Qortal/pirate-librustzcash
3
0
Fork 0
mirror of https://github.com/Qortal/pirate-librustzcash.git synced 2025-02-01 08:12:14 +00:00
Code Issues Projects Releases Wiki Activity

ecc: makes assert_not_small_order tests deeper

Browse Source
This commit is contained in:
Kobi Gurkan 2018-08-11 13:06:20 +03:00 committed by Jack Grigg
parent ace929c5ba
commit e0c5ef22bc
No known key found for this signature in database
GPG Key ID: 9E8255172BBF9898
1 changed files with 43 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
zcash_proofs/src/circuit/ecc.rs
View File

@ -1120,6 +1120,16 @@ mod test {
// zero has low order // zero has low order
check_small_order_from_strs("0", "1"); check_small_order_from_strs("0", "1");
// prime subgroup order
let prime_subgroup_order = Fs::from_str(
"6554484396890773809930967563523245729705921265872317281365359162392183254199",
)
.unwrap();
let largest_small_subgroup_order = Fs::from_str("8").unwrap();
let (zero_x, zero_y) = (Fr::from_str("0").unwrap(), Fr::from_str("1").unwrap());
// generator for jubjub // generator for jubjub
let (x, y) = ( let (x, y) = (
Fr::from_str( Fr::from_str(
@ -1133,17 +1143,40 @@ mod test {
); );
let g = edwards::Point::<Bls12, _>::get_for_y(y, false, params).unwrap(); let g = edwards::Point::<Bls12, _>::get_for_y(y, false, params).unwrap();
assert_eq!(x, g.to_xy().0); assert_eq!(x, g.to_xy().0);
// generator for the jubjub group
check_small_order_from_p(g.clone(), false); check_small_order_from_p(g.clone(), false);
// generator for the prime subgroup
let g_prime = g.mul(largest_small_subgroup_order, params);
check_small_order_from_p(g_prime.clone(), false);
let mut prime_subgroup_order_minus_1 = prime_subgroup_order.clone();
prime_subgroup_order_minus_1.sub_assign(&Fs::from_str("1").unwrap());
let should_not_be_zero = g_prime.mul(prime_subgroup_order_minus_1, params);
assert_ne!(zero_x, should_not_be_zero.to_xy().0);
assert_ne!(zero_y, should_not_be_zero.to_xy().1);
let should_be_zero = should_not_be_zero.add(&g_prime, params);
assert_eq!(zero_x, should_be_zero.to_xy().0);
assert_eq!(zero_y, should_be_zero.to_xy().1);
// generator for the small order subgroup // generator for the small order subgroup
let g2 = g.mul( let g_small = g.mul(prime_subgroup_order_minus_1, params);
Fs::from_str( let g_small = g_small.add(&g, params);
"6554484396890773809930967563523245729705921265872317281365359162392183254199", check_small_order_from_p(g_small.clone(), true);
)
.unwrap() // g_small does have order 8
.into_repr(), let mut largest_small_subgroup_order_minus_1 = largest_small_subgroup_order.clone();
params, largest_small_subgroup_order_minus_1.sub_assign(&Fs::from_str("1").unwrap());
);
check_small_order_from_p(g2, true); let should_not_be_zero = g_small.mul(largest_small_subgroup_order_minus_1, params);
assert_ne!(zero_x, should_not_be_zero.to_xy().0);
assert_ne!(zero_y, should_not_be_zero.to_xy().1);
let should_be_zero = should_not_be_zero.add(&g_small, params);
assert_eq!(zero_x, should_be_zero.to_xy().0);
assert_eq!(zero_y, should_be_zero.to_xy().1);
// take all the points from the script
// assert should be different than multiplying by cofactor, which is the solution
// is user input verified? https://github.com/zcash/librustzcash/blob/f5d2afb4eabac29b1b1cc860d66e45a5b48b4f88/src/rustzcash.rs#L299
} }
} }