zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Repair test vectors and add tests for map_to_curve_simple_swu. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2021-02-21 21:01:19 +00:00
parent 24def7ce02
commit 7dc21f4727
2 changed files with 98 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/pasta/pallas.rs
View File

@ -54,6 +54,14 @@ fn test_iso_map() {
assert!(
format!("{:?}", z) == "0x1e049436efa754f5f189aec69c2c3a4a559eca6a12b45c3f2e4a769deeca6187"
);
// check that iso_map([2] r) = [2] iso_map(r)
let r2 = r.double();
assert!(bool::from(r2.is_on_curve()));
let p2 =
super::hashtocurve::iso_map::<_, Affine, super::IsoEpAffine>(&r2, &Ep::ISOGENY_CONSTANTS);
assert!(bool::from(p2.is_on_curve()));
assert!(bool::from(p2 == p.double()));
}
#[test]
@ -83,29 +91,71 @@ fn test_iso_map_identity() {
.unwrap();
let r = (r * -Fq::one()) + r;
assert!(bool::from(r.is_on_curve()));
assert!(bool::from(r.is_zero()));
let p =
super::hashtocurve::iso_map::<_, Affine, super::IsoEpAffine>(&r, &Ep::ISOGENY_CONSTANTS);
assert!(bool::from(p.is_on_curve()));
assert!(bool::from(p.is_zero()));
}
#[test]
fn test_map_to_curve_pallas() {
fn test_map_to_curve_simple_swu() {
use crate::arithmetic::Curve;
use crate::pasta::curves::{IsoEp, IsoEpAffine};
use crate::pasta::hashtocurve::map_to_curve_simple_swu;
let hash = Point::hash_to_curve("z.cash:test");
let p: Point = hash(b"hello");
// The zero input is a special case.
let p: IsoEp =
map_to_curve_simple_swu::<Fp, EpAffine, IsoEpAffine>(&Fp::zero(), Ep::THETA, Ep::Z);
let (x, y, z) = p.jacobian_coordinates();
println!("{:?}", p);
assert!(
format!("{:?}", x) == "0x318cc15f281662b3f26d0175cab97b924870c837879cac647e877be51a85e898"
format!("{:?}", x) == "0x28c1a6a534f56c52e25295b339129a8af5f42525dea727f485ca3433519b096e"
);
assert!(
format!("{:?}", y) == "0x1e91e2fa2a5a6a5bc86ff9564ae9336084470e7119dffcb85ae8c1383a3defd7"
format!("{:?}", y) == "0x3bfc658bee6653c63c7d7f0927083fd315d29c270207b7c7084fa1ee6ac5ae8d"
);
assert!(
format!("{:?}", z) == "0x1e049436efa754f5f189aec69c2c3a4a559eca6a12b45c3f2e4a769deeca6187"
format!("{:?}", z) == "0x054b3ba10416dc104157b1318534a19d5d115472da7d746f8a5f250cd8cdef36"
);
let p: IsoEp =
map_to_curve_simple_swu::<Fp, EpAffine, IsoEpAffine>(&Fp::one(), Ep::THETA, Ep::Z);
let (x, y, z) = p.jacobian_coordinates();
println!("{:?}", p);
assert!(
format!("{:?}", x) == "0x010cba5957e876534af5e967c026a1856d64b071068280837913b9a5a3561505"
);
assert!(
format!("{:?}", y) == "0x062fc61f9cd3118e7d6e65a065ebf46a547514d6b08078e976fa6d515dcc9c81"
);
assert!(
format!("{:?}", z) == "0x3f86cb8c311250c3101c4e523e7793605ccff5623de1753a7c75bc9a29a73688"
);
}
#[test]
fn test_hash_to_curve() {
use crate::arithmetic::Curve;
// This test vector is chosen so that the first map_to_curve_simple_swu takes the gx1 square
// "branch" and the second takes the gx1 non-square "branch" (opposite to the Vesta test vector).
let hash = Point::hash_to_curve("z.cash:test");
let p: Point = hash(b"world");
let (x, y, z) = p.jacobian_coordinates();
println!("{:?}", p);
assert!(
format!("{:?}", x) == "0x2ae2d9bde5a5b4bc1f1e7154f18a407ac826c9d7cd23c3b33efa0f237e99cd35"
);
assert!(
format!("{:?}", y) == "0x3ca16b5bf2e6c41cdf781ead8ba61400becbc16430d026b65b707560b98f8b31"
);
assert!(
format!("{:?}", z) == "0x2502d25cc3b1129d933af3ac34822111bfd070609fdebdfb778dd25cf40f9b82"
);
assert!(bool::from(p.is_on_curve()));
let p = (p * -Fq::one()) + p;
assert!(bool::from(p.is_on_curve()));
assert!(bool::from(p.is_zero()));
}

46
src/pasta/vesta.rs
View File

@ -15,20 +15,58 @@ pub type Point = Eq;
pub type Affine = EqAffine;
#[test]
fn test_map_to_curve_vesta() {
fn test_map_to_curve_simple_swu() {
use crate::arithmetic::Curve;
use crate::pasta::curves::{IsoEq, IsoEqAffine};
use crate::pasta::hashtocurve::map_to_curve_simple_swu;
// The zero input is a special case.
let p: IsoEq =
map_to_curve_simple_swu::<Fq, EqAffine, IsoEqAffine>(&Fq::zero(), Eq::THETA, Eq::Z);
let (x, y, z) = p.jacobian_coordinates();
println!("{:?}", p);
assert!(
format!("{:?}", x) == "0x2ccc4c6ec2660e5644305bc52527d904d408f92407f599df8f158d50646a2e78"
);
assert!(
format!("{:?}", y) == "0x29a34381321d13d72d50b6b462bb4ea6a9e47393fa28a47227bf35bc0ee7aa59"
);
assert!(
format!("{:?}", z) == "0x0b851e9e579403a76df1100f556e1f226e5656bdf38f3bf8601d8a3a9a15890b"
);
let p: IsoEq =
map_to_curve_simple_swu::<Fq, EqAffine, IsoEqAffine>(&Fq::one(), Eq::THETA, Eq::Z);
let (x, y, z) = p.jacobian_coordinates();
println!("{:?}", p);
assert!(
format!("{:?}", x) == "0x165f8b71841c5abc3d742ec13fb16f099d596b781e6f5c7d0b6682b1216a8258"
);
assert!(
format!("{:?}", y) == "0x0dadef21de74ed7337a37dd74f126a92e4df73c3a704da501e36eaf59cf03120"
);
assert!(
format!("{:?}", z) == "0x0a3d6f6c1af02bd9274cc0b80129759ce77edeef578d7de968d4a47d39026c82"
);
}
#[test]
fn test_hash_to_curve() {
use crate::arithmetic::Curve;
// This test vector is chosen so that the first map_to_curve_simple_swu takes the gx1 non-square
// "branch" and the second takes the gx1 square "branch" (opposite to the Pallas test vector).
let hash = Point::hash_to_curve("z.cash:test");
let p: Point = hash(b"hello");
let (x, y, z) = p.jacobian_coordinates();
println!("{:?}", p);
assert!(
format!("{:?}", x) == "0x3984612258b3b43b4f6e046f7f796bbd35ffd8908804bcf47b9537d3ec7645c9"
format!("{:?}", x) == "0x24c3431db13111fcba2f214a0662ae48e675801988c5705877525750b65f7ad8"
);
assert!(
format!("{:?}", y) == "0x2573c035293d745a288a65a7a37709ef99bcf31b77cfb3a1126a61e3adeebc4b"
format!("{:?}", y) == "0x0df21621bf38070d79193ec5959fc2bb09468e71c0190d0217b0984fc92282f3"
);
assert!(
format!("{:?}", z) == "0x1cb99da94a634842b09a3ee1e5b462233e1fc23d0b357ec7fb0d1c409be30720"
format!("{:?}", z) == "0x3e95ef9cbe5a9978c0d82635b242cf773ecfbc764ae9b936aba64c43f67091c6"
);
}