arnaucube/miden-crypto
1
0
Fork 0
mirror of https://github.com/arnaucube/miden-crypto.git synced 2026-01-10 16:11:30 +01:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: arnaucube:v0.9.1
Branches Tags
arnaucube:next arnaucube:main arnaucube:rpo-dsa arnaucube:al-update-winterfell arnaucube:al-falcon-test-vectors arnaucube:km/mkdocs-impl arnaucube:al-gkr-basic-workflow
arnaucube:v0.13.2 arnaucube:v0.13.1 arnaucube:v0.13.0 arnaucube:v0.12.0 arnaucube:v0.11.0 arnaucube:v0.10.1 arnaucube:v0.10.0 arnaucube:v0.9.3 arnaucube:v0.9.2 arnaucube:v0.9.1 arnaucube:v0.9.0 arnaucube:v0.8.2 arnaucube:v0.8.1 arnaucube:v0.8.0 arnaucube:v0.7.1 arnaucube:v0.7.0 arnaucube:v0.6.0 arnaucube:v0.5.0 arnaucube:v0.4.0 arnaucube:v0.3.0 arnaucube:v0.2.0 arnaucube:v0.1.3 arnaucube:v0.1.2 arnaucube:v0.1.1
...
compare: arnaucube:al-falcon-test-vectors
Branches Tags
arnaucube:next arnaucube:main arnaucube:rpo-dsa arnaucube:al-update-winterfell arnaucube:al-falcon-test-vectors arnaucube:km/mkdocs-impl arnaucube:al-gkr-basic-workflow
arnaucube:v0.13.2 arnaucube:v0.13.1 arnaucube:v0.13.0 arnaucube:v0.12.0 arnaucube:v0.11.0 arnaucube:v0.10.1 arnaucube:v0.10.0 arnaucube:v0.9.3 arnaucube:v0.9.2 arnaucube:v0.9.1 arnaucube:v0.9.0 arnaucube:v0.8.2 arnaucube:v0.8.1 arnaucube:v0.8.0 arnaucube:v0.7.1 arnaucube:v0.7.0 arnaucube:v0.6.0 arnaucube:v0.5.0 arnaucube:v0.4.0 arnaucube:v0.3.0 arnaucube:v0.2.0 arnaucube:v0.1.3 arnaucube:v0.1.2 arnaucube:v0.1.1

9 Commits
v0.9.1 ... al-falcon-

Author SHA1 Message Date
Al-Kindi-0
c2532fd843 fix: clippy warnings 2024-04-26 09:09:38 +02:00
Al-Kindi-0
9c10f21dfd feat: add test vectors for Falcon DSA 2024-04-25 16:58:39 +02:00
Al-Kindi-0
3a3bd61152 fix: nostd issue 2024-04-25 16:58:39 +02:00
Al-Kindi-0
6e2657dae1 fix: bug in Falcon secret key basis order 2024-04-25 16:58:39 +02:00
Bobbin Threadbare
2b6d8d11ae chore: increment crate version to v0.9.3 and update changelog 2024-04-24 00:50:38 -07:00
Menko
d7868c5863 feat: add rpx random coin (#307) 2024-04-24 00:40:42 -07:00
Bobbin Threadbare
43fe7a1072 chore: increment crate version to 0.9.2 and update changelog 2024-04-21 01:14:18 -07:00
Al-Kindi-0
bb42388827 fix: bug in Falcon secret key basis order (#305) 2024-04-21 01:14:18 -07:00
Dominik Schmid
2a0ae70645 feature: adding serialization to the SMT (#304) 2024-04-21 01:14:18 -07:00
13 changed files with 2597 additions and 283 deletions
Expand all files Collapse all files

9
CHANGELOG.md
View File

@@ -1,3 +1,12 @@
## 0.9.3 (2024-04-24)
* Added `RpxRandomCoin` struct (#307).
## 0.9.2 (2024-04-21)
* Implemented serialization for the `Smt` struct (#304).
* Fixed a bug in Falcon signature generation (#305).
## 0.9.1 (2024-04-02)
* Added `num_leaves()` method to `SimpleSmt` (#302).

130
Cargo.lock generated
View File

@@ -128,9 +128,9 @@ dependencies = [
[[package]]
name = "bumpalo"
version = "3.15.4"
version = "3.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ff69b9dd49fd426c69a0db9fc04dd934cdb6645ff000864d98f7e2af8830eaa"
checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
[[package]]
name = "cast"
@@ -140,12 +140,13 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
[[package]]
name = "cc"
version = "1.0.90"
version = "1.0.95"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8cd6604a82acf3039f1144f54b8eb34e91ffba622051189e71b781822d5ee1f5"
checksum = "d32a725bc159af97c3e629873bb9f88fb8cf8a4867175f76dc987815ea07c83b"
dependencies = [
"jobserver",
"libc",
"once_cell",
]
[[package]]
@@ -331,9 +332,9 @@ dependencies = [
[[package]]
name = "either"
version = "1.10.0"
version = "1.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "11157ac094ffbdde99aa67b23417ebdd801842852b500e395a45a9c0aac03e4a"
checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2"
[[package]]
name = "errno"
@@ -369,9 +370,9 @@ dependencies = [
[[package]]
name = "getrandom"
version = "0.2.12"
version = "0.2.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5"
checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c"
dependencies = [
"cfg-if",
"js-sys",
@@ -388,9 +389,9 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
[[package]]
name = "half"
version = "2.4.0"
version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5eceaaeec696539ddaf7b333340f1af35a5aa87ae3e4f3ead0532f72affab2e"
checksum = "6dd08c532ae367adf81c312a4580bc67f1d0fe8bc9c460520283f4c0ff277888"
dependencies = [
"cfg-if",
"crunchy",
@@ -442,9 +443,9 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
[[package]]
name = "jobserver"
version = "0.1.28"
version = "0.1.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ab46a6e9526ddef3ae7f787c06f0f2600639ba80ea3eade3d8e670a2230f51d6"
checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e"
dependencies = [
"libc",
]
@@ -505,7 +506,7 @@ checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d"
[[package]]
name = "miden-crypto"
version = "0.9.1"
version = "0.9.3"
dependencies = [
"blake3",
"cc",
@@ -531,9 +532,9 @@ dependencies = [
[[package]]
name = "num"
version = "0.4.1"
version = "0.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b05180d69e3da0e530ba2a1dae5110317e49e3b7f3d41be227dc5f92e49ee7af"
checksum = "3135b08af27d103b0a51f2ae0f8632117b7b185ccf931445affa8df530576a41"
dependencies = [
"num-bigint",
"num-complex",
@@ -653,9 +654,9 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
[[package]]
name = "proc-macro2"
version = "1.0.79"
version = "1.0.81"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e"
checksum = "3d1597b0c024618f09a9c3b8655b7e430397a36d23fdafec26d6965e9eec3eba"
dependencies = [
"unicode-ident",
]
@@ -688,9 +689,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
[[package]]
name = "quote"
version = "1.0.35"
version = "1.0.36"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
dependencies = [
"proc-macro2",
]
@@ -785,9 +786,9 @@ checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56"
[[package]]
name = "rustix"
version = "0.38.32"
version = "0.38.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "65e04861e65f21776e67888bfbea442b3642beaa0138fdb1dd7a84a52dffdb89"
checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f"
dependencies = [
"bitflags",
"errno",
@@ -831,18 +832,18 @@ checksum = "a3f0bf26fd526d2a95683cd0f87bf103b8539e2ca1ef48ce002d67aad59aa0b4"
[[package]]
name = "serde"
version = "1.0.197"
version = "1.0.198"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2"
checksum = "9846a40c979031340571da2545a4e5b7c4163bdae79b301d5f86d03979451fcc"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.197"
version = "1.0.198"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b"
checksum = "e88edab869b01783ba905e7d0153f9fc1a6505a96e4ad3018011eedb838566d9"
dependencies = [
"proc-macro2",
"quote",
@@ -851,9 +852,9 @@ dependencies = [
[[package]]
name = "serde_json"
version = "1.0.115"
version = "1.0.116"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "12dc5c46daa8e9fdf4f5e71b6cf9a53f2487da0e86e55808e2d35539666497dd"
checksum = "3e17db7126d17feb94eb3fad46bf1a96b034e8aacbc2e775fe81505f8b0b2813"
dependencies = [
"itoa",
"ryu",
@@ -872,15 +873,15 @@ dependencies = [
[[package]]
name = "strsim"
version = "0.11.0"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5ee073c9e4cd00e28217186dbe12796d692868f432bf2e97ee73bed0c56dfa01"
checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
[[package]]
name = "syn"
version = "2.0.57"
version = "2.0.60"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "11a6ae1e52eb25aab8f3fb9fca13be982a373b8f1157ca14b897a825ba4a2d35"
checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3"
dependencies = [
"proc-macro2",
"quote",
@@ -1028,37 +1029,15 @@ dependencies = [
"wasm-bindgen",
]
[[package]]
name = "winapi"
version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
dependencies = [
"winapi-i686-pc-windows-gnu",
"winapi-x86_64-pc-windows-gnu",
]
[[package]]
name = "winapi-i686-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
[[package]]
name = "winapi-util"
version = "0.1.6"
version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596"
checksum = "134306a13c5647ad6453e8deaec55d3a44d6021970129e6188735e74bf546697"
dependencies = [
"winapi",
"windows-sys",
]
[[package]]
name = "winapi-x86_64-pc-windows-gnu"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
[[package]]
name = "windows-sys"
version = "0.52.0"
@@ -1070,13 +1049,14 @@ dependencies = [
[[package]]
name = "windows-targets"
version = "0.52.4"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7dd37b7e5ab9018759f893a1952c9420d060016fc19a472b4bb20d1bdd694d1b"
checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb"
dependencies = [
"windows_aarch64_gnullvm",
"windows_aarch64_msvc",
"windows_i686_gnu",
"windows_i686_gnullvm",
"windows_i686_msvc",
"windows_x86_64_gnu",
"windows_x86_64_gnullvm",
@@ -1085,45 +1065,51 @@ dependencies = [
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.52.4"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bcf46cf4c365c6f2d1cc93ce535f2c8b244591df96ceee75d8e83deb70a9cac9"
checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263"
[[package]]
name = "windows_aarch64_msvc"
version = "0.52.4"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da9f259dd3bcf6990b55bffd094c4f7235817ba4ceebde8e6d11cd0c5633b675"
checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6"
[[package]]
name = "windows_i686_gnu"
version = "0.52.4"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b474d8268f99e0995f25b9f095bc7434632601028cf86590aea5c8a5cb7801d3"
checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670"
[[package]]
name = "windows_i686_gnullvm"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9"
[[package]]
name = "windows_i686_msvc"
version = "0.52.4"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1515e9a29e5bed743cb4415a9ecf5dfca648ce85ee42e15873c3cd8610ff8e02"
checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf"
[[package]]
name = "windows_x86_64_gnu"
version = "0.52.4"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5eee091590e89cc02ad514ffe3ead9eb6b660aedca2183455434b93546371a03"
checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9"
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.52.4"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77ca79f2451b49fa9e2af39f0747fe999fcda4f5e241b2898624dca97a1f2177"
checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596"
[[package]]
name = "windows_x86_64_msvc"
version = "0.52.4"
version = "0.52.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8"
checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0"
[[package]]
name = "winter-crypto"

4
Cargo.toml
View File

@@ -1,12 +1,12 @@
[package]
name = "miden-crypto"
version = "0.9.1"
version = "0.9.3"
description = "Miden Cryptographic primitives"
authors = ["miden contributors"]
readme = "README.md"
license = "MIT"
repository = "https://github.com/0xPolygonMiden/crypto"
documentation = "https://docs.rs/miden-crypto/0.9.1"
documentation = "https://docs.rs/miden-crypto/0.9.3"
categories = ["cryptography", "no-std"]
keywords = ["miden", "crypto", "hash", "merkle"]
edition = "2021"

3
README.md
View File

@@ -41,7 +41,8 @@ For the above signatures, key generation, signing, and signature verification ar
[Pseudo random element generator module](./src/rand/) provides a set of traits and data structures that facilitate generating pseudo-random elements in the context of Miden VM and Miden rollup. The module currently includes:
* `FeltRng`: a trait for generating random field elements and random 4 field elements.
* `RpoRandomCoin`: a struct implementing `FeltRng` as well as the [`RandomCoin`](https://github.com/facebook/winterfell/blob/main/crypto/src/random/mod.rs) trait.
* `RpoRandomCoin`: a struct implementing `FeltRng` as well as the [`RandomCoin`](https://github.com/facebook/winterfell/blob/main/crypto/src/random/mod.rs) trait using RPO hash function.
* `RpxRandomCoin`: a struct implementing `FeltRng` as well as the [`RandomCoin`](https://github.com/facebook/winterfell/blob/main/crypto/src/random/mod.rs) trait using RPX hash function.
## Crate features
This crate can be compiled with the following features:

42
src/dsa/rpo_falcon512/keys/mod.rs
View File

@@ -9,45 +9,3 @@ pub use public_key::{PubKeyPoly, PublicKey};
mod secret_key;
pub use secret_key::SecretKey;
// TESTS
// ================================================================================================
#[cfg(test)]
mod tests {
use crate::{dsa::rpo_falcon512::SecretKey, Word, ONE};
use rand::SeedableRng;
use rand_chacha::ChaCha20Rng;
use winter_math::FieldElement;
use winter_utils::{Deserializable, Serializable};
#[test]
fn test_falcon_verification() {
let seed = [0_u8; 32];
let mut rng = ChaCha20Rng::from_seed(seed);
// generate random keys
let sk = SecretKey::with_rng(&mut rng);
let pk = sk.public_key();
// test secret key serialization/deserialization
let mut buffer = vec![];
sk.write_into(&mut buffer);
let sk = SecretKey::read_from_bytes(&buffer).unwrap();
// sign a random message
let message: Word = [ONE; 4];
let signature = sk.sign_with_rng(message, &mut rng);
// make sure the signature verifies correctly
assert!(pk.verify(message, &signature));
// a signature should not verify against a wrong message
let message2: Word = [ONE.double(); 4];
assert!(!pk.verify(message2, &signature));
// a signature should not verify against a wrong public key
let sk2 = SecretKey::with_rng(&mut rng);
assert!(!sk2.public_key().verify(message, &signature))
}
}

106
src/dsa/rpo_falcon512/keys/secret_key.rs
View File

@@ -76,7 +76,7 @@ impl SecretKey {
}
/// Given a short basis [[g, -f], [G, -F]], computes the normalized LDL tree i.e., Falcon tree.
fn from_short_lattice_basis(basis: ShortLatticeBasis) -> SecretKey {
pub(crate) fn from_short_lattice_basis(basis: ShortLatticeBasis) -> SecretKey {
// FFT each polynomial of the short basis.
let basis_fft = to_complex_fft(&basis);
// compute the Gram matrix.
@@ -196,6 +196,98 @@ impl SecretKey {
}
}
}
// HELPER METHODS FOR TESTING
// --------------------------------------------------------------------------------------------
/// Signs a message with the secret key relying on the provided randomness generator.
#[cfg(test)]
pub fn sign_with_rng_testing<R: Rng>(
&self,
message: &[u8],
rng: &mut R,
skip_bytes: usize,
) -> Signature {
use crate::dsa::rpo_falcon512::{
hash_to_point::hash_to_point_shake256, tests::ChaCha, CHACHA_SEED_LEN,
};
let mut dummy = vec![0_u8; skip_bytes];
rng.fill_bytes(&mut dummy);
let mut nonce_bytes = [0u8; SIG_NONCE_LEN];
rng.fill_bytes(&mut nonce_bytes);
let nonce = Nonce::new(nonce_bytes);
let h = self.compute_pub_key_poly();
let c = hash_to_point_shake256(message, &nonce);
let s2 = loop {
let mut chacha_seed = [0_u8; CHACHA_SEED_LEN];
rng.fill_bytes(&mut chacha_seed);
let mut chacha_prng = ChaCha::new(chacha_seed.to_vec());
let s2 = self.sign_helper_testing(c.clone(), &mut chacha_prng);
if let Some(s2) = s2 {
break s2;
}
};
Signature::new(nonce, h, s2)
}
/// Signs a message polynomial with the secret key.
///
/// Takes a randomness generator implementing `Rng` and message polynomial representing `c`
/// the hash-to-point of the message to be signed. It outputs a signature polynomial `s2`.
#[cfg(test)]
fn sign_helper_testing<R: Rng>(
&self,
c: Polynomial<FalconFelt>,
rng: &mut R,
) -> Option<SignaturePoly> {
let one_over_q = 1.0 / (MODULUS as f64);
let c_over_q_fft = c.map(|cc| Complex::new(one_over_q * cc.value() as f64, 0.0)).fft();
// B = [[FFT(g), -FFT(f)], [FFT(G), -FFT(F)]]
let [g_fft, minus_f_fft, big_g_fft, minus_big_f_fft] = to_complex_fft(&self.secret_key);
let t0 = c_over_q_fft.hadamard_mul(&minus_big_f_fft);
let t1 = -c_over_q_fft.hadamard_mul(&minus_f_fft);
let z = ffsampling(&(t0.clone(), t1.clone()), &self.tree, rng);
let t0_min_z0 = t0.clone() - z.0;
let t1_min_z1 = t1.clone() - z.1;
// s = (t-z) * B
let s0 = t0_min_z0.hadamard_mul(&g_fft) + t1_min_z1.hadamard_mul(&big_g_fft);
let s1 = t0_min_z0.hadamard_mul(&minus_f_fft) + t1_min_z1.hadamard_mul(&minus_big_f_fft);
// compute the norm of (s0||s1) and note that they are in FFT representation
let length_squared: f64 = (s0.coefficients.iter().map(|a| (a * a.conj()).re).sum::<f64>()
+ s1.coefficients.iter().map(|a| (a * a.conj()).re).sum::<f64>())
/ (N as f64);
if length_squared < (SIG_L2_BOUND as f64) {
let bold_s = [-s0, s1];
let s2 = bold_s[1].ifft();
let s2_coef: [i16; N] = s2
.coefficients
.iter()
.map(|a| a.re.round() as i16)
.collect::<Vec<i16>>()
.try_into()
.expect("The number of coefficients should be equal to N");
if let Ok(s2) = SignaturePoly::try_from(&s2_coef) {
Some(s2)
} else {
None
}
} else {
None
}
}
}
// SERIALIZATION / DESERIALIZATION
@@ -210,14 +302,14 @@ impl Serializable for SecretKey {
let l = n.checked_ilog2().unwrap() as u8;
let header: u8 = (5 << 4) | l;
let f = &basis[1];
let neg_f = &basis[1];
let g = &basis[0];
let capital_f = &basis[3];
let neg_big_f = &basis[3];
let mut buffer = Vec::with_capacity(1281);
buffer.push(header);
let f_i8: Vec<i8> = f.coefficients.iter().map(|&a| -a as i8).collect();
let f_i8: Vec<i8> = neg_f.coefficients.iter().map(|&a| -a as i8).collect();
let f_i8_encoded = encode_i8(&f_i8, WIDTH_SMALL_POLY_COEFFICIENT).unwrap();
buffer.extend_from_slice(&f_i8_encoded);
@@ -225,7 +317,7 @@ impl Serializable for SecretKey {
let g_i8_encoded = encode_i8(&g_i8, WIDTH_SMALL_POLY_COEFFICIENT).unwrap();
buffer.extend_from_slice(&g_i8_encoded);
let big_f_i8: Vec<i8> = capital_f.coefficients.iter().map(|&a| -a as i8).collect();
let big_f_i8: Vec<i8> = neg_big_f.coefficients.iter().map(|&a| -a as i8).collect();
let big_f_i8_encoded = encode_i8(&big_f_i8, WIDTH_BIG_POLY_COEFFICIENT).unwrap();
buffer.extend_from_slice(&big_f_i8_encoded);
target.write_bytes(&buffer);
@@ -304,9 +396,9 @@ impl Deserializable for SecretKey {
fn to_complex_fft(basis: &[Polynomial<i16>; 4]) -> [Polynomial<Complex<f64>>; 4] {
let [g, f, big_g, big_f] = basis.clone();
let g_fft = g.map(|cc| Complex64::new(*cc as f64, 0.0)).fft();
let minus_f_fft = f.map(|cc| -Complex64::new(*cc as f64, 0.0)).fft();
let minus_f_fft = f.map(|cc| Complex64::new(*cc as f64, 0.0)).fft();
let big_g_fft = big_g.map(|cc| Complex64::new(*cc as f64, 0.0)).fft();
let minus_big_f_fft = big_f.map(|cc| -Complex64::new(*cc as f64, 0.0)).fft();
let minus_big_f_fft = big_f.map(|cc| Complex64::new(*cc as f64, 0.0)).fft();
[g_fft, minus_f_fft, big_g_fft, minus_big_f_fft]
}

4
src/dsa/rpo_falcon512/math/mod.rs
View File

@@ -96,10 +96,10 @@ pub(crate) fn ntru_gen<R: Rng>(n: usize, rng: &mut R) -> [Polynomial<i16>; 4] {
ntru_solve(&f.map(|&i| i.into()), &g.map(|&i| i.into()))
{
return [
f,
g,
capital_f.map(|i| i.try_into().unwrap()),
-f,
capital_g.map(|i| i.try_into().unwrap()),
-capital_f.map(|i| i.try_into().unwrap()),
];
}
}

187
src/dsa/rpo_falcon512/math/samplerz.rs
View File

@@ -1,4 +1,3 @@
use core::f64::consts::LN_2;
use rand::Rng;
#[cfg(not(feature = "std"))]
@@ -28,7 +27,11 @@ fn base_sampler(bytes: [u8; 9]) -> i16 {
198,
1,
];
let u = u128::from_be_bytes([vec![0u8; 7], bytes.to_vec()].concat().try_into().unwrap());
let mut tmp = bytes.to_vec();
tmp.extend_from_slice(&[0u8; 7]);
tmp.reverse();
let u = u128::from_be_bytes(tmp.try_into().expect("should have length 16"));
RCDT.into_iter().filter(|r| u < *r).count() as i16
}
@@ -72,16 +75,20 @@ fn approx_exp(x: f64, ccs: f64) -> u64 {
}
/// A random bool that is true with probability ≈ ccs · exp(-x).
fn ber_exp(x: f64, ccs: f64, random_bytes: [u8; 7]) -> bool {
// 0.69314718055994530941 = ln(2)
let s = f64::floor(x / LN_2) as usize;
let r = x - LN_2 * (s as f64);
let shamt = usize::min(s, 63);
let z = ((((approx_exp(r, ccs) as u128) << 1) - 1) >> shamt) as u64;
let mut w = 0i16;
for (index, i) in (0..64).step_by(8).rev().enumerate() {
let byte = random_bytes[index];
w = (byte as i16) - (((z >> i) & 0xff) as i16);
fn ber_exp<R: Rng>(x: f64, ccs: f64, rng: &mut R) -> bool {
const LN2: f64 = core::f64::consts::LN_2;
const ILN2: f64 = 1.0 / LN2;
let s = f64::floor(x * ILN2);
let r = x - s * LN2;
let s = (s as u64).min(63);
let z = ((approx_exp(r, ccs) << 1) - 1) >> s;
let mut w = 0_i32;
for i in (0..=56).rev().step_by(8) {
let mut dest = [0_u8; 1];
rng.fill_bytes(&mut dest);
let p = u8::from_be_bytes(dest);
w = (p as i32) - (z >> i & 0xFF) as i32;
if w != 0 {
break;
}
@@ -100,14 +107,20 @@ pub(crate) fn sampler_z<R: Rng>(mu: f64, sigma: f64, sigma_min: f64, rng: &mut R
let r = mu - s;
let ccs = sigma_min * isigma;
loop {
let z0 = base_sampler(rng.gen());
let random_byte: u8 = rng.gen();
let mut dest = [0_u8; 9];
rng.fill_bytes(&mut dest);
let z0 = base_sampler(dest);
let mut dest = [0_u8; 1];
rng.fill_bytes(&mut dest);
let random_byte: u8 = dest[0];
let b = (random_byte & 1) as i16;
let z = b + ((b << 1) - 1) * z0;
let z = b + (2 * b - 1) * z0;
let zf_min_r = (z as f64) - r;
// x = ((z-r)^2)/(2*sigma^2) - ((z-b)^2)/(2*sigma0^2)
let x = zf_min_r * zf_min_r * dss - (z0 * z0) as f64 * INV_2SIGMA_MAX_SQ;
if ber_exp(x, ccs, rng.gen()) {
if ber_exp(x, ccs, rng) {
return z + (s as i16);
}
}
@@ -115,80 +128,7 @@ pub(crate) fn sampler_z<R: Rng>(mu: f64, sigma: f64, sigma_min: f64, rng: &mut R
#[cfg(all(test, feature = "std"))]
mod test {
use alloc::vec::Vec;
use rand::RngCore;
use std::{thread::sleep, time::Duration};
use super::{approx_exp, ber_exp, sampler_z};
/// RNG used only for testing purposes, whereby the produced
/// string of random bytes is equal to the one it is initialized
/// with. Whatever you do, do not use this RNG in production.
struct UnsafeBufferRng {
buffer: Vec<u8>,
index: usize,
}
impl UnsafeBufferRng {
fn new(buffer: &[u8]) -> Self {
Self { buffer: buffer.to_vec(), index: 0 }
}
fn next(&mut self) -> u8 {
if self.buffer.len() <= self.index {
// panic!("Ran out of buffer.");
sleep(Duration::from_millis(10));
0u8
} else {
let return_value = self.buffer[self.index];
self.index += 1;
return_value
}
}
}
impl RngCore for UnsafeBufferRng {
fn next_u32(&mut self) -> u32 {
// let bytes: [u8; 4] = (0..4)
// .map(|_| self.next())
// .collect_vec()
// .try_into()
// .unwrap();
// u32::from_be_bytes(bytes)
u32::from_le_bytes([self.next(), 0, 0, 0])
}
fn next_u64(&mut self) -> u64 {
// let bytes: [u8; 8] = (0..8)
// .map(|_| self.next())
// .collect_vec()
// .try_into()
// .unwrap();
// u64::from_be_bytes(bytes)
u64::from_le_bytes([self.next(), 0, 0, 0, 0, 0, 0, 0])
}
fn fill_bytes(&mut self, dest: &mut [u8]) {
for d in dest.iter_mut() {
*d = self.next();
}
}
fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
for d in dest.iter_mut() {
*d = self.next();
}
Ok(())
}
}
#[test]
fn test_unsafe_buffer_rng() {
let seed_bytes = hex::decode("7FFECD162AE2").unwrap();
let mut rng = UnsafeBufferRng::new(&seed_bytes);
let generated_bytes: Vec<u8> = (0..seed_bytes.len()).map(|_| rng.next()).collect();
assert_eq!(seed_bytes, generated_bytes);
}
use super::approx_exp;
#[test]
fn test_approx_exp() {
@@ -230,69 +170,4 @@ mod test {
);
}
}
#[test]
fn test_ber_exp() {
let kats = [
(
1.268_314_048_020_498_4,
0.749_990_853_267_664_9,
hex::decode("ea000000000000").unwrap(),
false,
),
(
0.001_563_917_959_143_409_6,
0.749_990_853_267_664_9,
hex::decode("6c000000000000").unwrap(),
true,
),
(
0.017_921_215_753_999_235,
0.749_990_853_267_664_9,
hex::decode("c2000000000000").unwrap(),
false,
),
(
0.776_117_648_844_980_6,
0.751_181_554_542_520_8,
hex::decode("58000000000000").unwrap(),
true,
),
];
for (x, ccs, bytes, answer) in kats {
assert_eq!(answer, ber_exp(x, ccs, bytes.try_into().unwrap()));
}
}
#[test]
fn test_sampler_z() {
let sigma_min = 1.277833697;
// known answers from the doc, table 3.2, page 44
// https://falcon-sign.info/falcon.pdf
// The zeros were added to account for dropped bytes.
let kats = [
(-91.90471153063714,1.7037990414754918,hex::decode("0fc5442ff043d66e91d1ea000000000000cac64ea5450a22941edc6c").unwrap(),-92),
(-8.322564895434937,1.7037990414754918,hex::decode("f4da0f8d8444d1a77265c2000000000000ef6f98bbbb4bee7db8d9b3").unwrap(),-8),
(-19.096516109216804,1.7035823083824078,hex::decode("db47f6d7fb9b19f25c36d6000000000000b9334d477a8bc0be68145d").unwrap(),-20),
(-11.335543982423326, 1.7035823083824078, hex::decode("ae41b4f5209665c74d00dc000000000000c1a8168a7bb516b3190cb42c1ded26cd52000000000000aed770eca7dd334e0547bcc3c163ce0b").unwrap(), -12),
(7.9386734193997555, 1.6984647769450156, hex::decode("31054166c1012780c603ae0000000000009b833cec73f2f41ca5807c000000000000c89c92158834632f9b1555").unwrap(), 8),
(-28.990850086867255, 1.6984647769450156, hex::decode("737e9d68a50a06dbbc6477").unwrap(), -30),
(-9.071257914091655, 1.6980782114808988, hex::decode("a98ddd14bf0bf22061d632").unwrap(), -10),
(-43.88754568839566, 1.6980782114808988, hex::decode("3cbf6818a68f7ab9991514").unwrap(), -41),
(-58.17435547946095,1.7010983419195522,hex::decode("6f8633f5bfa5d26848668e0000000000003d5ddd46958e97630410587c").unwrap(),-61),
(-43.58664906684732, 1.7010983419195522, hex::decode("272bc6c25f5c5ee53f83c40000000000003a361fbc7cc91dc783e20a").unwrap(), -46),
(-34.70565203313315, 1.7009387219711465, hex::decode("45443c59574c2c3b07e2e1000000000000d9071e6d133dbe32754b0a").unwrap(), -34),
(-44.36009577368896, 1.7009387219711465, hex::decode("6ac116ed60c258e2cbaeab000000000000728c4823e6da36e18d08da0000000000005d0cc104e21cc7fd1f5ca8000000000000d9dbb675266c928448059e").unwrap(), -44),
(-21.783037079346236, 1.6958406126012802, hex::decode("68163bc1e2cbf3e18e7426").unwrap(), -23),
(-39.68827784633828, 1.6958406126012802, hex::decode("d6a1b51d76222a705a0259").unwrap(), -40),
(-18.488607061056847, 1.6955259305261838, hex::decode("f0523bfaa8a394bf4ea5c10000000000000f842366fde286d6a30803").unwrap(), -22),
(-48.39610939101591, 1.6955259305261838, hex::decode("87bd87e63374cee62127fc0000000000006931104aab64f136a0485b").unwrap(), -50),
];
for (mu, sigma, random_bytes, answer) in kats {
assert_eq!(
sampler_z(mu, sigma, sigma_min, &mut UnsafeBufferRng::new(&random_bytes)),
answer
);
}
}
}

7
src/dsa/rpo_falcon512/mod.rs
View File

@@ -9,6 +9,9 @@ mod keys;
mod math;
mod signature;
#[cfg(test)]
mod tests;
pub use self::keys::{PubKeyPoly, PublicKey, SecretKey};
pub use self::math::Polynomial;
pub use self::signature::{Signature, SignatureHeader, SignaturePoly};
@@ -48,6 +51,10 @@ const SIG_L2_BOUND: u64 = 34034726;
/// Standard deviation of the Gaussian over the lattice.
const SIGMA: f64 = 165.7366171829776;
/// Length of the seed for the ChaCha20-based PRNG.
#[cfg(test)]
pub(crate) const CHACHA_SEED_LEN: usize = 56;
// TYPE ALIASES
// ================================================================================================

2030
src/dsa/rpo_falcon512/tests.rs Normal file
View File

File diff suppressed because it is too large Load Diff

64
src/merkle/smt/full/mod.rs
View File

@@ -2,7 +2,11 @@ use super::{
EmptySubtreeRoots, Felt, InnerNode, InnerNodeInfo, LeafIndex, MerkleError, MerklePath,
NodeIndex, Rpo256, RpoDigest, SparseMerkleTree, Word, EMPTY_WORD,
};
use alloc::collections::{BTreeMap, BTreeSet};
use alloc::{
collections::{BTreeMap, BTreeSet},
string::ToString,
vec::Vec,
};
mod error;
pub use error::{SmtLeafError, SmtProofError};
@@ -12,6 +16,7 @@ pub use leaf::SmtLeaf;
mod proof;
pub use proof::SmtProof;
use winter_utils::{ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable};
#[cfg(test)]
mod tests;
@@ -294,3 +299,60 @@ impl From<&RpoDigest> for LeafIndex<SMT_DEPTH> {
Word::from(value).into()
}
}
// SERIALIZATION
// ================================================================================================
impl Serializable for Smt {
fn write_into<W: ByteWriter>(&self, target: &mut W) {
// Write the number of filled leaves for this Smt
target.write_usize(self.entries().count());
// Write each (key, value) pair
for (key, value) in self.entries() {
target.write(key);
target.write(value);
}
}
}
impl Deserializable for Smt {
fn read_from<R: ByteReader>(source: &mut R) -> Result<Self, DeserializationError> {
// Read the number of filled leaves for this Smt
let num_filled_leaves = source.read_usize()?;
let mut entries = Vec::with_capacity(num_filled_leaves);
for _ in 0..num_filled_leaves {
let key = source.read()?;
let value = source.read()?;
entries.push((key, value));
}
Self::with_entries(entries)
.map_err(|err| DeserializationError::InvalidValue(err.to_string()))
}
}
#[test]
fn test_smt_serialization_deserialization() {
// Smt for default types (empty map)
let smt_default = Smt::default();
let bytes = smt_default.to_bytes();
assert_eq!(smt_default, Smt::read_from_bytes(&bytes).unwrap());
// Smt with values
let smt_leaves_2: [(RpoDigest, Word); 2] = [
(
RpoDigest::new([Felt::new(101), Felt::new(102), Felt::new(103), Felt::new(104)]),
[Felt::new(1_u64), Felt::new(2_u64), Felt::new(3_u64), Felt::new(4_u64)],
),
(
RpoDigest::new([Felt::new(105), Felt::new(106), Felt::new(107), Felt::new(108)]),
[Felt::new(5_u64), Felt::new(6_u64), Felt::new(7_u64), Felt::new(8_u64)],
),
];
let smt = Smt::with_entries(smt_leaves_2).unwrap();
let bytes = smt.to_bytes();
assert_eq!(smt, Smt::read_from_bytes(&bytes).unwrap());
}

2
src/rand/mod.rs
View File

@@ -7,7 +7,9 @@ pub use winter_utils::Randomizable;
use crate::{Felt, FieldElement, Word, ZERO};
mod rpo;
mod rpx;
pub use rpo::RpoRandomCoin;
pub use rpx::RpxRandomCoin;
/// Pseudo-random element generator.
///

292
src/rand/rpx.rs Normal file
View File

@@ -0,0 +1,292 @@
use super::{Felt, FeltRng, FieldElement, RandomCoin, RandomCoinError, RngCore, Word, ZERO};
use crate::{
hash::rpx::{Rpx256, RpxDigest},
utils::{ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable},
};
use alloc::{string::ToString, vec::Vec};
use rand_core::impls;
// CONSTANTS
// ================================================================================================
const STATE_WIDTH: usize = Rpx256::STATE_WIDTH;
const RATE_START: usize = Rpx256::RATE_RANGE.start;
const RATE_END: usize = Rpx256::RATE_RANGE.end;
const HALF_RATE_WIDTH: usize = (Rpx256::RATE_RANGE.end - Rpx256::RATE_RANGE.start) / 2;
// RPX RANDOM COIN
// ================================================================================================
/// A simplified version of the `SPONGE_PRG` reseedable pseudo-random number generator algorithm
/// described in <https://eprint.iacr.org/2011/499.pdf>.
///
/// The simplification is related to the following facts:
/// 1. A call to the reseed method implies one and only one call to the permutation function.
/// This is possible because in our case we never reseed with more than 4 field elements.
/// 2. As a result of the previous point, we don't make use of an input buffer to accumulate seed
/// material.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct RpxRandomCoin {
state: [Felt; STATE_WIDTH],
current: usize,
}
impl RpxRandomCoin {
/// Returns a new [RpxRandomCoin] initialize with the specified seed.
pub fn new(seed: Word) -> Self {
let mut state = [ZERO; STATE_WIDTH];
for i in 0..HALF_RATE_WIDTH {
state[RATE_START + i] += seed[i];
}
// Absorb
Rpx256::apply_permutation(&mut state);
RpxRandomCoin { state, current: RATE_START }
}
/// Returns an [RpxRandomCoin] instantiated from the provided components.
///
/// # Panics
/// Panics if `current` is smaller than 4 or greater than or equal to 12.
pub fn from_parts(state: [Felt; STATE_WIDTH], current: usize) -> Self {
assert!(
(RATE_START..RATE_END).contains(&current),
"current value outside of valid range"
);
Self { state, current }
}
/// Returns components of this random coin.
pub fn into_parts(self) -> ([Felt; STATE_WIDTH], usize) {
(self.state, self.current)
}
/// Fills `dest` with random data.
pub fn fill_bytes(&mut self, dest: &mut [u8]) {
<Self as RngCore>::fill_bytes(self, dest)
}
fn draw_basefield(&mut self) -> Felt {
if self.current == RATE_END {
Rpx256::apply_permutation(&mut self.state);
self.current = RATE_START;
}
self.current += 1;
self.state[self.current - 1]
}
}
// RANDOM COIN IMPLEMENTATION
// ------------------------------------------------------------------------------------------------
impl RandomCoin for RpxRandomCoin {
type BaseField = Felt;
type Hasher = Rpx256;
fn new(seed: &[Self::BaseField]) -> Self {
let digest: Word = Rpx256::hash_elements(seed).into();
Self::new(digest)
}
fn reseed(&mut self, data: RpxDigest) {
// Reset buffer
self.current = RATE_START;
// Add the new seed material to the first half of the rate portion of the RPX state
let data: Word = data.into();
self.state[RATE_START] += data[0];
self.state[RATE_START + 1] += data[1];
self.state[RATE_START + 2] += data[2];
self.state[RATE_START + 3] += data[3];
// Absorb
Rpx256::apply_permutation(&mut self.state);
}
fn check_leading_zeros(&self, value: u64) -> u32 {
let value = Felt::new(value);
let mut state_tmp = self.state;
state_tmp[RATE_START] += value;
Rpx256::apply_permutation(&mut state_tmp);
let first_rate_element = state_tmp[RATE_START].as_int();
first_rate_element.trailing_zeros()
}
fn draw<E: FieldElement<BaseField = Felt>>(&mut self) -> Result<E, RandomCoinError> {
let ext_degree = E::EXTENSION_DEGREE;
let mut result = vec![ZERO; ext_degree];
for r in result.iter_mut().take(ext_degree) {
*r = self.draw_basefield();
}
let result = E::slice_from_base_elements(&result);
Ok(result[0])
}
fn draw_integers(
&mut self,
num_values: usize,
domain_size: usize,
nonce: u64,
) -> Result<Vec<usize>, RandomCoinError> {
assert!(domain_size.is_power_of_two(), "domain size must be a power of two");
assert!(num_values < domain_size, "number of values must be smaller than domain size");
// absorb the nonce
let nonce = Felt::new(nonce);
self.state[RATE_START] += nonce;
Rpx256::apply_permutation(&mut self.state);
// reset the buffer
self.current = RATE_START;
// determine how many bits are needed to represent valid values in the domain
let v_mask = (domain_size - 1) as u64;
// draw values from PRNG until we get as many unique values as specified by num_queries
let mut values = Vec::new();
for _ in 0..1000 {
// get the next pseudo-random field element
let value = self.draw_basefield().as_int();
// use the mask to get a value within the range
let value = (value & v_mask) as usize;
values.push(value);
if values.len() == num_values {
break;
}
}
if values.len() < num_values {
return Err(RandomCoinError::FailedToDrawIntegers(num_values, values.len(), 1000));
}
Ok(values)
}
}
// FELT RNG IMPLEMENTATION
// ------------------------------------------------------------------------------------------------
impl FeltRng for RpxRandomCoin {
fn draw_element(&mut self) -> Felt {
self.draw_basefield()
}
fn draw_word(&mut self) -> Word {
let mut output = [ZERO; 4];
for o in output.iter_mut() {
*o = self.draw_basefield();
}
output
}
}
// RNGCORE IMPLEMENTATION
// ------------------------------------------------------------------------------------------------
impl RngCore for RpxRandomCoin {
fn next_u32(&mut self) -> u32 {
self.draw_basefield().as_int() as u32
}
fn next_u64(&mut self) -> u64 {
impls::next_u64_via_u32(self)
}
fn fill_bytes(&mut self, dest: &mut [u8]) {
impls::fill_bytes_via_next(self, dest)
}
fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
self.fill_bytes(dest);
Ok(())
}
}
// SERIALIZATION
// ------------------------------------------------------------------------------------------------
impl Serializable for RpxRandomCoin {
fn write_into<W: ByteWriter>(&self, target: &mut W) {
self.state.iter().for_each(|v| v.write_into(target));
// casting to u8 is OK because `current` is always between 4 and 12.
target.write_u8(self.current as u8);
}
}
impl Deserializable for RpxRandomCoin {
fn read_from<R: ByteReader>(source: &mut R) -> Result<Self, DeserializationError> {
let state = [
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
Felt::read_from(source)?,
];
let current = source.read_u8()? as usize;
if !(RATE_START..RATE_END).contains(&current) {
return Err(DeserializationError::InvalidValue(
"current value outside of valid range".to_string(),
));
}
Ok(Self { state, current })
}
}
// TESTS
// ================================================================================================
#[cfg(test)]
mod tests {
use super::{Deserializable, FeltRng, RpxRandomCoin, Serializable, ZERO};
use crate::ONE;
#[test]
fn test_feltrng_felt() {
let mut rpxcoin = RpxRandomCoin::new([ZERO; 4]);
let output = rpxcoin.draw_element();
let mut rpxcoin = RpxRandomCoin::new([ZERO; 4]);
let expected = rpxcoin.draw_basefield();
assert_eq!(output, expected);
}
#[test]
fn test_feltrng_word() {
let mut rpxcoin = RpxRandomCoin::new([ZERO; 4]);
let output = rpxcoin.draw_word();
let mut rpocoin = RpxRandomCoin::new([ZERO; 4]);
let mut expected = [ZERO; 4];
for o in expected.iter_mut() {
*o = rpocoin.draw_basefield();
}
assert_eq!(output, expected);
}
#[test]
fn test_feltrng_serialization() {
let coin1 = RpxRandomCoin::from_parts([ONE; 12], 5);
let bytes = coin1.to_bytes();
let coin2 = RpxRandomCoin::read_from_bytes(&bytes).unwrap();
assert_eq!(coin1, coin2);
}
}