mirror of
https://github.com/serai-dex/serai.git
synced 2024-12-22 19:49:22 +00:00
Start modularizing FROST tests as per https://github.com/serai-dex/serai/issues/9
This commit is contained in:
parent
1eaf2f897b
commit
868a63a6b2
7 changed files with 182 additions and 52 deletions
|
@ -14,6 +14,8 @@ pub mod key_gen;
|
||||||
pub mod algorithm;
|
pub mod algorithm;
|
||||||
pub mod sign;
|
pub mod sign;
|
||||||
|
|
||||||
|
pub mod tests;
|
||||||
|
|
||||||
/// Set of errors for curve-related operations, namely encoding and decoding
|
/// Set of errors for curve-related operations, namely encoding and decoding
|
||||||
#[derive(Error, Debug)]
|
#[derive(Error, Debug)]
|
||||||
pub enum CurveError {
|
pub enum CurveError {
|
||||||
|
|
32
crypto/frost/src/tests/curve.rs
Normal file
32
crypto/frost/src/tests/curve.rs
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
use rand_core::{RngCore, CryptoRng};
|
||||||
|
|
||||||
|
use crate::{
|
||||||
|
Curve, MultisigKeys,
|
||||||
|
tests::{schnorr::{sign, verify, batch_verify}, key_gen}
|
||||||
|
};
|
||||||
|
|
||||||
|
// Test generation of FROST keys
|
||||||
|
fn key_generation<R: RngCore + CryptoRng, C: Curve>(rng: &mut R) {
|
||||||
|
// This alone verifies the verification shares and group key are agreed upon as expected
|
||||||
|
key_gen::<_, C>(rng);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Test serialization of generated keys
|
||||||
|
fn keys_serialization<R: RngCore + CryptoRng, C: Curve>(rng: &mut R) {
|
||||||
|
for (_, keys) in key_gen::<_, C>(rng) {
|
||||||
|
assert_eq!(&MultisigKeys::<C>::deserialize(&keys.serialize()).unwrap(), &*keys);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn test_curve<R: RngCore + CryptoRng, C: Curve>(rng: &mut R) {
|
||||||
|
// TODO: Test the Curve functions themselves
|
||||||
|
|
||||||
|
// Test Schnorr signatures work as expected
|
||||||
|
sign::<_, C>(rng);
|
||||||
|
verify::<_, C>(rng);
|
||||||
|
batch_verify::<_, C>(rng);
|
||||||
|
|
||||||
|
// Test FROST key generation and serialization of MultisigKeys works as expected
|
||||||
|
key_generation::<_, C>(rng);
|
||||||
|
keys_serialization::<_, C>(rng);
|
||||||
|
}
|
2
crypto/frost/src/tests/literal/mod.rs
Normal file
2
crypto/frost/src/tests/literal/mod.rs
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
mod secp256k1;
|
||||||
|
mod schnorr;
|
42
crypto/frost/src/tests/literal/schnorr.rs
Normal file
42
crypto/frost/src/tests/literal/schnorr.rs
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
use std::rc::Rc;
|
||||||
|
|
||||||
|
use rand::rngs::OsRng;
|
||||||
|
|
||||||
|
use crate::{
|
||||||
|
Curve, schnorr, algorithm::{Hram, Schnorr},
|
||||||
|
tests::{key_gen, algorithm_machines, sign as sign_test, actual::secp256k1::{Secp256k1, TestHram}}
|
||||||
|
};
|
||||||
|
|
||||||
|
const MESSAGE: &[u8] = b"Hello World";
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn sign() {
|
||||||
|
sign_test(
|
||||||
|
&mut OsRng,
|
||||||
|
algorithm_machines(
|
||||||
|
&mut OsRng,
|
||||||
|
Schnorr::<Secp256k1, TestHram>::new(),
|
||||||
|
&key_gen::<_, Secp256k1>(&mut OsRng)
|
||||||
|
),
|
||||||
|
MESSAGE
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn sign_with_offset() {
|
||||||
|
let mut keys = key_gen::<_, Secp256k1>(&mut OsRng);
|
||||||
|
let group_key = keys[&1].group_key();
|
||||||
|
|
||||||
|
let offset = Secp256k1::hash_to_F(b"offset");
|
||||||
|
for i in 1 ..= u16::try_from(keys.len()).unwrap() {
|
||||||
|
keys.insert(i, Rc::new(keys[&i].offset(offset)));
|
||||||
|
}
|
||||||
|
let offset_key = group_key + (Secp256k1::generator_table() * offset);
|
||||||
|
|
||||||
|
let sig = sign_test(
|
||||||
|
&mut OsRng,
|
||||||
|
algorithm_machines(&mut OsRng, Schnorr::<Secp256k1, TestHram>::new(), &keys),
|
||||||
|
MESSAGE
|
||||||
|
);
|
||||||
|
assert!(schnorr::verify(offset_key, TestHram::hram(&sig.R, &offset_key, MESSAGE), &sig));
|
||||||
|
}
|
|
@ -1,5 +1,7 @@
|
||||||
use core::convert::TryInto;
|
use core::convert::TryInto;
|
||||||
|
|
||||||
|
use rand::rngs::OsRng;
|
||||||
|
|
||||||
use ff::PrimeField;
|
use ff::PrimeField;
|
||||||
use group::GroupEncoding;
|
use group::GroupEncoding;
|
||||||
|
|
||||||
|
@ -11,7 +13,7 @@ use k256::{
|
||||||
ProjectivePoint
|
ProjectivePoint
|
||||||
};
|
};
|
||||||
|
|
||||||
use frost::{CurveError, Curve, multiexp_vartime, algorithm::Hram};
|
use crate::{CurveError, Curve, multiexp_vartime, algorithm::Hram, tests::curve::test_curve};
|
||||||
|
|
||||||
#[derive(Clone, Copy, PartialEq, Eq, Debug)]
|
#[derive(Clone, Copy, PartialEq, Eq, Debug)]
|
||||||
pub struct Secp256k1;
|
pub struct Secp256k1;
|
||||||
|
@ -105,3 +107,8 @@ impl Hram<Secp256k1> for TestHram {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn secp256k1_curve() {
|
||||||
|
test_curve::<_, Secp256k1>(&mut OsRng);
|
||||||
|
}
|
|
@ -1,21 +1,29 @@
|
||||||
use std::{rc::Rc, collections::HashMap};
|
use std::{rc::Rc, collections::HashMap};
|
||||||
|
|
||||||
use rand::rngs::OsRng;
|
use rand_core::{RngCore, CryptoRng};
|
||||||
|
|
||||||
use frost::{
|
use crate::{
|
||||||
Curve,
|
Curve,
|
||||||
MultisigParams, MultisigKeys,
|
MultisigParams, MultisigKeys,
|
||||||
key_gen,
|
key_gen,
|
||||||
algorithm::{Algorithm, Schnorr, SchnorrSignature},
|
algorithm::Algorithm,
|
||||||
sign::{StateMachine, AlgorithmMachine}
|
sign::{StateMachine, AlgorithmMachine}
|
||||||
};
|
};
|
||||||
|
|
||||||
mod common;
|
// Internal tests
|
||||||
use common::{Secp256k1, TestHram};
|
mod schnorr;
|
||||||
|
|
||||||
const PARTICIPANTS: u16 = 8;
|
// Test suites for public usage
|
||||||
|
pub mod curve;
|
||||||
|
|
||||||
fn clone_without<K: Clone + std::cmp::Eq + std::hash::Hash, V: Clone>(
|
// Literal test definitions to run during `cargo test`
|
||||||
|
#[cfg(test)]
|
||||||
|
mod literal;
|
||||||
|
|
||||||
|
pub const PARTICIPANTS: u16 = 5;
|
||||||
|
pub const THRESHOLD: u16 = ((PARTICIPANTS / 3) * 2) + 1;
|
||||||
|
|
||||||
|
pub fn clone_without<K: Clone + std::cmp::Eq + std::hash::Hash, V: Clone>(
|
||||||
map: &HashMap<K, V>,
|
map: &HashMap<K, V>,
|
||||||
without: &K
|
without: &K
|
||||||
) -> HashMap<K, V> {
|
) -> HashMap<K, V> {
|
||||||
|
@ -24,7 +32,9 @@ fn clone_without<K: Clone + std::cmp::Eq + std::hash::Hash, V: Clone>(
|
||||||
res
|
res
|
||||||
}
|
}
|
||||||
|
|
||||||
fn key_gen<C: Curve>() -> HashMap<u16, Rc<MultisigKeys<C>>> {
|
pub fn key_gen<R: RngCore + CryptoRng, C: Curve>(
|
||||||
|
rng: &mut R
|
||||||
|
) -> HashMap<u16, Rc<MultisigKeys<C>>> {
|
||||||
let mut params = HashMap::new();
|
let mut params = HashMap::new();
|
||||||
let mut machines = HashMap::new();
|
let mut machines = HashMap::new();
|
||||||
|
|
||||||
|
@ -33,7 +43,7 @@ fn key_gen<C: Curve>() -> HashMap<u16, Rc<MultisigKeys<C>>> {
|
||||||
params.insert(
|
params.insert(
|
||||||
i,
|
i,
|
||||||
MultisigParams::new(
|
MultisigParams::new(
|
||||||
((PARTICIPANTS / 3) * 2) + 1,
|
THRESHOLD,
|
||||||
PARTICIPANTS,
|
PARTICIPANTS,
|
||||||
i
|
i
|
||||||
).unwrap()
|
).unwrap()
|
||||||
|
@ -47,7 +57,7 @@ fn key_gen<C: Curve>() -> HashMap<u16, Rc<MultisigKeys<C>>> {
|
||||||
);
|
);
|
||||||
commitments.insert(
|
commitments.insert(
|
||||||
i,
|
i,
|
||||||
machines.get_mut(&i).unwrap().generate_coefficients(&mut OsRng).unwrap()
|
machines.get_mut(&i).unwrap().generate_coefficients(rng).unwrap()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -55,7 +65,7 @@ fn key_gen<C: Curve>() -> HashMap<u16, Rc<MultisigKeys<C>>> {
|
||||||
for (l, machine) in machines.iter_mut() {
|
for (l, machine) in machines.iter_mut() {
|
||||||
secret_shares.insert(
|
secret_shares.insert(
|
||||||
*l,
|
*l,
|
||||||
machine.generate_secret_shares(&mut OsRng, clone_without(&commitments, l)).unwrap()
|
machine.generate_secret_shares(rng, clone_without(&commitments, l)).unwrap()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -72,55 +82,69 @@ fn key_gen<C: Curve>() -> HashMap<u16, Rc<MultisigKeys<C>>> {
|
||||||
}
|
}
|
||||||
let these_keys = machine.complete(our_secret_shares).unwrap();
|
let these_keys = machine.complete(our_secret_shares).unwrap();
|
||||||
|
|
||||||
// Test serialization
|
// Verify the verification_shares are agreed upon
|
||||||
assert_eq!(
|
|
||||||
MultisigKeys::<C>::deserialize(&these_keys.serialize()).unwrap(),
|
|
||||||
these_keys
|
|
||||||
);
|
|
||||||
|
|
||||||
if verification_shares.is_none() {
|
if verification_shares.is_none() {
|
||||||
verification_shares = Some(these_keys.verification_shares());
|
verification_shares = Some(these_keys.verification_shares());
|
||||||
}
|
}
|
||||||
assert_eq!(verification_shares.as_ref().unwrap(), &these_keys.verification_shares());
|
assert_eq!(verification_shares.as_ref().unwrap(), &these_keys.verification_shares());
|
||||||
|
|
||||||
|
// Verify the group keys are agreed upon
|
||||||
if group_key.is_none() {
|
if group_key.is_none() {
|
||||||
group_key = Some(these_keys.group_key());
|
group_key = Some(these_keys.group_key());
|
||||||
}
|
}
|
||||||
assert_eq!(group_key.unwrap(), these_keys.group_key());
|
assert_eq!(group_key.unwrap(), these_keys.group_key());
|
||||||
|
|
||||||
keys.insert(*i, Rc::new(these_keys.clone()));
|
keys.insert(*i, Rc::new(these_keys));
|
||||||
}
|
}
|
||||||
|
|
||||||
keys
|
keys
|
||||||
}
|
}
|
||||||
|
|
||||||
fn sign<C: Curve, A: Algorithm<C, Signature = SchnorrSignature<C>>>(
|
pub fn algorithm_machines<R: RngCore, C: Curve, A: Algorithm<C>>(
|
||||||
|
rng: &mut R,
|
||||||
algorithm: A,
|
algorithm: A,
|
||||||
keys: &HashMap<u16, Rc<MultisigKeys<C>>>
|
keys: &HashMap<u16, Rc<MultisigKeys<C>>>,
|
||||||
) {
|
) -> HashMap<u16, AlgorithmMachine<C, A>> {
|
||||||
let t = keys[&1].params().t();
|
let mut included = vec![];
|
||||||
let mut machines = HashMap::new();
|
while included.len() < usize::from(keys[&1].params().t()) {
|
||||||
|
let n = u16::try_from((rng.next_u64() % u64::try_from(keys.len()).unwrap()) + 1).unwrap();
|
||||||
|
if included.contains(&n) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
included.push(n);
|
||||||
|
}
|
||||||
|
|
||||||
|
keys.iter().filter_map(
|
||||||
|
|(i, keys)| if included.contains(&i) {
|
||||||
|
Some((
|
||||||
|
*i,
|
||||||
|
AlgorithmMachine::new(
|
||||||
|
algorithm.clone(),
|
||||||
|
keys.clone(),
|
||||||
|
&included.clone()
|
||||||
|
).unwrap()
|
||||||
|
))
|
||||||
|
} else {
|
||||||
|
None
|
||||||
|
}
|
||||||
|
).collect()
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn sign<R: RngCore + CryptoRng, M: StateMachine>(
|
||||||
|
rng: &mut R,
|
||||||
|
mut machines: HashMap<u16, M>,
|
||||||
|
msg: &[u8]
|
||||||
|
) -> M::Signature {
|
||||||
let mut commitments = HashMap::new();
|
let mut commitments = HashMap::new();
|
||||||
for i in 1 ..= t {
|
for (i, machine) in machines.iter_mut() {
|
||||||
machines.insert(
|
commitments.insert(*i, machine.preprocess(rng).unwrap());
|
||||||
i,
|
|
||||||
AlgorithmMachine::new(
|
|
||||||
algorithm.clone(),
|
|
||||||
keys[&i].clone(),
|
|
||||||
&(1 ..= t).collect::<Vec<_>>()
|
|
||||||
).unwrap()
|
|
||||||
);
|
|
||||||
commitments.insert(
|
|
||||||
i,
|
|
||||||
machines.get_mut(&i).unwrap().preprocess(&mut OsRng).unwrap()
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut shares = HashMap::new();
|
let mut shares = HashMap::new();
|
||||||
for (i, machine) in machines.iter_mut() {
|
for (i, machine) in machines.iter_mut() {
|
||||||
shares.insert(
|
shares.insert(
|
||||||
*i,
|
*i,
|
||||||
machine.sign(clone_without(&commitments, i), b"Hello World").unwrap()
|
machine.sign(clone_without(&commitments, i), msg).unwrap()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -128,20 +152,9 @@ fn sign<C: Curve, A: Algorithm<C, Signature = SchnorrSignature<C>>>(
|
||||||
for (i, machine) in machines.iter_mut() {
|
for (i, machine) in machines.iter_mut() {
|
||||||
let sig = machine.complete(clone_without(&shares, i)).unwrap();
|
let sig = machine.complete(clone_without(&shares, i)).unwrap();
|
||||||
if signature.is_none() {
|
if signature.is_none() {
|
||||||
signature = Some(sig);
|
signature = Some(sig.clone());
|
||||||
}
|
}
|
||||||
assert_eq!(sig, signature.unwrap());
|
assert_eq!(&sig, signature.as_ref().unwrap());
|
||||||
}
|
}
|
||||||
}
|
signature.unwrap()
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn key_gen_and_sign() {
|
|
||||||
let mut keys = key_gen::<Secp256k1>();
|
|
||||||
|
|
||||||
sign(Schnorr::<Secp256k1, TestHram>::new(), &keys);
|
|
||||||
|
|
||||||
for i in 1 ..= u16::try_from(PARTICIPANTS).unwrap() {
|
|
||||||
keys.insert(i, Rc::new(keys[&i].offset(Secp256k1::hash_to_F(b"offset"))));
|
|
||||||
}
|
|
||||||
sign(Schnorr::<Secp256k1, TestHram>::new(), &keys);
|
|
||||||
}
|
}
|
32
crypto/frost/src/tests/schnorr.rs
Normal file
32
crypto/frost/src/tests/schnorr.rs
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
use rand_core::{RngCore, CryptoRng};
|
||||||
|
|
||||||
|
use ff::Field;
|
||||||
|
|
||||||
|
use crate::{Curve, schnorr, algorithm::SchnorrSignature};
|
||||||
|
|
||||||
|
pub(crate) fn sign<R: RngCore + CryptoRng, C: Curve>(rng: &mut R) {
|
||||||
|
let private_key = C::F::random(&mut *rng);
|
||||||
|
let nonce = C::F::random(&mut *rng);
|
||||||
|
let challenge = C::F::random(rng); // Doesn't bother to craft an HRAM
|
||||||
|
assert!(
|
||||||
|
schnorr::verify::<C>(
|
||||||
|
C::generator_table() * private_key,
|
||||||
|
challenge,
|
||||||
|
&schnorr::sign(private_key, nonce, challenge)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
// The above sign function verifies signing works
|
||||||
|
// This verifies invalid signatures don't pass, using zero signatures, which should effectively be
|
||||||
|
// random
|
||||||
|
pub(crate) fn verify<R: RngCore + CryptoRng, C: Curve>(rng: &mut R) {
|
||||||
|
assert!(
|
||||||
|
!schnorr::verify::<C>(
|
||||||
|
C::generator_table() * C::F::random(&mut *rng),
|
||||||
|
C::F::random(rng),
|
||||||
|
&SchnorrSignature { R: C::generator_table() * C::F::zero(), s: C::F::zero() }
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue