Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rangeproof: add a bunch more testing #149

Closed
wants to merge 2 commits into from
Closed

rangeproof: add a bunch more testing #149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
72e7591
rangeproof: add a bunch more testing
apoelstra Oct 17, 2021
058863a
add bench_whitelist to .gitignore
apoelstra Oct 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ bench_schnorrsig
bench_sign
bench_verify
bench_recover
bench_whitelist
bench_internal
tests
exhaustive_tests
Expand Down
269 changes: 261 additions & 8 deletions src/modules/rangeproof/tests_impl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -541,8 +541,95 @@ static void test_rangeproof(void) {
}
}

static void test_single_value_proof(uint64_t val) {
unsigned char proof[5000];
secp256k1_pedersen_commitment commit;
unsigned char blind[32];
unsigned char blind_out[32];
unsigned char nonce[32];
const unsigned char message[1] = " "; /* no message will fit into a single-value proof */
unsigned char message_out[sizeof(proof)] = { 0 };
size_t plen = sizeof(proof);
uint64_t min_val_out = 0;
uint64_t max_val_out = 0;
uint64_t val_out = 0;
size_t m_len_out = 0;

secp256k1_testrand256(blind);
secp256k1_testrand256(nonce);
CHECK(secp256k1_pedersen_commit(ctx, &commit, blind, val, secp256k1_generator_h));

CHECK(secp256k1_rangeproof_sign(
ctx,
proof, &plen,
val, /* min_val */
&commit, blind, nonce,
-1, /* exp: -1 is magic value to indicate a single-value proof */
0, /* min_bits */
val, /* val */
message, sizeof(message), /* Will cause this to fail */
NULL, 0,
secp256k1_generator_h
) == 0);

plen = sizeof(proof);
CHECK(secp256k1_rangeproof_sign(
ctx,
proof, &plen,
val, /* min_val */
&commit, blind, nonce,
-1, /* exp: -1 is magic value to indicate a single-value proof */
0, /* min_bits */
val, /* val */
NULL, 0,
NULL, 0,
secp256k1_generator_h
) == 1);

/* Different proof sizes are unfortunate but is caused by `min_value` of
* zero being special-cased and encoded more efficiently. */
if (val == 0) {
CHECK(plen == 65);
} else {
CHECK(plen == 73);
}

CHECK(secp256k1_rangeproof_verify(
ctx,
&min_val_out, &max_val_out,
&commit,
proof, plen,
NULL, 0,
secp256k1_generator_h
) == 1);
CHECK(min_val_out == val);
CHECK(max_val_out == val);

memset(message_out, 0, sizeof(message_out));
m_len_out = sizeof(message_out);
CHECK(secp256k1_rangeproof_rewind(
ctx,
blind_out, &val_out,
message_out, &m_len_out,
nonce,
&min_val_out, &max_val_out,
&commit,
proof, plen,
NULL, 0,
secp256k1_generator_h
));
CHECK(val_out == val);
CHECK(min_val_out == val);
CHECK(max_val_out == val);
CHECK(m_len_out == 0);
CHECK(memcmp(blind, blind_out, 32) == 0);
for (m_len_out = 0; m_len_out < sizeof(message_out); m_len_out++) {
CHECK(message_out[m_len_out] == 0);
}
}

#define MAX_N_GENS 30
void test_multiple_generators(void) {
static void test_multiple_generators(void) {
const size_t n_inputs = (secp256k1_testrand32() % (MAX_N_GENS / 2)) + 1;
const size_t n_outputs = (secp256k1_testrand32() % (MAX_N_GENS / 2)) + 1;
const size_t n_generators = n_inputs + n_outputs;
Expand Down Expand Up @@ -604,7 +691,18 @@ void test_multiple_generators(void) {
}

void test_rangeproof_fixed_vectors(void) {
const unsigned char vector_1[] = {
size_t i;
unsigned char blind[32];
uint64_t value;
uint64_t min_value;
uint64_t max_value;
secp256k1_pedersen_commitment pc;
unsigned char message[4000] = {0};
size_t m_len = sizeof(message);

/* Vector 1: no message */
{
static const unsigned char vector_1[] = {
0x62, 0x07, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0x02, 0x2a, 0x5c, 0x42, 0x0e, 0x1d,
0x51, 0xe1, 0xb7, 0xf3, 0x69, 0x04, 0xb5, 0xbb, 0x9b, 0x41, 0x66, 0x14, 0xf3, 0x64, 0x42, 0x26,
0xe3, 0xa7, 0x6a, 0x06, 0xbb, 0xa8, 0x5a, 0x49, 0x6f, 0x19, 0x76, 0xfb, 0xe5, 0x75, 0x77, 0x88,
Expand Down Expand Up @@ -647,25 +745,175 @@ void test_rangeproof_fixed_vectors(void) {
0xa6, 0x45, 0xf6, 0xce, 0xcf, 0x48, 0xf6, 0x1e, 0x3d, 0xd2, 0xcf, 0xcb, 0x3a, 0xcd, 0xbb, 0x92,
0x29, 0x24, 0x16, 0x7f, 0x8a, 0xa8, 0x5c, 0x0c, 0x45, 0x71, 0x33
};
const unsigned char commit_1[] = {
static const unsigned char commit_1[] = {
0x08,
0xf5, 0x1e, 0x0d, 0xc5, 0x86, 0x78, 0x51, 0xa9, 0x00, 0x00, 0xef, 0x4d, 0xe2, 0x94, 0x60, 0x89,
0x83, 0x04, 0xb4, 0x0e, 0x90, 0x10, 0x05, 0x1c, 0x7f, 0xd7, 0x33, 0x92, 0x1f, 0xe7, 0x74, 0x59
};
uint64_t min_value_1;
uint64_t max_value_1;
secp256k1_pedersen_commitment pc;
static const unsigned char blind_1[] = {
0x98, 0x44, 0xfc, 0x7a, 0x64, 0xa9, 0xca, 0xdf, 0xf3, 0x2f, 0x9f, 0x02, 0xba, 0x46, 0xc7, 0xd9,
0x77, 0x47, 0xa4, 0xd3, 0x53, 0x17, 0xc6, 0x44, 0x30, 0x73, 0x84, 0xeb, 0x1f, 0xbe, 0xa1, 0xfb
};

CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_1));

CHECK(secp256k1_rangeproof_verify(
ctx,
&min_value_1, &max_value_1,
&min_value, &max_value,
&pc,
vector_1, sizeof(vector_1),
NULL, 0,
secp256k1_generator_h
));
CHECK(min_value == 86);
CHECK(max_value == 25586);

CHECK(secp256k1_rangeproof_rewind(
ctx,
blind, &value,
message, &m_len,
pc.data,
&min_value, &max_value,
&pc,
vector_1, sizeof(vector_1),
NULL, 0,
secp256k1_generator_h
));

CHECK(memcmp(blind, blind_1, 32) == 0);
CHECK(value == 86);
CHECK(min_value == 86);
CHECK(max_value == 25586);
CHECK(m_len == 448); /* length of the sidechannel in the proof */
for (i = 0; i < m_len; i++) {
/* No message encoded in this vector */
CHECK(message[i] == 0);
}
}

/* Vector 2: embedded message */
{
static const unsigned char vector_2[] = {
0x40, 0x03, 0x00, 0x90, 0x1a, 0x61, 0x64, 0xbb, 0x85, 0x1a, 0x78, 0x35, 0x1e, 0xe0, 0xd5, 0x96,
0x71, 0x0f, 0x18, 0x8e, 0xf3, 0x33, 0xf0, 0x75, 0xfe, 0xd6, 0xc6, 0x11, 0x6b, 0x42, 0x89, 0xea,
0xa2, 0x0c, 0x89, 0x25, 0x37, 0x81, 0x10, 0xf9, 0xf0, 0x9b, 0xda, 0x68, 0x2a, 0xd9, 0x2e, 0x0c,
0x45, 0x17, 0x54, 0x6d, 0x02, 0xd2, 0x21, 0x5d, 0xbc, 0x10, 0xf8, 0x8f, 0xf1, 0x92, 0x40, 0xa9,
0xc7, 0x24, 0x00, 0x1b, 0xc8, 0x75, 0x0f, 0xf6, 0x8f, 0x93, 0x8b, 0x78, 0x62, 0x73, 0x3c, 0x86,
0x4b, 0x61, 0x7c, 0x0f, 0xc6, 0x41, 0xc9, 0xb3, 0xc1, 0x30, 0x7f, 0xd4, 0xee, 0x9f, 0x37, 0x08,
0x9b, 0x64, 0x23, 0xd5, 0xe6, 0x1a, 0x03, 0x54, 0x74, 0x9b, 0x0b, 0xae, 0x6f, 0x2b, 0x1e, 0xf5,
0x40, 0x44, 0xaa, 0x12, 0xe8, 0xbd, 0xe0, 0xa6, 0x85, 0x89, 0xf1, 0xa9, 0xd0, 0x3f, 0x2e, 0xc6,
0x1f, 0x11, 0xf5, 0x44, 0x69, 0x99, 0x31, 0x10, 0x2e, 0x64, 0xc6, 0x44, 0xdb, 0x47, 0x06, 0x6d,
0xd5, 0xf2, 0x8d, 0x19, 0x00, 0x39, 0xb8, 0xca, 0xda, 0x5c, 0x1d, 0x83, 0xbd, 0xa3, 0x6d, 0xbf,
0x97, 0xdd, 0x83, 0x86, 0xc9, 0x56, 0xe2, 0xbb, 0x37, 0x4b, 0x2d, 0xb5, 0x9d, 0xf2, 0x7a, 0x6a,
0x25, 0x47, 0xfa, 0x03, 0x05, 0xc5, 0xda, 0x73, 0xe1, 0x96, 0x15, 0x21, 0x23, 0xe5, 0xef, 0x55,
0x36, 0xdd, 0xf1, 0xb1, 0x3f, 0x33, 0x1a, 0x91, 0x6c, 0x73, 0x64, 0xd3, 0x88, 0xe7, 0xc6, 0xc9,
0x04, 0x29, 0xae, 0x55, 0x27, 0xa0, 0x80, 0x60, 0xaf, 0x0c, 0x09, 0x2f, 0xc8, 0x1b, 0xe6, 0x16,
0x9e, 0xed, 0x29, 0xc7, 0x93, 0xce, 0xc7, 0x0d, 0xdf, 0x1f, 0x28, 0xba, 0xf3, 0x38, 0xc3, 0xaa,
0x99, 0xd9, 0x21, 0x41, 0xb8, 0x10, 0xa5, 0x48, 0x37, 0xec, 0x60, 0xda, 0x64, 0x5a, 0x73, 0x55,
0xd7, 0xff, 0x23, 0xfa, 0xf6, 0xc6, 0xf4, 0xe2, 0xca, 0x99, 0x2f, 0x30, 0x36, 0x48, 0x73, 0x8b,
0x57, 0xa6, 0x62, 0x12, 0xa3, 0xe7, 0x5c, 0xa8, 0xd1, 0xe6, 0x85, 0x05, 0x59, 0xfe, 0x2b, 0x44,
0xe4, 0x73, 0x1c, 0xc3, 0x56, 0x32, 0x07, 0x65, 0x4a, 0x58, 0xaf, 0x2b, 0x3f, 0x36, 0xca, 0xb4,
0x1d, 0x5c, 0x2a, 0x46, 0x1f, 0xf7, 0x63, 0x59, 0x4f, 0x2b, 0xd0, 0xf6, 0xfc, 0xcf, 0x04, 0x09,
0xb7, 0x65, 0x1b
};
static const unsigned char commit_2[] = {
0x09,
0x25, 0xa4, 0xbd, 0xc4, 0x57, 0x69, 0xeb, 0x4f, 0x34, 0x0f, 0xea, 0xb8, 0xe4, 0x72, 0x04, 0x54,
0x06, 0xe5, 0xd6, 0x85, 0x15, 0x42, 0xea, 0x6e, 0x1d, 0x11, 0x11, 0x9c, 0x56, 0xf8, 0x10, 0x45
};
static const unsigned char blind_2[] = {
0xdc, 0x79, 0x07, 0x89, 0x2d, 0xc4, 0xe3, 0x76, 0xf9, 0x13, 0x38, 0xd6, 0x4b, 0x46, 0xed, 0x9d,
0x9b, 0xf6, 0x70, 0x3d, 0x04, 0xcf, 0x96, 0x8c, 0xfd, 0xb5, 0xff, 0x0a, 0x06, 0xc7, 0x08, 0x8b
};
static const unsigned char message_2[] = "When I see my own likeness in the depths of someone else's consciousness, I always experience a moment of panic.";

CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_2));
CHECK(secp256k1_rangeproof_verify(
ctx,
&min_value, &max_value,
&pc,
vector_2, sizeof(vector_2),
NULL, 0,
secp256k1_generator_h
));
CHECK(min_value == 0);
CHECK(max_value == 15);

CHECK(secp256k1_rangeproof_rewind(
ctx,
blind, &value,
message, &m_len,
pc.data,
&min_value, &max_value,
&pc,
vector_2, sizeof(vector_2),
NULL, 0,
secp256k1_generator_h
));

CHECK(memcmp(blind, blind_2, 32) == 0);
CHECK(value == 11);
CHECK(min_value == 0);
CHECK(max_value == 15);
CHECK(m_len == 192); /* length of the sidechannel in the proof */
CHECK(memcmp(message, message_2, sizeof(message_2)) == 0);
for (i = sizeof(message_2); i < m_len; i++) {
/* No message encoded in this vector */
CHECK(message[i] == 0);
}
}

/* Vector 3: single-value proof of UINT64_MAX */
{
static const unsigned char vector_3[] = {
0x20, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xdc, 0x7d, 0x0b, 0x79, 0x0e, 0xaf, 0x41,
0xa5, 0x8e, 0x9b, 0x0c, 0x5b, 0xa3, 0xee, 0x7d, 0xfd, 0x3d, 0x6b, 0xf3, 0xac, 0x04, 0x8a, 0x43,
0x75, 0xb0, 0xb7, 0x0e, 0x92, 0xd7, 0xdf, 0xf0, 0x76, 0xc4, 0xa5, 0xb6, 0x2f, 0xf1, 0xb5, 0xfb,
0xb4, 0xb6, 0x29, 0xea, 0x34, 0x9b, 0x16, 0x30, 0x0d, 0x06, 0xf1, 0xb4, 0x3f, 0x0d, 0x73, 0x59,
0x75, 0xbf, 0x5d, 0x19, 0x59, 0xef, 0x11, 0xf0, 0xbf
};
static const unsigned char commit_3[] = {
0x08,
0xc7, 0xea, 0x40, 0x7d, 0x26, 0x38, 0xa2, 0x99, 0xb9, 0x40, 0x22, 0x78, 0x17, 0x57, 0x65, 0xb3,
0x36, 0x82, 0x18, 0x42, 0xc5, 0x57, 0x04, 0x5e, 0x58, 0x5e, 0xf6, 0x40, 0x8b, 0x24, 0x73, 0x10
};
static const unsigned char nonce_3[] = {
0x84, 0x50, 0x94, 0x69, 0xa3, 0x4b, 0x6c, 0x62, 0x1a, 0xc7, 0xe2, 0x0e, 0x07, 0x9a, 0x6f, 0x85,
0x5f, 0x26, 0x50, 0xcd, 0x88, 0x5a, 0x9f, 0xaa, 0x23, 0x5e, 0x0a, 0xe0, 0x7e, 0xc5, 0xe9, 0xf1
};
static const unsigned char blind_3[] = {
0x68, 0x89, 0x47, 0x8c, 0x77, 0xec, 0xcc, 0x2b, 0x65, 0x01, 0x78, 0x6b, 0x06, 0x8b, 0x38, 0x94,
0xc0, 0x6b, 0x9b, 0x4c, 0x02, 0xa6, 0xc8, 0xf6, 0xc0, 0x34, 0xea, 0x35, 0x57, 0xf4, 0xe1, 0x37
};

CHECK(secp256k1_pedersen_commitment_parse(ctx, &pc, commit_3));
CHECK(secp256k1_rangeproof_verify(
ctx,
&min_value, &max_value,
&pc,
vector_3, sizeof(vector_3),
NULL, 0,
secp256k1_generator_h
));
CHECK(min_value == UINT64_MAX);
CHECK(max_value == UINT64_MAX);

CHECK(secp256k1_rangeproof_rewind(
ctx,
blind, &value,
message, &m_len,
nonce_3,
&min_value, &max_value,
&pc,
vector_3, sizeof(vector_3),
NULL, 0,
secp256k1_generator_h
));
CHECK(memcmp(blind, blind_3, 32) == 0);
CHECK(value == UINT64_MAX);
CHECK(min_value == UINT64_MAX);
CHECK(max_value == UINT64_MAX);
CHECK(m_len == 0);
}
}

void test_pedersen_commitment_fixed_vector(void) {
Expand All @@ -690,6 +938,11 @@ void test_pedersen_commitment_fixed_vector(void) {
void run_rangeproof_tests(void) {
int i;
test_api();

test_single_value_proof(0);
test_single_value_proof(12345678);
test_single_value_proof(UINT64_MAX);

test_rangeproof_fixed_vectors();
test_pedersen_commitment_fixed_vector();
for (i = 0; i < count / 2 + 1; i++) {
Expand Down