def test_multiplicative(self): G = self._point_r() a = FQ.random() A = G*a b = FQ.random() B = G*b ab = (a.n * b.n) % JUBJUB_ORDER AB = G*ab self.assertEqual(A*b, AB) self.assertEqual(B*a, AB)
def test_random(self):
# Randomized tests
for _ in range(0, 10):
alpha = [FQ.random() for _ in range(0, 4)]
points = [(FQ(i), shamirs_poly(FQ(i), alpha))
for i in range(0, len(alpha))]
assert alpha[0] == lagrange(points, 0)
assert alpha[0] != lagrange(points[1:], 0)
assert alpha[0] != lagrange(points[2:], 0)
def test_loworder_points_mont(self): """ From "Twisted Edwards Curves" - BBJLP - Exceptional Points for the Birational Equivalence The birational equivalence is undefined where `y = 0` or `x + 1 = 0` """ # Both Montgomery and twisted Edwards forms are valid # EM(0,0) -> EE(0,-1) p1m = MontPoint(FQ(0), FQ(0)) p1e = p1m.as_point() self.assertEqual(p1e.x, FQ(0)) self.assertEqual(p1e.y, FQ(-1)) self.assertTrue(p1m.valid()) self.assertTrue(p1e.valid()) self.assertEqual(p1e.as_mont(), p1m) # Both Montgomery and twisted Edwards forms are valid # Theorem 3.4 case 1 # EM(1, sqrt(A+2)) -> EE(?, 0) p2m = MontPoint(FQ(1), FQ(MONT_A+2).sqrt()) self.assertTrue(p2m.valid()) self.assertTrue(p2m.as_point().valid()) self.assertEqual(p2m.as_point().as_mont(), p2m) # Montgomery form is invalid # EM(0,-1) -> EE(0,-1) p2m = MontPoint(FQ(0), FQ(-1)) p2e = p2m.as_point() self.assertEqual(p2e.x, FQ(0)) self.assertEqual(p2e.y, FQ(-1)) self.assertFalse(p2m.valid()) self.assertTrue(p2e.valid()) self.assertNotEqual(p2e.as_mont(), p2m) # Montgomery form is invalid # EM(0,-1) -> EE(0,-1) p3m = MontPoint(FQ(0), FQ(1)) p3e = p3m.as_point() self.assertEqual(p3e.x, FQ(0)) self.assertEqual(p3e.y, FQ(-1)) self.assertFalse(p3m.valid()) self.assertTrue(p3e.valid()) self.assertNotEqual(p3e.as_mont(), p3m) # Montgomery form is invalid # EM(-1,?) -> EE(?,0) p4my = FQ.random() p4m = MontPoint(FQ(-1), p4my) p4e = p4m.as_point() p4mb = p4e.as_mont() self.assertNotEqual(p4mb, p4m) self.assertNotEqual(p4e.x, p4my) self.assertEqual(p4e.y, FQ(0)) self.assertFalse(p4m.valid()) self.assertTrue(p3e.valid())
def test_mult_all_random(self):
rp = self._point_a()
x = FQ.random(JUBJUB_L)
all_points = [rp, rp.as_proj(), rp.as_etec(), rp.as_mont()]
expected = rp * x
for p in all_points:
q = p.mult(x)
r = q.as_point()
self.assertEqual(r.x, expected.x)
self.assertEqual(r.y, expected.y)
def test_make_proof(self):
num_blocks = 32
wrapper = Contingent(NATIVE_LIB_PATH, num_blocks)
# Generate proving and verification keys
result = wrapper.genkeys(PK_PATH, VK_PATH)
self.assertTrue(result == 0)
print('Keygen done!')
plaintext = [int(FQ.random()) for n in range(0, num_blocks)]
plaintext_root = merkle_root(plaintext)
key = int(FQ.random())
key_bytes = key.to_bytes(32, 'little')
sha256 = hashlib.sha256()
sha256.update(key_bytes)
key_hash = sha256.digest()
ciphertext = mimc_encrypt(plaintext, key)
print('Number of blocks = {}'.format(num_blocks))
print('Plaintext = {}'.format(plaintext))
print('Plaintext Root = {}'.format(plaintext_root))
print('Key = {}'.format(key))
print('Key Hex = {}'.format(key_bytes.hex()))
print('Key Hash = {}'.format(key_hash.hex()))
print('Ciphertext = {}'.format(ciphertext))
# Generate proof
proof = wrapper.prove(PK_PATH, key_hash, ciphertext, plaintext_root,
key, plaintext)
with open(PROOF_PATH, 'w') as f:
f.write(proof)
print('Prove done!')
# Verify proof
self.assertTrue(
wrapper.verify(VK_PATH, proof, key_hash, ciphertext,
plaintext_root))
print('Verify done!')
def test_random_small(self):
q = 100003
for _ in range(0, 10):
alpha = [FQ.random(q) for _ in range(0, 4)]
points = [(FQ(i, q), shamirs_poly(FQ(i, q), alpha))
for i in range(0, len(alpha))]
assert alpha[0] == lagrange(points, 0)
assert alpha[0] != lagrange(points[1:], 0)
assert alpha[0] != lagrange(points[2:], 0)
# XXX: scipy's lagrange has floating point precision for large numbers
points_x, points_y = unzip(points)
interpolation = scipy_lagrange([_.n for _ in points_x], [_.n for _ in points_y])
assert int(interpolation.c[-1]) == alpha[0]
def test_fromdocs2(self):
p = 100003
k = 4
a = [FQ.random(p) for _ in range(0, k)] # [6257, 85026, 44499, 14701]
F = lambda i, x: a[i] * (x**i)
X = lambda x: a[0] + F(1, x) + F(2, x) + F(3, x)
# Create the shares
Sx = range(1, 5)
Sy = [X(_) for _ in Sx]
for x, y in zip(Sx, Sy):
z = shamirs_poly(FQ(x, p), a)
assert z == y
# Then recover secret
result = int(scipy_lagrange(Sx, [_.n for _ in Sy]).c[-1]) % p
assert a[0] == result
def test_naf(self):
"""
Verify that multiplying using w-NAF provides identical results with different windows
"""
for _ in range(5):
p = self._point_a()
e = p.as_etec()
x = FQ.random()
r = p * x
for w in range(2, 8):
y = mult_naf_lut(e, x, w)
z = y.as_point()
self.assertEqual(z, r)
if w == 2:
v = mult_naf(e, x)
self.assertEqual(v, y)
from math import ceil, log2
from os import urandom
from ethsnarks.field import FQ
from ethsnarks.jubjub import Point
N = 8
nbits = ceil(log2(N))
c = [FQ.random() for _ in range(0, N)]
def sumfq(x):
r = FQ(0)
for _ in x:
r = r + _
return r
for i in range(0, 8):
b = [int(_) for _ in bin(i)[2:].rjust(nbits, '0')][::-1]
r = c[i]
precomp = b[0] * b[1]
precomp1 = b[0] * b[2]
precomp2 = b[1] * b[2]
precomp3 = precomp * b[2]
A = [
c[0], (b[0] * -c[0]), (b[0] * c[1]), (b[1] * -c[0]), (b[1] * c[2]),
(precomp * (-c[1] + -c[2] + c[0] + c[3])), (b[2] * (-c[0] + c[4])),
(precomp1 * (c[0] - c[1] - c[4] + c[5])),
(precomp2 * (c[0] - c[2] - c[4] + c[6])),
(precomp3 * (-c[0] + c[1] + c[2] - c[3] + c[4] - c[5] - c[6] + c[7]))
def test_e5(self):
m_i, k_i = int(FQ.random()), int(FQ.random())
python_result = mimc(m_i, k_i, e=5, R=110)
evm_result = self.contract_e5.functions.MiMCpe5(m_i, k_i).call()
self.assertEqual(evm_result, python_result)
if (negone * negone) != one:
return False
if (zero - one) * negone != one:
return False
return True
rand_args = []
for i in range(-10, 10):
rand_args.append(FQ(i))
for _ in range(5):
rand_args.append(FQ.random())
i = 0
for A in rand_args:
for B in rand_args:
for C in rand_args:
if validate_one_zero(A, B, C):
A_ok = A == 1
B_ok = B == 0
C_ok = C == FQ(-1)
if A_ok and B_ok and C_ok:
print(i, 'OK')
else:
print(i, 'A=', A, 'B=', B, 'C=', C, A_ok, B_ok, C_ok)
i += 1