Skip to content

Commit

Permalink
chore: Add test for eddsa (#2237)
Browse files Browse the repository at this point in the history 
* eddsa_test

* .
  • Loading branch information
@Ethan-000
Ethan-000 authored Aug 9, 2023
1 parent d657a5e commit de88b7b
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 0 deletions.
8 changes: 8 additions & 0 deletions crates/nargo_cli/tests/execution_success/eddsa/Nargo.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
[package]
name = "eddsa"
description = "Eddsa verification"
type = "bin"
authors = [""]
compiler_version = "0.3.2"

[dependencies]
3 changes: 3 additions & 0 deletions crates/nargo_cli/tests/execution_success/eddsa/Prover.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
_priv_key_a = 123
_priv_key_b = 456
msg = 789
55 changes: 55 additions & 0 deletions crates/nargo_cli/tests/execution_success/eddsa/src/main.nr
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
use dep::std::compat;
use dep::std::ec::consts::te::baby_jubjub;
use dep::std::hash;
use dep::std::eddsa::eddsa_poseidon_verify;
use dep::std;

fn main(msg: pub Field, _priv_key_a: Field, _priv_key_b: Field) {
// Skip this test for non-bn254 backends
if compat::is_bn254() {
let bjj = baby_jubjub();

let pub_key_a = bjj.curve.mul(_priv_key_a, bjj.curve.gen);
// let pub_key_b = bjj.curve.mul(_priv_key_b, bjj.curve.gen);

// Manually computed as fields can't use modulo. Importantantly the commitment is within
// the subgroup order. Note that choice of hash is flexible for this step.
// let r_a = hash::pedersen([_priv_key_a, msg])[0] % bjj.suborder; // modulus computed manually
let r_a = 1414770703199880747815475415092878800081323795074043628810774576767372531818;
// let r_b = hash::pedersen([_priv_key_b, msg])[0] % bjj.suborder; // modulus computed manually
let r_b = 571799555715456644614141527517766533395606396271089506978608487688924659618;

let r8_a = bjj.curve.mul(r_a, bjj.base8);
let r8_b = bjj.curve.mul(r_b, bjj.base8);

// let h_a: [Field; 6] = hash::poseidon::bn254::hash_5([
// r8_a.x,
// r8_a.y,
// pub_key_a.x,
// pub_key_a.y,
// msg,
// ]);

// let h_b: [Field; 6] = hash::poseidon::bn254::hash_5([
// r8_b.x,
// r8_b.y,
// pub_key_b.x,
// pub_key_b.y,
// msg,
// ]);

// let s_a = (r_a + _priv_key_a * h_a) % bjj.suborder; // modulus computed manually
let s_a = 30333430637424319196043722294837632681219980330991241982145549329256671548;
// let s_b = (r_b + _priv_key_b * h_b) % bjj.suborder; // modulus computed manually
let s_b = 1646085314320208098241070054368798527940102577261034947654839408482102287019;

// User A verifies their signature over the message
assert(eddsa_poseidon_verify(pub_key_a.x, pub_key_a.y, s_a, r8_a.x, r8_a.y, msg));

// User B's signature over the message can't be used with user A's pub key
assert(!eddsa_poseidon_verify(pub_key_a.x, pub_key_a.y, s_b, r8_b.x, r8_b.y, msg));

// User A's signature over the message can't be used with another message
assert(!eddsa_poseidon_verify(pub_key_a.x, pub_key_a.y, s_a, r8_a.x, r8_a.y, msg + 1));
}
}
1 change: 1 addition & 0 deletions crates/nargo_cli/tests/execution_success/eddsa/target/eddsa.json
View file

Large diffs are not rendered by default.

Binary file added crates/nargo_cli/tests/execution_success/eddsa/target/witness.tr
View file
Binary file not shown.

0 comments on commit de88b7b

Please sign in to comment.