You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

98 lines
2.7 KiB

6 years ago
6 years ago
  1. const chai = require("chai");
  2. const path = require("path");
  3. const snarkjs = require("snarkjs");
  4. const compiler = require("circom");
  5. const eddsa = require("../src/eddsa.js");
  6. const assert = chai.assert;
  7. const bigInt = snarkjs.bigInt;
  8. describe("EdDSA MiMC test", function () {
  9. let circuit;
  10. this.timeout(100000);
  11. before( async () => {
  12. const cirDef = await compiler(path.join(__dirname, "circuits", "eddsamimc_test.circom"));
  13. circuit = new snarkjs.Circuit(cirDef);
  14. console.log("NConstrains EdDSA: " + circuit.nConstraints);
  15. });
  16. it("Sign a single number", async () => {
  17. const msg = bigInt(1234);
  18. const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
  19. const pubKey = eddsa.prv2pub(prvKey);
  20. const signature = eddsa.signMiMC(prvKey, msg);
  21. assert(eddsa.verifyMiMC(msg, signature, pubKey));
  22. const w = circuit.calculateWitness({
  23. enabled: 1,
  24. Ax: pubKey[0],
  25. Ay: pubKey[1],
  26. R8x: signature.R8[0],
  27. R8y: signature.R8[1],
  28. S: signature.S,
  29. M: msg});
  30. assert(circuit.checkWitness(w));
  31. });
  32. it("Detect Invalid signature", async () => {
  33. const msg = bigInt(1234);
  34. const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
  35. const pubKey = eddsa.prv2pub(prvKey);
  36. const signature = eddsa.signMiMC(prvKey, msg);
  37. assert(eddsa.verifyMiMC(msg, signature, pubKey));
  38. try {
  39. const w = circuit.calculateWitness({
  40. enabled: 1,
  41. Ax: pubKey[0],
  42. Ay: pubKey[1],
  43. R8x: signature.R8[0].add(bigInt(1)),
  44. R8y: signature.R8[1],
  45. S: signature.S,
  46. M: msg});
  47. assert(false);
  48. } catch(err) {
  49. assert.equal(err.message, "Constraint doesn't match: 1 != 0");
  50. }
  51. });
  52. it("Test a dissabled circuit with a bad signature", async () => {
  53. const msg = bigInt(1234);
  54. const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
  55. const pubKey = eddsa.prv2pub(prvKey);
  56. const signature = eddsa.signMiMC(prvKey, msg);
  57. assert(eddsa.verifyMiMC(msg, signature, pubKey));
  58. const w = circuit.calculateWitness({
  59. enabled: 0,
  60. Ax: pubKey[0],
  61. Ay: pubKey[1],
  62. R8x: signature.R8[0].add(bigInt(1)),
  63. R8y: signature.R8[1],
  64. S: signature.S,
  65. M: msg});
  66. assert(circuit.checkWitness(w));
  67. });
  68. });