each(|i| *i = i.wrapping_sub(1));
  374. g = GroupAffine::<P>::from_random_bytes(&bytes);
  375. }
  376. let _g = g.unwrap();
  377. }
  378. }
  379. pub fn edwards_curve_serialization_test<P: TEModelParameters>() {
  380. use ark_ec::models::twisted_edwards_extended::{GroupAffine, GroupProjective};
  381. let buf_size = GroupAffine::<P>::zero().serialized_size();
  382. let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
  383. for _ in 0..ITERATIONS {
  384. let a = GroupProjective::<P>::rand(&mut rng);
  385. let a = a.into_affine();
  386. {
  387. let mut serialized = vec![0; buf_size];
  388. let mut cursor = Cursor::new(&mut serialized[..]);
  389. a.serialize(&mut cursor).unwrap();
  390. let mut cursor = Cursor::new(&serialized[..]);
  391. let b = GroupAffine::<P>::deserialize(&mut cursor).unwrap();
  392. assert_eq!(a, b);
  393. }
  394. {
  395. let a = GroupAffine::<P>::zero();
  396. let mut serialized = vec![0; buf_size];
  397. let mut cursor = Cursor::new(&mut serialized[..]);
  398. a.serialize(&mut cursor).unwrap();
  399. let mut cursor = Cursor::new(&serialized[..]);
  400. let b = GroupAffine::<P>::deserialize(&mut cursor).unwrap();
  401. assert_eq!(a, b);
  402. }
  403. {
  404. let a = GroupAffine::<P>::zero();
  405. let mut serialized = vec![0; buf_size - 1];
  406. let mut cursor = Cursor::new(&mut serialized[..]);
  407. a.serialize(&mut cursor).unwrap_err();
  408. }
  409. {
  410. let serialized = vec![0; buf_size - 1];
  411. let mut cursor = Cursor::new(&serialized[..]);
  412. GroupAffine::<P>::deserialize(&mut cursor).unwrap_err();
  413. }
  414. {
  415. let mut serialized = vec![0; a.uncompressed_size()];
  416. let mut cursor = Cursor::new(&mut serialized[..]);
  417. a.serialize_uncompressed(&mut cursor).unwrap();
  418. let mut cursor = Cursor::new(&serialized[..]);
  419. let b = GroupAffine::<P>::deserialize_uncompressed(&mut cursor).unwrap();
  420. assert_eq!(a, b);
  421. }
  422. {
  423. let a = GroupAffine::<P>::zero();
  424. let mut serialized = vec![0; a.uncompressed_size()];
  425. let mut cursor = Cursor::new(&mut serialized[..]);
  426. a.serialize_uncompressed(&mut cursor).unwrap();
  427. let mut cursor = Cursor::new(&serialized[..]);
  428. let b = GroupAffine::<P>::deserialize_uncompressed(&mut cursor).unwrap();
  429. assert_eq!(a, b);
  430. }
  431. }
  432. }