You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

657 lines
20 KiB

  1. #[macro_use]
  2. extern crate arrayref;
  3. extern crate generic_array;
  4. extern crate mimc_rs;
  5. extern crate num;
  6. extern crate num_bigint;
  7. extern crate num_traits;
  8. extern crate rand;
  9. use blake2::{Blake2b, Digest};
  10. use mimc_rs::Mimc7;
  11. use poseidon_rs::Poseidon;
  12. use std::cmp::min;
  13. use num_bigint::{BigInt, RandBigInt, Sign, ToBigInt};
  14. use num_traits::{One, Zero};
  15. use generic_array::GenericArray;
  16. mod utils;
  17. #[macro_use]
  18. extern crate lazy_static;
  19. lazy_static! {
  20. static ref D: BigInt = BigInt::parse_bytes(b"168696", 10).unwrap();
  21. static ref A: BigInt = BigInt::parse_bytes(b"168700", 10).unwrap();
  22. static ref Q: BigInt = BigInt::parse_bytes(
  23. b"21888242871839275222246405745257275088548364400416034343698204186575808495617",
  24. 10,
  25. )
  26. .unwrap();
  27. static ref B8: Point = Point {
  28. x: BigInt::parse_bytes(
  29. b"5299619240641551281634865583518297030282874472190772894086521144482721001553",
  30. 10,
  31. )
  32. .unwrap(),
  33. y: BigInt::parse_bytes(
  34. b"16950150798460657717958625567821834550301663161624707787222815936182638968203",
  35. 10,
  36. )
  37. .unwrap(),
  38. };
  39. static ref ORDER: BigInt = BigInt::parse_bytes(
  40. b"21888242871839275222246405745257275088614511777268538073601725287587578984328",
  41. 10,
  42. )
  43. .unwrap();
  44. static ref SUBORDER: BigInt = &BigInt::parse_bytes(
  45. b"21888242871839275222246405745257275088614511777268538073601725287587578984328",
  46. 10,
  47. )
  48. .unwrap()
  49. >> 3;
  50. }
  51. #[derive(Clone, Debug)]
  52. pub struct Point {
  53. pub x: BigInt,
  54. pub y: BigInt,
  55. }
  56. impl Point {
  57. pub fn add(&self, q: &Point) -> Result<Point, String> {
  58. // x = (x1*y2+y1*x2)/(c*(1+d*x1*x2*y1*y2))
  59. // y = (y1*y2-x1*x2)/(c*(1-d*x1*x2*y1*y2))
  60. // x = (x1 * y2 + y1 * x2) / (1 + d * x1 * y1 * y2)
  61. let one: BigInt = One::one();
  62. let x_num: BigInt = &self.x * &q.y + &self.y * &q.x;
  63. let x_den: BigInt = &one + &D.clone() * &self.x * &q.x * &self.y * &q.y;
  64. let x_den_inv = utils::modinv(&x_den, &Q)?;
  65. let x: BigInt = utils::modulus(&(&x_num * &x_den_inv), &Q);
  66. // y = (y1 * y2 - a * x1 * x2) / (1 - d * x1 * x2 * y1 * y2)
  67. let y_num = &self.y * &q.y - &A.clone() * &self.x * &q.x;
  68. let y_den = utils::modulus(&(&one - &D.clone() * &self.x * &q.x * &self.y * &q.y), &Q);
  69. let y_den_inv = utils::modinv(&y_den, &Q)?;
  70. let y: BigInt = utils::modulus(&(&y_num * &y_den_inv), &Q);
  71. Ok(Point { x: x, y: y })
  72. }
  73. pub fn mul_scalar(&self, n: &BigInt) -> Result<Point, String> {
  74. let mut r: Point = Point {
  75. x: Zero::zero(),
  76. y: One::one(),
  77. };
  78. let mut rem: BigInt = n.clone();
  79. let mut exp: Point = self.clone();
  80. let zero: BigInt = Zero::zero();
  81. let one: BigInt = One::one();
  82. while rem != zero {
  83. let is_odd = &rem & &one == one;
  84. if is_odd == true {
  85. r = r.add(&exp)?;
  86. }
  87. exp = exp.add(&exp)?;
  88. rem = rem >> 1;
  89. }
  90. r.x = utils::modulus(&r.x, &Q);
  91. r.y = utils::modulus(&r.y, &Q);
  92. Ok(r)
  93. }
  94. pub fn compress(&self) -> [u8; 32] {
  95. let mut r: [u8; 32] = [0; 32];
  96. let (_, y_bytes) = self.y.to_bytes_le();
  97. let len = min(y_bytes.len(), r.len());
  98. r[..len].copy_from_slice(&y_bytes[..len]);
  99. if &self.x > &(&Q.clone() >> 1) {
  100. r[31] = r[31] | 0x80;
  101. }
  102. r
  103. }
  104. pub fn equals(&self, p: Point) -> bool {
  105. if self.x == p.x && self.y == p.y {
  106. return true;
  107. }
  108. false
  109. }
  110. }
  111. pub fn decompress_point(bb: [u8; 32]) -> Result<Point, String> {
  112. // https://tools.ietf.org/html/rfc8032#section-5.2.3
  113. let mut sign: bool = false;
  114. let mut b = bb.clone();
  115. if b[31] & 0x80 != 0x00 {
  116. sign = true;
  117. b[31] = b[31] & 0x7F;
  118. }
  119. let y: BigInt = BigInt::from_bytes_le(Sign::Plus, &b[..]);
  120. if y >= Q.clone() {
  121. return Err("y outside the Finite Field over R".to_string());
  122. }
  123. let one: BigInt = One::one();
  124. // x^2 = (1 - y^2) / (a - d * y^2) (mod p)
  125. let den = utils::modinv(
  126. &utils::modulus(
  127. &(&A.clone() - utils::modulus(&(&D.clone() * (&y * &y)), &Q)),
  128. &Q,
  129. ),
  130. &Q,
  131. )?;
  132. let mut x: BigInt = utils::modulus(&((one - utils::modulus(&(&y * &y), &Q)) * den), &Q);
  133. x = utils::modsqrt(&x, &Q)?;
  134. if sign && !(&x > &(&Q.clone() >> 1)) || (!sign && (&x > &(&Q.clone() >> 1))) {
  135. x = x * -1.to_bigint().unwrap();
  136. }
  137. x = utils::modulus(&x, &Q);
  138. Ok(Point { x: x, y: y })
  139. }
  140. pub struct Signature {
  141. r_b8: Point,
  142. s: BigInt,
  143. }
  144. impl Signature {
  145. pub fn compress(&self) -> [u8; 64] {
  146. let mut b: Vec<u8> = Vec::new();
  147. b.append(&mut self.r_b8.compress().to_vec());
  148. let (_, s_bytes) = self.s.to_bytes_le();
  149. let mut s_32bytes: [u8; 32] = [0; 32];
  150. let len = min(s_bytes.len(), s_32bytes.len());
  151. s_32bytes[..len].copy_from_slice(&s_bytes[..len]);
  152. b.append(&mut s_32bytes.to_vec());
  153. let mut r: [u8; 64] = [0; 64];
  154. r[..].copy_from_slice(&b[..]);
  155. r
  156. }
  157. }
  158. pub fn decompress_signature(b: &[u8; 64]) -> Result<Signature, String> {
  159. let r_b8_bytes: [u8; 32] = *array_ref!(b[..32], 0, 32);
  160. let s: BigInt = BigInt::from_bytes_le(Sign::Plus, &b[32..]);
  161. let r_b8 = decompress_point(r_b8_bytes);
  162. match r_b8 {
  163. Result::Err(err) => return Err(err.to_string()),
  164. Result::Ok(res) => Ok(Signature {
  165. r_b8: res.clone(),
  166. s: s,
  167. }),
  168. }
  169. }
  170. pub struct PrivateKey {
  171. key: BigInt,
  172. }
  173. impl PrivateKey {
  174. pub fn public(&self) -> Result<Point, String> {
  175. // https://tools.ietf.org/html/rfc8032#section-5.1.5
  176. let pk = B8.mul_scalar(&self.key)?;
  177. Ok(pk.clone())
  178. }
  179. pub fn sign_mimc(&self, msg: BigInt) -> Result<Signature, String> {
  180. // https://tools.ietf.org/html/rfc8032#section-5.1.6
  181. let mut hasher = Blake2b::new();
  182. let (_, sk_bytes) = self.key.to_bytes_be();
  183. hasher.input(sk_bytes);
  184. let mut h = hasher.result(); // h: hash(sk)
  185. // s: h[32:64]
  186. let s = GenericArray::<u8, generic_array::typenum::U32>::from_mut_slice(&mut h[32..64]);
  187. let (_, msg_bytes) = msg.to_bytes_be();
  188. let r_bytes = utils::concatenate_arrays(s, &msg_bytes);
  189. let mut r = BigInt::from_bytes_be(Sign::Plus, &r_bytes[..]);
  190. r = utils::modulus(&r, &SUBORDER);
  191. let r8: Point = B8.mul_scalar(&r)?;
  192. let a = &self.public()?;
  193. let hm_input = vec![r8.x.clone(), r8.y.clone(), a.x.clone(), a.y.clone(), msg];
  194. let mimc7 = Mimc7::new();
  195. let hm = mimc7.hash(hm_input)?;
  196. let mut s = &self.key << 3;
  197. s = hm * s;
  198. s = r + s;
  199. s = s % &SUBORDER.clone();
  200. Ok(Signature {
  201. r_b8: r8.clone(),
  202. s: s,
  203. })
  204. }
  205. pub fn sign_poseidon(&self, msg: BigInt) -> Result<Signature, String> {
  206. // https://tools.ietf.org/html/rfc8032#section-5.1.6
  207. let mut hasher = Blake2b::new();
  208. let (_, sk_bytes) = self.key.to_bytes_be();
  209. hasher.input(sk_bytes);
  210. let mut h = hasher.result(); // h: hash(sk)
  211. // s: h[32:64]
  212. let s = GenericArray::<u8, generic_array::typenum::U32>::from_mut_slice(&mut h[32..64]);
  213. let (_, msg_bytes) = msg.to_bytes_be();
  214. let r_bytes = utils::concatenate_arrays(s, &msg_bytes);
  215. let mut r = BigInt::from_bytes_be(Sign::Plus, &r_bytes[..]);
  216. r = utils::modulus(&r, &SUBORDER);
  217. let r8: Point = B8.mul_scalar(&r)?;
  218. let a = &self.public()?;
  219. let hm_input = vec![r8.x.clone(), r8.y.clone(), a.x.clone(), a.y.clone(), msg];
  220. let poseidon = Poseidon::new();
  221. let hm = poseidon.hash(hm_input)?;
  222. let mut s = &self.key << 3;
  223. s = hm * s;
  224. s = r + s;
  225. s = s % &SUBORDER.clone();
  226. Ok(Signature {
  227. r_b8: r8.clone(),
  228. s: s,
  229. })
  230. }
  231. pub fn sign_schnorr(&self, m: Vec<u8>) -> Result<(Point, BigInt), String> {
  232. // random r
  233. let mut rng = rand::thread_rng();
  234. let k = rng.gen_biguint(1024).to_bigint().unwrap();
  235. // r = k·G
  236. let r = B8.mul_scalar(&k)?;
  237. // h = H(x, r, m)
  238. let pk = &self.public()?;
  239. let h = schnorr_hash(&pk, m, &r)?;
  240. // s= k+x·h
  241. let s = k + &self.key * &h;
  242. Ok((r, s))
  243. }
  244. }
  245. pub fn schnorr_hash(pk: &Point, m: Vec<u8>, c: &Point) -> Result<BigInt, String> {
  246. let b: &mut Vec<u8> = &mut Vec::new();
  247. // other option could be to do it without compressing the points, and concatenating x|y
  248. b.append(&mut pk.compress().to_vec());
  249. b.append(&mut c.compress().to_vec());
  250. b.append(&mut m.clone());
  251. let poseidon = Poseidon::new();
  252. let h = poseidon.hash_bytes(b.to_vec())?;
  253. println!("h {:?}", h.to_string());
  254. Ok(h)
  255. }
  256. pub fn verify_schnorr(pk: Point, m: Vec<u8>, r: Point, s: BigInt) -> Result<bool, String> {
  257. // sG = s·G
  258. let sg = B8.mul_scalar(&s)?;
  259. // r + h · x
  260. let h = schnorr_hash(&pk, m, &r)?;
  261. let pk_h = pk.mul_scalar(&h)?;
  262. let right = r.add(&pk_h)?;
  263. Ok(sg.equals(right))
  264. }
  265. pub fn new_key() -> PrivateKey {
  266. // https://tools.ietf.org/html/rfc8032#section-5.1.5
  267. let mut rng = rand::thread_rng();
  268. let sk_raw = rng.gen_biguint(1024).to_bigint().unwrap();
  269. let mut hasher = Blake2b::new();
  270. let (_, sk_raw_bytes) = sk_raw.to_bytes_be();
  271. hasher.input(sk_raw_bytes);
  272. let mut h = hasher.result();
  273. h[0] = h[0] & 0xF8;
  274. h[31] = h[31] & 0x7F;
  275. h[31] = h[31] | 0x40;
  276. let sk = BigInt::from_bytes_le(Sign::Plus, &h[..]);
  277. PrivateKey { key: sk }
  278. }
  279. pub fn verify_mimc(pk: Point, sig: Signature, msg: BigInt) -> bool {
  280. let hm_input = vec![
  281. sig.r_b8.x.clone(),
  282. sig.r_b8.y.clone(),
  283. pk.x.clone(),
  284. pk.y.clone(),
  285. msg,
  286. ];
  287. let mimc7 = Mimc7::new();
  288. let hm = match mimc7.hash(hm_input) {
  289. Result::Err(_) => return false,
  290. Result::Ok(hm) => hm,
  291. };
  292. let l = match B8.mul_scalar(&sig.s) {
  293. Result::Err(_) => return false,
  294. Result::Ok(l) => l,
  295. };
  296. let r = match sig
  297. .r_b8
  298. .add(&pk.mul_scalar(&(8.to_bigint().unwrap() * hm)).unwrap())
  299. {
  300. Result::Err(_) => return false,
  301. Result::Ok(r) => r,
  302. };
  303. l.equals(r)
  304. }
  305. pub fn verify_poseidon(pk: Point, sig: Signature, msg: BigInt) -> bool {
  306. let hm_input = vec![
  307. sig.r_b8.x.clone(),
  308. sig.r_b8.y.clone(),
  309. pk.x.clone(),
  310. pk.y.clone(),
  311. msg,
  312. ];
  313. let poseidon = Poseidon::new();
  314. let hm = match poseidon.hash(hm_input) {
  315. Result::Err(_) => return false,
  316. Result::Ok(hm) => hm,
  317. };
  318. let l = match B8.mul_scalar(&sig.s) {
  319. Result::Err(_) => return false,
  320. Result::Ok(l) => l,
  321. };
  322. let r = match sig
  323. .r_b8
  324. .add(&pk.mul_scalar(&(8.to_bigint().unwrap() * hm)).unwrap())
  325. {
  326. Result::Err(_) => return false,
  327. Result::Ok(r) => r,
  328. };
  329. l.equals(r)
  330. }
  331. #[cfg(test)]
  332. mod tests {
  333. use super::*;
  334. extern crate rustc_hex;
  335. use rustc_hex::{FromHex, ToHex};
  336. #[test]
  337. fn test_add_same_point() {
  338. let p: Point = Point {
  339. x: BigInt::parse_bytes(
  340. b"17777552123799933955779906779655732241715742912184938656739573121738514868268",
  341. 10,
  342. )
  343. .unwrap(),
  344. y: BigInt::parse_bytes(
  345. b"2626589144620713026669568689430873010625803728049924121243784502389097019475",
  346. 10,
  347. )
  348. .unwrap(),
  349. };
  350. let q: Point = Point {
  351. x: BigInt::parse_bytes(
  352. b"17777552123799933955779906779655732241715742912184938656739573121738514868268",
  353. 10,
  354. )
  355. .unwrap(),
  356. y: BigInt::parse_bytes(
  357. b"2626589144620713026669568689430873010625803728049924121243784502389097019475",
  358. 10,
  359. )
  360. .unwrap(),
  361. };
  362. let res = p.add(&q).unwrap();
  363. assert_eq!(
  364. res.x.to_string(),
  365. "6890855772600357754907169075114257697580319025794532037257385534741338397365"
  366. );
  367. assert_eq!(
  368. res.y.to_string(),
  369. "4338620300185947561074059802482547481416142213883829469920100239455078257889"
  370. );
  371. }
  372. #[test]
  373. fn test_add_different_points() {
  374. let p: Point = Point {
  375. x: BigInt::parse_bytes(
  376. b"17777552123799933955779906779655732241715742912184938656739573121738514868268",
  377. 10,
  378. )
  379. .unwrap(),
  380. y: BigInt::parse_bytes(
  381. b"2626589144620713026669568689430873010625803728049924121243784502389097019475",
  382. 10,
  383. )
  384. .unwrap(),
  385. };
  386. let q: Point = Point {
  387. x: BigInt::parse_bytes(
  388. b"16540640123574156134436876038791482806971768689494387082833631921987005038935",
  389. 10,
  390. )
  391. .unwrap(),
  392. y: BigInt::parse_bytes(
  393. b"20819045374670962167435360035096875258406992893633759881276124905556507972311",
  394. 10,
  395. )
  396. .unwrap(),
  397. };
  398. let res = p.add(&q).unwrap();
  399. assert_eq!(
  400. res.x.to_string(),
  401. "7916061937171219682591368294088513039687205273691143098332585753343424131937"
  402. );
  403. assert_eq!(
  404. res.y.to_string(),
  405. "14035240266687799601661095864649209771790948434046947201833777492504781204499"
  406. );
  407. }
  408. #[test]
  409. fn test_mul_scalar() {
  410. let p: Point = Point {
  411. x: BigInt::parse_bytes(
  412. b"17777552123799933955779906779655732241715742912184938656739573121738514868268",
  413. 10,
  414. )
  415. .unwrap(),
  416. y: BigInt::parse_bytes(
  417. b"2626589144620713026669568689430873010625803728049924121243784502389097019475",
  418. 10,
  419. )
  420. .unwrap(),
  421. };
  422. let res_m = p.mul_scalar(&3.to_bigint().unwrap()).unwrap();
  423. let res_a = p.add(&p).unwrap();
  424. let res_a = res_a.add(&p).unwrap();
  425. assert_eq!(res_m.x, res_a.x);
  426. assert_eq!(
  427. res_m.x.to_string(),
  428. "19372461775513343691590086534037741906533799473648040012278229434133483800898"
  429. );
  430. assert_eq!(
  431. res_m.y.to_string(),
  432. "9458658722007214007257525444427903161243386465067105737478306991484593958249"
  433. );
  434. let n = BigInt::parse_bytes(
  435. b"14035240266687799601661095864649209771790948434046947201833777492504781204499",
  436. 10,
  437. )
  438. .unwrap();
  439. let res2 = p.mul_scalar(&n).unwrap();
  440. assert_eq!(
  441. res2.x.to_string(),
  442. "17070357974431721403481313912716834497662307308519659060910483826664480189605"
  443. );
  444. assert_eq!(
  445. res2.y.to_string(),
  446. "4014745322800118607127020275658861516666525056516280575712425373174125159339"
  447. );
  448. }
  449. #[test]
  450. fn test_new_key_sign_verify_mimc_0() {
  451. let sk = new_key();
  452. let pk = sk.public().unwrap();
  453. let msg = 5.to_bigint().unwrap();
  454. let sig = sk.sign_mimc(msg.clone()).unwrap();
  455. let v = verify_mimc(pk, sig, msg);
  456. assert_eq!(v, true);
  457. }
  458. #[test]
  459. fn test_new_key_sign_verify_mimc_1() {
  460. let sk = new_key();
  461. let pk = sk.public().unwrap();
  462. let msg = BigInt::parse_bytes(b"123456789012345678901234567890", 10).unwrap();
  463. let sig = sk.sign_mimc(msg.clone()).unwrap();
  464. let v = verify_mimc(pk, sig, msg);
  465. assert_eq!(v, true);
  466. }
  467. #[test]
  468. fn test_new_key_sign_verify_poseidon_0() {
  469. let sk = new_key();
  470. let pk = sk.public().unwrap();
  471. let msg = 5.to_bigint().unwrap();
  472. let sig = sk.sign_poseidon(msg.clone()).unwrap();
  473. let v = verify_poseidon(pk, sig, msg);
  474. assert_eq!(v, true);
  475. }
  476. #[test]
  477. fn test_new_key_sign_verify_poseidon_1() {
  478. let sk = new_key();
  479. let pk = sk.public().unwrap();
  480. let msg = BigInt::parse_bytes(b"123456789012345678901234567890", 10).unwrap();
  481. let sig = sk.sign_poseidon(msg.clone()).unwrap();
  482. let v = verify_poseidon(pk, sig, msg);
  483. assert_eq!(v, true);
  484. }
  485. #[test]
  486. fn test_point_compress_decompress() {
  487. let p: Point = Point {
  488. x: BigInt::parse_bytes(
  489. b"17777552123799933955779906779655732241715742912184938656739573121738514868268",
  490. 10,
  491. )
  492. .unwrap(),
  493. y: BigInt::parse_bytes(
  494. b"2626589144620713026669568689430873010625803728049924121243784502389097019475",
  495. 10,
  496. )
  497. .unwrap(),
  498. };
  499. let p_comp = p.compress();
  500. assert_eq!(
  501. p_comp[..].to_hex(),
  502. "53b81ed5bffe9545b54016234682e7b2f699bd42a5e9eae27ff4051bc698ce85"
  503. );
  504. let p2 = decompress_point(p_comp).unwrap();
  505. assert_eq!(p.x, p2.x);
  506. assert_eq!(p.y, p2.y);
  507. }
  508. #[test]
  509. fn test_point_decompress0() {
  510. let y_bytes_raw = "b5328f8791d48f20bec6e481d91c7ada235f1facf22547901c18656b6c3e042f"
  511. .from_hex()
  512. .unwrap();
  513. let mut y_bytes: [u8; 32] = [0; 32];
  514. y_bytes.copy_from_slice(&y_bytes_raw);
  515. let p = decompress_point(y_bytes).unwrap();
  516. let expected_px_raw = "b86cc8d9c97daef0afe1a4753c54fb2d8a530dc74c7eee4e72b3fdf2496d2113"
  517. .from_hex()
  518. .unwrap();
  519. let mut e_px_bytes: [u8; 32] = [0; 32];
  520. e_px_bytes.copy_from_slice(&expected_px_raw);
  521. let expected_px: BigInt = BigInt::from_bytes_le(Sign::Plus, &e_px_bytes);
  522. assert_eq!(&p.x, &expected_px);
  523. }
  524. #[test]
  525. fn test_point_decompress1() {
  526. let y_bytes_raw = "70552d3ff548e09266ded29b33ce75139672b062b02aa66bb0d9247ffecf1d0b"
  527. .from_hex()
  528. .unwrap();
  529. let mut y_bytes: [u8; 32] = [0; 32];
  530. y_bytes.copy_from_slice(&y_bytes_raw);
  531. let p = decompress_point(y_bytes).unwrap();
  532. let expected_px_raw = "30f1635ba7d56f9cb32c3ffbe6dca508a68c7f43936af11a23c785ce98cb3404"
  533. .from_hex()
  534. .unwrap();
  535. let mut e_px_bytes: [u8; 32] = [0; 32];
  536. e_px_bytes.copy_from_slice(&expected_px_raw);
  537. let expected_px: BigInt = BigInt::from_bytes_le(Sign::Plus, &e_px_bytes);
  538. assert_eq!(&p.x, &expected_px);
  539. }
  540. #[test]
  541. fn test_point_decompress_loop() {
  542. for _ in 0..5 {
  543. let mut rng = rand::thread_rng();
  544. let sk_raw = rng.gen_biguint(1024).to_bigint().unwrap();
  545. let mut hasher = Blake2b::new();
  546. let (_, sk_raw_bytes) = sk_raw.to_bytes_be();
  547. hasher.input(sk_raw_bytes);
  548. let mut h = hasher.result();
  549. h[0] = h[0] & 0xF8;
  550. h[31] = h[31] & 0x7F;
  551. h[31] = h[31] | 0x40;
  552. let sk = BigInt::from_bytes_le(Sign::Plus, &h[..]);
  553. let point = B8.mul_scalar(&sk).unwrap();
  554. let cmp_point = point.compress();
  555. let dcmp_point = decompress_point(cmp_point).unwrap();
  556. assert_eq!(&point.x, &dcmp_point.x);
  557. assert_eq!(&point.y, &dcmp_point.y);
  558. }
  559. }
  560. #[test]
  561. fn test_signature_compress_decompress() {
  562. let sk = new_key();
  563. let pk = sk.public().unwrap();
  564. for i in 0..5 {
  565. let msg_raw = "123456".to_owned() + &i.to_string();
  566. let msg = BigInt::parse_bytes(msg_raw.as_bytes(), 10).unwrap();
  567. let sig = sk.sign_mimc(msg.clone()).unwrap();
  568. let compressed_sig = sig.compress();
  569. let decompressed_sig = decompress_signature(&compressed_sig).unwrap();
  570. assert_eq!(&sig.r_b8.x, &decompressed_sig.r_b8.x);
  571. assert_eq!(&sig.r_b8.y, &decompressed_sig.r_b8.y);
  572. assert_eq!(&sig.s, &decompressed_sig.s);
  573. let v = verify_mimc(pk.clone(), decompressed_sig, msg);
  574. assert_eq!(v, true);
  575. }
  576. }
  577. #[test]
  578. fn test_schnorr_signature() {
  579. let sk = new_key();
  580. let pk = sk.public().unwrap();
  581. let msg: Vec<u8> = ("123456".to_owned() + &1.to_string()).as_bytes().to_vec();
  582. let (s, e) = sk.sign_schnorr(msg.clone()).unwrap();
  583. println!("s {:?}", s.x.to_string());
  584. println!("s {:?}", s.y.to_string());
  585. println!("e {:?}", e.to_string());
  586. let verification = verify_schnorr(pk, msg, s, e).unwrap();
  587. assert_eq!(true, verification);
  588. }
  589. }