Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

musig: add test vectors for applying multiple tweaks #180

Merged
merged 1 commit into from
Apr 5, 2022
Merged

musig: add test vectors for applying multiple tweaks #180

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
103 changes: 88 additions & 15 deletions src/modules/musig/tests_impl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1143,7 +1143,7 @@ void musig_test_vectors_noncegen(void) {
}
}

void musig_test_vectors_sign_helper(secp256k1_musig_keyagg_cache *keyagg_cache, int *fin_nonce_parity, unsigned char *sig, const unsigned char *secnonce_bytes, const unsigned char *agg_pubnonce_ser, const unsigned char *sk, const unsigned char *msg, const unsigned char *tweak, int xonly_tweak, const secp256k1_pubkey *adaptor, const unsigned char **pk_ser, int signer_pos) {
void musig_test_vectors_sign_helper(secp256k1_musig_keyagg_cache *keyagg_cache, int *fin_nonce_parity, unsigned char *sig, const unsigned char *secnonce_bytes, const unsigned char *agg_pubnonce_ser, const unsigned char *sk, const unsigned char *msg, const unsigned char tweak[][32], const int *is_xonly_t, int n_tweaks, const secp256k1_pubkey *adaptor, const unsigned char **pk_ser, int signer_pos) {
secp256k1_keypair signer_keypair;
secp256k1_musig_secnonce secnonce;
secp256k1_xonly_pubkey pk[3];
Expand All @@ -1163,11 +1163,11 @@ void musig_test_vectors_sign_helper(secp256k1_musig_keyagg_cache *keyagg_cache,
pk_ptr[i] = &pk[i];
}
CHECK(secp256k1_musig_pubkey_agg(ctx, NULL, &agg_pk, keyagg_cache, pk_ptr, 3) == 1);
if (tweak != NULL) {
if (xonly_tweak) {
CHECK(secp256k1_musig_pubkey_xonly_tweak_add(ctx, NULL, keyagg_cache, tweak) == 1);
for (i = 0; i < n_tweaks; i++) {
if (is_xonly_t[i]) {
CHECK(secp256k1_musig_pubkey_xonly_tweak_add(ctx, NULL, keyagg_cache, tweak[i]) == 1);
} else {
CHECK(secp256k1_musig_pubkey_ec_tweak_add(ctx, NULL, keyagg_cache, tweak) == 1);
CHECK(secp256k1_musig_pubkey_ec_tweak_add(ctx, NULL, keyagg_cache, tweak[i]) == 1);
}
}
memcpy(&secnonce.data[0], secp256k1_musig_secnonce_magic, 4);
Expand Down Expand Up @@ -1247,7 +1247,7 @@ void musig_test_vectors_sign(void) {
0x20, 0xA1, 0x81, 0x85, 0x5F, 0xD8, 0xBD, 0xB7,
0xF1, 0x27, 0xBB, 0x12, 0x40, 0x3B, 0x4D, 0x3B,
};
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, NULL, 0, NULL, pk, 0);
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, NULL, NULL, 0, NULL, pk, 0);
/* TODO: remove when test vectors are not expected to change anymore */
/* int k, l; */
/* printf("const unsigned char sig_expected[32] = {\n"); */
Expand Down Expand Up @@ -1276,7 +1276,7 @@ void musig_test_vectors_sign(void) {
0x81, 0x38, 0xDA, 0xEC, 0x5C, 0xB2, 0x0A, 0x35,
0x7C, 0xEC, 0xA7, 0xC8, 0x42, 0x42, 0x95, 0xEA,
};
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, NULL, 0, NULL, pk, 1);
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, NULL, NULL, 0, NULL, pk, 1);
/* Check that the description of the test vector is correct */
CHECK(musig_test_pk_parity(&keyagg_cache) == 0);
CHECK(musig_test_is_second_pk(&keyagg_cache, sk));
Expand All @@ -1292,7 +1292,7 @@ void musig_test_vectors_sign(void) {
0xE6, 0xA7, 0xF7, 0xFB, 0xE1, 0x5C, 0xDC, 0xAF,
0xA4, 0xA3, 0xD1, 0xBC, 0xAA, 0xBC, 0x75, 0x17,
};
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, NULL, 0, NULL, pk, 2);
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, NULL, NULL, 0, NULL, pk, 2);
/* Check that the description of the test vector is correct */
CHECK(musig_test_pk_parity(&keyagg_cache) == 1);
CHECK(fin_nonce_parity == 0);
Expand All @@ -1307,13 +1307,14 @@ void musig_test_vectors_sign(void) {
0x15, 0x97, 0xF9, 0x60, 0x3D, 0x3A, 0xB0, 0x5B,
0x49, 0x13, 0x64, 0x17, 0x75, 0xE1, 0x37, 0x5B,
};
const unsigned char tweak[32] = {
const unsigned char tweak[1][32] = {{
0xE8, 0xF7, 0x91, 0xFF, 0x92, 0x25, 0xA2, 0xAF,
0x01, 0x02, 0xAF, 0xFF, 0x4A, 0x9A, 0x72, 0x3D,
0x96, 0x12, 0xA6, 0x82, 0xA2, 0x5E, 0xBE, 0x79,
0x80, 0x2B, 0x26, 0x3C, 0xDF, 0xCD, 0x83, 0xBB,
};
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, tweak, 1, NULL, pk, 2);
}};
int is_xonly_t[1] = { 1 };
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, tweak, is_xonly_t, 1, NULL, pk, 2);

CHECK(musig_test_pk_parity(&keyagg_cache) == 1);
CHECK(!musig_test_is_second_pk(&keyagg_cache, sk));
Expand All @@ -1328,19 +1329,91 @@ void musig_test_vectors_sign(void) {
0x19, 0x5C, 0x1D, 0x4B, 0x52, 0xE6, 0x3E, 0xCD,
0x7B, 0xC5, 0x99, 0x16, 0x44, 0xE4, 0x4D, 0xDD,
};
const unsigned char tweak[32] = {
const unsigned char tweak[1][32] = {{
0xE8, 0xF7, 0x91, 0xFF, 0x92, 0x25, 0xA2, 0xAF,
0x01, 0x02, 0xAF, 0xFF, 0x4A, 0x9A, 0x72, 0x3D,
0x96, 0x12, 0xA6, 0x82, 0xA2, 0x5E, 0xBE, 0x79,
0x80, 0x2B, 0x26, 0x3C, 0xDF, 0xCD, 0x83, 0xBB,
};
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, tweak, 0, NULL, pk, 2);
}};
int is_xonly_t[1] = { 0 };
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, tweak, is_xonly_t, 1, NULL, pk, 2);
Comment on lines +1338 to +1339
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:

Suggested change
int is_xonly_t[1] = { 0 };
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, tweak, is_xonly_t, 1, NULL, pk, 2);
int is_xonly_t[1] = { 0 };
CHECK(sizeof(is_xonly_t) == sizeof(tweak)/sizeof(tweak[0]));
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, tweak, is_xonly_t, sizeof(is_xonly_t), NULL, pk, 2);

this makes the code a little more robust against copy-n-paste mistakes.

same below.


CHECK(musig_test_pk_parity(&keyagg_cache) == 1);
CHECK(!musig_test_is_second_pk(&keyagg_cache, sk));
CHECK(fin_nonce_parity == 0);
CHECK(memcmp(sig, sig_expected, 32) == 0);
}
{
/* This is a test that includes an ordinary and an x-only public key tweak. */
const unsigned char sig_expected[32] = {
0xC3, 0xA8, 0x29, 0xA8, 0x14, 0x80, 0xE3, 0x6E,
0xC3, 0xAB, 0x05, 0x29, 0x64, 0x50, 0x9A, 0x94,
0xEB, 0xF3, 0x42, 0x10, 0x40, 0x3D, 0x16, 0xB2,
0x26, 0xA6, 0xF1, 0x6E, 0xC8, 0x5B, 0x73, 0x57,
};

const unsigned char tweak[2][32] = {
{
0xE8, 0xF7, 0x91, 0xFF, 0x92, 0x25, 0xA2, 0xAF,
0x01, 0x02, 0xAF, 0xFF, 0x4A, 0x9A, 0x72, 0x3D,
0x96, 0x12, 0xA6, 0x82, 0xA2, 0x5E, 0xBE, 0x79,
0x80, 0x2B, 0x26, 0x3C, 0xDF, 0xCD, 0x83, 0xBB,
},
{
0xAE, 0x2E, 0xA7, 0x97, 0xCC, 0x0F, 0xE7, 0x2A,
0xC5, 0xB9, 0x7B, 0x97, 0xF3, 0xC6, 0x95, 0x7D,
0x7E, 0x41, 0x99, 0xA1, 0x67, 0xA5, 0x8E, 0xB0,
0x8B, 0xCA, 0xFF, 0xDA, 0x70, 0xAC, 0x04, 0x55,
},
};
int is_xonly_t[2] = { 0, 1 };
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, tweak, is_xonly_t, 2, NULL, pk, 2);
CHECK(musig_test_pk_parity(&keyagg_cache) == 0);
CHECK(!musig_test_is_second_pk(&keyagg_cache, sk));
CHECK(fin_nonce_parity == 0);
CHECK(memcmp(sig, sig_expected, 32) == 0);
}
{
/* This is a test with four tweaks: x-only, ordinary, x-only, ordinary. */
const unsigned char sig_expected[32] = {
0x8C, 0x44, 0x73, 0xC6, 0xA3, 0x82, 0xBD, 0x3C,
0x4A, 0xD7, 0xBE, 0x59, 0x81, 0x8D, 0xA5, 0xED,
0x7C, 0xF8, 0xCE, 0xC4, 0xBC, 0x21, 0x99, 0x6C,
0xFD, 0xA0, 0x8B, 0xB4, 0x31, 0x6B, 0x8B, 0xC7,
};
const unsigned char tweak[4][32] = {
{
0xE8, 0xF7, 0x91, 0xFF, 0x92, 0x25, 0xA2, 0xAF,
0x01, 0x02, 0xAF, 0xFF, 0x4A, 0x9A, 0x72, 0x3D,
0x96, 0x12, 0xA6, 0x82, 0xA2, 0x5E, 0xBE, 0x79,
0x80, 0x2B, 0x26, 0x3C, 0xDF, 0xCD, 0x83, 0xBB,
},
{
0xAE, 0x2E, 0xA7, 0x97, 0xCC, 0x0F, 0xE7, 0x2A,
0xC5, 0xB9, 0x7B, 0x97, 0xF3, 0xC6, 0x95, 0x7D,
0x7E, 0x41, 0x99, 0xA1, 0x67, 0xA5, 0x8E, 0xB0,
0x8B, 0xCA, 0xFF, 0xDA, 0x70, 0xAC, 0x04, 0x55,
},
{
0xF5, 0x2E, 0xCB, 0xC5, 0x65, 0xB3, 0xD8, 0xBE,
0xA2, 0xDF, 0xD5, 0xB7, 0x5A, 0x4F, 0x45, 0x7E,
0x54, 0x36, 0x98, 0x09, 0x32, 0x2E, 0x41, 0x20,
0x83, 0x16, 0x26, 0xF2, 0x90, 0xFA, 0x87, 0xE0,
},
{
0x19, 0x69, 0xAD, 0x73, 0xCC, 0x17, 0x7F, 0xA0,
0xB4, 0xFC, 0xED, 0x6D, 0xF1, 0xF7, 0xBF, 0x99,
0x07, 0xE6, 0x65, 0xFD, 0xE9, 0xBA, 0x19, 0x6A,
0x74, 0xFE, 0xD0, 0xA3, 0xCF, 0x5A, 0xEF, 0x9D,
},
};
int is_xonly_t[4] = { 1, 0, 1, 0 };
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, tweak, is_xonly_t, 4, NULL, pk, 2);
CHECK(musig_test_pk_parity(&keyagg_cache) == 0);
CHECK(!musig_test_is_second_pk(&keyagg_cache, sk));
CHECK(fin_nonce_parity == 1);
CHECK(memcmp(sig, sig_expected, 32) == 0);
}
{
/* This is a test that includes an adaptor. */
const unsigned char sig_expected[32] = {
Expand All @@ -1357,7 +1430,7 @@ void musig_test_vectors_sign(void) {
};
secp256k1_pubkey pub_adaptor;
CHECK(secp256k1_ec_pubkey_create(ctx, &pub_adaptor, sec_adaptor) == 1);
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, NULL, 0, &pub_adaptor, pk, 2);
musig_test_vectors_sign_helper(&keyagg_cache, &fin_nonce_parity, sig, secnonce, agg_pubnonce, sk, msg, NULL, NULL, 0, &pub_adaptor, pk, 2);

CHECK(musig_test_pk_parity(&keyagg_cache) == 1);
CHECK(!musig_test_is_second_pk(&keyagg_cache, sk));
Expand Down