More comprehensive scalar multiplication tests (#37)

2026-01-07 14:31:34 +01:00 · 2021-01-15 13:55:17 -08:00
parent 04b5ef1265
commit 6ed2450b55
1 changed files with 59 additions and 54 deletions
--- a/curve-constraint-tests/src/lib.rs
+++ b/curve-constraint-tests/src/lib.rs
@@ -236,11 +236,11 @@ pub mod fields {
 pub mod curves {
    use ark_ec::{
        short_weierstrass_jacobian::GroupProjective as SWProjective,
-        twisted_edwards_extended::GroupProjective as TEProjective, AffineCurve, ProjectiveCurve,
+        twisted_edwards_extended::GroupProjective as TEProjective, ProjectiveCurve,
    };
-    use ark_ff::{Field, PrimeField};
+    use ark_ff::{BitIteratorLE, Field, FpParameters, One, PrimeField};
    use ark_relations::r1cs::{ConstraintSystem, SynthesisError};
-    use ark_std::{test_rng, vec::Vec};
+    use ark_std::{test_rng, vec::Vec, UniformRand};

    use ark_r1cs_std::prelude::*;

@@ -325,6 +325,60 @@ pub mod curves {
                );
            }
            assert!(cs.is_satisfied().unwrap());
+
+            let modulus = <C::ScalarField as PrimeField>::Params::MODULUS
+                .as_ref()
+                .to_vec();
+            let mut max = modulus.clone();
+            for limb in &mut max {
+                *limb = u64::MAX;
+            }
+
+            let modulus_last_limb_bits = <C::ScalarField as PrimeField>::Params::MODULUS_BITS % 64;
+            *max.last_mut().unwrap() >>= 64 - modulus_last_limb_bits;
+            let scalars = [
+                C::ScalarField::rand(&mut rng).into_repr().as_ref().to_vec(),
+                vec![u64::rand(&mut rng)],
+                (-C::ScalarField::one()).into_repr().as_ref().to_vec(),
+                <C::ScalarField as PrimeField>::Params::MODULUS
+                    .as_ref()
+                    .to_vec(),
+                max,
+                vec![0; 50],
+                vec![1000012341233u64; 36],
+            ];
+
+            let mut input = vec![];
+
+            // Check scalar mul with edge cases
+            for scalar in scalars.iter() {
+                let native_result = a_native.mul(scalar);
+                let native_result = native_result.into_affine();
+
+                let scalar_bits: Vec<bool> = BitIteratorLE::new(&scalar).collect();
+                input =
+                    Vec::new_witness(ark_relations::ns!(cs, "bits"), || Ok(scalar_bits)).unwrap();
+                let result = a
+                    .scalar_mul_le(input.iter())
+                    .expect(&format!("Mode: {:?}", mode));
+                let result_val = result.value()?.into_affine();
+                assert_eq!(
+                    result_val, native_result,
+                    "gadget & native values are diff. after scalar mul {:?}",
+                    scalar,
+                );
+                assert!(cs.is_satisfied().unwrap());
+            }
+
+            let result = zero.scalar_mul_le(input.iter())?;
+            let result_val = result.value()?.into_affine();
+            result.enforce_equal(&zero)?;
+            assert_eq!(
+                result_val,
+                C::zero().into_affine(),
+                "gadget & native values are diff. after scalar mul of zero"
+            );
+            assert!(cs.is_satisfied().unwrap());
        }
        Ok(())
    }
@@ -335,6 +389,7 @@ pub mod curves {
        GG: CurveVar<SWProjective<P>, <P::BaseField as Field>::BasePrimeField>,
        for<'a> &'a GG: GroupOpsBounds<'a, SWProjective<P>, GG>,
    {
+        group_test::<SWProjective<P>, _, GG>()?;
        let modes = [
            AllocationMode::Input,
            AllocationMode::Witness,
@@ -342,11 +397,6 @@ pub mod curves {
        ];
        for &mode in &modes {
            use ark_ec::group::Group;
-            use ark_ff::{BitIteratorLE, Zero};
-            use ark_r1cs_std::prelude::*;
-            use ark_std::UniformRand;
-
-            group_test::<SWProjective<P>, _, GG>()?;

            let mut rng = test_rng();

@@ -393,32 +443,6 @@ pub mod curves {
            );
            assert!(cs.is_satisfied().unwrap());

-            // Check mul_bits
-            let scalar = P::ScalarField::rand(&mut rng);
-            let native_result = aa.into_affine().mul(scalar);
-            let native_result = native_result.into_affine();
-
-            let scalar: Vec<bool> = BitIteratorLE::new(scalar.into_repr()).collect();
-            let input: Vec<Boolean<_>> =
-                Vec::new_witness(ark_relations::ns!(cs, "bits"), || Ok(scalar)).unwrap();
-            let result = gadget_a.scalar_mul_le(input.iter())?;
-            let result_val = result.value()?.into_affine();
-            assert_eq!(
-                result_val, native_result,
-                "gadget & native values are diff. after scalar mul"
-            );
-            assert!(cs.is_satisfied().unwrap());
-
-            let result = zero.scalar_mul_le(input.iter())?;
-            let result_val = result.value()?.into_affine();
-            result.enforce_equal(&zero)?;
-            assert_eq!(
-                result_val,
-                SWProjective::zero(),
-                "gadget & native values are diff. after scalar mul of zero"
-            );
-            assert!(cs.is_satisfied().unwrap());
-
            if !cs.is_satisfied().unwrap() {
                panic!(
                    "Unsatisfied in mode {:?}.\n{:?}",
@@ -438,6 +462,7 @@ pub mod curves {
        GG: CurveVar<TEProjective<P>, <P::BaseField as Field>::BasePrimeField>,
        for<'a> &'a GG: GroupOpsBounds<'a, TEProjective<P>, GG>,
    {
+        group_test::<TEProjective<P>, _, GG>()?;
        let modes = [
            AllocationMode::Input,
            AllocationMode::Witness,
@@ -445,10 +470,6 @@ pub mod curves {
        ];
        for &mode in &modes {
            use ark_ec::group::Group;
-            use ark_ff::BitIteratorLE;
-            use ark_std::UniformRand;
-
-            group_test::<TEProjective<P>, _, GG>()?;

            let mut rng = test_rng();

@@ -492,22 +513,6 @@ pub mod curves {
            );
            assert!(cs.is_satisfied().unwrap());

-            // Check mul_bits
-            let scalar = P::ScalarField::rand(&mut rng);
-            let native_result = AffineCurve::mul(&aa.into_affine(), scalar);
-            let native_result = native_result.into_affine();
-
-            let scalar: Vec<bool> = BitIteratorLE::new(scalar.into_repr()).collect();
-            let input: Vec<Boolean<_>> =
-                Vec::new_witness(ark_relations::ns!(cs, "bits"), || Ok(scalar)).unwrap();
-            let result = gadget_a.scalar_mul_le(input.iter())?;
-            let result_val = result.value()?.into_affine();
-            assert_eq!(
-                result_val, native_result,
-                "gadget & native values are diff. after scalar mul"
-            );
-            assert!(cs.is_satisfied().unwrap());
-
            if !cs.is_satisfied().unwrap() {
                panic!(
                    "Unsatisfied in mode {:?}.\n{:?}",