diff --git a/crypto/dleq/src/tests/cross_group/schnorr.rs b/crypto/dleq/src/tests/cross_group/schnorr.rs index cc6a2cdb..18dd6f1a 100644 --- a/crypto/dleq/src/tests/cross_group/schnorr.rs +++ b/crypto/dleq/src/tests/cross_group/schnorr.rs @@ -16,17 +16,20 @@ fn test_schnorr() where G::Scalar: PrimeFieldBits + Zeroize, { - let private = G::Scalar::random(&mut OsRng); - let transcript = RecommendedTranscript::new(b"Schnorr Test"); - let mut batch = BatchVerifier::new(3); - SchnorrPoK::prove(&mut OsRng, &mut transcript.clone(), G::generator(), private).verify( - &mut OsRng, - &mut transcript.clone(), - G::generator(), - G::generator() * private, - &mut batch, - ); + + let mut batch = BatchVerifier::new(10); + for _ in 0 .. 10 { + let private = G::Scalar::random(&mut OsRng); + SchnorrPoK::prove(&mut OsRng, &mut transcript.clone(), G::generator(), private).verify( + &mut OsRng, + &mut transcript.clone(), + G::generator(), + G::generator() * private, + &mut batch, + ); + } + assert!(batch.verify_vartime()); } diff --git a/crypto/multiexp/src/batch.rs b/crypto/multiexp/src/batch.rs index d571dd98..398b9b7d 100644 --- a/crypto/multiexp/src/batch.rs +++ b/crypto/multiexp/src/batch.rs @@ -2,7 +2,7 @@ use rand_core::{RngCore, CryptoRng}; use zeroize::Zeroize; -use ff::{Field, PrimeField, PrimeFieldBits}; +use ff::{Field, PrimeFieldBits}; use group::Group; use crate::{multiexp, multiexp_vartime}; @@ -32,6 +32,12 @@ where } else { let mut weight; while { + // Generate a random scalar + weight = G::Scalar::random(&mut *rng); + + // Clears half the bits, maintaining security, to minimize scalar additions + // Is not practically faster for whatever reason + /* // Generate a random scalar let mut repr = G::Scalar::random(&mut *rng).to_repr(); @@ -55,6 +61,7 @@ where repr.as_mut().reverse(); weight = G::Scalar::from_repr(repr).unwrap(); } + */ // Ensure it's non-zero, as a zero scalar would cause this item to pass no matter what weight.is_zero().into()