You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
131 lines
4.0 KiB
131 lines
4.0 KiB
import unittest, operator
|
|
load("sigma.sage")
|
|
|
|
# Tests for Sigma protocol & OR proofs
|
|
|
|
|
|
# ethereum elliptic curve
|
|
p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
|
|
a = 0
|
|
b = 7
|
|
F = GF(p)
|
|
E = EllipticCurve(F, [a,b])
|
|
GX = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
|
|
GY = 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8
|
|
g = E(GX,GY)
|
|
n = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
|
|
h = 1
|
|
q = g.order()
|
|
assert is_prime(p)
|
|
assert is_prime(q)
|
|
|
|
class TestSigmaProtocol(unittest.TestCase):
|
|
def test_interactive(self):
|
|
alice = Prover_interactive(F, g)
|
|
|
|
# Alice generates witness w & statement X
|
|
X = alice.new_key()
|
|
assert X == alice.g * int(alice.w)
|
|
|
|
# Alice generates the commitment A
|
|
A = alice.new_commitment()
|
|
assert A == alice.g * int(alice.a)
|
|
|
|
# Bob generates the challenge (and stores A)
|
|
bob = Verifier_interactive(F, g)
|
|
c = bob.new_challenge(A)
|
|
|
|
# Alice generates the proof
|
|
z = alice.gen_proof(c)
|
|
|
|
# Bob verifies the proof
|
|
assert bob.verify(X, z)
|
|
|
|
# check with the generic_verify function
|
|
assert generic_verify(g, X, A, c, z)
|
|
|
|
def test_non_interactive(self):
|
|
alice = Prover(F, g)
|
|
|
|
# Alice generates witness w & statement X
|
|
X = alice.new_key()
|
|
assert X == alice.g * int(alice.w)
|
|
|
|
# Alice generates the proof
|
|
A, z = alice.gen_proof(X)
|
|
|
|
# Bob generates the challenge
|
|
bob = Verifier(F, g)
|
|
|
|
# Bob verifies the proof
|
|
assert bob.verify(X, A, z)
|
|
|
|
# check with the generic_verify function
|
|
c = hash_two_points(A, X)
|
|
assert generic_verify(g, X, A, c, z)
|
|
|
|
def test_simulator(self):
|
|
sim = Simulator(F, g)
|
|
|
|
# set a public key X, for which we don't know w
|
|
unknown_w = 3
|
|
X = g * unknown_w
|
|
|
|
# simulate for X
|
|
A, c, z = sim.simulate(X)
|
|
|
|
# verify the simulated proof
|
|
assert generic_verify(g, X, A, c, z)
|
|
|
|
class TestORProof(unittest.TestCase):
|
|
def test_2_parties(self):
|
|
# set a public key X, for which we don't know w
|
|
unknown_w = 3
|
|
X_1 = g * unknown_w
|
|
|
|
alice = ORProver_2parties(F, g)
|
|
|
|
# Alice generates key pair
|
|
X = alice.new_key()
|
|
Xs = [X, X_1]
|
|
# Alice generates commitments (internally running the simulator)
|
|
As = alice.gen_commitments(Xs)
|
|
|
|
# Bob generates the challenge (and stores As)
|
|
bob = ORVerifier_2parties(F, g)
|
|
s = bob.new_challenge(As)
|
|
|
|
# Alice generates the ORproof
|
|
cs, zs = alice.gen_proof(s)
|
|
|
|
# Bob verifies the proofs
|
|
bob.verify(Xs, cs, zs)
|
|
|
|
def test_n_parties(self):
|
|
# set n public keys X, for which we don't know w
|
|
Xs = []
|
|
for i in range(10):
|
|
X_i = g * i
|
|
Xs.append(X_i)
|
|
|
|
alice = ORProver(F, g)
|
|
|
|
# Alice generates key pair
|
|
X = alice.new_key()
|
|
Xs.insert(0, X) # add X at the begining of Xs array
|
|
|
|
# Alice generates commitments (internally running the simulator)
|
|
As = alice.gen_commitments(Xs)
|
|
|
|
# Bob generates the challenge (and stores As)
|
|
bob = ORVerifier(F, g)
|
|
s = bob.new_challenge(As)
|
|
|
|
# Alice generates the ORproof
|
|
cs, zs = alice.gen_proof(s)
|
|
|
|
# Bob verifies the proofs
|
|
bob.verify(Xs, cs, zs)
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main()
|