From e50d7de7ccbbdf9853aa941c7907311b55468712 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Sun, 5 Nov 2023 18:21:19 +0300 Subject: [PATCH 1/2] fix: do wrapping ops where overflow is expected --- crates/biguint/Nargo.toml | 3 +-- crates/biguint/src/lib.nr | 22 +++++++++++----------- crates/biguint/src/utils.nr | 3 ++- crates/curves/Nargo.toml | 4 ++-- crates/primefield/Nargo.toml | 4 ++-- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/crates/biguint/Nargo.toml b/crates/biguint/Nargo.toml index 19c9f9e..13e1a70 100644 --- a/crates/biguint/Nargo.toml +++ b/crates/biguint/Nargo.toml @@ -2,5 +2,4 @@ name = "biguint" authors = ["shuklaayush"] type = "lib" -compiler_version = "0.9.0" - +# compiler_version = "0.9.0" diff --git a/crates/biguint/src/lib.nr b/crates/biguint/src/lib.nr index 02d3e9c..619c6e0 100644 --- a/crates/biguint/src/lib.nr +++ b/crates/biguint/src/lib.nr @@ -390,14 +390,14 @@ fn test_from_bytes1() { fn test_from_bytes2() { let bytes = [255 as u8; 7]; let a = BigUint56::from_bytes(bytes); - assert(a.eq(BigUint56{ limbs: [0-1 as u56, 0, 0, 0, 0] })); + assert(a.eq(BigUint56{ limbs: [0xffffffffffffff, 0, 0, 0, 0] })); } #[test] fn test_from_bytes3() { let bytes = [255 as u8; 8]; let a = BigUint56::from_bytes(bytes); - assert(a.eq(BigUint56{ limbs: [0-1 as u56, 255, 0, 0, 0] })); + assert(a.eq(BigUint56{ limbs: [0xffffffffffffff, 255, 0, 0, 0] })); } #[test] @@ -406,7 +406,7 @@ fn test_to_bytes1() { let b = BigUint56::one(); let c = a.sub(b); - assert(c.to_bytes() == [0-1 as u8; MAX_BYTES]); + assert(c.to_bytes() == [0xff; MAX_BYTES]); } #[test] @@ -429,7 +429,7 @@ fn test_add1() { #[test] fn test_add2() { - let a = BigUint56{ limbs: [0-1 as u56, 0-1 as u56, 0-1 as u56, 0-1 as u56, 0] }; + let a = BigUint56{ limbs: [0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0] }; let b = BigUint56{ limbs: [1, 0, 0, 0, 0] }; let sum = a.add(b); @@ -438,7 +438,7 @@ fn test_add2() { #[test] fn test_adc1() { - let a = BigUint56{ limbs: [0-1 as u56; NUM_LIMBS] }; + let a = BigUint56{ limbs: [0xffffffffffffff; NUM_LIMBS] }; let b = BigUint56::one(); let (sum, carry) = a.adc(b); @@ -461,7 +461,7 @@ fn test_sub2() { let b = BigUint56{ limbs: [2, 0, 0, 0, 0] }; let diff = a.sub(b); - assert(diff.eq(BigUint56{ limbs: [0-1 as u56, 1, 0, 0, 0] })); + assert(diff.eq(BigUint56{ limbs: [0xffffffffffffff, 1, 0, 0, 0] })); } #[test] @@ -470,7 +470,7 @@ fn test_sbb1() { let b = BigUint56{ limbs: [2, 0, 0, 0, 0] }; let (diff, borrow) = a.sbb(b); - assert(diff.eq(BigUint56{ limbs: [0-1 as u56; 5] })); + assert(diff.eq(BigUint56{ limbs: [0xffffffffffffff; 5] })); assert(borrow >> (BITS_PER_LIMB as u56 - 1) == 1); } @@ -486,12 +486,12 @@ fn test_mul1() { #[test] fn test_mul2() { - let a = BigUint56{ limbs: [0-1 as u56; 5] }; - let b = BigUint56{ limbs: [0-1 as u56; 5] }; + let a = BigUint56{ limbs: [0xffffffffffffff; 5] }; + let b = BigUint56{ limbs: [0xffffffffffffff; 5] }; let (lo, hi) = a.mul(b); assert(lo.eq(BigUint56::one())); - assert(hi.eq(BigUint56{ limbs: [0-2 as u56, 0-1 as u56, 0-1 as u56, 0-1 as u56, 0-1 as u56] })); + assert(hi.eq(BigUint56{ limbs: [0xfffffffffffffe, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff] })); } #[test] @@ -634,7 +634,7 @@ fn test_bits2() { #[test] fn test_bits3() { - let a = BigUint56::from_bytes([0-1 as u8]); + let a = BigUint56::from_bytes([0xff]); let b = a.nbits(); assert(b == 8); diff --git a/crates/biguint/src/utils.nr b/crates/biguint/src/utils.nr index e7592b4..fda0227 100644 --- a/crates/biguint/src/utils.nr +++ b/crates/biguint/src/utils.nr @@ -1,4 +1,5 @@ use crate::BITS_PER_LIMB as BITS; +use dep::std; // Compute a + b + carry, returning the result and the new carry over. // TODO: Does carry need to be a u56? @@ -9,7 +10,7 @@ pub fn adc(a: u56, b: u56, carry: u56) -> (u56, u56) { // Compute a - (b + borrow), returning the result and the new borrow. pub fn sbb(a: u56, b: u56, borrow: u56) -> (u56, u56) { - let ret = a as u112 - (b as u112 + (borrow as u112 >> (BITS as u112 - 1))); + let ret = std::wrapping_sub(a as u112, b as u112 + (borrow as u112 >> (BITS as u112 - 1))); (ret as u56, (ret >> 56) as u56) } diff --git a/crates/curves/Nargo.toml b/crates/curves/Nargo.toml index d2449e6..38851a9 100644 --- a/crates/curves/Nargo.toml +++ b/crates/curves/Nargo.toml @@ -2,8 +2,8 @@ name = "curves" authors = ["shuklaayush"] type = "lib" -compiler_version = "0.9.0" +# compiler_version = "0.9.0" [dependencies] biguint = { path = "../biguint" } -primefield = { path = "../primefield" } \ No newline at end of file +primefield = { path = "../primefield" } diff --git a/crates/primefield/Nargo.toml b/crates/primefield/Nargo.toml index 73209a7..0f867dc 100644 --- a/crates/primefield/Nargo.toml +++ b/crates/primefield/Nargo.toml @@ -2,7 +2,7 @@ name = "primefield" authors = ["shuklaayush"] type = "lib" -compiler_version = "0.9.0" +# compiler_version = "0.9.0" [dependencies] -biguint = { path = "../biguint" } \ No newline at end of file +biguint = { path = "../biguint" } From cfd409b689c28a14baf25b2d8e3ea1c5bdbd0862 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Tue, 28 Nov 2023 13:19:23 +0100 Subject: [PATCH 2/2] style: nargo fmt --- crates/biguint/src/lib.nr | 54 ++-- crates/curves/src/ecdsa_secp256k1.nr | 244 ++++++++++--------- crates/curves/src/ecdsa_secp256k1/swcurve.nr | 1 - crates/curves/src/ed25519.nr | 114 ++++----- crates/curves/src/ed25519/tecurve.nr | 1 - crates/curves/src/lib.nr | 2 +- 6 files changed, 221 insertions(+), 195 deletions(-) diff --git a/crates/biguint/src/lib.nr b/crates/biguint/src/lib.nr index 619c6e0..9091231 100644 --- a/crates/biguint/src/lib.nr +++ b/crates/biguint/src/lib.nr @@ -4,11 +4,11 @@ mod utils; // Top-level constants related to the size of BigUint56 limbs and bytes. global BITS_PER_LIMB: Field = 56; /// Number of bits per limb. -global NUM_LIMBS: Field = 5; /// Number of limbs. +global NUM_LIMBS: Field = 5; /// Number of limbs. global BYTES_PER_LIMB: Field = 7; /// Number of bytes per limb (BITS_PER_LIMB / 8). -global MAX_BITS: Field = 280; /// Maximum number of bits (BITS_PER_LIMB * NUM_LIMBS). -global MAX_BYTES: Field = 35; /// Maximum number of bytes (NUM_LIMBS * BYTES_PER_LIMB). +global MAX_BITS: Field = 280; /// Maximum number of bits (BITS_PER_LIMB * NUM_LIMBS). +global MAX_BYTES: Field = 35; /// Maximum number of bytes (NUM_LIMBS * BYTES_PER_LIMB). // TODO/NOTES: // 1. Noir doesn't support expressions on globals so these are hardcoded @@ -383,21 +383,21 @@ impl BigUint56 { fn test_from_bytes1() { let bytes = [2 as u8]; let a = BigUint56::from_bytes(bytes); - assert(a.eq(BigUint56{ limbs: [2, 0, 0, 0, 0] })); + assert(a.eq(BigUint56 { limbs: [2, 0, 0, 0, 0] })); } #[test] fn test_from_bytes2() { let bytes = [255 as u8; 7]; let a = BigUint56::from_bytes(bytes); - assert(a.eq(BigUint56{ limbs: [0xffffffffffffff, 0, 0, 0, 0] })); + assert(a.eq(BigUint56 { limbs: [0xffffffffffffff, 0, 0, 0, 0] })); } #[test] fn test_from_bytes3() { let bytes = [255 as u8; 8]; let a = BigUint56::from_bytes(bytes); - assert(a.eq(BigUint56{ limbs: [0xffffffffffffff, 255, 0, 0, 0] })); + assert(a.eq(BigUint56 { limbs: [0xffffffffffffff, 255, 0, 0, 0] })); } #[test] @@ -429,16 +429,16 @@ fn test_add1() { #[test] fn test_add2() { - let a = BigUint56{ limbs: [0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0] }; - let b = BigUint56{ limbs: [1, 0, 0, 0, 0] }; + let a = BigUint56 { limbs: [0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0] }; + let b = BigUint56 { limbs: [1, 0, 0, 0, 0] }; let sum = a.add(b); - assert(sum.eq(BigUint56{ limbs: [0, 0, 0, 0, 1] })); + assert(sum.eq(BigUint56 { limbs: [0, 0, 0, 0, 1] })); } #[test] fn test_adc1() { - let a = BigUint56{ limbs: [0xffffffffffffff; NUM_LIMBS] }; + let a = BigUint56 { limbs: [0xffffffffffffff; NUM_LIMBS] }; let b = BigUint56::one(); let (sum, carry) = a.adc(b); @@ -457,20 +457,20 @@ fn test_sub1() { #[test] fn test_sub2() { - let a = BigUint56{ limbs: [1, 2, 0, 0, 0] }; - let b = BigUint56{ limbs: [2, 0, 0, 0, 0] }; + let a = BigUint56 { limbs: [1, 2, 0, 0, 0] }; + let b = BigUint56 { limbs: [2, 0, 0, 0, 0] }; let diff = a.sub(b); - assert(diff.eq(BigUint56{ limbs: [0xffffffffffffff, 1, 0, 0, 0] })); + assert(diff.eq(BigUint56 { limbs: [0xffffffffffffff, 1, 0, 0, 0] })); } #[test] fn test_sbb1() { - let a = BigUint56{ limbs: [1, 0, 0, 0, 0] }; - let b = BigUint56{ limbs: [2, 0, 0, 0, 0] }; + let a = BigUint56 { limbs: [1, 0, 0, 0, 0] }; + let b = BigUint56 { limbs: [2, 0, 0, 0, 0] }; let (diff, borrow) = a.sbb(b); - assert(diff.eq(BigUint56{ limbs: [0xffffffffffffff; 5] })); + assert(diff.eq(BigUint56 { limbs: [0xffffffffffffff; 5] })); assert(borrow >> (BITS_PER_LIMB as u56 - 1) == 1); } @@ -486,12 +486,16 @@ fn test_mul1() { #[test] fn test_mul2() { - let a = BigUint56{ limbs: [0xffffffffffffff; 5] }; - let b = BigUint56{ limbs: [0xffffffffffffff; 5] }; + let a = BigUint56 { limbs: [0xffffffffffffff; 5] }; + let b = BigUint56 { limbs: [0xffffffffffffff; 5] }; let (lo, hi) = a.mul(b); assert(lo.eq(BigUint56::one())); - assert(hi.eq(BigUint56{ limbs: [0xfffffffffffffe, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff] })); + assert( + hi.eq( + BigUint56 { limbs: [0xfffffffffffffe, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff] } + ) + ); } #[test] @@ -573,9 +577,7 @@ fn test_shl6() { let a = BigUint56::from_u56(0x80000000000000); let b = a.shl1(); - assert(b.eq(BigUint56 { - limbs: [0, 1, 0, 0, 0], - })); + assert(b.eq(BigUint56 { limbs: [0, 1, 0, 0, 0] })); } #[test] @@ -672,13 +674,13 @@ fn test_div2() { #[test] fn test_div3() { - let a = BigUint56{ limbs: [2, 0, 1, 0, 0] }; - let b = BigUint56{ limbs: [0, 1, 0, 0, 0] }; + let a = BigUint56 { limbs: [2, 0, 1, 0, 0] }; + let b = BigUint56 { limbs: [0, 1, 0, 0, 0] }; let (q, r) = a.div(b); - assert(q.eq(BigUint56{ limbs: [0, 1, 0, 0, 0] })); - assert(r.eq(BigUint56{ limbs: [2, 0, 0, 0, 0] })); + assert(q.eq(BigUint56 { limbs: [0, 1, 0, 0, 0] })); + assert(r.eq(BigUint56 { limbs: [2, 0, 0, 0, 0] })); } #[test] diff --git a/crates/curves/src/ecdsa_secp256k1.nr b/crates/curves/src/ecdsa_secp256k1.nr index d050fc6..3abc56a 100644 --- a/crates/curves/src/ecdsa_secp256k1.nr +++ b/crates/curves/src/ecdsa_secp256k1.nr @@ -18,44 +18,44 @@ fn secp256k1() -> Secp256k1 { curve: Curve::new( Fp::zero(), Fp::from_u56(7), - Point::from_affine( + Point::from_affine( Fp::from_bytes( [ - 0x98, 0x17, 0xf8, 0x16, 0x5b, 0x81, 0xf2, 0x59, - 0xd9, 0x28, 0xce, 0x2d, 0xdb, 0xfc, 0x9b, 0x02, - 0x07, 0x0b, 0x87, 0xce, 0x95, 0x62, 0xa0, 0x55, - 0xac, 0xbb, 0xdc, 0xf9, 0x7e, 0x66, 0xbe, 0x79 - ] + 0x98, 0x17, 0xf8, 0x16, 0x5b, 0x81, 0xf2, 0x59, + 0xd9, 0x28, 0xce, 0x2d, 0xdb, 0xfc, 0x9b, 0x02, + 0x07, 0x0b, 0x87, 0xce, 0x95, 0x62, 0xa0, 0x55, + 0xac, 0xbb, 0xdc, 0xf9, 0x7e, 0x66, 0xbe, 0x79 + ] ), Fp::from_bytes( [ - 0xb8, 0xd4, 0x10, 0xfb, 0x8f, 0xd0, 0x47, 0x9c, - 0x19, 0x54, 0x85, 0xa6, 0x48, 0xb4, 0x17, 0xfd, - 0xa8, 0x08, 0x11, 0x0e, 0xfc, 0xfb, 0xa4, 0x5d, - 0x65, 0xc4, 0xa3, 0x26, 0x77, 0xda, 0x3a, 0x48 - ] - ), - ), - ), + 0xb8, 0xd4, 0x10, 0xfb, 0x8f, 0xd0, 0x47, 0x9c, + 0x19, 0x54, 0x85, 0xa6, 0x48, 0xb4, 0x17, 0xfd, + 0xa8, 0x08, 0x11, 0x0e, 0xfc, 0xfb, 0xa4, 0x5d, + 0x65, 0xc4, 0xa3, 0x26, 0x77, 0xda, 0x3a, 0x48 + ] + ) + ) + ) } } fn verify_signature(pubkey: Point, sig_r: Fq, sig_s: Fq, msghash: Fq) -> bool { let Secp256k1 { curve } = secp256k1(); - + assert(!pubkey.is_zero()); assert(curve.contains(pubkey)); assert(!sig_r.is_zero()); assert(!sig_s.is_zero()); - + let s_inv = sig_s.invert(); let you1 = msghash.mul(s_inv); let you2 = sig_r.mul(s_inv); - + let u1G = curve.mul(you1, curve.gen); let u2A = curve.mul(you2, pubkey); - + let sum = curve.add(u1G, u2A); let x = sum.to_affine().0; @@ -75,11 +75,7 @@ fn test_secp256k1_point_eq_affine_jacob() { let two = Fp::one().add(Fp::one()); let four = two.mul(two); - let g_jacobian_z_doubled = Point{ - x: curve.gen.x.mul(four), - y: curve.gen.y.mul(four).mul(two), - z: two, - }; + let g_jacobian_z_doubled = Point { x: curve.gen.x.mul(four), y: curve.gen.y.mul(four).mul(two), z: two }; assert(curve.gen.eq(g_jacobian_z_doubled)); } @@ -104,19 +100,23 @@ fn test_secp256k1_add3() { let Secp256k1 { curve } = secp256k1(); let p1 = curve.add(curve.gen, curve.gen); - let p2 = Point::from_affine( - Fp::from_bytes([ - 0xe5, 0x9e, 0x70, 0x5c, 0xb9, 0x09, 0xac, 0xab, - 0xa7, 0x3c, 0xef, 0x8c, 0x4b, 0x8e, 0x77, 0x5c, - 0xd8, 0x7c, 0xc0, 0x95, 0x6e, 0x40, 0x45, 0x30, - 0x6d, 0x7d, 0xed, 0x41, 0x94, 0x7f, 0x04, 0xc6 - ]), - Fp::from_bytes([ - 0x2a, 0xe5, 0xcf, 0x50, 0xa9, 0x31, 0x64, 0x23, - 0xe1, 0xd0, 0x66, 0x32, 0x65, 0x32, 0xf6, 0xf7, - 0xee, 0xea, 0x6c, 0x46, 0x19, 0x84, 0xc5, 0xa3, - 0x39, 0xc3, 0x3d, 0xa6, 0xfe, 0x68, 0xe1, 0x1a - ]), + let p2 = Point::from_affine( + Fp::from_bytes( + [ + 0xe5, 0x9e, 0x70, 0x5c, 0xb9, 0x09, 0xac, 0xab, + 0xa7, 0x3c, 0xef, 0x8c, 0x4b, 0x8e, 0x77, 0x5c, + 0xd8, 0x7c, 0xc0, 0x95, 0x6e, 0x40, 0x45, 0x30, + 0x6d, 0x7d, 0xed, 0x41, 0x94, 0x7f, 0x04, 0xc6 + ] + ), + Fp::from_bytes( + [ + 0x2a, 0xe5, 0xcf, 0x50, 0xa9, 0x31, 0x64, 0x23, + 0xe1, 0xd0, 0x66, 0x32, 0x65, 0x32, 0xf6, 0xf7, + 0xee, 0xea, 0x6c, 0x46, 0x19, 0x84, 0xc5, 0xa3, + 0x39, 0xc3, 0x3d, 0xa6, 0xfe, 0x68, 0xe1, 0x1a + ] + ) ); assert(p1.eq(p2)); @@ -127,19 +127,23 @@ fn test_secp256k1_add4() { let Secp256k1 { curve } = secp256k1(); let p1 = curve.add(curve.double(curve.gen), curve.gen); - let p2 = Point::from_affine( - Fp::from_bytes([ - 0xf9, 0x36, 0xe0, 0xbc, 0x13, 0xf1, 0x01, 0x86, - 0xb0, 0x99, 0x6f, 0x83, 0x45, 0xc8, 0x31, 0xb5, - 0x29, 0x52, 0x9d, 0xf8, 0x85, 0x4f, 0x34, 0x49, - 0x10, 0xc3, 0x58, 0x92, 0x01, 0x8a, 0x30, 0xf9 - ]), - Fp::from_bytes([ - 0x72, 0xe6, 0xb8, 0x84, 0x75, 0xfd, 0xb9, 0x6c, - 0x1b, 0x23, 0xc2, 0x34, 0x99, 0xa9, 0x00, 0x65, - 0x56, 0xf3, 0x37, 0x2a, 0xe6, 0x37, 0xe3, 0x0f, - 0x14, 0xe8, 0x2d, 0x63, 0x0f, 0x7b, 0x8f, 0x38 - ]), + let p2 = Point::from_affine( + Fp::from_bytes( + [ + 0xf9, 0x36, 0xe0, 0xbc, 0x13, 0xf1, 0x01, 0x86, + 0xb0, 0x99, 0x6f, 0x83, 0x45, 0xc8, 0x31, 0xb5, + 0x29, 0x52, 0x9d, 0xf8, 0x85, 0x4f, 0x34, 0x49, + 0x10, 0xc3, 0x58, 0x92, 0x01, 0x8a, 0x30, 0xf9 + ] + ), + Fp::from_bytes( + [ + 0x72, 0xe6, 0xb8, 0x84, 0x75, 0xfd, 0xb9, 0x6c, + 0x1b, 0x23, 0xc2, 0x34, 0x99, 0xa9, 0x00, 0x65, + 0x56, 0xf3, 0x37, 0x2a, 0xe6, 0x37, 0xe3, 0x0f, + 0x14, 0xe8, 0x2d, 0x63, 0x0f, 0x7b, 0x8f, 0x38 + ] + ) ); assert(p1.eq(p2)); } @@ -157,19 +161,23 @@ fn test_secp256k1_double2() { let Secp256k1 { curve } = secp256k1(); let p1 = curve.double(curve.gen); - let p2 = Point::from_affine( - Fp::from_bytes([ - 0xe5, 0x9e, 0x70, 0x5c, 0xb9, 0x09, 0xac, 0xab, - 0xa7, 0x3c, 0xef, 0x8c, 0x4b, 0x8e, 0x77, 0x5c, - 0xd8, 0x7c, 0xc0, 0x95, 0x6e, 0x40, 0x45, 0x30, - 0x6d, 0x7d, 0xed, 0x41, 0x94, 0x7f, 0x04, 0xc6 - ]), - Fp::from_bytes([ - 0x2a, 0xe5, 0xcf, 0x50, 0xa9, 0x31, 0x64, 0x23, - 0xe1, 0xd0, 0x66, 0x32, 0x65, 0x32, 0xf6, 0xf7, - 0xee, 0xea, 0x6c, 0x46, 0x19, 0x84, 0xc5, 0xa3, - 0x39, 0xc3, 0x3d, 0xa6, 0xfe, 0x68, 0xe1, 0x1a - ]), + let p2 = Point::from_affine( + Fp::from_bytes( + [ + 0xe5, 0x9e, 0x70, 0x5c, 0xb9, 0x09, 0xac, 0xab, + 0xa7, 0x3c, 0xef, 0x8c, 0x4b, 0x8e, 0x77, 0x5c, + 0xd8, 0x7c, 0xc0, 0x95, 0x6e, 0x40, 0x45, 0x30, + 0x6d, 0x7d, 0xed, 0x41, 0x94, 0x7f, 0x04, 0xc6 + ] + ), + Fp::from_bytes( + [ + 0x2a, 0xe5, 0xcf, 0x50, 0xa9, 0x31, 0x64, 0x23, + 0xe1, 0xd0, 0x66, 0x32, 0x65, 0x32, 0xf6, 0xf7, + 0xee, 0xea, 0x6c, 0x46, 0x19, 0x84, 0xc5, 0xa3, + 0x39, 0xc3, 0x3d, 0xa6, 0xfe, 0x68, 0xe1, 0x1a + ] + ) ); assert(p1.eq(p2)); @@ -204,19 +212,23 @@ fn test_secp256k1_mul4() { let Secp256k1 { curve } = secp256k1(); let p1 = curve.mul(Fq::from_u56(2), curve.gen); - let p2 = Point::from_affine( - Fp::from_bytes([ - 0xe5, 0x9e, 0x70, 0x5c, 0xb9, 0x09, 0xac, 0xab, - 0xa7, 0x3c, 0xef, 0x8c, 0x4b, 0x8e, 0x77, 0x5c, - 0xd8, 0x7c, 0xc0, 0x95, 0x6e, 0x40, 0x45, 0x30, - 0x6d, 0x7d, 0xed, 0x41, 0x94, 0x7f, 0x04, 0xc6 - ]), - Fp::from_bytes([ - 0x2a, 0xe5, 0xcf, 0x50, 0xa9, 0x31, 0x64, 0x23, - 0xe1, 0xd0, 0x66, 0x32, 0x65, 0x32, 0xf6, 0xf7, - 0xee, 0xea, 0x6c, 0x46, 0x19, 0x84, 0xc5, 0xa3, - 0x39, 0xc3, 0x3d, 0xa6, 0xfe, 0x68, 0xe1, 0x1a - ]), + let p2 = Point::from_affine( + Fp::from_bytes( + [ + 0xe5, 0x9e, 0x70, 0x5c, 0xb9, 0x09, 0xac, 0xab, + 0xa7, 0x3c, 0xef, 0x8c, 0x4b, 0x8e, 0x77, 0x5c, + 0xd8, 0x7c, 0xc0, 0x95, 0x6e, 0x40, 0x45, 0x30, + 0x6d, 0x7d, 0xed, 0x41, 0x94, 0x7f, 0x04, 0xc6 + ] + ), + Fp::from_bytes( + [ + 0x2a, 0xe5, 0xcf, 0x50, 0xa9, 0x31, 0x64, 0x23, + 0xe1, 0xd0, 0x66, 0x32, 0x65, 0x32, 0xf6, 0xf7, + 0xee, 0xea, 0x6c, 0x46, 0x19, 0x84, 0xc5, 0xa3, + 0x39, 0xc3, 0x3d, 0xa6, 0xfe, 0x68, 0xe1, 0x1a + ] + ) ); assert(p1.eq(p2)); @@ -227,19 +239,23 @@ fn test_secp256k1_mul5() { let Secp256k1 { curve } = secp256k1(); let p1 = curve.mul(Fq::from_u56(3), curve.gen); - let p2 = Point::from_affine( - Fp::from_bytes([ - 0xf9, 0x36, 0xe0, 0xbc, 0x13, 0xf1, 0x01, 0x86, - 0xb0, 0x99, 0x6f, 0x83, 0x45, 0xc8, 0x31, 0xb5, - 0x29, 0x52, 0x9d, 0xf8, 0x85, 0x4f, 0x34, 0x49, - 0x10, 0xc3, 0x58, 0x92, 0x01, 0x8a, 0x30, 0xf9 - ]), - Fp::from_bytes([ - 0x72, 0xe6, 0xb8, 0x84, 0x75, 0xfd, 0xb9, 0x6c, - 0x1b, 0x23, 0xc2, 0x34, 0x99, 0xa9, 0x00, 0x65, - 0x56, 0xf3, 0x37, 0x2a, 0xe6, 0x37, 0xe3, 0x0f, - 0x14, 0xe8, 0x2d, 0x63, 0x0f, 0x7b, 0x8f, 0x38 - ]), + let p2 = Point::from_affine( + Fp::from_bytes( + [ + 0xf9, 0x36, 0xe0, 0xbc, 0x13, 0xf1, 0x01, 0x86, + 0xb0, 0x99, 0x6f, 0x83, 0x45, 0xc8, 0x31, 0xb5, + 0x29, 0x52, 0x9d, 0xf8, 0x85, 0x4f, 0x34, 0x49, + 0x10, 0xc3, 0x58, 0x92, 0x01, 0x8a, 0x30, 0xf9 + ] + ), + Fp::from_bytes( + [ + 0x72, 0xe6, 0xb8, 0x84, 0x75, 0xfd, 0xb9, 0x6c, + 0x1b, 0x23, 0xc2, 0x34, 0x99, 0xa9, 0x00, 0x65, + 0x56, 0xf3, 0x37, 0x2a, 0xe6, 0x37, 0xe3, 0x0f, + 0x14, 0xe8, 0x2d, 0x63, 0x0f, 0x7b, 0x8f, 0x38 + ] + ) ); assert(p1.eq(p2)); @@ -248,37 +264,47 @@ fn test_secp256k1_mul5() { #[test] fn test_secp256k1_verification_preshashed() { let pubkey = Point::from_affine( - Fp::from_bytes([ - 0xc7, 0x47, 0xe2, 0x47, 0x2a, 0x8e, 0xa6, 0x52, - 0xb7, 0xc2, 0x43, 0x19, 0x9b, 0xd4, 0x42, 0x34, - 0x5d, 0xae, 0xe6, 0x1a, 0x7b, 0x7c, 0x47, 0x35, - 0x62, 0xc8, 0xf3, 0x47, 0x9e, 0x4d, 0x43, 0xa0, - ]), - Fp::from_bytes([ - 0xd7, 0x68, 0x73, 0x03, 0x3b, 0xe5, 0xbe, 0x3c, - 0x59, 0xa1, 0x77, 0xd8, 0x2e, 0x4c, 0x79, 0x6f, - 0x69, 0x4c, 0xa2, 0x93, 0xe6, 0xc7, 0xb6, 0xa3, - 0x27, 0xbc, 0x19, 0x54, 0x42, 0xba, 0x3a, 0x89, - ]) + Fp::from_bytes( + [ + 0xc7, 0x47, 0xe2, 0x47, 0x2a, 0x8e, 0xa6, 0x52, + 0xb7, 0xc2, 0x43, 0x19, 0x9b, 0xd4, 0x42, 0x34, + 0x5d, 0xae, 0xe6, 0x1a, 0x7b, 0x7c, 0x47, 0x35, + 0x62, 0xc8, 0xf3, 0x47, 0x9e, 0x4d, 0x43, 0xa0 + ] + ), + Fp::from_bytes( + [ + 0xd7, 0x68, 0x73, 0x03, 0x3b, 0xe5, 0xbe, 0x3c, + 0x59, 0xa1, 0x77, 0xd8, 0x2e, 0x4c, 0x79, 0x6f, + 0x69, 0x4c, 0xa2, 0x93, 0xe6, 0xc7, 0xb6, 0xa3, + 0x27, 0xbc, 0x19, 0x54, 0x42, 0xba, 0x3a, 0x89 + ] + ) ); - let r = Fq::from_bytes([ + let r = Fq::from_bytes( + [ 0xfd, 0x54, 0xf4, 0x8d, 0x4e, 0x5a, 0xe5, 0x9a, 0xdb, 0x61, 0x80, 0xc3, 0x98, 0x97, 0x8d, 0xad, 0x2b, 0xaa, 0x31, 0x0e, 0x4a, 0x6f, 0x34, 0x70, - 0xc3, 0x7d, 0x42, 0xab, 0x80, 0x1c, 0x08, 0xe5, - ]); - let s = Fq::from_bytes([ + 0xc3, 0x7d, 0x42, 0xab, 0x80, 0x1c, 0x08, 0xe5 + ] + ); + let s = Fq::from_bytes( + [ 0x55, 0xcd, 0x5f, 0x71, 0x9a, 0xe4, 0x61, 0x01, 0x69, 0x69, 0xeb, 0xd6, 0x89, 0x0b, 0xbb, 0xec, 0x80, 0xf4, 0x61, 0x1d, 0x93, 0xcc, 0x70, 0x87, - 0xb7, 0x71, 0x4e, 0x34, 0x94, 0x98, 0x11, 0x28, - ]); - let msghash = Fq::from_bytes([ + 0xb7, 0x71, 0x4e, 0x34, 0x94, 0x98, 0x11, 0x28 + ] + ); + let msghash = Fq::from_bytes( + [ 0xe2, 0xc1, 0xc8, 0x3a, 0x63, 0xb4, 0x06, 0x68, 0xda, 0xc2, 0xd9, 0x35, 0xd0, 0x49, 0x69, 0x47, 0x35, 0x88, 0x35, 0x8d, 0x7e, 0xcd, 0x21, 0x1f, - 0x12, 0xd2, 0x5c, 0x3a, 0x12, 0xf4, 0x73, 0x3a, - ]); + 0x12, 0xd2, 0x5c, 0x3a, 0x12, 0xf4, 0x73, 0x3a + ] + ); assert(verify_signature(pubkey, r, s, msghash)); } diff --git a/crates/curves/src/ecdsa_secp256k1/swcurve.nr b/crates/curves/src/ecdsa_secp256k1/swcurve.nr index 7fb777a..cbaace0 100644 --- a/crates/curves/src/ecdsa_secp256k1/swcurve.nr +++ b/crates/curves/src/ecdsa_secp256k1/swcurve.nr @@ -100,7 +100,6 @@ impl Point { } } - impl Curve { // Curve constructor pub fn new(a: Fp, b: Fp, gen: Point) -> Curve { diff --git a/crates/curves/src/ed25519.nr b/crates/curves/src/ed25519.nr index e2628e6..e95d01f 100644 --- a/crates/curves/src/ed25519.nr +++ b/crates/curves/src/ed25519.nr @@ -19,38 +19,38 @@ fn ed25519() -> Ed25519 { curve: Curve::new( Fp::from_bytes( [ - 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f - ] + 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f + ] ), Fp::from_bytes( [ - 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75, - 0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00, - 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c, - 0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52 - ] + 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75, + 0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00, + 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c, + 0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52 + ] ), - Point::from_affine( + Point::from_affine( Fp::from_bytes( [ - 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, - 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, - 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, - 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21 - ] + 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, + 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, + 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, + 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21 + ] ), Fp::from_bytes( [ - 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66 - ] - ), - ), + 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66 + ] + ) + ) ), cofactor: Fq::from_u56(8) } @@ -137,57 +137,57 @@ fn test_ed25519_mul3() { #[test] fn test_ed25519_verification_preshashed() { - let A = Point::from_affine( + let A = Point::from_affine( Fp::from_bytes( [ - 0xce, 0x45, 0x76, 0x77, 0xbd, 0x86, 0x27, 0xb1, - 0x24, 0x7c, 0x18, 0x53, 0x72, 0xd4, 0x13, 0xc5, - 0x20, 0xf6, 0xd0, 0x60, 0x8d, 0xe0, 0x97, 0x22, - 0x29, 0x34, 0x9d, 0x2b, 0x9a, 0xe0, 0xd0, 0x55 - ] + 0xce, 0x45, 0x76, 0x77, 0xbd, 0x86, 0x27, 0xb1, + 0x24, 0x7c, 0x18, 0x53, 0x72, 0xd4, 0x13, 0xc5, + 0x20, 0xf6, 0xd0, 0x60, 0x8d, 0xe0, 0x97, 0x22, + 0x29, 0x34, 0x9d, 0x2b, 0x9a, 0xe0, 0xd0, 0x55 + ] ), Fp::from_bytes( [ - 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, - 0xd5, 0x4b, 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, - 0x0e, 0xe1, 0x72, 0xf3, 0xda, 0xa6, 0x23, 0x25, - 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07, 0x51, 0x1a - ] - ), + 0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, + 0xd5, 0x4b, 0xfe, 0xd3, 0xc9, 0x64, 0x07, 0x3a, + 0x0e, 0xe1, 0x72, 0xf3, 0xda, 0xa6, 0x23, 0x25, + 0xaf, 0x02, 0x1a, 0x68, 0xf7, 0x07, 0x51, 0x1a + ] + ) ); - let R = Point::from_affine( + let R = Point::from_affine( Fp::from_bytes( [ - 0x2a, 0xc8, 0x59, 0x29, 0xe6, 0x44, 0xab, 0x81, - 0xcf, 0xf3, 0xe6, 0x1c, 0xd0, 0x4b, 0x32, 0x82, - 0x71, 0x83, 0x46, 0x7f, 0x12, 0xb3, 0x38, 0xc3, - 0xfc, 0x65, 0x00, 0xd4, 0x09, 0xe3, 0x18, 0x62 - ] + 0x2a, 0xc8, 0x59, 0x29, 0xe6, 0x44, 0xab, 0x81, + 0xcf, 0xf3, 0xe6, 0x1c, 0xd0, 0x4b, 0x32, 0x82, + 0x71, 0x83, 0x46, 0x7f, 0x12, 0xb3, 0x38, 0xc3, + 0xfc, 0x65, 0x00, 0xd4, 0x09, 0xe3, 0x18, 0x62 + ] ), Fp::from_bytes( [ - 0xe5, 0x56, 0x43, 0x00, 0xc3, 0x60, 0xac, 0x72, - 0x90, 0x86, 0xe2, 0xcc, 0x80, 0x6e, 0x82, 0x8a, - 0x84, 0x87, 0x7f, 0x1e, 0xb8, 0xe5, 0xd9, 0x74, - 0xd8, 0x73, 0xe0, 0x65, 0x22, 0x49, 0x01, 0x55 - ] - ), + 0xe5, 0x56, 0x43, 0x00, 0xc3, 0x60, 0xac, 0x72, + 0x90, 0x86, 0xe2, 0xcc, 0x80, 0x6e, 0x82, 0x8a, + 0x84, 0x87, 0x7f, 0x1e, 0xb8, 0xe5, 0xd9, 0x74, + 0xd8, 0x73, 0xe0, 0x65, 0x22, 0x49, 0x01, 0x55 + ] + ) ); let s = Fq::from_bytes( [ - 0x5f, 0xb8, 0x82, 0x15, 0x90, 0xa3, 0x3b, 0xac, - 0xc6, 0x1e, 0x39, 0x70, 0x1c, 0xf9, 0xb4, 0x6b, - 0xd2, 0x5b, 0xf5, 0xf0, 0x59, 0x5b, 0xbe, 0x24, - 0x65, 0x51, 0x41, 0x43, 0x8e, 0x7a, 0x10, 0x0b - ] + 0x5f, 0xb8, 0x82, 0x15, 0x90, 0xa3, 0x3b, 0xac, + 0xc6, 0x1e, 0x39, 0x70, 0x1c, 0xf9, 0xb4, 0x6b, + 0xd2, 0x5b, 0xf5, 0xf0, 0x59, 0x5b, 0xbe, 0x24, + 0x65, 0x51, 0x41, 0x43, 0x8e, 0x7a, 0x10, 0x0b + ] ); let k = Fq::from_bytes( [ - 0x86, 0xea, 0xbc, 0x8e, 0x4c, 0x96, 0x19, 0x3d, - 0x29, 0x05, 0x04, 0xe7, 0xc6, 0x00, 0xdf, 0x6c, - 0xf8, 0xd8, 0x25, 0x61, 0x31, 0xec, 0x2c, 0x13, - 0x8a, 0x3e, 0x7e, 0x16, 0x2e, 0x52, 0x54, 0x04 - ] + 0x86, 0xea, 0xbc, 0x8e, 0x4c, 0x96, 0x19, 0x3d, + 0x29, 0x05, 0x04, 0xe7, 0xc6, 0x00, 0xdf, 0x6c, + 0xf8, 0xd8, 0x25, 0x61, 0x31, 0xec, 0x2c, 0x13, + 0x8a, 0x3e, 0x7e, 0x16, 0x2e, 0x52, 0x54, 0x04 + ] ); assert(verify_signature(A, R, s, k)); diff --git a/crates/curves/src/ed25519/tecurve.nr b/crates/curves/src/ed25519/tecurve.nr index 9016c80..c12d78e 100644 --- a/crates/curves/src/ed25519/tecurve.nr +++ b/crates/curves/src/ed25519/tecurve.nr @@ -80,7 +80,6 @@ impl Point { } } - impl Curve { // Curve constructor pub fn new(a: Fp, d: Fp, gen: Point) -> Curve { diff --git a/crates/curves/src/lib.nr b/crates/curves/src/lib.nr index 119324a..b842b53 100644 --- a/crates/curves/src/lib.nr +++ b/crates/curves/src/lib.nr @@ -1,2 +1,2 @@ mod ecdsa_secp256k1; -mod ed25519; \ No newline at end of file +mod ed25519;