├── VERSION ├── RETIRED.txt ├── .dockerignore ├── .gitignore ├── scripts ├── delete.sh ├── format.sh ├── kill.sh ├── test.sh ├── build.sh ├── coverage.sh └── build_amcl.sh ├── .gitlab-ci.yml ├── include ├── CMakeLists.txt └── amcl │ ├── modulus.h │ ├── cg21 │ ├── cg21_pi_prm.h │ ├── cg21_pi_mod.h │ └── cg21_pi_factor.h │ ├── hash_utils.h │ └── shamir.h ├── test ├── CMakeLists.txt ├── smoke │ ├── CMakeLists.txt │ ├── test_schnorr_interactive_smoke.c │ ├── test_schnorr_smoke.c │ ├── test_d_schnorr_smoke.c │ ├── test_shamir_smoke.c │ └── test_hidden_dlog_smoke.c └── unit │ ├── test_schnorr_commit.c │ ├── test_hidden_dlog_prove.c │ ├── test_schnorr_prove.c │ ├── CMakeLists.txt │ ├── test_hidden_dlog_commit.c │ ├── test_hidden_dlog_verify.c │ ├── test_d_schnorr_commit.c │ ├── test_schnorr_challenge.c │ ├── test_hidden_dlog_challenge.c │ ├── test_d_schnorr_prove.c │ ├── test_shamir.c │ ├── test_schnorr_verify.c │ ├── test_d_schnorr_challenge.c │ ├── test_shamir_to_additive.c │ ├── test_d_schnorr_verify.c │ └── test_vss.c ├── examples ├── CMakeLists.txt ├── example_schnorr_interactive.c ├── example_schnorr.c ├── example_d_schnorr.c └── cg21 │ ├── example_cg21_pi_mod.c │ └── example_cg21_pi_prm.c ├── src ├── CMakeLists.txt ├── modulus.c ├── hash_utils.c └── cg21 │ └── cg21_pi_prm.c ├── testVectors └── schnorr │ ├── commit.txt │ ├── commit.json │ ├── prove.txt │ ├── challenge.txt │ ├── dcommit.txt │ ├── verify.txt │ ├── prove.json │ ├── dcommit.json │ ├── verify.json │ ├── challenge.json │ ├── dchallenge.txt │ ├── dchallenge.json │ ├── dverify.txt │ ├── dverify.json │ ├── dprove.txt │ └── dprove.json ├── cmake_uninstall.cmake.in ├── sonar-project.properties ├── Dockerfile ├── README.md ├── CPackConfig.cmake └── CMakeLists.txt /VERSION: -------------------------------------------------------------------------------- 1 | 1.0.0 2 | -------------------------------------------------------------------------------- /RETIRED.txt: -------------------------------------------------------------------------------- 1 | http://incubator.apache.org/projects/index.html#milagro 2 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | .cache 3 | 4 | **/*~ 5 | **/*bak 6 | log.txt 7 | 8 | build 9 | target 10 | incubator-milagro-crypto-c 11 | coverage 12 | examples/scratch.c 13 | 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/*~ 2 | **/*bak 3 | log.txt 4 | **/.DS_Store 5 | 6 | build 7 | target 8 | incubator-milagro-crypto-c 9 | coverage 10 | examples/scratch.c 11 | cmake-build-debug 12 | 13 | .idea -------------------------------------------------------------------------------- /scripts/delete.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # delete.sh 4 | # 5 | # Delete build files 6 | # 7 | # @author Kealan McCusker 8 | # ------------------------------------------------------------------------------ 9 | 10 | # NOTES: 11 | 12 | function delete() 13 | { 14 | echo "remove build files" 15 | rm -rf target 16 | rm -rf build 17 | rm -rf coverage 18 | } 19 | 20 | delete 21 | -------------------------------------------------------------------------------- /scripts/format.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # format.sh 4 | # 5 | # Format the source code 6 | # 7 | # @author Kealan McCusker 8 | # ------------------------------------------------------------------------------ 9 | 10 | # NOTES: 11 | 12 | astyle --style=allman --recursive --suffix=none '*.c' 13 | astyle --style=allman --recursive --suffix=none '*.c.in' 14 | astyle --style=allman --recursive --suffix=none '*.h' 15 | -------------------------------------------------------------------------------- /scripts/kill.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # kill.sh 4 | # 5 | # Stop service 6 | # 7 | # @author Kealan McCusker 8 | # ------------------------------------------------------------------------------ 9 | 10 | # NOTES: 11 | 12 | CONTAINER_ID=`docker ps -a | grep libmpc | cut -c1-12` 13 | if [ "${CONTAINER_ID}" ]; 14 | then 15 | echo "docker stop $CONTAINER_ID" 16 | docker stop $CONTAINER_ID 17 | docker rm $CONTAINER_ID 18 | fi 19 | 20 | 21 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | stages: 2 | - test 3 | - coverage 4 | 5 | test: 6 | stage: test 7 | tags: 8 | - features-amd64 9 | script: 10 | - echo "Build and test docker image" 11 | - docker build --no-cache -t libmpc . 12 | - docker run --cap-add SYS_PTRACE --rm libmpc 13 | 14 | coverage: 15 | stage: coverage 16 | tags: 17 | - features-amd64 18 | script: 19 | - echo "Generate coverage figures" 20 | - docker run --rm libmpc ./scripts/coverage.sh 21 | coverage: '/lines......: (\d+.\d+%)/' 22 | 23 | -------------------------------------------------------------------------------- /scripts/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # test.sh 4 | # 5 | # Test all the library build configurations 6 | # 7 | # @author Kealan McCusker 8 | # ------------------------------------------------------------------------------ 9 | 10 | # NOTES: 11 | 12 | set -Cue -o pipefail 13 | 14 | PROJECT_HOME="$(cd "$(dirname "${0}")/.." && pwd)" 15 | cd "$PROJECT_HOME" 16 | 17 | declare -a arr=("Release" "Debug" "Coverage" "ASan") 18 | 19 | for i in "${arr[@]}" 20 | do 21 | ( 22 | echo "$i" 23 | cd target/$i 24 | make test ARGS=-j8 25 | ) 26 | done 27 | -------------------------------------------------------------------------------- /scripts/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # build.sh 4 | # 5 | # Build all the library configurations 6 | # 7 | # @author Kealan McCusker 8 | # ------------------------------------------------------------------------------ 9 | 10 | # NOTES: 11 | 12 | set -Cue -o pipefail 13 | 14 | PROJECT_HOME="$(cd "$(dirname "${0}")/.." && pwd)" 15 | cd "$PROJECT_HOME" 16 | 17 | declare -a arr=("Release" "Debug" "Coverage" "ASan") 18 | 19 | for i in "${arr[@]}" 20 | do 21 | ( 22 | echo "$i" 23 | rm -rf target/$i 24 | mkdir -p target/$i 25 | cd target/$i 26 | cmake -D CMAKE_BUILD_TYPE=$i ../.. 27 | make 28 | ) 29 | done 30 | -------------------------------------------------------------------------------- /scripts/coverage.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # coverage.sh 4 | # 5 | # Generate coverage figures 6 | # 7 | # @author Kealan McCusker 8 | # ------------------------------------------------------------------------------ 9 | 10 | # NOTES: 11 | 12 | CURRENTDIR=${PWD} 13 | 14 | function coverage() 15 | { 16 | echo "coverage" 17 | cd $CURRENTDIR/target/Coverage 18 | mkdir coverage 19 | lcov --capture --initial --directory ./src --output-file coverage/libmpc.info 20 | lcov --no-checksum --directory ./src --capture --output-file coverage/libmpc.info 21 | genhtml -o coverage -t "LIBPAILLIER Test Coverage" coverage/libmpc.info 22 | } 23 | 24 | coverage 25 | -------------------------------------------------------------------------------- /include/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | # List of headers 19 | file(GLOB headers "amcl/*.h") 20 | 21 | install(FILES ${headers} 22 | DESTINATION ${INSTALL_INCLUDESUBDIR}) 23 | -------------------------------------------------------------------------------- /scripts/build_amcl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # build_amcl.sh 4 | # 5 | # Build AMCL 6 | # 7 | # @author Kealan McCusker 8 | # ------------------------------------------------------------------------------ 9 | 10 | # NOTES: 11 | 12 | set -Cue -o pipefail 13 | 14 | PROJECT_HOME="$(cd "$(dirname "${0}")/.." && pwd)" 15 | cd "$PROJECT_HOME" 16 | 17 | git clone https://github.com/apache/incubator-milagro-crypto-c.git 18 | 19 | ( 20 | cd incubator-milagro-crypto-c 21 | mkdir build 22 | cd build 23 | 24 | cmake -D CMAKE_BUILD_TYPE=Release \ 25 | -D BUILD_SHARED_LIBS=ON \ 26 | -D DEBUG_NORM=OFF \ 27 | -D AMCL_CHUNK=64 \ 28 | -D AMCL_CURVE="BLS381,SECP256K1" \ 29 | -D BUILD_PAILLIER=ON \ 30 | -D BUILD_PYTHON=OFF \ 31 | -D BUILD_BLS=ON \ 32 | -D BUILD_WCC=OFF \ 33 | -D BUILD_MPIN=OFF \ 34 | -D BUILD_X509=OFF \ 35 | -D CMAKE_INSTALL_PREFIX=/usr/local .. 36 | 37 | make 38 | make test ARGS=-j8 39 | sudo make install 40 | ) 41 | -------------------------------------------------------------------------------- /test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | add_subdirectory(smoke) 19 | add_subdirectory(unit) 20 | 21 | include_directories (${PROJECT_SOURCE_DIR}/include 22 | /usr/local/include) 23 | 24 | add_library(mpc_test_utils OBJECT test.c) 25 | -------------------------------------------------------------------------------- /examples/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | #cmake_minimum_required(VERSION 3.22) 18 | 19 | # List of examples 20 | file(GLOB_RECURSE SRCS *.c) 21 | 22 | # Add the binary tree directory to the search path for linking and include files 23 | link_directories (${PROJECT_BINARY_DIR}/src 24 | /usr/local/lib) 25 | 26 | include_directories (${PROJECT_SOURCE_DIR}/include 27 | /usr/local/include) 28 | 29 | foreach(example ${SRCS}) 30 | # Extract the filename without an extension 31 | get_filename_component(target ${example} NAME_WE) 32 | 33 | add_executable(${target} ${example}) 34 | 35 | target_link_libraries(${target} amcl_mpc) 36 | endforeach(example) 37 | 38 | -------------------------------------------------------------------------------- /src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | file(GLOB_RECURSE SOURCES *.c) 19 | 20 | set(target "amcl_mpc") 21 | 22 | link_directories(${CMAKE_CURRENT_BINARY_DIR} 23 | /usr/local/lib) 24 | 25 | include_directories (${PROJECT_SOURCE_DIR}/include 26 | /usr/local/include) 27 | 28 | add_library(${target} ${LIB_TYPE} ${SOURCES}) 29 | 30 | target_link_libraries (${target} amcl_paillier amcl_curve_SECP256K1 amcl_core) 31 | 32 | set_target_properties(${target} 33 | PROPERTIES VERSION 34 | ${BUILD_VERSION} 35 | SOVERSION 36 | ${VERSION_MAJOR}) 37 | 38 | install(TARGETS ${target} DESTINATION lib PERMISSIONS 39 | OWNER_WRITE OWNER_READ OWNER_EXECUTE 40 | GROUP_READ GROUP_EXECUTE 41 | WORLD_READ WORLD_EXECUTE) 42 | -------------------------------------------------------------------------------- /src/modulus.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /* Modulus declarations */ 21 | 22 | #include "amcl/modulus.h" 23 | 24 | void MODULUS_kill(MODULUS_priv *m) 25 | { 26 | FF_2048_zero(m->p, HFLEN_2048); 27 | FF_2048_zero(m->q, HFLEN_2048); 28 | FF_2048_zero(m->invpq, HFLEN_2048); 29 | } 30 | 31 | void MODULUS_fromOctets(MODULUS_priv *m, const octet *P, const octet *Q) 32 | { 33 | FF_2048_fromOctet(m->p, P, HFLEN_2048); 34 | FF_2048_fromOctet(m->q, Q, HFLEN_2048); 35 | 36 | FF_2048_mul(m->n, m->p, m->q, HFLEN_2048); 37 | FF_2048_invmodp(m->invpq, m->p, m->q, HFLEN_2048); 38 | } 39 | 40 | void MODULUS_toOctets(octet *P, octet *Q, MODULUS_priv *m) 41 | { 42 | FF_2048_toOctet(P, m->p, HFLEN_2048); 43 | FF_2048_toOctet(Q, m->q, HFLEN_2048); 44 | } 45 | -------------------------------------------------------------------------------- /testVectors/schnorr/commit.txt: -------------------------------------------------------------------------------- 1 | TEST = 0, 2 | R = 37ccd69812abf02c47c8991eaba56e3ae75f1e2d8ef3b494d96204ff44c8065c, 3 | C = 02e4cbab68ae93cafe6d74e4cccf6c0de953c216064f90e993b0471ff25b6a040f, 4 | 5 | TEST = 1, 6 | R = 443ce223d6db5fcbf2ed719f13c8a1e437d14826c77a03a8e17b4f33d6bfcb24, 7 | C = 0328c7302795ef555924b39689f6561ea643cdd743ca71a8e3ff3296b1aa7b3979, 8 | 9 | TEST = 2, 10 | R = b1fa3e46bdc1f43fe012ccfa964421c09e50510ab32bc9c6dd835d9990a352aa, 11 | C = 03bcd15982c1682c330abaddb34874c9d36fb8d378e2b66f0f9fc17ef4fc924bed, 12 | 13 | TEST = 3, 14 | R = 218a9794cfdb080028194e08a1663a15e3377c21fe338ce62f9ff29395ffd9bb, 15 | C = 02aac9ec355d2140cf2ce8db0ea4d803edc3a70397970e9f8f1a7126d2d4ee1caf, 16 | 17 | TEST = 4, 18 | R = 02f4f976245ae40870a20dd6b10ac798ffbb240acffc337b90735c9f4fdd0cc3, 19 | C = 02bba531f13ce2dc08d4ef54872fadf33e3ba81f8e25aa2c67798b2ffe0bb042da, 20 | 21 | TEST = 5, 22 | R = c4564aa0859dc645248a24eeb9b14d62dee3f6f8975ec4d3c453c94d06b44a8f, 23 | C = 0326b5f2a8a40c81debd07d82639715785f1922a11c5330cbd777c1ec4e82f2457, 24 | 25 | TEST = 6, 26 | R = 2ec55e4ef0d91496982921b781c4075489519cf53af515781c8d858a152ea694, 27 | C = 03b872bf52302e19b24276202bec5f1d355110f768bdefedc2aba9c535512aba84, 28 | 29 | TEST = 7, 30 | R = 5e50ad523a802db175705e438f9956fa7a2133526f9563cc34294dddae097f9c, 31 | C = 02fc61b4270e1742acefc7246683be9f791274141b358f54360dd301eb2f078892, 32 | 33 | TEST = 8, 34 | R = 36dc197acb1d3b3095b894f5cd9b1f67ed3dcaefe5953ece6f7e0beea2a4d159, 35 | C = 0309ae9a4771ed2766d435993350ab95c7100671b87c4dae8975c08d35a316fd17, 36 | 37 | TEST = 9, 38 | R = 7f5afca5899d57ece57d8193ccc2b2d6ab84f06fd4843a14f41b8c979b750682, 39 | C = 03790af420a415d89e144d01e88468ffc7a222188fc41952c3bc261a881ee74451, 40 | 41 | -------------------------------------------------------------------------------- /test/smoke/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | # List of tests 19 | file(GLOB_RECURSE SRCS *.c) 20 | 21 | # Add the binary tree directory to the search path for linking and include files 22 | link_directories (${PROJECT_BINARY_DIR}/src 23 | /usr/local/lib) 24 | 25 | include_directories (${PROJECT_SOURCE_DIR}/include 26 | /usr/local/include) 27 | 28 | # define macro to simplify adding tests 29 | macro(do_test arg result) 30 | add_test(${arg} ${TARGET_SYSTEM_EMULATOR} ${arg}${CMAKE_EXECUTABLE_SUFFIX}) 31 | set_tests_properties(${arg} PROPERTIES PASS_REGULAR_EXPRESSION ${result}) 32 | endmacro() 33 | 34 | foreach(test ${SRCS}) 35 | # Extract the filename without an extension 36 | get_filename_component(target ${test} NAME_WE) 37 | 38 | add_executable(${target} ${test}) 39 | 40 | target_link_libraries(${target} amcl_mpc) 41 | 42 | do_test(${target} "SUCCESS") 43 | endforeach(test) 44 | 45 | -------------------------------------------------------------------------------- /cmake_uninstall.cmake.in: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 19 | message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 20 | endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 21 | 22 | file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files) 23 | string(REGEX REPLACE "\n" ";" files "${files}") 24 | foreach(file ${files}) 25 | message(STATUS "Uninstalling $ENV{DESTDIR}${file}") 26 | if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 27 | exec_program( 28 | "@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\"" 29 | OUTPUT_VARIABLE rm_out 30 | RETURN_VALUE rm_retval 31 | ) 32 | if(NOT "${rm_retval}" STREQUAL 0) 33 | message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}") 34 | endif(NOT "${rm_retval}" STREQUAL 0) 35 | else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 36 | message(STATUS "File $ENV{DESTDIR}${file} does not exist.") 37 | endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 38 | endforeach(file) 39 | -------------------------------------------------------------------------------- /testVectors/schnorr/commit.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "TEST": 0, 4 | "R": "37ccd69812abf02c47c8991eaba56e3ae75f1e2d8ef3b494d96204ff44c8065c", 5 | "C": "02e4cbab68ae93cafe6d74e4cccf6c0de953c216064f90e993b0471ff25b6a040f" 6 | }, 7 | { 8 | "TEST": 1, 9 | "R": "443ce223d6db5fcbf2ed719f13c8a1e437d14826c77a03a8e17b4f33d6bfcb24", 10 | "C": "0328c7302795ef555924b39689f6561ea643cdd743ca71a8e3ff3296b1aa7b3979" 11 | }, 12 | { 13 | "TEST": 2, 14 | "R": "b1fa3e46bdc1f43fe012ccfa964421c09e50510ab32bc9c6dd835d9990a352aa", 15 | "C": "03bcd15982c1682c330abaddb34874c9d36fb8d378e2b66f0f9fc17ef4fc924bed" 16 | }, 17 | { 18 | "TEST": 3, 19 | "R": "218a9794cfdb080028194e08a1663a15e3377c21fe338ce62f9ff29395ffd9bb", 20 | "C": "02aac9ec355d2140cf2ce8db0ea4d803edc3a70397970e9f8f1a7126d2d4ee1caf" 21 | }, 22 | { 23 | "TEST": 4, 24 | "R": "02f4f976245ae40870a20dd6b10ac798ffbb240acffc337b90735c9f4fdd0cc3", 25 | "C": "02bba531f13ce2dc08d4ef54872fadf33e3ba81f8e25aa2c67798b2ffe0bb042da" 26 | }, 27 | { 28 | "TEST": 5, 29 | "R": "c4564aa0859dc645248a24eeb9b14d62dee3f6f8975ec4d3c453c94d06b44a8f", 30 | "C": "0326b5f2a8a40c81debd07d82639715785f1922a11c5330cbd777c1ec4e82f2457" 31 | }, 32 | { 33 | "TEST": 6, 34 | "R": "2ec55e4ef0d91496982921b781c4075489519cf53af515781c8d858a152ea694", 35 | "C": "03b872bf52302e19b24276202bec5f1d355110f768bdefedc2aba9c535512aba84" 36 | }, 37 | { 38 | "TEST": 7, 39 | "R": "5e50ad523a802db175705e438f9956fa7a2133526f9563cc34294dddae097f9c", 40 | "C": "02fc61b4270e1742acefc7246683be9f791274141b358f54360dd301eb2f078892" 41 | }, 42 | { 43 | "TEST": 8, 44 | "R": "36dc197acb1d3b3095b894f5cd9b1f67ed3dcaefe5953ece6f7e0beea2a4d159", 45 | "C": "0309ae9a4771ed2766d435993350ab95c7100671b87c4dae8975c08d35a316fd17" 46 | }, 47 | { 48 | "TEST": 9, 49 | "R": "7f5afca5899d57ece57d8193ccc2b2d6ab84f06fd4843a14f41b8c979b750682", 50 | "C": "03790af420a415d89e144d01e88468ffc7a222188fc41952c3bc261a881ee74451" 51 | } 52 | ] -------------------------------------------------------------------------------- /sonar-project.properties: -------------------------------------------------------------------------------- 1 | sonar.projectKey=mpc_incubator-milagro-MPC_AYLy7Sz19jx4_m95ZHos 2 | sonar.qualitygate.wait=true 3 | sonar.projectName=apache_incubator-milagro-MPC 4 | sonar.projectVersion=0.1.0 5 | sonar.exclusions=model/**/*, **/CMakeCXXCompilerId.cpp 6 | sonar.coverage.exclusions=**/* 7 | #sonar.cpd.exclusions=**/benchmark/**/*, **/examples/**/*, **/examples_ed25519/**/*, **/python/**/*, **/test/**/*, **/test_ed25519/**/* 8 | sonar.cpd.exclusions=**/* 9 | 10 | sonar.issue.ignore.multicriteria=e1, e2, e3, e4, e5, e6, e7, e8, e9 11 | 12 | sonar.issue.ignore.multicriteria.e1.ruleKey=python:S1845 13 | sonar.issue.ignore.multicriteria.e1.resourceKey=**/* 14 | 15 | sonar.issue.ignore.multicriteria.e2.ruleKey=python:S125 16 | sonar.issue.ignore.multicriteria.e2.resourceKey=**/* 17 | 18 | sonar.issue.ignore.multicriteria.e3.ruleKey=python:S117 19 | sonar.issue.ignore.multicriteria.e3.resourceKey=**/* 20 | 21 | sonar.issue.ignore.multicriteria.e4.ruleKey=c:S3728 22 | sonar.issue.ignore.multicriteria.e4.resourceKey=**/CMakeCCompilerId.c 23 | 24 | sonar.issue.ignore.multicriteria.e5.ruleKey=c:S984 25 | sonar.issue.ignore.multicriteria.e5.resourceKey= test/**/*.c 26 | sonar.issue.ignore.multicriteria.e6.ruleKey=c:S984 27 | sonar.issue.ignore.multicriteria.e6.resourceKey= test_ed25519/**/*.c 28 | sonar.issue.ignore.multicriteria.e7.ruleKey=c:S984 29 | sonar.issue.ignore.multicriteria.e7.resourceKey= test_tss_ed25519/**/*.c 30 | sonar.issue.ignore.multicriteria.e8.ruleKey=c:S984 31 | sonar.issue.ignore.multicriteria.e8.resourceKey= examples/**/*.c 32 | sonar.issue.ignore.multicriteria.e9.ruleKey=c:S984 33 | sonar.issue.ignore.multicriteria.e9.resourceKey= examples_ed25519/**/*.c 34 | 35 | # ===================================================== 36 | # Properties that will be shared amongst all modules 37 | # ===================================================== 38 | 39 | # SQ standard properties 40 | sonar.sources=. 41 | 42 | # Properties specific to the C/C++ analyzer: 43 | sonar.cfamily.build-wrapper-output= .sonar/bw-output 44 | sonar.cfamily.gcov.reportsPath=. 45 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Dockerfile 2 | # 3 | # Ubuntu 22.04 4 | # 5 | # @author Kealan McCusker 6 | # ------------------------------------------------------------------------------ 7 | 8 | # ------------------------------------------------------------------------------ 9 | # NOTES: 10 | # 11 | # Create the image: 12 | # docker build t libmpc . 13 | # 14 | # Run tests: 15 | # docker run --rm libmpc ./scripts/test.sh 16 | # 17 | # Generate coverage figures: 18 | # CONTAINER_ID=$(docker run -d libmpc ./scripts/coverage.sh) 19 | # docker logs $CONTAINER_ID 20 | # docker cp ${CONTAINER_ID}:"/root/target/Coverage/coverage" ./ 21 | # docker rm -f ${CONTAINER_ID} || true 22 | # 23 | # To login to container: 24 | # docker run -it --rm libmpc bash 25 | # ------------------------------------------------------------------------------ 26 | 27 | FROM ubuntu:22.04 28 | 29 | LABEL maintainer="kealanmccusker@gmail.com" 30 | 31 | WORKDIR /root 32 | 33 | ENV LD_LIBRARY_PATH=/usr/local/lib:./ 34 | 35 | RUN echo "## Start building" \ 36 | && echo "## Update and install packages" \ 37 | && apt-get -y update \ 38 | && apt-get install -y --no-install-recommends \ 39 | build-essential \ 40 | cmake \ 41 | doxygen \ 42 | lcov \ 43 | python3-dev \ 44 | python3-pip \ 45 | wget \ 46 | git \ 47 | libffi-dev \ 48 | && echo "## Done" 49 | 50 | RUN pip3 install cffi 51 | 52 | # install AMCL 53 | RUN git clone https://github.com/apache/incubator-milagro-crypto-c.git &&\ 54 | cd incubator-milagro-crypto-c && \ 55 | mkdir build && \ 56 | cd build && \ 57 | cmake -D CMAKE_BUILD_TYPE=Release \ 58 | -D BUILD_SHARED_LIBS=ON \ 59 | -D AMCL_CHUNK=64 \ 60 | -D AMCL_CURVE="BLS381,SECP256K1" \ 61 | -D BUILD_PAILLIER=ON \ 62 | -D BUILD_PYTHON=OFF \ 63 | -D BUILD_BLS=ON \ 64 | -D BUILD_WCC=OFF \ 65 | -D BUILD_MPIN=OFF \ 66 | -D BUILD_X509=OFF \ 67 | -D CMAKE_INSTALL_PREFIX=/usr/local .. && \ 68 | make && \ 69 | make test ARGS=-j8 && \ 70 | make install 71 | 72 | ADD . /root 73 | 74 | RUN ./scripts/build.sh 75 | 76 | RUN ./scripts/test.sh 77 | 78 | 79 | 80 | 81 | 82 | -------------------------------------------------------------------------------- /test/smoke/test_schnorr_interactive_smoke.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include "amcl/schnorr.h" 21 | 22 | /* Schnorr's proofs smoke test using random challenge */ 23 | 24 | int main() 25 | { 26 | int rc; 27 | 28 | BIG_256_56 x; 29 | BIG_256_56 q; 30 | ECP_SECP256K1 G; 31 | 32 | char x_char[SGS_SECP256K1]; 33 | octet X = {0, sizeof(x_char), x_char}; 34 | 35 | char v[SFS_SECP256K1+1]; 36 | octet V = {0, sizeof(v), v}; 37 | 38 | char r[SGS_SECP256K1]; 39 | octet R = {0, sizeof(r), r}; 40 | 41 | char c[SFS_SECP256K1+1]; 42 | octet C = {0, sizeof(c), c}; 43 | 44 | char e[SGS_SECP256K1]; 45 | octet E = {0, sizeof(e), e}; 46 | 47 | char p[SGS_SECP256K1]; 48 | octet P = {0, sizeof(p), p}; 49 | 50 | // Deterministic RNG for testing 51 | char seed[32] = {0}; 52 | csprng RNG; 53 | RAND_seed(&RNG, 32, seed); 54 | 55 | BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); 56 | BIG_256_56_randomnum(x, q, &RNG); 57 | 58 | ECP_SECP256K1_generator(&G); 59 | ECP_SECP256K1_mul(&G, x); 60 | 61 | BIG_256_56_toBytes(X.val, x); 62 | X.len = SGS_SECP256K1; 63 | 64 | ECP_SECP256K1_toOctet(&V, &G, 1); 65 | 66 | SCHNORR_commit(&RNG, &R, &C); 67 | 68 | SCHNORR_random_challenge(&RNG, &E); 69 | 70 | SCHNORR_prove(&R, &E, &X, &P); 71 | 72 | rc = SCHNORR_verify(&V, &C, &E, &P); 73 | if (rc) 74 | { 75 | printf("FAILURE SCHNORR_verify. RC %d\n", rc); 76 | exit(EXIT_FAILURE); 77 | } 78 | 79 | printf("SUCCESS\n"); 80 | exit(EXIT_SUCCESS); 81 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | # *Apache Milagro Multi-Party Computation Library* 21 | 22 | [![Master Branch](https://img.shields.io/badge/-master:-gray.svg)](https://github.com/apache/incubator-milagro-MPC/tree/master) 23 | 24 | * **category**: Library 25 | * **copyright**: 2023 The Apache Software Foundation 26 | * **license**: ASL 2.0 ([Apache License Version 2.0, January 2004](http://www.apache.org/licenses/LICENSE-2.0)) 27 | * **link**: https://github.com/apache/incubator-milagro-MPC 28 | 29 | ## Description 30 | 31 | *AMCL - Apache Milagro Crypto Multi-Party Computation* 32 | 33 | This library implements Multi-Party Computation (MPC) using the milargo crypto library. 34 | 35 | ## Dependencies 36 | 37 | In order to build this library, the following packages are required: 38 | 39 | * [CMake](https://cmake.org/) is required to build the source code. 40 | 41 | ### AMCL 42 | 43 | [AMCL](https://github.com/apache/incubator-milagro-crypto-c) is required 44 | 45 | Build and install the AMCL library 46 | 47 | ```sh 48 | ./scripts/build_amcl.sh 49 | ``` 50 | 51 | ## Compiling 52 | 53 | Build and run tests on all builds 54 | 55 | ```sh 56 | export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./ 57 | ./scripts/build.sh 58 | ./scripts/test.sh 59 | ``` 60 | 61 | Install 62 | 63 | ```sh 64 | cd target/Release 65 | sudo make install 66 | ``` 67 | 68 | ## Docker 69 | 70 | Build and run tests using docker 71 | 72 | ```sh 73 | docker build --no-cache -t libmpc . 74 | ``` 75 | 76 | Generate coverage figures 77 | 78 | ```sh 79 | docker run --rm libmpc ./scripts/coverage.sh 80 | ``` -------------------------------------------------------------------------------- /test/smoke/test_schnorr_smoke.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include "amcl/schnorr.h" 21 | 22 | /* Schnorr's proofs smoke test */ 23 | 24 | int main() 25 | { 26 | int rc; 27 | 28 | BIG_256_56 x; 29 | BIG_256_56 q; 30 | ECP_SECP256K1 G; 31 | 32 | char id[32]; 33 | octet ID = {0, sizeof(id), id}; 34 | 35 | char ad[32]; 36 | octet AD = {0, sizeof(ad), ad}; 37 | 38 | char x_char[SGS_SECP256K1]; 39 | octet X = {0, sizeof(x_char), x_char}; 40 | 41 | char v[SFS_SECP256K1+1]; 42 | octet V = {0, sizeof(v), v}; 43 | 44 | char r[SGS_SECP256K1]; 45 | octet R = {0, sizeof(r), r}; 46 | 47 | char c[SFS_SECP256K1+1]; 48 | octet C = {0, sizeof(c), c}; 49 | 50 | char e[SGS_SECP256K1]; 51 | octet E = {0, sizeof(e), e}; 52 | 53 | char p[SGS_SECP256K1]; 54 | octet P = {0, sizeof(p), p}; 55 | 56 | // Deterministic RNG for testing 57 | char seed[32] = {0}; 58 | csprng RNG; 59 | RAND_seed(&RNG, 32, seed); 60 | 61 | OCT_rand(&ID, &RNG, ID.len); 62 | OCT_rand(&AD, &RNG, AD.len); 63 | 64 | BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); 65 | BIG_256_56_randomnum(x, q, &RNG); 66 | 67 | ECP_SECP256K1_generator(&G); 68 | ECP_SECP256K1_mul(&G, x); 69 | 70 | BIG_256_56_toBytes(X.val, x); 71 | X.len = SGS_SECP256K1; 72 | 73 | ECP_SECP256K1_toOctet(&V, &G, 1); 74 | 75 | SCHNORR_commit(&RNG, &R, &C); 76 | 77 | SCHNORR_challenge(&V, &C, &ID, &AD, &E); 78 | 79 | SCHNORR_prove(&R, &E, &X, &P); 80 | 81 | rc = SCHNORR_verify(&V, &C, &E, &P); 82 | if (rc) 83 | { 84 | printf("FAILURE SCHNORR_verify. RC %d\n", rc); 85 | exit(EXIT_FAILURE); 86 | } 87 | 88 | printf("SUCCESS\n"); 89 | exit(EXIT_SUCCESS); 90 | } -------------------------------------------------------------------------------- /CPackConfig.cmake: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | include (InstallRequiredSystemLibraries) 19 | 20 | ########################### General Settings ########################### 21 | set(CPACK_PACKAGE_NAME "MILAGRO") 22 | set(CPACK_PACKAGE_VERSION "${PROJECT_VERSION}") 23 | set(CPACK_PACKAGE_RELEASE 1) 24 | set(CPACK_DESCRIPTION_SUMMARY "${CMAKE_CURRENT_SOURCE_DIR}/README.md") 25 | set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE") 26 | set(CPACK_PACKAGE_VENDOR "MILAGRO") 27 | set(CPACK_PACKAGE_CONTACT "dev@milagro.apache.org") 28 | set(CPACK_SYSTEM_NAME "${CMAKE_SYSTEM_NAME}") 29 | 30 | if (BUILD_PYTHON) 31 | set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.7.0") 32 | endif (BUILD_PYTHON) 33 | 34 | set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CMAKE_SYSTEM_PROCESSOR}") 35 | 36 | ########################### Linux Settings ########################### 37 | if(${CMAKE_SYSTEM_NAME} MATCHES "Linux") 38 | set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) 39 | 40 | # Prevents CPack from generating file conflicts 41 | set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}") 42 | list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}/bin") 43 | list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}/include") 44 | list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}/lib") 45 | list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${PYTHON_SITE_LIB}") 46 | list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${PYTHON_SITE_PACKAGES}") 47 | set(CPACK_GENERATOR "RPM") 48 | endif() 49 | 50 | include (CPack) 51 | -------------------------------------------------------------------------------- /include/amcl/modulus.h: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /** 21 | * @file modulus.h 22 | * @brief Declarations for a modulus N = PQ 23 | * 24 | */ 25 | 26 | #ifndef MODULUS_H 27 | #define MODULUS_H 28 | 29 | #include "amcl/amcl.h" 30 | #include "amcl/big_1024_58.h" 31 | #include "amcl/ff_2048.h" 32 | 33 | #ifdef __cplusplus 34 | extern "C" 35 | { 36 | #endif 37 | 38 | #ifndef FS_2048 39 | #define FS_2048 MODBYTES_1024_58 * FFLEN_2048 /**< 2048 field size in bytes */ 40 | #endif 41 | 42 | #ifndef HFS_2048 43 | #define HFS_2048 MODBYTES_1024_58 * HFLEN_2048 /**< Half 2048 field size in bytes */ 44 | #endif 45 | 46 | /*! \brief Modulus and precomputed values for CRT */ 47 | typedef struct 48 | { 49 | BIG_1024_58 p[HFLEN_2048]; /**< First factor of the modulus */ 50 | BIG_1024_58 q[HFLEN_2048]; /**< Second factor of the modulus */ 51 | BIG_1024_58 invpq[HFLEN_2048]; /**< Precomputed inverse for CRT */ 52 | BIG_1024_58 n[FFLEN_2048]; /**< Modulus */ 53 | } MODULUS_priv; 54 | 55 | /** \brief Read a modulus from octets 56 | * 57 | * @param m The destination modulus 58 | * @param P The first factor of the modulus 59 | * @param Q The second factor of the modulus 60 | */ 61 | void MODULUS_fromOctets(MODULUS_priv *m, const octet *P, const octet *Q); 62 | 63 | /** \brief Write a modulus to octets 64 | * 65 | * @param P The destination first factor of the modulus 66 | * @param Q The destination second factor of the modulus 67 | * @param m The source modulus 68 | */ 69 | void MODULUS_toOctets(octet *P, octet *Q, MODULUS_priv *m); 70 | 71 | /** \brief Clean memory associated to a modulus 72 | * 73 | * @param m The modulus to clean 74 | */ 75 | void MODULUS_kill(MODULUS_priv *m); 76 | 77 | #ifdef __cplusplus 78 | } 79 | #endif 80 | 81 | #endif 82 | -------------------------------------------------------------------------------- /include/amcl/cg21/cg21_pi_prm.h: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /** 21 | * This code implements Pedersen parameter generation as described in https://link.springer.com/chapter/10.1007/BFb0052225 22 | * Note: there are two ways to generate 'b0' ('s' in cg21) based on the above paper. We implement the way which 'b0' is 23 | * always a generator of G_{pq} for security reasons. 24 | */ 25 | 26 | 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include "cg21_utilities.h" 32 | #include "amcl/shamir.h" 33 | #include "amcl/modulus.h" 34 | 35 | typedef struct 36 | { 37 | HDLOG_iter_values rho; /**< BIT_Commitment for the h1 DLOG ZKP */ 38 | HDLOG_iter_values irho; /**< BIT_Commitment for the h0 DLOG ZKP */ 39 | HDLOG_iter_values t; /**< Proofs for the h1 DLOG ZKP */ 40 | HDLOG_iter_values it; /**< Proofs for the h1 DLOG ZKP */ 41 | } CG21_PIPRM_PROOF; 42 | 43 | typedef struct 44 | { 45 | octet *rho; 46 | octet *irho; 47 | octet *t; 48 | octet *it; 49 | } CG21_PIPRM_PROOF_OCT; 50 | 51 | /** @brief Generate ZKP for Ring-Pedersen Parameters 52 | * 53 | * @param RNG is a pointer to a cryptographically secure random number generator 54 | * @param priv Ring-Pedersen private parameters 55 | * @param ssid system-wide session-ID, refers to the same notation as in CG21 56 | * @param proofOct ZKP in octet form 57 | */ 58 | extern int CG21_PI_PRM_PROVE(csprng *RNG, PEDERSEN_PRIV *priv, const CG21_SSID *ssid, 59 | CG21_PIPRM_PROOF_OCT *proofOct); 60 | 61 | /** @brief Verify ZKP for Ring-Pedersen Parameters 62 | * 63 | * @param pub Ring-Pedersen public parameters 64 | * @param ssid system-wide session-ID, refers to the same notation as in CG21 65 | * @param proofOct ZKP in octet form 66 | * @param n number of the players 67 | */ 68 | extern int CG21_PI_PRM_VERIFY(PEDERSEN_PUB *pub, const CG21_SSID *ssid, CG21_PIPRM_PROOF_OCT *proofOct, int n); -------------------------------------------------------------------------------- /test/unit/test_schnorr_commit.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/schnorr.h" 23 | 24 | /* Schnorr's Proof commitment unit test */ 25 | 26 | #define LINE_LEN 256 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_schnorr_commit [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int test_run = 0; 37 | 38 | FILE *fp; 39 | char line[LINE_LEN] = {0}; 40 | 41 | const char *TESTline = "TEST = "; 42 | int testNo = 0; 43 | 44 | char r[SGS_SECP256K1]; 45 | octet R = {0, sizeof(r), r}; 46 | const char *Rline = "R = "; 47 | 48 | char c_golden[SFS_SECP256K1+1]; 49 | octet C_GOLDEN = {0, sizeof(c_golden), c_golden}; 50 | const char *Cline = "C = "; 51 | 52 | char c[SFS_SECP256K1+1]; 53 | octet C = {0, sizeof(c), c}; 54 | 55 | // Line terminating a test vector 56 | const char *last_line = Cline; 57 | 58 | fp = fopen(argv[1], "r"); 59 | if (fp == NULL) 60 | { 61 | printf("ERROR opening test vector file\n"); 62 | exit(EXIT_FAILURE); 63 | } 64 | 65 | while (fgets(line, LINE_LEN, fp) != NULL) 66 | { 67 | scan_int(&testNo, line, TESTline); 68 | 69 | // Read input 70 | scan_OCTET(fp, &R, line, Rline); 71 | 72 | // Read ground truth 73 | scan_OCTET(fp, &C_GOLDEN, line, Cline); 74 | 75 | if (!strncmp(line, last_line, strlen(last_line))) 76 | { 77 | SCHNORR_commit(NULL, &R, &C); 78 | compare_OCT(fp, testNo, "SCHNORR_commit", &C, &C_GOLDEN); 79 | 80 | // Mark that at least one test vector was executed 81 | test_run = 1; 82 | } 83 | } 84 | 85 | fclose(fp); 86 | 87 | if (test_run == 0) 88 | { 89 | printf("ERROR no test vector was executed\n"); 90 | exit(EXIT_FAILURE); 91 | } 92 | 93 | printf("SUCCESS\n"); 94 | exit(EXIT_SUCCESS); 95 | } 96 | -------------------------------------------------------------------------------- /include/amcl/cg21/cg21_pi_mod.h: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include "cg21_utilities.h" 27 | #include "amcl/shamir.h" 28 | #include "amcl/modulus.h" 29 | 30 | typedef struct 31 | { 32 | BIG_1024_58 yi[CG21_PAILLIER_PROOF_ITERS][FFLEN_2048]; 33 | BIG_1024_58 xi[CG21_PAILLIER_PROOF_ITERS][FFLEN_2048]; 34 | BIG_1024_58 zi[CG21_PAILLIER_PROOF_ITERS][FFLEN_2048]; 35 | BIG_512_60 w[HFLEN_4096]; 36 | bool ab[CG21_PAILLIER_PROOF_ITERS][2]; 37 | } CG21_PIMOD_PROOF; 38 | 39 | typedef struct 40 | { 41 | octet *w; 42 | octet *x; 43 | octet *z; 44 | octet *ab; 45 | } CG21_PIMOD_PROOF_OCT; 46 | 47 | #define iLEN 32 48 | 49 | /** @brief Generate proof that N is a Paillier-Blum modulus 50 | * 51 | * 1: choose random w ← ZN of Jacobi symbol −1 52 | * 2: generate (ai,bi,xi) 53 | * 3: generate zi 54 | * 55 | * @param RNG is a pointer to a cryptographically secure random number generator 56 | * @param paillierKeys 57 | * @param ssid system-wide session-ID, refers to the same notation as in CG21 58 | * @param paillierProof generated proof 59 | * @param n size of packed elements in SSID 60 | */ 61 | extern int CG21_PI_MOD_PROVE(csprng *RNG, CG21_PAILLIER_KEYS paillierKeys, const CG21_SSID *ssid, 62 | CG21_PIMOD_PROOF_OCT *paillierProof, int n); 63 | 64 | /** @brief Validate proofs that N is a Paillier-Blum modulus 65 | * 66 | * 1: check N is an odd composite number 67 | * 2: generate yi and validate zi 68 | * 3: validate (xi,a,b) 69 | * 70 | * @param paillierProof generated proof 71 | * @param ssid system-wide session-ID, refers to the same notation as in CG21 72 | * @param pk Paillier public key 73 | * @param n size of packed elements in SSID 74 | */ 75 | extern int CG21_PI_MOD_VERIFY(CG21_PIMOD_PROOF_OCT *paillierProof, const CG21_SSID *ssid, 76 | PAILLIER_public_key pk, int n); -------------------------------------------------------------------------------- /examples/example_schnorr_interactive.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include "amcl/schnorr.h" 21 | 22 | /* Schnorr's proofs example */ 23 | 24 | int main() 25 | { 26 | int rc; 27 | 28 | BIG_256_56 x; 29 | BIG_256_56 q; 30 | ECP_SECP256K1 G; 31 | 32 | char x_char[SGS_SECP256K1]; 33 | octet X = {0, sizeof(x_char), x_char}; 34 | 35 | char v[SFS_SECP256K1+1]; 36 | octet V = {0, sizeof(v), v}; 37 | 38 | char r[SGS_SECP256K1]; 39 | octet R = {0, sizeof(r), r}; 40 | 41 | char c[SFS_SECP256K1+1]; 42 | octet C = {0, sizeof(c), c}; 43 | 44 | char e[SGS_SECP256K1]; 45 | octet E = {0, sizeof(e), e}; 46 | 47 | char p[SGS_SECP256K1]; 48 | octet P = {0, sizeof(p), p}; 49 | 50 | // Deterministic RNG for example 51 | char seed[32] = {0}; 52 | csprng RNG; 53 | RAND_seed(&RNG, 32, seed); 54 | 55 | // Generate DLOG 56 | BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); 57 | BIG_256_56_randomnum(x, q, &RNG); 58 | 59 | ECP_SECP256K1_generator(&G); 60 | ECP_SECP256K1_mul(&G, x); 61 | 62 | BIG_256_56_toBytes(X.val, x); 63 | X.len = SGS_SECP256K1; 64 | 65 | ECP_SECP256K1_toOctet(&V, &G, 1); 66 | 67 | printf("Schnorr's Proof of knowledge of a DLOG. V = x.G\n"); 68 | printf("\tx = "); 69 | OCT_output(&X); 70 | printf("\tV = "); 71 | OCT_output(&V); 72 | 73 | printf("\n[Prover] Generate and transmit a commitment C = r.G\n"); 74 | SCHNORR_commit(&RNG, &R, &C); 75 | 76 | printf("\tr = "); 77 | OCT_output(&R); 78 | printf("\tC = "); 79 | OCT_output(&C); 80 | 81 | printf("\n[Verifier] Generate and send back a random challenge\n"); 82 | SCHNORR_random_challenge(&RNG, &E); 83 | 84 | printf("\te = "); 85 | OCT_output(&E); 86 | 87 | printf("\n[Prover] Generate and transmit the proof p for C = r.G and E\n"); 88 | SCHNORR_prove(&R, &E, &X, &P); 89 | 90 | printf("\tp = "); 91 | OCT_output(&P); 92 | 93 | printf("\n[Verifier] Verify the proof against V, C and e\n"); 94 | rc = SCHNORR_verify(&V, &C, &E, &P); 95 | if (rc) 96 | { 97 | printf("\tFailure! RC %d\n", rc); 98 | } 99 | else 100 | { 101 | printf("\tSuccess!\n"); 102 | } 103 | } -------------------------------------------------------------------------------- /testVectors/schnorr/prove.txt: -------------------------------------------------------------------------------- 1 | TEST = 0, 2 | R = 0d2ad62e5a96805f634e7a36c05bc67f5b1b85ea5babb2c256a7c0e71601d932, 3 | E = c5f1d83eb1e5cf4a846ea4db4916132c7a1302aca4ec8ea5d0fea39a9536c8bd, 4 | X = 03b31917ff88c538838276103dd011fe2e4959b470c856cf1ef1597cd5b74c53, 5 | P = dec4c98f1a7cbb20294fdf10bf0f347941a2c4d21af77fe525b01a80e568d8ec, 6 | 7 | TEST = 1, 8 | R = f9912b82f485158ed1e39b33c3a0f23cd25d1a9a1de093928c2b028edd78d030, 9 | E = 53a970231ed2b8355b94142dbc819b845135df484ab4730b702c51719d9620bc, 10 | X = 1c0d38e8ddf2bede223b04921a28c8daadbbf9cc2037059c01b507c7afeb73e2, 11 | P = 30e955b13c262f91033473d17dd818355c5311fe676f5f52c0f20515e65cb422, 12 | 13 | TEST = 2, 14 | R = d06685dee5a04be9500152d789cc792ddc4ca0a25cdec5f6728ebc648ef413f7, 15 | E = 84346c2750e434f33a02e293084a74e8993753005e230bdfbf78b91e197fff4c, 16 | X = 8cd61651b2a5d5827090c9fe6ef212cc590ea374d5664f9069fdd101b9f5448a, 17 | P = 89ce95296c6992ed517939111fb7e0d5a37441706aeaa4546093332fd3c5ab3e, 18 | 19 | TEST = 3, 20 | R = b81da1905989412c7bcc251497fb6136fdfc0e9e2d6ef287d132bea4f4654287, 21 | E = a92fc533e1d987dbdecda3eba516cce5cf407262be2d658f81e5a02292871319, 22 | X = 8c2b44c01dddd839ed8339397fc1234867697540d6feed72e9ed20cd32bb3de7, 23 | P = 2754a9868257bbaaaeaf4ce572b664bf0177ca6117b004def22b454570fd5ed7, 24 | 25 | TEST = 4, 26 | R = b1cde1fd532a1ca79baeb92988a3521a64947309aff94d17605440441c1ca64a, 27 | E = a419af8f9e66558a31deb27f78fb72838eb7c0a5c895b5dbff4cbf1e19499b2a, 28 | X = 176af0cb434b63d405b25ae253a13b8fc8fccd98dff40ea918520ab7d881c2f8, 29 | P = 73b584d798ab0f7283c88dd742cdab1e9f021e5397c120135f191932be8f0de7, 30 | 31 | TEST = 5, 32 | R = 80f1ce99e02e2d77095412553e2795b3aae573ddfbc2bf80f9b7762018cc6cde, 33 | E = aac7f3380eed4eb420bdb62cebe9d3bfbe868c5bcc6b312b700e279a5fa386ad, 34 | X = 9f5faf822515c8faecb9b99b08693394d1f7f85daabc21c5d897033a6075c7b4, 35 | P = d7967219d8c5203d37be74ff7e517c728c0519a69d855a64aeb6cffe29181331, 36 | 37 | TEST = 6, 38 | R = 6b8c767df1e3ba7213ecf21d98db0590277d539cbc49c30f9375c705d9357a22, 39 | E = bb85000a90088372d64b5b2d340ed07d1222cefd13231a26eb6f84b787c51c1c, 40 | X = 562abada7b287b8120c66e0dab2e40021a33e91520240fa01f224c8e6e37c885, 41 | P = f30bf41059c8fa588a983277a974c09890fe248ff375f0288ef634a3afe6bcc1, 42 | 43 | TEST = 7, 44 | R = cf4db4dab14f2d9e0329300011409e4ca061ab824d272f58b27d6dc74a44db13, 45 | E = c47b7ab12d3c0923fbe55253d3e714b6e20c731e9a77e54995e038d3129fa29b, 46 | X = 1266b8f2ece335cd737a16e78f9abd0435db0d1fe2d4077150b89716873e2fcb, 47 | P = 2125fbbff0314612c8e38651633b312da461a9acb6f9c19f6d0b17b03a61f84f, 48 | 49 | TEST = 8, 50 | R = a130aac537e35691a5e6927fa6391557faa37d7f81c7b90abb2256fa6f4342b0, 51 | E = 9906baef410a5d03ea14900459d83eb766352be10b899e814816fcdbb7988bb3, 52 | X = 590841575517666550548fd5853fe2255e4f6b2df898f8abf3a7de6514ebe79c, 53 | P = 51c734de4322f959fdc9bcbdf803403eac3e22ea07038800d139a2607fd85a0a, 54 | 55 | TEST = 9, 56 | R = fb636451819b81d5a7c0c211c2b3b869ca8c8865229cf65d7f7055aa4adb9c0c, 57 | E = ebbf866a53cd4433a854a31f4f1a38a4b780c85084adb41c5b660e1d6bd51075, 58 | X = 9cd9344b1ede123ecf299a98bed7239ca82775536948020a8e13e06dc13f66de, 59 | P = e324179d196051efc76f1e4ca091bb79fd98c5b31e0d2cab0504271278c9fa66, 60 | 61 | -------------------------------------------------------------------------------- /testVectors/schnorr/challenge.txt: -------------------------------------------------------------------------------- 1 | TEST = 0, 2 | V = 02a176790583cb46afccce262a4bc017ed2158220838931508ef057f43f367773d, 3 | C = 024b8ab626b59072b6af4bef79fbf2e9bb06ed624c9ecaa50976149cd8e7c96acc, 4 | E = 039bf63791581ac0be5f994edc2d18f368ebdea8bdf9d96af175556f61902528, 5 | ID = d5cbc9979fef22eb7f2c7229a555ae78, 6 | AD = , 7 | 8 | TEST = 1, 9 | V = 0318a8489034bb5c463574df14b2e01ee874d4f1dafd3ccb5bd5a896f70a2a603e, 10 | C = 02cfaa97966c2165c2ac45180fb25c7605e4e7b8df54ca44ded4a51e1ffca2becd, 11 | E = 393f5c11a666f00fa6a2a900b5291f97e0d6ca6a0b3d926d1ef88ad6e8e7bc98, 12 | ID = 21760c2a45dbf928d4bffe84e8eb1580, 13 | AD = , 14 | 15 | TEST = 2, 16 | V = 03f22588a2ed1bad9c268f43d11a5543354c96a6af88dd3ecde41457f0bdb9f502, 17 | C = 03942bd98066baaa416df52d80df211bf9e79e660e30ac8330442ddf2ab5483203, 18 | E = 4c4a3993a2a63bf72178cb80ade4448e28ee0789c6cac67835f41e3402242d2f, 19 | ID = aad7998056d3a55dcc0bf97a25c11861, 20 | AD = , 21 | 22 | TEST = 3, 23 | V = 02945b518fcc06a093fbb9f61486ca3e17cb34851b4d1fba2fa9d49ad794ada85c, 24 | C = 028e59bfb66b0d94eeaa8f5646081dd7a040336c28ff05fc7fcc58cfa7cf854e80, 25 | E = 7128b92b5fc492cdae6dc465986da78b513fbcec7c2f59173350bbd98d996164, 26 | ID = 33d06f26117fc7dca35d271ac985157e, 27 | AD = , 28 | 29 | TEST = 4, 30 | V = 02470debd491384cdf0e01b0e6327206e48a5fdce6040baad766fe2feb2b0bd0d2, 31 | C = 025ccf01a8dc4cc179fde4643681e598adab65ee97bc27c5682973c4e28b577642, 32 | E = 78e39b1a50cfb9510c12df628e74b223ec86332cfc54b09236956bbc833a1597, 33 | ID = 69f1242f71a3e7dbdf5e5d3a95c10b96, 34 | AD = , 35 | 36 | TEST = 5, 37 | V = 02cfc213d2bc4ec8e8953ce4a4145b730fb6163362035d15cd162f8a97ebf5e1b4, 38 | C = 03c100078d60bd6b14f9c61a5acab37876df8beb6a1bc95b38c6eba22d59d4012c, 39 | E = 86b7f2deb6b2c6d41b9bfd9ca6c69a99acdd6b4e96b69d6d9b0c786f5517e164, 40 | ID = 9ca5174cb1aa9bae6370d25d6785e341, 41 | AD = 1591f421f41ac4cd8ac5269e4b99e0f9, 42 | 43 | TEST = 6, 44 | V = 03480bb05fd84efc13bff7c8b598d3c039c29ec87bdd708ca713f441100a21dd3a, 45 | C = 0300e504f796b9d43c8a405f1f3cc037a36c1cd50816387a6fdaaabded39c1bf18, 46 | E = ef2dd1f4e70ff6c100400c35e208a2e07e6b1afe271bb965c764f69f0abc17da, 47 | ID = da6f7ad762b7aee88f4ace681fd1bc66, 48 | AD = 98ba1bf3d76807e3b302e1797d4d3f80, 49 | 50 | TEST = 7, 51 | V = 033abe7b79955e901a74a238e741a203994f920d4722bb19cf33fec18001631e95, 52 | C = 036ae855d9afca5f9603a5c3c8760700ead0fdd4d410fe2b4b4ec807b99397ef34, 53 | E = 393e98668698d9ebaca2ff6eb5b2a3db0aae25508da09c8004b75333078f3f3a, 54 | ID = a8294309da772456164b5032d0e8c3a3, 55 | AD = b42d44242c8d0356c4a35598279d9258, 56 | 57 | TEST = 8, 58 | V = 0212802ceb98750059574a30e98ddfdc2923f8e44b0a6d5f331036b2fb7728287e, 59 | C = 02b23ed8faf6d64e9dc4ce13956ac81bf1ef562b397afdc91f60a684816a6f57f3, 60 | E = ea7aee412a9990829e6963ab2b992f546e1c48d3f79b1564cf0a50678003a130, 61 | ID = 942f4ccccb572383ffc1f03a7d7c63c1, 62 | AD = 828b337445277d7deb1e5f74b8c21efe, 63 | 64 | TEST = 9, 65 | V = 022a2791c4fb15b75da5d699da051f3ee55219ef10ccd66a49971d49460c104388, 66 | C = 03ea3f63538bb4a6ebb4e3560d946b656f6c2ecd8064fe827e2e08b1c58f9bb6f0, 67 | E = cff867b78bbb1e7487e3ed124cd029e2c9e231febfeb9169b4e25fdd06665258, 68 | ID = 574f0bbfe941096ddc7f0042d01b4b82, 69 | AD = f28a3d2395a30ca99a24e78cca947435, 70 | 71 | -------------------------------------------------------------------------------- /testVectors/schnorr/dcommit.txt: -------------------------------------------------------------------------------- 1 | TEST = 0, 2 | R = 0259e1d6f1cf1d5e97248a54b33c7c18261b2a6152cc4eb36c9c38681616815b1b, 3 | A = fb02633176a5893922feb54b6d37188dd8d08695b61cf48210e351ba2aaca20e, 4 | B = 4621a4da1b0c44d8015214b502b3028c8cfce6dd03bda3dfb92fabf8b324a521, 5 | C = 02835e9b712b046d5700c347ca4e10846c0e481f05eaa9bdd7da2b6da8574d3471, 6 | 7 | TEST = 1, 8 | R = 0244b8babba4345fd4407bf44ad76f7884f4f8fb38cc0d99cf09b6cf98c2033035, 9 | A = f7e8ebe2fed516c81ff6777958c1eba87df724318090be9ffb5c2ea0ac367737, 10 | B = 36bf6b7dfb228fd360752a392da3b3d8daeeaced132261baf1b075cc34349776, 11 | C = 03aa219766dd92764d9cc4d125f6cbd1c6f73449dfa96f1268e9ee3723db7918d5, 12 | 13 | TEST = 2, 14 | R = 0296a698250a1237f45aac507bac7f88d1ae2fa5502c0cc061bab6e4d77817de8c, 15 | A = 0824de324be47ecd9177d6c90dc72158ef2b35047b8d7717ef3d130ed6444fb2, 16 | B = a34117c6b8babc2d85af6d70ab1468eee8bf3aace79e90eb1fa8dc4e63f091a1, 17 | C = 036d4afbc091ca1d0e8e5e3d61ac3d82aa81e1ef7edc901ad8f5c976ff5c376c3a, 18 | 19 | TEST = 3, 20 | R = 03591e1e077cd4195e5afc880ea96ff5d783fd587c1aba1129dfb3c6517ec1c8f6, 21 | A = 201abd5a905d6686305b79caf6d240281e874f9ff0320469520307d2a5468f7b, 22 | B = e2a53a62010f99811f2b0e80776047c9ef9be04b423db6a0963c22c21cf325ce, 23 | C = 0279747d0a1800961d4173b267185db43ccc22c80afe521b537d734485b78dd463, 24 | 25 | TEST = 4, 26 | R = 038e0ec278ef160284bb19944fcef4158f4a85c181a8c7db020c0796845d5ce4c1, 27 | A = 18305a54a2b4eebb83ea8a5c73253c0989454f587f2b5bd66d7919cae9c0a6fc, 28 | B = 8744a82766ec8aca0f398c4e9ac1581e2b0254ab1b0610fa8c911808d838336e, 29 | C = 02a80e63387fb9bca43fcf13cc4874d3c8c84de22ed7695ff6d7874b02bc197b2f, 30 | 31 | TEST = 5, 32 | R = 03fd2eb61386982525575394a89be40758c24bf6b0a6e4807c1ab7a82a4e1cdd73, 33 | A = 0d29b13ebd9d14d115cd94822e9e885d81ef67472e5fef7653f8f2d742af851e, 34 | B = 95d44557e995734a211bd97b586669ae054c18624b19de4ea4700527445c1833, 35 | C = 02476e16a4960b5fa50e62ef3016c93a344459747e972637f78da66a3193e6b4d2, 36 | 37 | TEST = 6, 38 | R = 03b7a6d84f9577daab651b724ee3d226daf86fccc34a1124703c9c0070597ac5f2, 39 | A = 74fbe75bce9e10b57486fd5ebade8227421a8c3aeb7855b72cf9f12561fef096, 40 | B = 8c071721faa418ad062df7462ab65b019a786178088344b58063883dfef78ab8, 41 | C = 0323bcd4ddca10d9e1bf31ca8f18d4ed62e19770e5495c2d4f6dd8e2382b731024, 42 | 43 | TEST = 7, 44 | R = 028a6e0d9fe36b568ddad3dfc5cf9506eba8e62aa45d08ef59b6c8980720b84221, 45 | A = ffcf45371d32b708f527ca3a1875aeb1e0eec092e4688d9ed8ba59df338eb56a, 46 | B = 81a27940ced64fe34de599799eb567d61b80a1d519c51d5af3fc796d569a51d3, 47 | C = 02bd668682e5343ac4abb96d913d7e9deec10d5c6278de9b719e32f837a894d7fe, 48 | 49 | TEST = 8, 50 | R = 0313afef23301766f3f26443e2fac4ce42cd850593916daa672baab642d8217ba7, 51 | A = d689fcde07c7ffa6ddca08806b53aadc2acad6d139538beb2771dac4c6be8081, 52 | B = aeb017ab7ad847df1653fa383898bacea67051a74bec966a2700e91a6d5c9ed1, 53 | C = 03a46cd1028277311085050afe9c8af7e7accc2a9dfbe6f264ffef6e6021736439, 54 | 55 | TEST = 9, 56 | R = 03f0b186990b491a9f6d7bae86dfa3188a6fcd79204de0c677ea9e1a4c939a9a19, 57 | A = c2f66ddf4d51057c88033378b3d088bc8a3b930823b661cd6b3b0f55e7a10d8c, 58 | B = 5fa5b601079c88f235f73277b53a08f0b50bb09ed404aeef1acd03b4c58d5969, 59 | C = 03e1507f9e21f26aa04452e7fdbab469dfb28ea1c035def6e56cd7d5ad123b7e9c, 60 | 61 | -------------------------------------------------------------------------------- /testVectors/schnorr/verify.txt: -------------------------------------------------------------------------------- 1 | TEST = 0, 2 | V = 02e5c77e497b536425ab07eefd588713c8cbe380fc3ad5c4322d272c33d5936dd8, 3 | C = 02a2a3f686dcd004f9a60f2445235aca86122faf3fdf3b8da9c26cc408ba2e8c28, 4 | E = 07dc332af157dbd31263e796e7e2b105773680a17523da9df48f7061e16458aa, 5 | P = b2cc02820c79e0893f79392f53cffd2b1bb5e65076151f3d20eb831562a4488d, 6 | 7 | TEST = 1, 8 | V = 0291bf08c6a9413a0e0a5a1c0b56bb6dad3520b65592cee858b1e8fa7f8d03e7c6, 9 | C = 03ad4cf8eb662f98bae0c47cf715479a9bd0ae2f985f56e5e523455a7d49ee167b, 10 | E = 388517ff1e7b733b887a09968927b60f3ca619c2db8240480b0e4e4c566cc768, 11 | P = b0fc72eb9f988715d15ac600b918848a45a72391feae7693d26d8757da0f1389, 12 | 13 | TEST = 2, 14 | V = 03bfe6a707f0e9fdfcffa58c71de60de4db3ef424023d830fa8b9caff4c4335b04, 15 | C = 02d7e84d9c282234708790def6746ea2ea0149883c38abebedc3e83d1fa05cb9ea, 16 | E = d50d91a532f3e0e48b91011bb0ff7b739c7a637344d21dda0a1848b5dad7f1d0, 17 | P = e431970788f305574019f9482d50a086b14e9a10e5096e95ed690c2315a62d19, 18 | 19 | TEST = 3, 20 | V = 028af9bbfd52301a73d40ef315c8a6500d06a1a09dde9d7431020651eb326bab52, 21 | C = 02ee3f63bc193aa1dd9b6389b6ad96fbe0a5c9fa899fae131096a9e2370319cfc5, 22 | E = f064cbd98d6d8bd2ed30b4d3e9166815bc03b85662c9ee1eb4164fe365b918c3, 23 | P = ddc4e8231636d34dce3ab9f596408c9e885f8413506b4e0932737d2546b5f373, 24 | 25 | TEST = 4, 26 | V = 0252fae0e6fd43a556980fa53bd31dc207f3dca471cffe6a944b02617615121dc3, 27 | C = 032306475edbe266cc72fb31d9d3e70e0c7cfc73b5521b80d16c3e796933d0d5d3, 28 | E = c5008f09c0fd0cd90fd246a6f3c223eb72d16870022b6519ee5c196bafb802e6, 29 | P = aa2767ca0402b47b1d24922ae643f8b57aa9af72ca34b4c18cc208af83a2f929, 30 | 31 | TEST = 5, 32 | V = 02ff23bc1b1301b3561e2273d2262b105a97d25cdc7ec88dfebb30e7516533c280, 33 | C = 02c7ace9b0b7ce5af03c73eb0f4db8419c5606adcc26411aa8abbfd028930ffe2c, 34 | E = 7ae7627967ed0ac624e23fa10b8ab4206cab5ee8ea97e101a4aefc0ee4cec307, 35 | P = 884cca083e188d7b3fc1118309caf3c3d5e594c9a0857344826b705dc2a297c3, 36 | 37 | TEST = 6, 38 | V = 03a02f670dccda44299d1d64cec8e3ad6672b3d076775d24e0996604cccdd7be8c, 39 | C = 02266c43f7c416b3deeacd91cc938653a9ea3e5b84825daf85c0b357017db76ec7, 40 | E = 4945d23377bad79de6677bc3b01775ab7ceac34aae974c9a4961a1de10cb8a0c, 41 | P = 8748ae6f6bd4af425cd894aa917104d2b4886c3d308ab1627e9b863dcf175839, 42 | 43 | TEST = 7, 44 | V = 037985141d65098b851de6e0e81dea7391ec3f4860110b6ce8552a60c683b382f7, 45 | C = 02fba5adf489db4ac21ffe9f4acca008bf2d5721a614f3e187401a481298059ef5, 46 | E = a7d299bb13f99310b6eb08432a461df3a7ed9b0af5b1234df41c695c51480390, 47 | P = 1391037bf16f9704377d01107bd3ea5ac8ca8281c89092528f28625010d50a21, 48 | 49 | TEST = 8, 50 | V = 02071f52c6251f009b4f54f16fb2fbba234d39ad05ad02477dadf23932c89156c2, 51 | C = 02b03b6a48f2539777027770d2292fc6baeeba8c4dc6f41bc4696bb60da7e13758, 52 | E = 9a4a68d563cb768d291d259164dcffb812d8ae6eef13765ad29e5c4078da43ca, 53 | P = e58e98ea6bfd70023dfb39bfdf75eaa07de6bf97975fa4fd3d221d351ea538b6, 54 | 55 | TEST = 9, 56 | V = 0238b133fa948a11c6ff5cb0daa5a8fbc1915d060ac5ac3e7d085875c078afbda0, 57 | C = 03245ac7cf6d1d794ee5ebe37c08b53f2355e4ea12820a67608081fa4efb2b762a, 58 | E = 57bd38c928fb45ec4718785574210ac6b3adfb931faa5bbd8616e37560aedcda, 59 | P = fe24303b07a84d7ac3c670125d578dcaee0fe231e046b8deb072e39f3a481356, 60 | 61 | -------------------------------------------------------------------------------- /test/unit/test_hidden_dlog_prove.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /* ZKP of factoring prove unit test */ 21 | 22 | #include 23 | #include "test.h" 24 | #include "amcl/hidden_dlog.h" 25 | 26 | #define LINE_LEN 65555 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_hidden_dlog_commit [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int test_run = 0; 37 | 38 | FILE *fp; 39 | char line[LINE_LEN] = {0}; 40 | 41 | const char *TESTline = "TEST = "; 42 | int testNo = 0; 43 | 44 | BIG_1024_58 ord[FFLEN_2048]; 45 | const char *ORDline = "ORD = "; 46 | 47 | BIG_1024_58 alpha[FFLEN_2048]; 48 | const char *ALPHAline = "ALPHA = "; 49 | 50 | HDLOG_iter_values R; 51 | const char *Rline = "R = "; 52 | 53 | HDLOG_iter_values T; 54 | HDLOG_iter_values Tgolden; 55 | const char *Tline = "T = "; 56 | 57 | char e[HDLOG_CHALLENGE_SIZE]; 58 | octet E = {0, sizeof(e), e}; 59 | const char *Eline = "E = "; 60 | 61 | // Line terminating a test vector 62 | const char *last_line = Tline; 63 | 64 | fp = fopen(argv[1], "r"); 65 | if (fp == NULL) 66 | { 67 | printf("ERROR opening test vector file\n"); 68 | exit(EXIT_FAILURE); 69 | } 70 | 71 | /* Test happy path using test vectors */ 72 | 73 | while (fgets(line, LINE_LEN, fp) != NULL) 74 | { 75 | scan_int(&testNo, line, TESTline); 76 | 77 | scan_FF_2048(fp, ord, line, ORDline, FFLEN_2048); 78 | scan_FF_2048(fp, alpha, line, ALPHAline, FFLEN_2048); 79 | 80 | scan_HDLOG_iv(fp, R, line, Rline); 81 | scan_HDLOG_iv(fp, Tgolden, line, Tline); 82 | 83 | scan_OCTET(fp, &E, line, Eline); 84 | 85 | if (!strncmp(line, last_line, strlen(last_line))) 86 | { 87 | HDLOG_prove(ord, alpha, R, &E, T); 88 | 89 | compare_HDLOG_iv(fp, testNo, "HDLOG_prove T", T, Tgolden); 90 | 91 | // Mark that at least one test vector was executed 92 | test_run = 1; 93 | } 94 | } 95 | 96 | fclose(fp); 97 | 98 | if (test_run == 0) 99 | { 100 | printf("ERROR no test vector was executed\n"); 101 | exit(EXIT_FAILURE); 102 | } 103 | 104 | printf("SUCCESS\n"); 105 | exit(EXIT_SUCCESS); 106 | } 107 | -------------------------------------------------------------------------------- /test/unit/test_schnorr_prove.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/schnorr.h" 23 | 24 | /* Schnorr's Proof prove unit test */ 25 | 26 | #define LINE_LEN 256 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_shcnorr_prove [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int test_run = 0; 37 | 38 | FILE *fp; 39 | char line[LINE_LEN] = {0}; 40 | 41 | const char *TESTline = "TEST = "; 42 | int testNo = 0; 43 | 44 | char r[SGS_SECP256K1]; 45 | octet R = {0, sizeof(r), r}; 46 | const char *Rline = "R = "; 47 | 48 | char e[SGS_SECP256K1]; 49 | octet E = {0, sizeof(e), e}; 50 | const char *Eline = "E = "; 51 | 52 | char x[SGS_SECP256K1]; 53 | octet X = {0, sizeof(x), x}; 54 | const char *Xline = "X = "; 55 | 56 | char p_golden[SGS_SECP256K1]; 57 | octet P_GOLDEN = {0, sizeof(p_golden), p_golden}; 58 | const char *Pline = "P = "; 59 | 60 | char p[SGS_SECP256K1]; 61 | octet P = {0, sizeof(p), p}; 62 | 63 | // Line terminating a test vector 64 | const char *last_line = Pline; 65 | 66 | fp = fopen(argv[1], "r"); 67 | if (fp == NULL) 68 | { 69 | printf("ERROR opening test vector file\n"); 70 | exit(EXIT_FAILURE); 71 | } 72 | 73 | while (fgets(line, LINE_LEN, fp) != NULL) 74 | { 75 | scan_int(&testNo, line, TESTline); 76 | 77 | // Read input 78 | scan_OCTET(fp, &R, line, Rline); 79 | scan_OCTET(fp, &E, line, Eline); 80 | scan_OCTET(fp, &X, line, Xline); 81 | 82 | // Read ground truth 83 | scan_OCTET(fp, &P_GOLDEN, line, Pline); 84 | 85 | // Read P and run test 86 | if (!strncmp(line, last_line, strlen(last_line))) 87 | { 88 | SCHNORR_prove(&R, &E, &X, &P); 89 | compare_OCT(fp, testNo, "SCHNORR_prove", &P, &P_GOLDEN); 90 | 91 | // Mark that at least one test vector was executed 92 | test_run = 1; 93 | } 94 | } 95 | 96 | fclose(fp); 97 | 98 | if (test_run == 0) 99 | { 100 | printf("ERROR no test vector was executed\n"); 101 | exit(EXIT_FAILURE); 102 | } 103 | 104 | printf("SUCCESS\n"); 105 | exit(EXIT_SUCCESS); 106 | } 107 | -------------------------------------------------------------------------------- /examples/example_schnorr.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include "amcl/schnorr.h" 21 | 22 | /* Schnorr's proofs example */ 23 | 24 | int main() 25 | { 26 | int rc; 27 | 28 | BIG_256_56 x; 29 | BIG_256_56 q; 30 | ECP_SECP256K1 G; 31 | 32 | char x_char[SGS_SECP256K1]; 33 | octet X = {0, sizeof(x_char), x_char}; 34 | 35 | char v[SFS_SECP256K1+1]; 36 | octet V = {0, sizeof(v), v}; 37 | 38 | char id[32]; 39 | octet ID = {0, sizeof(id), id}; 40 | 41 | char ad[32]; 42 | octet AD = {0, sizeof(ad), ad}; 43 | 44 | char r[SGS_SECP256K1]; 45 | octet R = {0, sizeof(r), r}; 46 | 47 | char c[SFS_SECP256K1+1]; 48 | octet C = {0, sizeof(c), c}; 49 | 50 | char e[SGS_SECP256K1]; 51 | octet E = {0, sizeof(e), e}; 52 | 53 | char p[SGS_SECP256K1]; 54 | octet P = {0, sizeof(p), p}; 55 | 56 | // Deterministic RNG for example 57 | char seed[32] = {0}; 58 | csprng RNG; 59 | RAND_seed(&RNG, 32, seed); 60 | 61 | // Generate ID and AD 62 | OCT_rand(&ID, &RNG, ID.len); 63 | OCT_rand(&AD, &RNG, AD.len); 64 | 65 | // Generate DLOG 66 | BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); 67 | BIG_256_56_randomnum(x, q, &RNG); 68 | 69 | ECP_SECP256K1_generator(&G); 70 | ECP_SECP256K1_mul(&G, x); 71 | 72 | BIG_256_56_toBytes(X.val, x); 73 | X.len = SGS_SECP256K1; 74 | 75 | ECP_SECP256K1_toOctet(&V, &G, 1); 76 | 77 | printf("Schnorr's Proof of knowledge of a DLOG. V = x.G\n"); 78 | printf("\tx = "); 79 | OCT_output(&X); 80 | printf("\tV = "); 81 | OCT_output(&V); 82 | 83 | printf("\nGenerate a commitment C = r.G\n"); 84 | SCHNORR_commit(&RNG, &R, &C); 85 | 86 | printf("\tr = "); 87 | OCT_output(&R); 88 | printf("\tC = "); 89 | OCT_output(&C); 90 | 91 | printf("\nGenerate a challenge from the public parameters\n"); 92 | SCHNORR_challenge(&V, &C, &ID, &AD, &E); 93 | 94 | printf("\te = "); 95 | OCT_output(&E); 96 | 97 | printf("\nGenerate the proof p\n"); 98 | SCHNORR_prove(&R, &E, &X, &P); 99 | 100 | printf("\tp = "); 101 | OCT_output(&P); 102 | 103 | printf("\nTransmit proof (C,p) for V\n"); 104 | 105 | printf("\nCompute challenge from public parameters and verify proof\n"); 106 | rc = SCHNORR_verify(&V, &C, &E, &P); 107 | if (rc) 108 | { 109 | printf("\tFailure! RC %d\n", rc); 110 | } 111 | else 112 | { 113 | printf("\tSuccess!\n"); 114 | } 115 | } -------------------------------------------------------------------------------- /include/amcl/hash_utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /** 21 | * @file hash_utils.h 22 | * @brief Hash utility functions for pseudorandom challenge generation 23 | * 24 | */ 25 | 26 | #ifndef HASH_UTILS 27 | #define HASH_UTILS 28 | 29 | #include "amcl/amcl.h" 30 | #include "amcl/big_256_56.h" 31 | #include "amcl/modulus.h" 32 | 33 | #ifdef __cplusplus 34 | extern "C" 35 | { 36 | #endif 37 | 38 | /** \brief Copy the internal state of an hash function 39 | * 40 | * @param dst Destination hash function. It does not need to be initialised 41 | * @param src Source hash function 42 | */ 43 | extern void HASH_UTILS_hash_copy(hash256 *dst, const hash256 *src); 44 | 45 | /** \brief Process an octet into an hash function 46 | * 47 | * @param sha Hash function. Must be initialised 48 | * @param O Octet to process 49 | */ 50 | extern void HASH_UTILS_hash_oct(hash256 *sha, const octet *O); 51 | 52 | /** \brief Process a 4 bytes integer into an hash function 53 | * 54 | * Convert i as a 4 bytes integer using PKCS#1 I2OSP [RFC2437 # Section 4.1] 55 | * Process the resulting bytes into the provided hash function 56 | * 57 | * @param sha Hash function. Must be initialised 58 | * @param i Integer to process 59 | */ 60 | extern void HASH_UTILS_hash_i2osp4(hash256 *sha, const int i); 61 | 62 | /** \brief Sample a pseudorandom FF_2048 from a given hash function 63 | * 64 | * Use the provided function to produce 4096 pseudorandom bits 65 | * using PKCS#1 MGF1 [RFC2437 # Section 10.2.1] 66 | * Reduce the resulting integer moduls an FF_2048 element. 67 | * The extra random data is produced to make the bias in the 68 | * resulting distribution negligible. 69 | * 70 | * @param sha Hash function. Must be initialised 71 | * @param n Modulo for the reduction. FF_2048 element. 72 | * @param x Sampled FF_2048 element 73 | */ 74 | extern void HASH_UTILS_sample_mod_FF(const hash256 *sha, BIG_1024_58 *n, BIG_1024_58 *x); 75 | 76 | /** \brief Sample a pseudorandom FP_256 from a given hash function 77 | * 78 | * Produce 256 bit of pseudorandom dqata using the hash function 79 | * Reduce the resulting integer moduls an FP_256 element. 80 | * The integer is sampled using rejection sampling to remove bias. 81 | * 82 | * @param sha Hash function. Must be initialised 83 | * @param q Modulo for the reduction. FP_256 element. 84 | * @param x Sampled FP_256 element 85 | */ 86 | extern void HASH_UTILS_rejection_sample_mod_BIG(const hash256 *sha, const BIG_256_56 q, BIG_256_56 x); 87 | 88 | #ifdef __cplusplus 89 | } 90 | #endif 91 | 92 | #endif 93 | -------------------------------------------------------------------------------- /src/hash_utils.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "amcl/hash_utils.h" 22 | #include "amcl/ff_2048.h" 23 | 24 | /* Hash utilities for pseudo-random challenges generation */ 25 | 26 | // Chunks necessary for the sampling mod FF. 27 | // Sampling double the necessary chunks to remove bias 28 | #define HASH_UTILS_FF_CHUNKS 2 * FS_2048 / SHA256 29 | 30 | 31 | // Copy the internal state of an hash function 32 | void HASH_UTILS_hash_copy(hash256 *dst, const hash256 *src) 33 | { 34 | memcpy(dst->length, src->length, sizeof(dst->length)); 35 | memcpy(dst->h, src->h, sizeof(dst->h)); 36 | memcpy(dst->w, src->w, sizeof(dst->w)); 37 | dst->hlen = src->hlen; 38 | } 39 | 40 | // utility function to hash an octet 41 | void HASH_UTILS_hash_oct(hash256 *sha, const octet *O) 42 | { 43 | for (int i = 0; i < O->len; i++) 44 | { 45 | HASH256_process(sha, O->val[i]); 46 | } 47 | } 48 | 49 | void HASH_UTILS_hash_i2osp4(hash256 *sha, const int i) 50 | { 51 | HASH256_process(sha, (i >> 24) & 0xFF); 52 | HASH256_process(sha, (i >> 16) & 0xFF); 53 | HASH256_process(sha, (i >> 8) & 0xFF); 54 | HASH256_process(sha, i & 0xFF); 55 | } 56 | 57 | // Sample mod n using MGF1 using SHA256 and sampling double the 58 | // amount of necesary random data to make bias negligible 59 | void HASH_UTILS_sample_mod_FF(const hash256 *sha, BIG_1024_58 *n, BIG_1024_58 *x) 60 | { 61 | hash256 shai; 62 | 63 | char w[2 * FS_2048]; 64 | octet W = {0, sizeof(w), w}; 65 | 66 | BIG_1024_58 dws[2 * FFLEN_2048]; 67 | 68 | for (int i = 0; i < HASH_UTILS_FF_CHUNKS; i++) 69 | { 70 | // Compute partial hash of SEED || I2OSP(i, 4) 71 | HASH_UTILS_hash_copy(&shai, sha); 72 | HASH_UTILS_hash_i2osp4(&shai, i); 73 | 74 | // Append the digest to the ouptut octet 75 | HASH256_hash(&shai, W.val + W.len); 76 | W.len+=SHA256; 77 | } 78 | 79 | // Reduce modulo n 80 | FF_2048_fromOctet(dws, &W, 2 * FFLEN_2048); 81 | FF_2048_dmod(x, dws, n, FFLEN_2048); 82 | } 83 | 84 | void HASH_UTILS_rejection_sample_mod_BIG(const hash256 *sha, const BIG_256_56 q, BIG_256_56 x) 85 | { 86 | hash256 shai; 87 | 88 | char digest[SHA256]; 89 | 90 | int attempt = 0; 91 | 92 | do 93 | { 94 | HASH_UTILS_hash_copy(&shai, sha); 95 | HASH_UTILS_hash_i2osp4(&shai, attempt); 96 | 97 | HASH256_hash(&shai, digest); 98 | BIG_256_56_fromBytesLen(x, digest, SHA256); 99 | 100 | attempt++; 101 | } 102 | while(BIG_256_56_comp(x, q) >= 0); 103 | } 104 | -------------------------------------------------------------------------------- /test/unit/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | # Add the binary tree directory to the search path for linking and include files 19 | link_directories (${PROJECT_BINARY_DIR}/src 20 | /usr/local/lib) 21 | 22 | include_directories (${PROJECT_SOURCE_DIR}/src 23 | ${PROJECT_SOURCE_DIR}/include 24 | ${PROJECT_SOURCE_DIR}/test 25 | /usr/local/include) 26 | 27 | function(amcl_test name source dependencies expected_response) 28 | add_executable(${name} "${source}" $) 29 | 30 | target_link_libraries(${name} PRIVATE ${dependencies}) 31 | 32 | add_test(NAME ${name} 33 | COMMAND ${TARGET_SYSTEM_EMULATOR} $ ${ARGN} 34 | WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/testVectors 35 | ) 36 | 37 | set_tests_properties(${name} PROPERTIES 38 | PASS_REGULAR_EXPRESSION "${expected_response}" 39 | ) 40 | endfunction() 41 | 42 | 43 | # Classic Schnorr tests 44 | amcl_test(test_schnorr_commit test_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/commit.txt") 45 | amcl_test(test_schnorr_challenge test_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/challenge.txt") 46 | amcl_test(test_schnorr_prove test_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/prove.txt") 47 | amcl_test(test_schnorr_verify test_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/verify.txt") 48 | 49 | # Double Schnorr tests 50 | amcl_test(test_d_schnorr_commit test_d_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/dcommit.txt") 51 | amcl_test(test_d_schnorr_challenge test_d_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/dchallenge.txt") 52 | amcl_test(test_d_schnorr_prove test_d_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/dprove.txt") 53 | amcl_test(test_d_schnorr_verify test_d_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/dverify.txt") 54 | 55 | # Hidden DLOG tests 56 | amcl_test(test_hidden_dlog_commit test_hidden_dlog_commit.c amcl_mpc "SUCCESS" "hidden_dlog/commit.txt") 57 | amcl_test(test_hidden_dlog_challenge test_hidden_dlog_challenge.c amcl_mpc "SUCCESS" "hidden_dlog/challenge.txt") 58 | amcl_test(test_hidden_dlog_prove test_hidden_dlog_prove.c amcl_mpc "SUCCESS" "hidden_dlog/prove.txt") 59 | amcl_test(test_hidden_dlog_verify test_hidden_dlog_verify.c amcl_mpc "SUCCESS" "hidden_dlog/verify.txt") 60 | 61 | # Shamir Secret Sharing 62 | amcl_test(test_shamir test_shamir.c amcl_mpc "SUCCESS" "shamir/SSS.txt") 63 | amcl_test(test_shamir_to_additive test_shamir_to_additive.c amcl_mpc "SUCCESS" "shamir/STA.txt") 64 | amcl_test(test_vss test_vss.c amcl_mpc "SUCCESS" "shamir/VSS.txt") 65 | -------------------------------------------------------------------------------- /test/unit/test_hidden_dlog_commit.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /* ZKP of factoring prove unit test */ 21 | 22 | #include 23 | #include "test.h" 24 | #include "amcl/hidden_dlog.h" 25 | 26 | #define LINE_LEN 65555 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_hidden_dlog_commit [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int test_run = 0; 37 | 38 | FILE *fp; 39 | char line[LINE_LEN] = {0}; 40 | 41 | const char *TESTline = "TEST = "; 42 | int testNo = 0; 43 | 44 | char p[HFS_2048]; 45 | octet P = {0, sizeof(p), p}; 46 | const char *Pline = "P = "; 47 | 48 | char q[HFS_2048]; 49 | octet Q = {0, sizeof(q), q}; 50 | const char *Qline = "Q = "; 51 | 52 | BIG_1024_58 ord[FFLEN_2048]; 53 | const char *ORDline = "ORD = "; 54 | 55 | BIG_1024_58 b0[FFLEN_2048]; 56 | const char *B0line = "B0 = "; 57 | 58 | HDLOG_iter_values R; 59 | const char *Rline = "R = "; 60 | 61 | HDLOG_iter_values RHO; 62 | HDLOG_iter_values RHOgolden; 63 | const char *RHOline = "RHO = "; 64 | 65 | MODULUS_priv m; 66 | 67 | // Line terminating a test vector 68 | const char *last_line = RHOline; 69 | 70 | fp = fopen(argv[1], "r"); 71 | if (fp == NULL) 72 | { 73 | printf("ERROR opening test vector file\n"); 74 | exit(EXIT_FAILURE); 75 | } 76 | 77 | /* Test happy path using test vectors */ 78 | 79 | while (fgets(line, LINE_LEN, fp) != NULL) 80 | { 81 | scan_int(&testNo, line, TESTline); 82 | 83 | scan_OCTET(fp, &P, line, Pline); 84 | scan_OCTET(fp, &Q, line, Qline); 85 | 86 | scan_FF_2048(fp, ord, line, ORDline, FFLEN_2048); 87 | scan_FF_2048(fp, b0, line, B0line, FFLEN_2048); 88 | 89 | scan_HDLOG_iv(fp, R, line, Rline); 90 | scan_HDLOG_iv(fp, RHOgolden, line, RHOline); 91 | 92 | if (!strncmp(line, last_line, strlen(last_line))) 93 | { 94 | MODULUS_fromOctets(&m, &P, &Q); 95 | HDLOG_commit(NULL, &m, ord, b0, R, RHO); 96 | 97 | compare_HDLOG_iv(fp, testNo, "HDLOG_commit RHO", RHO, RHOgolden); 98 | 99 | // Mark that at least one test vector was executed 100 | test_run = 1; 101 | } 102 | } 103 | 104 | fclose(fp); 105 | 106 | if (test_run == 0) 107 | { 108 | printf("ERROR no test vector was executed\n"); 109 | exit(EXIT_FAILURE); 110 | } 111 | 112 | printf("SUCCESS\n"); 113 | exit(EXIT_SUCCESS); 114 | } 115 | -------------------------------------------------------------------------------- /test/unit/test_hidden_dlog_verify.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /* ZKP of factoring prove unit test */ 21 | 22 | #include 23 | #include "test.h" 24 | #include "amcl/hidden_dlog.h" 25 | 26 | #define LINE_LEN 65555 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_hidden_dlog_commit [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int rc; 37 | int test_run = 0; 38 | 39 | FILE *fp; 40 | char line[LINE_LEN] = {0}; 41 | 42 | const char *TESTline = "TEST = "; 43 | int testNo = 0; 44 | 45 | BIG_1024_58 N[FFLEN_2048]; 46 | const char *Nline = "N = "; 47 | 48 | BIG_1024_58 B0[FFLEN_2048]; 49 | const char *B0line = "B0 = "; 50 | 51 | BIG_1024_58 B1[FFLEN_2048]; 52 | const char *B1line = "B1 = "; 53 | 54 | HDLOG_iter_values RHO; 55 | const char *RHOline = "RHO = "; 56 | 57 | HDLOG_iter_values T; 58 | const char *Tline = "T = "; 59 | 60 | char e[HDLOG_CHALLENGE_SIZE]; 61 | octet E = {0, sizeof(e), e}; 62 | const char *Eline = "E = "; 63 | 64 | // Line terminating a test vector 65 | const char *last_line = Tline; 66 | 67 | fp = fopen(argv[1], "r"); 68 | if (fp == NULL) 69 | { 70 | printf("ERROR opening test vector file\n"); 71 | exit(EXIT_FAILURE); 72 | } 73 | 74 | /* Test happy path using test vectors */ 75 | 76 | while (fgets(line, LINE_LEN, fp) != NULL) 77 | { 78 | scan_int(&testNo, line, TESTline); 79 | 80 | scan_FF_2048(fp, N, line, Nline, FFLEN_2048); 81 | scan_FF_2048(fp, B0, line, B0line, FFLEN_2048); 82 | scan_FF_2048(fp, B1, line, B1line, FFLEN_2048); 83 | 84 | scan_HDLOG_iv(fp, RHO, line, RHOline); 85 | scan_HDLOG_iv(fp, T, line, Tline); 86 | 87 | scan_OCTET(fp, &E, line, Eline); 88 | 89 | if (!strncmp(line, last_line, strlen(last_line))) 90 | { 91 | rc = HDLOG_verify(N, B0, B1, RHO, &E, T); 92 | 93 | assert_tv(fp, testNo, "HDLOG_verify", rc == HDLOG_OK); 94 | 95 | // Mark that at least one test vector was executed 96 | test_run = 1; 97 | } 98 | } 99 | 100 | fclose(fp); 101 | 102 | if (test_run == 0) 103 | { 104 | printf("ERROR no test vector was executed\n"); 105 | exit(EXIT_FAILURE); 106 | } 107 | 108 | /* Test unhappy path */ 109 | FF_2048_zero(T[1], FFLEN_2048); 110 | 111 | rc = HDLOG_verify(N, B0, B1, RHO, &E, T); 112 | 113 | assert(NULL, "HDLOG_verify. Invalid proof", rc == HDLOG_FAIL); 114 | 115 | printf("SUCCESS\n"); 116 | exit(EXIT_SUCCESS); 117 | } 118 | -------------------------------------------------------------------------------- /testVectors/schnorr/prove.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "TEST": 0, 4 | "R": "0d2ad62e5a96805f634e7a36c05bc67f5b1b85ea5babb2c256a7c0e71601d932", 5 | "E": "c5f1d83eb1e5cf4a846ea4db4916132c7a1302aca4ec8ea5d0fea39a9536c8bd", 6 | "X": "03b31917ff88c538838276103dd011fe2e4959b470c856cf1ef1597cd5b74c53", 7 | "P": "dec4c98f1a7cbb20294fdf10bf0f347941a2c4d21af77fe525b01a80e568d8ec" 8 | }, 9 | { 10 | "TEST": 1, 11 | "R": "f9912b82f485158ed1e39b33c3a0f23cd25d1a9a1de093928c2b028edd78d030", 12 | "E": "53a970231ed2b8355b94142dbc819b845135df484ab4730b702c51719d9620bc", 13 | "X": "1c0d38e8ddf2bede223b04921a28c8daadbbf9cc2037059c01b507c7afeb73e2", 14 | "P": "30e955b13c262f91033473d17dd818355c5311fe676f5f52c0f20515e65cb422" 15 | }, 16 | { 17 | "TEST": 2, 18 | "R": "d06685dee5a04be9500152d789cc792ddc4ca0a25cdec5f6728ebc648ef413f7", 19 | "E": "84346c2750e434f33a02e293084a74e8993753005e230bdfbf78b91e197fff4c", 20 | "X": "8cd61651b2a5d5827090c9fe6ef212cc590ea374d5664f9069fdd101b9f5448a", 21 | "P": "89ce95296c6992ed517939111fb7e0d5a37441706aeaa4546093332fd3c5ab3e" 22 | }, 23 | { 24 | "TEST": 3, 25 | "R": "b81da1905989412c7bcc251497fb6136fdfc0e9e2d6ef287d132bea4f4654287", 26 | "E": "a92fc533e1d987dbdecda3eba516cce5cf407262be2d658f81e5a02292871319", 27 | "X": "8c2b44c01dddd839ed8339397fc1234867697540d6feed72e9ed20cd32bb3de7", 28 | "P": "2754a9868257bbaaaeaf4ce572b664bf0177ca6117b004def22b454570fd5ed7" 29 | }, 30 | { 31 | "TEST": 4, 32 | "R": "b1cde1fd532a1ca79baeb92988a3521a64947309aff94d17605440441c1ca64a", 33 | "E": "a419af8f9e66558a31deb27f78fb72838eb7c0a5c895b5dbff4cbf1e19499b2a", 34 | "X": "176af0cb434b63d405b25ae253a13b8fc8fccd98dff40ea918520ab7d881c2f8", 35 | "P": "73b584d798ab0f7283c88dd742cdab1e9f021e5397c120135f191932be8f0de7" 36 | }, 37 | { 38 | "TEST": 5, 39 | "R": "80f1ce99e02e2d77095412553e2795b3aae573ddfbc2bf80f9b7762018cc6cde", 40 | "E": "aac7f3380eed4eb420bdb62cebe9d3bfbe868c5bcc6b312b700e279a5fa386ad", 41 | "X": "9f5faf822515c8faecb9b99b08693394d1f7f85daabc21c5d897033a6075c7b4", 42 | "P": "d7967219d8c5203d37be74ff7e517c728c0519a69d855a64aeb6cffe29181331" 43 | }, 44 | { 45 | "TEST": 6, 46 | "R": "6b8c767df1e3ba7213ecf21d98db0590277d539cbc49c30f9375c705d9357a22", 47 | "E": "bb85000a90088372d64b5b2d340ed07d1222cefd13231a26eb6f84b787c51c1c", 48 | "X": "562abada7b287b8120c66e0dab2e40021a33e91520240fa01f224c8e6e37c885", 49 | "P": "f30bf41059c8fa588a983277a974c09890fe248ff375f0288ef634a3afe6bcc1" 50 | }, 51 | { 52 | "TEST": 7, 53 | "R": "cf4db4dab14f2d9e0329300011409e4ca061ab824d272f58b27d6dc74a44db13", 54 | "E": "c47b7ab12d3c0923fbe55253d3e714b6e20c731e9a77e54995e038d3129fa29b", 55 | "X": "1266b8f2ece335cd737a16e78f9abd0435db0d1fe2d4077150b89716873e2fcb", 56 | "P": "2125fbbff0314612c8e38651633b312da461a9acb6f9c19f6d0b17b03a61f84f" 57 | }, 58 | { 59 | "TEST": 8, 60 | "R": "a130aac537e35691a5e6927fa6391557faa37d7f81c7b90abb2256fa6f4342b0", 61 | "E": "9906baef410a5d03ea14900459d83eb766352be10b899e814816fcdbb7988bb3", 62 | "X": "590841575517666550548fd5853fe2255e4f6b2df898f8abf3a7de6514ebe79c", 63 | "P": "51c734de4322f959fdc9bcbdf803403eac3e22ea07038800d139a2607fd85a0a" 64 | }, 65 | { 66 | "TEST": 9, 67 | "R": "fb636451819b81d5a7c0c211c2b3b869ca8c8865229cf65d7f7055aa4adb9c0c", 68 | "E": "ebbf866a53cd4433a854a31f4f1a38a4b780c85084adb41c5b660e1d6bd51075", 69 | "X": "9cd9344b1ede123ecf299a98bed7239ca82775536948020a8e13e06dc13f66de", 70 | "P": "e324179d196051efc76f1e4ca091bb79fd98c5b31e0d2cab0504271278c9fa66" 71 | } 72 | ] -------------------------------------------------------------------------------- /testVectors/schnorr/dcommit.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "TEST": 0, 4 | "R": "0259e1d6f1cf1d5e97248a54b33c7c18261b2a6152cc4eb36c9c38681616815b1b", 5 | "A": "fb02633176a5893922feb54b6d37188dd8d08695b61cf48210e351ba2aaca20e", 6 | "B": "4621a4da1b0c44d8015214b502b3028c8cfce6dd03bda3dfb92fabf8b324a521", 7 | "C": "02835e9b712b046d5700c347ca4e10846c0e481f05eaa9bdd7da2b6da8574d3471" 8 | }, 9 | { 10 | "TEST": 1, 11 | "R": "0244b8babba4345fd4407bf44ad76f7884f4f8fb38cc0d99cf09b6cf98c2033035", 12 | "A": "f7e8ebe2fed516c81ff6777958c1eba87df724318090be9ffb5c2ea0ac367737", 13 | "B": "36bf6b7dfb228fd360752a392da3b3d8daeeaced132261baf1b075cc34349776", 14 | "C": "03aa219766dd92764d9cc4d125f6cbd1c6f73449dfa96f1268e9ee3723db7918d5" 15 | }, 16 | { 17 | "TEST": 2, 18 | "R": "0296a698250a1237f45aac507bac7f88d1ae2fa5502c0cc061bab6e4d77817de8c", 19 | "A": "0824de324be47ecd9177d6c90dc72158ef2b35047b8d7717ef3d130ed6444fb2", 20 | "B": "a34117c6b8babc2d85af6d70ab1468eee8bf3aace79e90eb1fa8dc4e63f091a1", 21 | "C": "036d4afbc091ca1d0e8e5e3d61ac3d82aa81e1ef7edc901ad8f5c976ff5c376c3a" 22 | }, 23 | { 24 | "TEST": 3, 25 | "R": "03591e1e077cd4195e5afc880ea96ff5d783fd587c1aba1129dfb3c6517ec1c8f6", 26 | "A": "201abd5a905d6686305b79caf6d240281e874f9ff0320469520307d2a5468f7b", 27 | "B": "e2a53a62010f99811f2b0e80776047c9ef9be04b423db6a0963c22c21cf325ce", 28 | "C": "0279747d0a1800961d4173b267185db43ccc22c80afe521b537d734485b78dd463" 29 | }, 30 | { 31 | "TEST": 4, 32 | "R": "038e0ec278ef160284bb19944fcef4158f4a85c181a8c7db020c0796845d5ce4c1", 33 | "A": "18305a54a2b4eebb83ea8a5c73253c0989454f587f2b5bd66d7919cae9c0a6fc", 34 | "B": "8744a82766ec8aca0f398c4e9ac1581e2b0254ab1b0610fa8c911808d838336e", 35 | "C": "02a80e63387fb9bca43fcf13cc4874d3c8c84de22ed7695ff6d7874b02bc197b2f" 36 | }, 37 | { 38 | "TEST": 5, 39 | "R": "03fd2eb61386982525575394a89be40758c24bf6b0a6e4807c1ab7a82a4e1cdd73", 40 | "A": "0d29b13ebd9d14d115cd94822e9e885d81ef67472e5fef7653f8f2d742af851e", 41 | "B": "95d44557e995734a211bd97b586669ae054c18624b19de4ea4700527445c1833", 42 | "C": "02476e16a4960b5fa50e62ef3016c93a344459747e972637f78da66a3193e6b4d2" 43 | }, 44 | { 45 | "TEST": 6, 46 | "R": "03b7a6d84f9577daab651b724ee3d226daf86fccc34a1124703c9c0070597ac5f2", 47 | "A": "74fbe75bce9e10b57486fd5ebade8227421a8c3aeb7855b72cf9f12561fef096", 48 | "B": "8c071721faa418ad062df7462ab65b019a786178088344b58063883dfef78ab8", 49 | "C": "0323bcd4ddca10d9e1bf31ca8f18d4ed62e19770e5495c2d4f6dd8e2382b731024" 50 | }, 51 | { 52 | "TEST": 7, 53 | "R": "028a6e0d9fe36b568ddad3dfc5cf9506eba8e62aa45d08ef59b6c8980720b84221", 54 | "A": "ffcf45371d32b708f527ca3a1875aeb1e0eec092e4688d9ed8ba59df338eb56a", 55 | "B": "81a27940ced64fe34de599799eb567d61b80a1d519c51d5af3fc796d569a51d3", 56 | "C": "02bd668682e5343ac4abb96d913d7e9deec10d5c6278de9b719e32f837a894d7fe" 57 | }, 58 | { 59 | "TEST": 8, 60 | "R": "0313afef23301766f3f26443e2fac4ce42cd850593916daa672baab642d8217ba7", 61 | "A": "d689fcde07c7ffa6ddca08806b53aadc2acad6d139538beb2771dac4c6be8081", 62 | "B": "aeb017ab7ad847df1653fa383898bacea67051a74bec966a2700e91a6d5c9ed1", 63 | "C": "03a46cd1028277311085050afe9c8af7e7accc2a9dfbe6f264ffef6e6021736439" 64 | }, 65 | { 66 | "TEST": 9, 67 | "R": "03f0b186990b491a9f6d7bae86dfa3188a6fcd79204de0c677ea9e1a4c939a9a19", 68 | "A": "c2f66ddf4d51057c88033378b3d088bc8a3b930823b661cd6b3b0f55e7a10d8c", 69 | "B": "5fa5b601079c88f235f73277b53a08f0b50bb09ed404aeef1acd03b4c58d5969", 70 | "C": "03e1507f9e21f26aa04452e7fdbab469dfb28ea1c035def6e56cd7d5ad123b7e9c" 71 | } 72 | ] -------------------------------------------------------------------------------- /testVectors/schnorr/verify.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "TEST": 0, 4 | "V": "02e5c77e497b536425ab07eefd588713c8cbe380fc3ad5c4322d272c33d5936dd8", 5 | "C": "02a2a3f686dcd004f9a60f2445235aca86122faf3fdf3b8da9c26cc408ba2e8c28", 6 | "E": "07dc332af157dbd31263e796e7e2b105773680a17523da9df48f7061e16458aa", 7 | "P": "b2cc02820c79e0893f79392f53cffd2b1bb5e65076151f3d20eb831562a4488d" 8 | }, 9 | { 10 | "TEST": 1, 11 | "V": "0291bf08c6a9413a0e0a5a1c0b56bb6dad3520b65592cee858b1e8fa7f8d03e7c6", 12 | "C": "03ad4cf8eb662f98bae0c47cf715479a9bd0ae2f985f56e5e523455a7d49ee167b", 13 | "E": "388517ff1e7b733b887a09968927b60f3ca619c2db8240480b0e4e4c566cc768", 14 | "P": "b0fc72eb9f988715d15ac600b918848a45a72391feae7693d26d8757da0f1389" 15 | }, 16 | { 17 | "TEST": 2, 18 | "V": "03bfe6a707f0e9fdfcffa58c71de60de4db3ef424023d830fa8b9caff4c4335b04", 19 | "C": "02d7e84d9c282234708790def6746ea2ea0149883c38abebedc3e83d1fa05cb9ea", 20 | "E": "d50d91a532f3e0e48b91011bb0ff7b739c7a637344d21dda0a1848b5dad7f1d0", 21 | "P": "e431970788f305574019f9482d50a086b14e9a10e5096e95ed690c2315a62d19" 22 | }, 23 | { 24 | "TEST": 3, 25 | "V": "028af9bbfd52301a73d40ef315c8a6500d06a1a09dde9d7431020651eb326bab52", 26 | "C": "02ee3f63bc193aa1dd9b6389b6ad96fbe0a5c9fa899fae131096a9e2370319cfc5", 27 | "E": "f064cbd98d6d8bd2ed30b4d3e9166815bc03b85662c9ee1eb4164fe365b918c3", 28 | "P": "ddc4e8231636d34dce3ab9f596408c9e885f8413506b4e0932737d2546b5f373" 29 | }, 30 | { 31 | "TEST": 4, 32 | "V": "0252fae0e6fd43a556980fa53bd31dc207f3dca471cffe6a944b02617615121dc3", 33 | "C": "032306475edbe266cc72fb31d9d3e70e0c7cfc73b5521b80d16c3e796933d0d5d3", 34 | "E": "c5008f09c0fd0cd90fd246a6f3c223eb72d16870022b6519ee5c196bafb802e6", 35 | "P": "aa2767ca0402b47b1d24922ae643f8b57aa9af72ca34b4c18cc208af83a2f929" 36 | }, 37 | { 38 | "TEST": 5, 39 | "V": "02ff23bc1b1301b3561e2273d2262b105a97d25cdc7ec88dfebb30e7516533c280", 40 | "C": "02c7ace9b0b7ce5af03c73eb0f4db8419c5606adcc26411aa8abbfd028930ffe2c", 41 | "E": "7ae7627967ed0ac624e23fa10b8ab4206cab5ee8ea97e101a4aefc0ee4cec307", 42 | "P": "884cca083e188d7b3fc1118309caf3c3d5e594c9a0857344826b705dc2a297c3" 43 | }, 44 | { 45 | "TEST": 6, 46 | "V": "03a02f670dccda44299d1d64cec8e3ad6672b3d076775d24e0996604cccdd7be8c", 47 | "C": "02266c43f7c416b3deeacd91cc938653a9ea3e5b84825daf85c0b357017db76ec7", 48 | "E": "4945d23377bad79de6677bc3b01775ab7ceac34aae974c9a4961a1de10cb8a0c", 49 | "P": "8748ae6f6bd4af425cd894aa917104d2b4886c3d308ab1627e9b863dcf175839" 50 | }, 51 | { 52 | "TEST": 7, 53 | "V": "037985141d65098b851de6e0e81dea7391ec3f4860110b6ce8552a60c683b382f7", 54 | "C": "02fba5adf489db4ac21ffe9f4acca008bf2d5721a614f3e187401a481298059ef5", 55 | "E": "a7d299bb13f99310b6eb08432a461df3a7ed9b0af5b1234df41c695c51480390", 56 | "P": "1391037bf16f9704377d01107bd3ea5ac8ca8281c89092528f28625010d50a21" 57 | }, 58 | { 59 | "TEST": 8, 60 | "V": "02071f52c6251f009b4f54f16fb2fbba234d39ad05ad02477dadf23932c89156c2", 61 | "C": "02b03b6a48f2539777027770d2292fc6baeeba8c4dc6f41bc4696bb60da7e13758", 62 | "E": "9a4a68d563cb768d291d259164dcffb812d8ae6eef13765ad29e5c4078da43ca", 63 | "P": "e58e98ea6bfd70023dfb39bfdf75eaa07de6bf97975fa4fd3d221d351ea538b6" 64 | }, 65 | { 66 | "TEST": 9, 67 | "V": "0238b133fa948a11c6ff5cb0daa5a8fbc1915d060ac5ac3e7d085875c078afbda0", 68 | "C": "03245ac7cf6d1d794ee5ebe37c08b53f2355e4ea12820a67608081fa4efb2b762a", 69 | "E": "57bd38c928fb45ec4718785574210ac6b3adfb931faa5bbd8616e37560aedcda", 70 | "P": "fe24303b07a84d7ac3c670125d578dcaee0fe231e046b8deb072e39f3a481356" 71 | } 72 | ] -------------------------------------------------------------------------------- /testVectors/schnorr/challenge.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "TEST": 0, 4 | "V": "02a176790583cb46afccce262a4bc017ed2158220838931508ef057f43f367773d", 5 | "C": "024b8ab626b59072b6af4bef79fbf2e9bb06ed624c9ecaa50976149cd8e7c96acc", 6 | "E": "039bf63791581ac0be5f994edc2d18f368ebdea8bdf9d96af175556f61902528", 7 | "ID": "d5cbc9979fef22eb7f2c7229a555ae78", 8 | "AD": "" 9 | }, 10 | { 11 | "TEST": 1, 12 | "V": "0318a8489034bb5c463574df14b2e01ee874d4f1dafd3ccb5bd5a896f70a2a603e", 13 | "C": "02cfaa97966c2165c2ac45180fb25c7605e4e7b8df54ca44ded4a51e1ffca2becd", 14 | "E": "393f5c11a666f00fa6a2a900b5291f97e0d6ca6a0b3d926d1ef88ad6e8e7bc98", 15 | "ID": "21760c2a45dbf928d4bffe84e8eb1580", 16 | "AD": "" 17 | }, 18 | { 19 | "TEST": 2, 20 | "V": "03f22588a2ed1bad9c268f43d11a5543354c96a6af88dd3ecde41457f0bdb9f502", 21 | "C": "03942bd98066baaa416df52d80df211bf9e79e660e30ac8330442ddf2ab5483203", 22 | "E": "4c4a3993a2a63bf72178cb80ade4448e28ee0789c6cac67835f41e3402242d2f", 23 | "ID": "aad7998056d3a55dcc0bf97a25c11861", 24 | "AD": "" 25 | }, 26 | { 27 | "TEST": 3, 28 | "V": "02945b518fcc06a093fbb9f61486ca3e17cb34851b4d1fba2fa9d49ad794ada85c", 29 | "C": "028e59bfb66b0d94eeaa8f5646081dd7a040336c28ff05fc7fcc58cfa7cf854e80", 30 | "E": "7128b92b5fc492cdae6dc465986da78b513fbcec7c2f59173350bbd98d996164", 31 | "ID": "33d06f26117fc7dca35d271ac985157e", 32 | "AD": "" 33 | }, 34 | { 35 | "TEST": 4, 36 | "V": "02470debd491384cdf0e01b0e6327206e48a5fdce6040baad766fe2feb2b0bd0d2", 37 | "C": "025ccf01a8dc4cc179fde4643681e598adab65ee97bc27c5682973c4e28b577642", 38 | "E": "78e39b1a50cfb9510c12df628e74b223ec86332cfc54b09236956bbc833a1597", 39 | "ID": "69f1242f71a3e7dbdf5e5d3a95c10b96", 40 | "AD": "" 41 | }, 42 | { 43 | "TEST": 5, 44 | "V": "02cfc213d2bc4ec8e8953ce4a4145b730fb6163362035d15cd162f8a97ebf5e1b4", 45 | "C": "03c100078d60bd6b14f9c61a5acab37876df8beb6a1bc95b38c6eba22d59d4012c", 46 | "E": "86b7f2deb6b2c6d41b9bfd9ca6c69a99acdd6b4e96b69d6d9b0c786f5517e164", 47 | "ID": "9ca5174cb1aa9bae6370d25d6785e341", 48 | "AD": "1591f421f41ac4cd8ac5269e4b99e0f9" 49 | }, 50 | { 51 | "TEST": 6, 52 | "V": "03480bb05fd84efc13bff7c8b598d3c039c29ec87bdd708ca713f441100a21dd3a", 53 | "C": "0300e504f796b9d43c8a405f1f3cc037a36c1cd50816387a6fdaaabded39c1bf18", 54 | "E": "ef2dd1f4e70ff6c100400c35e208a2e07e6b1afe271bb965c764f69f0abc17da", 55 | "ID": "da6f7ad762b7aee88f4ace681fd1bc66", 56 | "AD": "98ba1bf3d76807e3b302e1797d4d3f80" 57 | }, 58 | { 59 | "TEST": 7, 60 | "V": "033abe7b79955e901a74a238e741a203994f920d4722bb19cf33fec18001631e95", 61 | "C": "036ae855d9afca5f9603a5c3c8760700ead0fdd4d410fe2b4b4ec807b99397ef34", 62 | "E": "393e98668698d9ebaca2ff6eb5b2a3db0aae25508da09c8004b75333078f3f3a", 63 | "ID": "a8294309da772456164b5032d0e8c3a3", 64 | "AD": "b42d44242c8d0356c4a35598279d9258" 65 | }, 66 | { 67 | "TEST": 8, 68 | "V": "0212802ceb98750059574a30e98ddfdc2923f8e44b0a6d5f331036b2fb7728287e", 69 | "C": "02b23ed8faf6d64e9dc4ce13956ac81bf1ef562b397afdc91f60a684816a6f57f3", 70 | "E": "ea7aee412a9990829e6963ab2b992f546e1c48d3f79b1564cf0a50678003a130", 71 | "ID": "942f4ccccb572383ffc1f03a7d7c63c1", 72 | "AD": "828b337445277d7deb1e5f74b8c21efe" 73 | }, 74 | { 75 | "TEST": 9, 76 | "V": "022a2791c4fb15b75da5d699da051f3ee55219ef10ccd66a49971d49460c104388", 77 | "C": "03ea3f63538bb4a6ebb4e3560d946b656f6c2ecd8064fe827e2e08b1c58f9bb6f0", 78 | "E": "cff867b78bbb1e7487e3ed124cd029e2c9e231febfeb9169b4e25fdd06665258", 79 | "ID": "574f0bbfe941096ddc7f0042d01b4b82", 80 | "AD": "f28a3d2395a30ca99a24e78cca947435" 81 | } 82 | ] -------------------------------------------------------------------------------- /test/smoke/test_d_schnorr_smoke.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include "amcl/schnorr.h" 21 | 22 | /* Double Schnorr's proofs smoke test */ 23 | 24 | int main() 25 | { 26 | int rc; 27 | 28 | BIG_256_56 r; 29 | BIG_256_56 s; 30 | BIG_256_56 l; 31 | BIG_256_56 q; 32 | ECP_SECP256K1 G; 33 | ECP_SECP256K1 ECPR; 34 | 35 | char id[32]; 36 | octet ID = {0, sizeof(id), id}; 37 | 38 | char ad[32]; 39 | octet AD = {0, sizeof(ad), ad}; 40 | 41 | char oct_s[SGS_SECP256K1]; 42 | octet S = {0, sizeof(oct_s), oct_s}; 43 | 44 | char oct_l[SGS_SECP256K1]; 45 | octet L = {0, sizeof(oct_l), oct_l}; 46 | 47 | char oct_r[SFS_SECP256K1 + 1]; 48 | octet R = {0, sizeof(oct_r), oct_r}; 49 | 50 | char v[SFS_SECP256K1+1]; 51 | octet V = {0, sizeof(v), v}; 52 | 53 | char a[SGS_SECP256K1]; 54 | octet A = {0, sizeof(a), a}; 55 | 56 | char b[SGS_SECP256K1]; 57 | octet B = {0, sizeof(b), b}; 58 | 59 | char c[SFS_SECP256K1+1]; 60 | octet C = {0, sizeof(c), c}; 61 | 62 | char e[SGS_SECP256K1]; 63 | octet E = {0, sizeof(e), e}; 64 | 65 | char t[SGS_SECP256K1]; 66 | octet T = {0, sizeof(t), t}; 67 | 68 | char u[SGS_SECP256K1]; 69 | octet U = {0, sizeof(u), u}; 70 | 71 | // Deterministic RNG for testing 72 | char seed[32] = {0}; 73 | csprng RNG; 74 | RAND_seed(&RNG, 32, seed); 75 | 76 | BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); 77 | ECP_SECP256K1_generator(&G); 78 | ECP_SECP256K1_generator(&ECPR); 79 | 80 | // Generate ID and AD 81 | OCT_rand(&ID, &RNG, ID.len); 82 | OCT_rand(&AD, &RNG, AD.len); 83 | 84 | // Generate public R 85 | BIG_256_56_randomnum(r, q, &RNG); 86 | ECP_SECP256K1_mul(&ECPR, r); 87 | 88 | ECP_SECP256K1_toOctet(&R, &ECPR, 1); 89 | 90 | // Generate double DLOG 91 | BIG_256_56_randomnum(s, q, &RNG); 92 | BIG_256_56_randomnum(l, q, &RNG); 93 | 94 | ECP_SECP256K1_mul2(&G, &ECPR, l, s); 95 | 96 | BIG_256_56_toBytes(S.val, s); 97 | BIG_256_56_toBytes(L.val, l); 98 | S.len = SGS_SECP256K1; 99 | L.len = SGS_SECP256K1; 100 | 101 | ECP_SECP256K1_toOctet(&V, &G, 1); 102 | 103 | // Run test 104 | rc = SCHNORR_D_commit(&RNG, &R, &A, &B, &C); 105 | if (rc != SCHNORR_OK) 106 | { 107 | printf("FAILURE SCHNORR_D_commit. RC %d\n", rc); 108 | exit(EXIT_FAILURE); 109 | } 110 | 111 | SCHNORR_D_challenge(&R, &V, &C, &ID, &AD, &E); 112 | SCHNORR_D_prove(&A, &B, &E, &S, &L, &T, &U); 113 | 114 | rc = SCHNORR_D_verify(&R, &V, &C, &E, &T, &U); 115 | if (rc != SCHNORR_OK) 116 | { 117 | printf("FAILURE SCHNORR_D_verify. RC %d\n", rc); 118 | exit(EXIT_FAILURE); 119 | } 120 | 121 | printf("SUCCESS\n"); 122 | exit(EXIT_SUCCESS); 123 | } -------------------------------------------------------------------------------- /test/unit/test_d_schnorr_commit.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/schnorr.h" 23 | 24 | /* Double Schnorr's Proof commitment unit test */ 25 | 26 | #define LINE_LEN 256 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_schnorr_d_commit [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int rc; 37 | int test_run = 0; 38 | 39 | char err_msg[128]; 40 | 41 | FILE *fp; 42 | char line[LINE_LEN] = {0}; 43 | 44 | const char *TESTline = "TEST = "; 45 | int testNo = 0; 46 | 47 | char a[SGS_SECP256K1]; 48 | octet A = {0, sizeof(a), a}; 49 | const char *Aline = "A = "; 50 | 51 | char b[SGS_SECP256K1]; 52 | octet B = {0, sizeof(b), b}; 53 | const char *Bline = "B = "; 54 | 55 | char r[SFS_SECP256K1+1]; 56 | octet R = {0, sizeof(r), r}; 57 | const char *Rline = "R = "; 58 | 59 | char c_golden[SFS_SECP256K1+1]; 60 | octet C_GOLDEN = {0, sizeof(c_golden), c_golden}; 61 | const char *Cline = "C = "; 62 | 63 | char c[SFS_SECP256K1+1]; 64 | octet C = {0, sizeof(c), c}; 65 | 66 | // Line terminating a test vector 67 | const char *last_line = Cline; 68 | 69 | fp = fopen(argv[1], "r"); 70 | if (fp == NULL) 71 | { 72 | printf("ERROR opening test vector file\n"); 73 | exit(EXIT_FAILURE); 74 | } 75 | 76 | while (fgets(line, LINE_LEN, fp) != NULL) 77 | { 78 | scan_int(&testNo, line, TESTline); 79 | 80 | // Read input 81 | scan_OCTET(fp, &R, line, Rline); 82 | scan_OCTET(fp, &A, line, Aline); 83 | scan_OCTET(fp, &B, line, Bline); 84 | 85 | // Read ground truth 86 | scan_OCTET(fp, &C_GOLDEN, line, Cline); 87 | 88 | if (!strncmp(line, last_line, strlen(last_line))) 89 | { 90 | rc = SCHNORR_D_commit(NULL, &R, &A, &B, &C); 91 | snprintf(err_msg, sizeof(err_msg), "FAILURE SCHNORR_D_commit. rc %d", rc); 92 | assert_tv(fp, testNo, err_msg, rc == SCHNORR_OK); 93 | 94 | compare_OCT(fp, testNo, "SCHNORR_D_commit", &C, &C_GOLDEN); 95 | 96 | // Mark that at least one test vector was executed 97 | test_run = 1; 98 | } 99 | } 100 | 101 | fclose(fp); 102 | 103 | if (test_run == 0) 104 | { 105 | printf("ERROR no test vector was executed\n"); 106 | exit(EXIT_FAILURE); 107 | } 108 | 109 | // Test invalid R 110 | rc = SCHNORR_D_commit(NULL, &A, &A, &B, &C); 111 | snprintf(err_msg, sizeof(err_msg), "FAILURE SCHNORR_D_commit invalid R. rc %d", rc); 112 | assert_tv(fp, testNo, err_msg, rc == SCHNORR_INVALID_ECP); 113 | 114 | printf("SUCCESS\n"); 115 | exit(EXIT_SUCCESS); 116 | } 117 | -------------------------------------------------------------------------------- /test/unit/test_schnorr_challenge.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/schnorr.h" 23 | 24 | /* Schnorr's Proof challenge unit test */ 25 | 26 | #define LINE_LEN 256 27 | #define IDLEN 16 28 | #define ADLEN 16 29 | 30 | int main(int argc, char **argv) 31 | { 32 | if (argc != 2) 33 | { 34 | printf("usage: ./test_schnorr_challenge [path to test vector file]\n"); 35 | exit(EXIT_FAILURE); 36 | } 37 | 38 | int test_run = 0; 39 | 40 | FILE *fp; 41 | char line[LINE_LEN] = {0}; 42 | 43 | const char *TESTline = "TEST = "; 44 | int testNo = 0; 45 | 46 | char v[SFS_SECP256K1+1]; 47 | octet V = {0, sizeof(v), v}; 48 | const char *Vline = "V = "; 49 | 50 | char id[IDLEN]; 51 | octet ID = {0, sizeof(id), id}; 52 | const char *IDline = "ID = "; 53 | 54 | char ad[ADLEN]; 55 | octet AD = {0, sizeof(ad), ad}; 56 | const octet *AD_ptr = NULL; 57 | const char *ADline = "AD = "; 58 | 59 | char c[SFS_SECP256K1+1]; 60 | octet C = {0, sizeof(c), c}; 61 | const char *Cline = "C = "; 62 | 63 | char e_golden[SGS_SECP256K1]; 64 | octet E_GOLDEN = {0, sizeof(e_golden), e_golden}; 65 | const char *Eline = "E = "; 66 | 67 | char e[SGS_SECP256K1]; 68 | octet E = {0, sizeof(e), e}; 69 | 70 | // Line terminating a test vector 71 | const char *last_line = ADline; 72 | 73 | /* Test happy path using test vectors */ 74 | fp = fopen(argv[1], "r"); 75 | if (fp == NULL) 76 | { 77 | printf("ERROR opening test vector file\n"); 78 | exit(EXIT_FAILURE); 79 | } 80 | 81 | while (fgets(line, LINE_LEN, fp) != NULL) 82 | { 83 | scan_int(&testNo, line, TESTline); 84 | 85 | // Read ID and AD 86 | scan_OCTET(fp, &ID, line, IDline); 87 | scan_OCTET(fp, &AD, line, ADline); 88 | 89 | // Read inputs 90 | scan_OCTET(fp, &V, line, Vline); 91 | scan_OCTET(fp, &C, line, Cline); 92 | 93 | // Read ground truth 94 | scan_OCTET(fp, &E_GOLDEN, line, Eline); 95 | 96 | if (!strncmp(line, last_line, strlen(last_line))) 97 | { 98 | // Also input AD if it is not empty 99 | if (AD.len > 0) 100 | { 101 | AD_ptr = &AD; 102 | } 103 | 104 | SCHNORR_challenge(&V, &C, &ID, AD_ptr, &E); 105 | compare_OCT(fp, testNo, "SCHNORR_challenge", &E, &E_GOLDEN); 106 | 107 | // Mark that at least one test vector was executed 108 | test_run = 1; 109 | 110 | // Restore AD_ptr 111 | AD_ptr = NULL; 112 | } 113 | } 114 | 115 | fclose(fp); 116 | 117 | if (test_run == 0) 118 | { 119 | printf("ERROR no test vector was executed\n"); 120 | exit(EXIT_FAILURE); 121 | } 122 | 123 | printf("SUCCESS\n"); 124 | exit(EXIT_SUCCESS); 125 | } 126 | -------------------------------------------------------------------------------- /testVectors/schnorr/dchallenge.txt: -------------------------------------------------------------------------------- 1 | TEST = 0, 2 | R = 031f34b29baecc9d2612cb0fc2f76ab044c4e3d680f5fe59cc11c1ae8c89cb2838, 3 | V = 027471aa6cec039a6b451ac6e5e4559ba2c8d287cd75fcf1dfa6c3461f39d3a9f2, 4 | C = 0385559d63ebe60eeecac4b3e54ca5525b3553b2f805bdb7b4e9a05624a63644d4, 5 | E = 731e1fbcb9dfb310e6a23a6e362a0bc6647e7433907ccc5b8d05657fb14aaa56, 6 | ID = 4567587cca20c3912ba02fe14b649829, 7 | AD = , 8 | 9 | TEST = 1, 10 | R = 0371a9bd0dcade30fe1b70bfebf45e6e3df9ee185925d8c1462e1dfa2c1586f502, 11 | V = 0367b4b5a89b2f222682a5b454af779b161f76b6488f4a3e15b25814b88f6b0ed9, 12 | C = 03df434aa5e9fe202e5b75aadda91e7916e03348c9abbf7e6a45d44835969c993a, 13 | E = a5a05e68ef3c28196de4c1a722c588f345fef6e0a90c2ba783e9832cc71ace28, 14 | ID = 7e5a46b87c3952ffae977101fbe4aa5a, 15 | AD = , 16 | 17 | TEST = 2, 18 | R = 02faf84fff3ddc4ca81fdef16a0951230f559db8cfa8ef96b22fe0d1fc84793348, 19 | V = 02f6c3eb625c33ac65c790cfb8a123c5fc96a9162163d94549d50ab77b76668cc4, 20 | C = 02d2a1d5b09ddd0895d3cecddb9e07286dc610fa96bcc646bab100746eda7ba98d, 21 | E = df26a6994b268ecf1e6e0513b581dbd961615ddb3afb36b0a7e246e0e9f03403, 22 | ID = 2c2d1edbba148f9c9fc9c43f5329dcdc, 23 | AD = , 24 | 25 | TEST = 3, 26 | R = 020d395eca9daf2bde61d683336be0b7158e81060456482f252c6a0902335cbd5b, 27 | V = 02b3bac2f4ae4b5774c0b2118bd282f7bdae2508da4d50a0b6b15bba03161bbbaf, 28 | C = 03cd22d4c01b912fe98482930d17111cc3963d7032e9bc2670a9e3b37f2eddbbf6, 29 | E = 096c19ae7b41bd11a3383c393b8cec0e00d21bdf0d1eaea3b322d7925303c5a5, 30 | ID = 702f48e6c8ada26fd0bdc58271292b5d, 31 | AD = , 32 | 33 | TEST = 4, 34 | R = 0349eb8974c86282418e5e1f8156ddacf18a0e9302604e36a55af1ed450471071d, 35 | V = 02e246387da4fceb844492f939b87a37554b93cebc8812e5be44e293380f458758, 36 | C = 03b0e1f9a308984968622bd239bdfd82a95cc6f467b8c5e5ba1c50647f74d5d967, 37 | E = 13dce3548d40c3dcad1b266b90f83157ff9520169eefcb372c5595f91f15440a, 38 | ID = 2a9b11dd314c26d04bc5b6b3fee2f9fb, 39 | AD = , 40 | 41 | TEST = 5, 42 | R = 030b74e1973bf10a1b5b57656d533bd9bc6c5369a8b50dc02f4da313609c4b4cae, 43 | V = 03e461314f61dcefee5107194a30e09bc001aa9fc1dcb539eb37b9d9b86142a9b9, 44 | C = 02df2d6ec6490963c56cfb47c18fdc03ad0adf48e5598b020cad4fe2a21bb192d8, 45 | E = 7587b910b49680f41a788e79405d378859aeca5a58df58722fc648d8cc6871ed, 46 | ID = a8dfe3b9507a2f8dd3f8e4c26e5e0303, 47 | AD = 4baa8e08f18f8bc426a726caa9e3f60c, 48 | 49 | TEST = 6, 50 | R = 03bb193bfc8ece97320807a2a7ebbf7b86743e618efea217f98dc721604eb38de4, 51 | V = 028fe6aa66ed30218ba0eab95cece4ebac13b4ba57a1e369ff8f0075235fa25551, 52 | C = 0389a1e979398764bb184b776db5cbab8ec6d5a35ca1afcbc48a0212807b44f78f, 53 | E = fd095efb0352f3092090a73ab1c8256d6ce91c1200a9ce94cc78ad0972387324, 54 | ID = 3c5335f5b78fd07397d2afa043261d8e, 55 | AD = af5db16b80f07b104dd2ed17ec9855fa, 56 | 57 | TEST = 7, 58 | R = 033bdfe6658839c138ab920092342c0bde0ac18b21acebc45c4702327da49d25fe, 59 | V = 02f2805b6468ad19a784b79af287b33e3ec02360d27adc45e49303a5841ba2f96f, 60 | C = 0202f41283ab55d988431ddeb11c1d2ba6072b2310a810199c70add17884652adc, 61 | E = d1c3151e9d035de98a7d440a1b0355e7aa48b482ded2f6d4d32e3d595b765c4b, 62 | ID = ca79704548b90cb2f6fcb2691fd9ac4b, 63 | AD = 50bd088a6040960420c2a592c82f11b9, 64 | 65 | TEST = 8, 66 | R = 02a7d55d997faca384d6784923d49a5ba36b185c0427f56118738736ed304318ac, 67 | V = 024ca8a828ae901debfa693e416540e267e2bf53a4e393cf748352372c44a0c528, 68 | C = 03fd319a8cf14cf7edbb740461035901aff1ba52911a13a8e9a9251b8805edaa6b, 69 | E = 729441880dab1973d24ddce4af1319367a568fe80ee26f0135d677aaf77e04ac, 70 | ID = 14d194a9a7bb50067b75030a2a4b31aa, 71 | AD = 9efbe273c43ef2d3a9ab67907b3db77c, 72 | 73 | TEST = 9, 74 | R = 021e221451eb615632912423657e9b79fe0ea58c333667893a6c205eaf3a75822a, 75 | V = 0242a2fabc74574a78453dd9db7b0b9eaf32890cb2188f5c855c0723db0d3b92a1, 76 | C = 03409379b58af01fea446e18df1b465a4634806900825200334d5390cc3ae3fc89, 77 | E = 66343214024de8c3f31e4985628f446f43c17c82bbff3b401324124aeb494e9f, 78 | ID = 8151b308bee69f9dfe705c290ce4dea9, 79 | AD = cace19ad3775febf42974c801012b386, 80 | 81 | -------------------------------------------------------------------------------- /test/unit/test_hidden_dlog_challenge.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /* ZKP of factoring prove unit test */ 21 | 22 | #include 23 | #include "test.h" 24 | #include "amcl/hidden_dlog.h" 25 | 26 | #define IDLEN 16 27 | #define ADLEN 16 28 | #define LINE_LEN 65555 29 | 30 | int main(int argc, char **argv) 31 | { 32 | if (argc != 2) 33 | { 34 | printf("usage: ./test_hidden_dlog_commit [path to test vector file]\n"); 35 | exit(EXIT_FAILURE); 36 | } 37 | 38 | int test_run = 0; 39 | 40 | FILE *fp; 41 | char line[LINE_LEN] = {0}; 42 | 43 | const char *TESTline = "TEST = "; 44 | int testNo = 0; 45 | 46 | BIG_1024_58 N[FFLEN_2048]; 47 | const char *Nline = "N = "; 48 | 49 | BIG_1024_58 B0[FFLEN_2048]; 50 | const char *B0line = "B0 = "; 51 | 52 | BIG_1024_58 B1[FFLEN_2048]; 53 | const char *B1line = "B1 = "; 54 | 55 | HDLOG_iter_values RHO; 56 | const char *RHOline = "RHO = "; 57 | 58 | char id[IDLEN]; 59 | octet ID = {0, sizeof(id), id}; 60 | const char *IDline = "ID = "; 61 | 62 | char ad[ADLEN]; 63 | octet AD = {0, sizeof(ad), ad}; 64 | const octet *AD_ptr = NULL; 65 | const char *ADline = "AD = "; 66 | 67 | char e[HDLOG_CHALLENGE_SIZE]; 68 | char e_golden[HDLOG_CHALLENGE_SIZE]; 69 | octet E = {0, sizeof(e), e}; 70 | octet E_GOLDEN = {0, sizeof(e_golden), e_golden}; 71 | const char *Eline = "E = "; 72 | 73 | // Line terminating a test vector 74 | const char *last_line = Eline; 75 | 76 | fp = fopen(argv[1], "r"); 77 | if (fp == NULL) 78 | { 79 | printf("ERROR opening test vector file\n"); 80 | exit(EXIT_FAILURE); 81 | } 82 | 83 | /* Test happy path using test vectors */ 84 | 85 | while (fgets(line, LINE_LEN, fp) != NULL) 86 | { 87 | scan_int(&testNo, line, TESTline); 88 | 89 | scan_FF_2048(fp, N, line, Nline, FFLEN_2048); 90 | scan_FF_2048(fp, B0, line, B0line, FFLEN_2048); 91 | scan_FF_2048(fp, B1, line, B1line, FFLEN_2048); 92 | 93 | scan_HDLOG_iv(fp, RHO, line, RHOline); 94 | 95 | scan_OCTET(fp, &ID, line, IDline); 96 | scan_OCTET(fp, &AD, line, ADline); 97 | 98 | scan_OCTET(fp, &E_GOLDEN, line, Eline); 99 | 100 | if (!strncmp(line, last_line, strlen(last_line))) 101 | { 102 | if (AD.len > 0) 103 | { 104 | AD_ptr = &AD; 105 | } 106 | 107 | HDLOG_challenge(N, B0, B1, RHO, &ID, AD_ptr, &E); 108 | 109 | compare_OCT(fp, testNo, "HDLOG_challenge E", &E, &E_GOLDEN); 110 | 111 | // Mark that at least one test vector was executed 112 | test_run = 1; 113 | 114 | AD_ptr = NULL; 115 | } 116 | } 117 | 118 | fclose(fp); 119 | 120 | if (test_run == 0) 121 | { 122 | printf("ERROR no test vector was executed\n"); 123 | exit(EXIT_FAILURE); 124 | } 125 | 126 | /* Test unhappy path */ 127 | 128 | 129 | printf("SUCCESS\n"); 130 | exit(EXIT_SUCCESS); 131 | } 132 | -------------------------------------------------------------------------------- /test/unit/test_d_schnorr_prove.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/schnorr.h" 23 | 24 | /* Double Schnorr's Proof prove unit test */ 25 | 26 | #define LINE_LEN 256 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_shcnorr_d_prove [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int test_run = 0; 37 | 38 | FILE *fp; 39 | char line[LINE_LEN] = {0}; 40 | 41 | const char *TESTline = "TEST = "; 42 | int testNo = 0; 43 | 44 | char a[SGS_SECP256K1]; 45 | octet A = {0, sizeof(a), a}; 46 | const char *Aline = "A = "; 47 | 48 | char b[SGS_SECP256K1]; 49 | octet B = {0, sizeof(b), b}; 50 | const char *Bline = "B = "; 51 | 52 | char e[SGS_SECP256K1]; 53 | octet E = {0, sizeof(e), e}; 54 | const char *Eline = "E = "; 55 | 56 | char s[SGS_SECP256K1]; 57 | octet S = {0, sizeof(s), s}; 58 | const char *Sline = "S = "; 59 | 60 | char l[SGS_SECP256K1]; 61 | octet L = {0, sizeof(l), l}; 62 | const char *Lline = "L = "; 63 | 64 | char t_golden[SGS_SECP256K1]; 65 | octet T_GOLDEN = {0, sizeof(t_golden), t_golden}; 66 | const char *Tline = "T = "; 67 | 68 | char u_golden[SGS_SECP256K1]; 69 | octet U_GOLDEN = {0, sizeof(u_golden), u_golden}; 70 | const char *Uline = "U = "; 71 | 72 | char t[SGS_SECP256K1]; 73 | octet T = {0, sizeof(t), t}; 74 | 75 | char u[SGS_SECP256K1]; 76 | octet U = {0, sizeof(u), u}; 77 | 78 | // Line terminating a test vector 79 | const char *last_line = Uline; 80 | 81 | fp = fopen(argv[1], "r"); 82 | if (fp == NULL) 83 | { 84 | printf("ERROR opening test vector file\n"); 85 | exit(EXIT_FAILURE); 86 | } 87 | 88 | while (fgets(line, LINE_LEN, fp) != NULL) 89 | { 90 | scan_int(&testNo, line, TESTline); 91 | 92 | // Read input 93 | scan_OCTET(fp, &A, line, Aline); 94 | scan_OCTET(fp, &B, line, Bline); 95 | scan_OCTET(fp, &E, line, Eline); 96 | scan_OCTET(fp, &S, line, Sline); 97 | scan_OCTET(fp, &L, line, Lline); 98 | 99 | // Read ground truth 100 | scan_OCTET(fp, &T_GOLDEN, line, Tline); 101 | scan_OCTET(fp, &U_GOLDEN, line, Uline); 102 | 103 | // Read P and run test 104 | if (!strncmp(line, last_line, strlen(last_line))) 105 | { 106 | SCHNORR_D_prove(&A, &B, &E, &S, &L, &T, &U); 107 | compare_OCT(fp, testNo, "SCHNORR_D_prove T", &T, &T_GOLDEN); 108 | compare_OCT(fp, testNo, "SCHNORR_D_prove U", &U, &U_GOLDEN); 109 | 110 | // Mark that at least one test vector was executed 111 | test_run = 1; 112 | } 113 | } 114 | 115 | fclose(fp); 116 | 117 | if (test_run == 0) 118 | { 119 | printf("ERROR no test vector was executed\n"); 120 | exit(EXIT_FAILURE); 121 | } 122 | 123 | printf("SUCCESS\n"); 124 | exit(EXIT_SUCCESS); 125 | } 126 | -------------------------------------------------------------------------------- /test/unit/test_shamir.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/shamir.h" 23 | 24 | /* 25 | * Test Shamir Secret Sharing interoperability 26 | */ 27 | 28 | #define LINE_LEN 1024 29 | #define OCT_ARRAY_LEN 16 30 | 31 | int main(int argc, char **argv) 32 | { 33 | if (argc != 2) 34 | { 35 | printf("usage: ./test_shamir [path to test vector file]\n"); 36 | exit(EXIT_FAILURE); 37 | } 38 | 39 | int i; 40 | int test_run = 0; 41 | 42 | FILE *fp; 43 | char line[LINE_LEN] = {0}; 44 | 45 | const char *TESTline = "TEST = "; 46 | int testNo = 0; 47 | 48 | const char *Kline = "K = "; 49 | int k; 50 | 51 | const char *Nline = "N = "; 52 | int n; 53 | 54 | const char *Xline = "X = "; 55 | char x[OCT_ARRAY_LEN][SGS_SECP256K1]; 56 | octet X[OCT_ARRAY_LEN]; 57 | 58 | const char *Yline = "Y = "; 59 | char y[OCT_ARRAY_LEN][SGS_SECP256K1]; 60 | octet Y[OCT_ARRAY_LEN]; 61 | 62 | SSS_shares shares = {X, Y}; 63 | 64 | const char *Sline = "SECRET = "; 65 | char s_golden[SGS_SECP256K1]; 66 | char s[SGS_SECP256K1]; 67 | octet S_GOLDEN = {0, sizeof(s_golden), s_golden}; 68 | octet S = {0, sizeof(s), s}; 69 | 70 | for (i = 0; i < OCT_ARRAY_LEN; i++) 71 | { 72 | X[i].val = x[i]; 73 | X[i].len = 0; 74 | X[i].max = sizeof(x[i]); 75 | 76 | Y[i].val = y[i]; 77 | Y[i].len = 0; 78 | Y[i].max = sizeof(y[i]); 79 | } 80 | 81 | // Line terminating a test vector 82 | const char *last_line = Yline; 83 | 84 | fp = fopen(argv[1], "r"); 85 | if (fp == NULL) 86 | { 87 | printf("ERROR opening test vector file\n"); 88 | exit(EXIT_FAILURE); 89 | } 90 | 91 | /* Test happy path with test vectors */ 92 | while (fgets(line, LINE_LEN, fp) != NULL) 93 | { 94 | scan_int(&testNo, line, TESTline); 95 | 96 | scan_int(&k, line, Kline); 97 | scan_int(&n, line, Nline); 98 | 99 | scan_OCTET_ARRAY(fp, X, line, Xline, n); 100 | scan_OCTET_ARRAY(fp, Y, line, Yline, n); 101 | 102 | scan_OCTET(fp, &S_GOLDEN, line, Sline); 103 | 104 | if (!strncmp(line, last_line, strlen(last_line))) 105 | { 106 | for (i = 0; i < n-k; i++) 107 | { 108 | SSS_recover_secret(k, &shares, &S); 109 | 110 | compare_OCT(fp, testNo, "SSS_recover_secret", &S, &S_GOLDEN); 111 | 112 | shares.X++; 113 | shares.Y++; 114 | } 115 | 116 | // Restore shares pointers 117 | shares.X = X; 118 | shares.Y = Y; 119 | 120 | // Mark that at least one test vector was executed 121 | test_run = 1; 122 | } 123 | } 124 | 125 | fclose(fp); 126 | 127 | if (test_run == 0) 128 | { 129 | printf("ERROR no test vector was executed\n"); 130 | exit(EXIT_FAILURE); 131 | } 132 | 133 | printf("SUCCESS\n"); 134 | exit(EXIT_SUCCESS); 135 | } 136 | -------------------------------------------------------------------------------- /test/unit/test_schnorr_verify.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/schnorr.h" 23 | 24 | /* Schnorr's Proof challenge verify test */ 25 | 26 | #define LINE_LEN 256 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_schnorr_verify [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int rc; 37 | int test_run = 0; 38 | 39 | char err_msg[128]; 40 | 41 | FILE *fp; 42 | char line[LINE_LEN] = {0}; 43 | 44 | const char *TESTline = "TEST = "; 45 | int testNo = 0; 46 | 47 | char v[SFS_SECP256K1+1]; 48 | octet V = {0, sizeof(v), v}; 49 | const char *Vline = "V = "; 50 | 51 | char c[SFS_SECP256K1+1]; 52 | octet C = {0, sizeof(c), c}; 53 | const char *Cline = "C = "; 54 | 55 | char e[SGS_SECP256K1]; 56 | octet E = {0, sizeof(e), e}; 57 | const char *Eline = "E = "; 58 | 59 | char p[SGS_SECP256K1]; 60 | octet P = {0, sizeof(p), p}; 61 | const char *Pline = "P = "; 62 | 63 | // Line terminating a test vector 64 | const char *last_line = Pline; 65 | 66 | fp = fopen(argv[1], "r"); 67 | if (fp == NULL) 68 | { 69 | printf("ERROR opening test vector file\n"); 70 | exit(EXIT_FAILURE); 71 | } 72 | 73 | /* Test happy path with test vectors */ 74 | while (fgets(line, LINE_LEN, fp) != NULL) 75 | { 76 | scan_int(&testNo, line, TESTline); 77 | 78 | // Read input 79 | scan_OCTET(fp, &V, line, Vline); 80 | scan_OCTET(fp, &C, line, Cline); 81 | scan_OCTET(fp, &E, line, Eline); 82 | scan_OCTET(fp, &P, line, Pline); 83 | 84 | if (!strncmp(line, last_line, strlen(last_line))) 85 | { 86 | rc = SCHNORR_verify(&V, &C, &E, &P); 87 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_verify. rc %d", rc); 88 | assert_tv(fp, testNo, err_msg, rc == SCHNORR_OK); 89 | 90 | // Mark that at least one test vector was executed 91 | test_run = 1; 92 | } 93 | } 94 | 95 | fclose(fp); 96 | 97 | if (test_run == 0) 98 | { 99 | printf("ERROR no test vector was executed\n"); 100 | exit(EXIT_FAILURE); 101 | } 102 | 103 | /* Test unhappy path */ 104 | char zero[SFS_SECP256K1+1] = {0}; 105 | octet ZERO = {0, sizeof(zero), zero}; 106 | 107 | rc = SCHNORR_verify(&ZERO, &C, &E, &P); 108 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_verify invalid V. rc %d", rc); 109 | assert(NULL, err_msg, rc == SCHNORR_INVALID_ECP); 110 | 111 | rc = SCHNORR_verify(&V, &ZERO, &E, &P); 112 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_verify invalid C. rc %d", rc); 113 | assert(NULL, err_msg, rc == SCHNORR_INVALID_ECP); 114 | 115 | rc = SCHNORR_verify(&V, &C, &E, &ZERO); 116 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_verify invalid proof. rc %d", rc); 117 | assert(NULL, err_msg, rc == SCHNORR_FAIL); 118 | 119 | printf("SUCCESS\n"); 120 | exit(EXIT_SUCCESS); 121 | } 122 | -------------------------------------------------------------------------------- /test/unit/test_d_schnorr_challenge.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/schnorr.h" 23 | 24 | /* Double Schnorr's Proof challenge unit test */ 25 | 26 | #define LINE_LEN 256 27 | #define IDLEN 16 28 | #define ADLEN 16 29 | 30 | int main(int argc, char **argv) 31 | { 32 | if (argc != 2) 33 | { 34 | printf("usage: ./test_d_schnorr_challenge [path to test vector file]\n"); 35 | exit(EXIT_FAILURE); 36 | } 37 | 38 | int test_run = 0; 39 | 40 | FILE *fp; 41 | char line[LINE_LEN] = {0}; 42 | 43 | const char *TESTline = "TEST = "; 44 | int testNo = 0; 45 | 46 | char r[SFS_SECP256K1+1]; 47 | octet R = {0, sizeof(r), r}; 48 | const char *Rline = "R = "; 49 | 50 | char v[SFS_SECP256K1+1]; 51 | octet V = {0, sizeof(v), v}; 52 | const char *Vline = "V = "; 53 | 54 | char id[IDLEN]; 55 | octet ID = {0, sizeof(id), id}; 56 | const char *IDline = "ID = "; 57 | 58 | char ad[ADLEN]; 59 | octet AD = {0, sizeof(ad), ad}; 60 | const octet *AD_ptr = NULL; 61 | const char *ADline = "AD = "; 62 | 63 | char c[SFS_SECP256K1+1]; 64 | octet C = {0, sizeof(c), c}; 65 | const char *Cline = "C = "; 66 | 67 | char e_golden[SGS_SECP256K1]; 68 | octet E_GOLDEN = {0, sizeof(e_golden), e_golden}; 69 | const char *Eline = "E = "; 70 | 71 | char e[SGS_SECP256K1]; 72 | octet E = {0, sizeof(e), e}; 73 | 74 | // Line terminating a test vector 75 | const char *last_line = ADline; 76 | 77 | /* Test happy path using test vectors */ 78 | fp = fopen(argv[1], "r"); 79 | if (fp == NULL) 80 | { 81 | printf("ERROR opening test vector file\n"); 82 | exit(EXIT_FAILURE); 83 | } 84 | 85 | while (fgets(line, LINE_LEN, fp) != NULL) 86 | { 87 | scan_int(&testNo, line, TESTline); 88 | 89 | // Read ID and AD 90 | scan_OCTET(fp, &ID, line, IDline); 91 | scan_OCTET(fp, &AD, line, ADline); 92 | 93 | // Read inputs 94 | scan_OCTET(fp, &R, line, Rline); 95 | scan_OCTET(fp, &V, line, Vline); 96 | scan_OCTET(fp, &C, line, Cline); 97 | 98 | // Read ground truth 99 | scan_OCTET(fp, &E_GOLDEN, line, Eline); 100 | 101 | if (!strncmp(line, last_line, strlen(last_line))) 102 | { 103 | // Also input AD if it is not empty 104 | if (AD.len > 0) 105 | { 106 | AD_ptr = &AD; 107 | } 108 | 109 | SCHNORR_D_challenge(&R, &V, &C, &ID, AD_ptr, &E); 110 | compare_OCT(fp, testNo, "SCHNORR_D_challenge", &E, &E_GOLDEN); 111 | 112 | // Mark that at least one test vector was executed 113 | test_run = 1; 114 | 115 | // Restore AD_ptr 116 | AD_ptr = NULL; 117 | } 118 | } 119 | 120 | fclose(fp); 121 | 122 | if (test_run == 0) 123 | { 124 | printf("ERROR no test vector was executed\n"); 125 | exit(EXIT_FAILURE); 126 | } 127 | 128 | printf("SUCCESS\n"); 129 | exit(EXIT_SUCCESS); 130 | } 131 | -------------------------------------------------------------------------------- /include/amcl/shamir.h: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /** 21 | * @file shamir.h 22 | * @brief Shamir Secret Shering and Verifiable Secret Sharing declarations 23 | * 24 | */ 25 | 26 | #ifndef SHAMIR_H 27 | #define SHAMIR_H 28 | 29 | #include "amcl/amcl.h" 30 | #include "amcl/big_256_56.h" 31 | #include "amcl/ecp_SECP256K1.h" 32 | 33 | #ifdef __cplusplus 34 | extern "C" 35 | { 36 | #endif 37 | 38 | #define VSS_OK 0 /**< Shares verification succeded */ 39 | #define VSS_INVALID_SHARES 161 /**< Shares verification failed */ 40 | #define VSS_INVALID_CHECKS 162 /**< Checks are not valid ECp */ 41 | 42 | #define SGS_SECP256K1 MODBYTES_256_56 /**< Shamir Group Size */ 43 | #define SFS_SECP256K1 MODBYTES_256_56 /**< Shamir Field Size */ 44 | 45 | /** \brief Shamir Secret Shares */ 46 | typedef struct 47 | { 48 | octet *X; /**< Public component X of the share */ 49 | octet *Y; /**< Secret component Y = f(X) of the share */ 50 | } SSS_shares; 51 | 52 | /** @brief Use Shamir's secret sharing to distribute a secret modulo the SECP256K1 curve order 53 | * 54 | * @param k Threshold 55 | * @param n Number of shares 56 | * @param RNG Pointer to a cryptographically secure random number generator 57 | * @param shares n Secret Shares (x, y) to be distributed 58 | * @param S Secret to share. It is generated if empty 59 | */ 60 | void SSS_make_shares(int k, int n, csprng *RNG, SSS_shares *shares, octet* S); 61 | 62 | /** @brief Use Shamir's secret sharing to recover secret modulo the SECP256K1 curve order 63 | * 64 | * @param k Threshold 65 | * @param shares k Secret Shares (x, y) collected for secret recovery 66 | * @param S Recovered Secret 67 | */ 68 | void SSS_recover_secret(int k, const SSS_shares *shares, octet* S); 69 | 70 | /** @brief Convert a Shamir Secet share to an additive share for a (k, k) secret sharing 71 | * 72 | * @param k Threshold 73 | * @param X_j X component of the share to convert 74 | * @param Y_j Y component of the share to convert 75 | * @param X X components of the shares of the other participants 76 | * @param S Additive share for the equivalent (k, k) additive sharing. 77 | */ 78 | void SSS_shamir_to_additive(int k, const octet *X_j, const octet *Y_j, const octet *X, octet *S); 79 | 80 | /** @brief Use the Verifiable Secret Sharing to distribute a secret modulo the SECP256K1 curve order 81 | * 82 | * @param k Threshold 83 | * @param n Number of shares 84 | * @param RNG Pointer to a cryptographically secure random number generator 85 | * @param shares n Secret Shares (x, y) to be distributed 86 | * @param C checks for the generated shares 87 | * @param S Secret to share. It is generated if empty 88 | */ 89 | void VSS_make_shares(int k, int n, csprng *RNG, SSS_shares *shares, octet *C, octet *S); 90 | 91 | /** @brief Verify a VSS Share using the checks C 92 | * 93 | * @param k Threshold 94 | * @param X_j X component of the share to check 95 | * @param Y_j Y component of the share to check 96 | * @param C Checks for the shares 97 | * @return VSS_OK or an error code 98 | */ 99 | int VSS_verify_shares(int k, const octet *X_j, const octet * Y_j, const octet *C); 100 | 101 | #ifdef __cplusplus 102 | } 103 | #endif 104 | 105 | #endif 106 | -------------------------------------------------------------------------------- /src/cg21/cg21_pi_prm.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include "amcl/cg21/cg21_pi_prm.h" 21 | 22 | static void CG21_PI_PRM_PROOF_to_OCT(CG21_PIPRM_PROOF *proof, CG21_PIPRM_PROOF_OCT *proofOct){ 23 | HDLOG_iter_values_toOctet(proofOct->rho, proof->rho); 24 | HDLOG_iter_values_toOctet(proofOct->irho, proof->irho); 25 | HDLOG_iter_values_toOctet(proofOct->t, proof->t); 26 | HDLOG_iter_values_toOctet(proofOct->it, proof->it); 27 | } 28 | 29 | int CG21_PI_PRM_PROVE(csprng *RNG, PEDERSEN_PRIV *priv, const CG21_SSID *ssid, CG21_PIPRM_PROOF_OCT *proofOct){ 30 | 31 | CG21_PIPRM_PROOF proof; 32 | HDLOG_iter_values R; 33 | 34 | char e[HDLOG_CHALLENGE_SIZE]; 35 | octet E = {0, sizeof(e), e}; 36 | 37 | int n = *ssid->n1; 38 | 39 | /* generate proof for both alpha and ialpha based on FO97:section3.1:setup procedure (step5) */ 40 | // Prove b1 = b0^alpha 41 | HDLOG_commit(RNG, &priv->mod, priv->pq, priv->b0, R, proof.rho); 42 | int rc = HDLOG_challenge_CG21(priv->mod.n, priv->b0, priv->b1, proof.rho, (const HDLOG_SSID *) ssid, &E, n); 43 | if (rc != HDLOG_OK) 44 | { 45 | return rc; 46 | } 47 | HDLOG_prove(priv->pq, priv->alpha, R, &E, proof.t); 48 | 49 | // Prove b0 = b1 ^ ialpha 50 | HDLOG_commit(RNG, &priv->mod, priv->pq, priv->b1, R, proof.irho); 51 | rc = HDLOG_challenge_CG21(priv->mod.n, priv->b1, priv->b0, proof.irho, (const HDLOG_SSID *) ssid, &E, n); 52 | if (rc != HDLOG_OK) 53 | { 54 | return rc; 55 | } 56 | HDLOG_prove(priv->pq, priv->ialpha, R, &E, proof.it); 57 | 58 | // Clean memory 59 | HDLOG_iter_values_kill(R); 60 | 61 | // convert proof to octet 62 | CG21_PI_PRM_PROOF_to_OCT(&proof, proofOct); 63 | 64 | return CG21_OK; 65 | } 66 | 67 | int CG21_PI_PRM_OCT_to_PROOF(CG21_PIPRM_PROOF *proof, CG21_PIPRM_PROOF_OCT *proofOct) 68 | { 69 | if (HDLOG_iter_values_fromOctet(proof->rho, proofOct->rho) != HDLOG_OK) 70 | { 71 | return CG21_PI_PRM_INVALID_FORMAT; 72 | } 73 | 74 | if (HDLOG_iter_values_fromOctet(proof->irho, proofOct->irho) != HDLOG_OK) 75 | { 76 | return CG21_PI_PRM_INVALID_FORMAT; 77 | } 78 | 79 | if (HDLOG_iter_values_fromOctet(proof->t, proofOct->t) != HDLOG_OK) 80 | { 81 | return CG21_PI_PRM_INVALID_FORMAT; 82 | } 83 | 84 | if (HDLOG_iter_values_fromOctet(proof->it, proofOct->it) != HDLOG_OK) 85 | { 86 | return CG21_PI_PRM_INVALID_FORMAT; 87 | } 88 | 89 | return CG21_OK; 90 | } 91 | 92 | int CG21_PI_PRM_VERIFY(PEDERSEN_PUB *pub, const CG21_SSID *ssid, CG21_PIPRM_PROOF_OCT *proofOct, int n){ 93 | 94 | CG21_PIPRM_PROOF proof; 95 | 96 | char e[HDLOG_CHALLENGE_SIZE]; 97 | octet E = {0, sizeof(e), e}; 98 | 99 | // load proof from octet 100 | CG21_PI_PRM_OCT_to_PROOF(&proof, proofOct); 101 | 102 | // Verify knowledge of DLOG of b1 103 | HDLOG_challenge_CG21(pub->N, pub->b0, pub->b1, proof.rho, (const HDLOG_SSID *) ssid, &E, n); 104 | int rc = HDLOG_verify(pub->N, pub->b0, pub->b1, proof.rho, &E, proof.t); 105 | if (rc != HDLOG_OK) 106 | { 107 | return CG21_PI_PRM_INVALID_PROOF; 108 | } 109 | 110 | // Verify knowledge of DLOG of b1 111 | HDLOG_challenge_CG21(pub->N, pub->b1, pub->b0, proof.irho, (const HDLOG_SSID *) ssid, &E, n); 112 | rc = HDLOG_verify(pub->N, pub->b1, pub->b0, proof.irho, &E, proof.it); 113 | if (rc != HDLOG_OK) 114 | { 115 | return CG21_PI_PRM_INVALID_PROOF; 116 | } 117 | 118 | return CG21_OK; 119 | } 120 | -------------------------------------------------------------------------------- /test/unit/test_shamir_to_additive.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/shamir.h" 23 | 24 | /* 25 | * Test Shamir Share to Additive Share conversion 26 | */ 27 | 28 | #define LINE_LEN 1024 29 | #define OCT_ARRAY_LEN 16 30 | 31 | int main(int argc, char **argv) 32 | { 33 | if (argc != 2) 34 | { 35 | printf("usage: ./test_shamir_to_additive [path to test vector file]\n"); 36 | exit(EXIT_FAILURE); 37 | } 38 | 39 | int i; 40 | int test_run = 0; 41 | 42 | octet *oct_ptr; 43 | 44 | FILE *fp; 45 | char line[LINE_LEN] = {0}; 46 | 47 | const char *TESTline = "TEST = "; 48 | int testNo = 0; 49 | 50 | const char *Kline = "K = "; 51 | int k; 52 | 53 | const char *Xline = "X = "; 54 | char x[OCT_ARRAY_LEN][SGS_SECP256K1]; 55 | octet X[OCT_ARRAY_LEN]; 56 | 57 | char others[OCT_ARRAY_LEN][SGS_SECP256K1]; 58 | octet OTHERS[OCT_ARRAY_LEN]; 59 | 60 | const char *Yline = "Y = "; 61 | char y[OCT_ARRAY_LEN][SGS_SECP256K1]; 62 | octet Y[OCT_ARRAY_LEN]; 63 | 64 | const char *Sline = "A_SHARES = "; 65 | char s_golden[OCT_ARRAY_LEN][SGS_SECP256K1]; 66 | char s[SGS_SECP256K1]; 67 | octet S_GOLDEN[OCT_ARRAY_LEN]; 68 | octet S = {0, sizeof(s), s}; 69 | 70 | for (i = 0; i < OCT_ARRAY_LEN; i++) 71 | { 72 | X[i].val = x[i]; 73 | X[i].len = 0; 74 | X[i].max = sizeof(x[i]); 75 | 76 | Y[i].val = y[i]; 77 | Y[i].len = 0; 78 | Y[i].max = sizeof(y[i]); 79 | 80 | S_GOLDEN[i].val = s_golden[i]; 81 | S_GOLDEN[i].len = 0; 82 | S_GOLDEN[i].max = sizeof(s_golden[i]); 83 | 84 | OTHERS[i].val = others[i]; 85 | OTHERS[i].len = 0; 86 | OTHERS[i].max = sizeof(others[i]); 87 | } 88 | 89 | // Line terminating a test vector 90 | const char *last_line = Sline; 91 | 92 | fp = fopen(argv[1], "r"); 93 | if (fp == NULL) 94 | { 95 | printf("ERROR opening test vector file\n"); 96 | exit(EXIT_FAILURE); 97 | } 98 | 99 | /* Test happy path with test vectors */ 100 | while (fgets(line, LINE_LEN, fp) != NULL) 101 | { 102 | scan_int(&testNo, line, TESTline); 103 | 104 | scan_int(&k, line, Kline); 105 | 106 | scan_OCTET_ARRAY(fp, X, line, Xline, k); 107 | scan_OCTET_ARRAY(fp, Y, line, Yline, k); 108 | scan_OCTET_ARRAY(fp, S_GOLDEN, line, Sline, k); 109 | 110 | if (!strncmp(line, last_line, strlen(last_line))) 111 | { 112 | for (i = 0; i < k; i++) 113 | { 114 | // Load other participant shares 115 | oct_ptr = OTHERS; 116 | for (int j = 0; j < k; j++) 117 | { 118 | if (j == i) continue; 119 | 120 | OCT_copy(oct_ptr, X+j); 121 | oct_ptr++; 122 | } 123 | 124 | SSS_shamir_to_additive(k, X+i, Y+i, OTHERS, &S); 125 | 126 | compare_OCT(fp, testNo, "SSS_shamir_to_additive", &S, S_GOLDEN+i); 127 | } 128 | 129 | // Mark that at least one test vector was executed 130 | test_run = 1; 131 | } 132 | } 133 | 134 | fclose(fp); 135 | 136 | if (test_run == 0) 137 | { 138 | printf("ERROR no test vector was executed\n"); 139 | exit(EXIT_FAILURE); 140 | } 141 | 142 | printf("SUCCESS\n"); 143 | exit(EXIT_SUCCESS); 144 | } 145 | -------------------------------------------------------------------------------- /testVectors/schnorr/dchallenge.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "TEST": 0, 4 | "R": "031f34b29baecc9d2612cb0fc2f76ab044c4e3d680f5fe59cc11c1ae8c89cb2838", 5 | "V": "027471aa6cec039a6b451ac6e5e4559ba2c8d287cd75fcf1dfa6c3461f39d3a9f2", 6 | "C": "0385559d63ebe60eeecac4b3e54ca5525b3553b2f805bdb7b4e9a05624a63644d4", 7 | "E": "731e1fbcb9dfb310e6a23a6e362a0bc6647e7433907ccc5b8d05657fb14aaa56", 8 | "ID": "4567587cca20c3912ba02fe14b649829", 9 | "AD": "" 10 | }, 11 | { 12 | "TEST": 1, 13 | "R": "0371a9bd0dcade30fe1b70bfebf45e6e3df9ee185925d8c1462e1dfa2c1586f502", 14 | "V": "0367b4b5a89b2f222682a5b454af779b161f76b6488f4a3e15b25814b88f6b0ed9", 15 | "C": "03df434aa5e9fe202e5b75aadda91e7916e03348c9abbf7e6a45d44835969c993a", 16 | "E": "a5a05e68ef3c28196de4c1a722c588f345fef6e0a90c2ba783e9832cc71ace28", 17 | "ID": "7e5a46b87c3952ffae977101fbe4aa5a", 18 | "AD": "" 19 | }, 20 | { 21 | "TEST": 2, 22 | "R": "02faf84fff3ddc4ca81fdef16a0951230f559db8cfa8ef96b22fe0d1fc84793348", 23 | "V": "02f6c3eb625c33ac65c790cfb8a123c5fc96a9162163d94549d50ab77b76668cc4", 24 | "C": "02d2a1d5b09ddd0895d3cecddb9e07286dc610fa96bcc646bab100746eda7ba98d", 25 | "E": "df26a6994b268ecf1e6e0513b581dbd961615ddb3afb36b0a7e246e0e9f03403", 26 | "ID": "2c2d1edbba148f9c9fc9c43f5329dcdc", 27 | "AD": "" 28 | }, 29 | { 30 | "TEST": 3, 31 | "R": "020d395eca9daf2bde61d683336be0b7158e81060456482f252c6a0902335cbd5b", 32 | "V": "02b3bac2f4ae4b5774c0b2118bd282f7bdae2508da4d50a0b6b15bba03161bbbaf", 33 | "C": "03cd22d4c01b912fe98482930d17111cc3963d7032e9bc2670a9e3b37f2eddbbf6", 34 | "E": "096c19ae7b41bd11a3383c393b8cec0e00d21bdf0d1eaea3b322d7925303c5a5", 35 | "ID": "702f48e6c8ada26fd0bdc58271292b5d", 36 | "AD": "" 37 | }, 38 | { 39 | "TEST": 4, 40 | "R": "0349eb8974c86282418e5e1f8156ddacf18a0e9302604e36a55af1ed450471071d", 41 | "V": "02e246387da4fceb844492f939b87a37554b93cebc8812e5be44e293380f458758", 42 | "C": "03b0e1f9a308984968622bd239bdfd82a95cc6f467b8c5e5ba1c50647f74d5d967", 43 | "E": "13dce3548d40c3dcad1b266b90f83157ff9520169eefcb372c5595f91f15440a", 44 | "ID": "2a9b11dd314c26d04bc5b6b3fee2f9fb", 45 | "AD": "" 46 | }, 47 | { 48 | "TEST": 5, 49 | "R": "030b74e1973bf10a1b5b57656d533bd9bc6c5369a8b50dc02f4da313609c4b4cae", 50 | "V": "03e461314f61dcefee5107194a30e09bc001aa9fc1dcb539eb37b9d9b86142a9b9", 51 | "C": "02df2d6ec6490963c56cfb47c18fdc03ad0adf48e5598b020cad4fe2a21bb192d8", 52 | "E": "7587b910b49680f41a788e79405d378859aeca5a58df58722fc648d8cc6871ed", 53 | "ID": "a8dfe3b9507a2f8dd3f8e4c26e5e0303", 54 | "AD": "4baa8e08f18f8bc426a726caa9e3f60c" 55 | }, 56 | { 57 | "TEST": 6, 58 | "R": "03bb193bfc8ece97320807a2a7ebbf7b86743e618efea217f98dc721604eb38de4", 59 | "V": "028fe6aa66ed30218ba0eab95cece4ebac13b4ba57a1e369ff8f0075235fa25551", 60 | "C": "0389a1e979398764bb184b776db5cbab8ec6d5a35ca1afcbc48a0212807b44f78f", 61 | "E": "fd095efb0352f3092090a73ab1c8256d6ce91c1200a9ce94cc78ad0972387324", 62 | "ID": "3c5335f5b78fd07397d2afa043261d8e", 63 | "AD": "af5db16b80f07b104dd2ed17ec9855fa" 64 | }, 65 | { 66 | "TEST": 7, 67 | "R": "033bdfe6658839c138ab920092342c0bde0ac18b21acebc45c4702327da49d25fe", 68 | "V": "02f2805b6468ad19a784b79af287b33e3ec02360d27adc45e49303a5841ba2f96f", 69 | "C": "0202f41283ab55d988431ddeb11c1d2ba6072b2310a810199c70add17884652adc", 70 | "E": "d1c3151e9d035de98a7d440a1b0355e7aa48b482ded2f6d4d32e3d595b765c4b", 71 | "ID": "ca79704548b90cb2f6fcb2691fd9ac4b", 72 | "AD": "50bd088a6040960420c2a592c82f11b9" 73 | }, 74 | { 75 | "TEST": 8, 76 | "R": "02a7d55d997faca384d6784923d49a5ba36b185c0427f56118738736ed304318ac", 77 | "V": "024ca8a828ae901debfa693e416540e267e2bf53a4e393cf748352372c44a0c528", 78 | "C": "03fd319a8cf14cf7edbb740461035901aff1ba52911a13a8e9a9251b8805edaa6b", 79 | "E": "729441880dab1973d24ddce4af1319367a568fe80ee26f0135d677aaf77e04ac", 80 | "ID": "14d194a9a7bb50067b75030a2a4b31aa", 81 | "AD": "9efbe273c43ef2d3a9ab67907b3db77c" 82 | }, 83 | { 84 | "TEST": 9, 85 | "R": "021e221451eb615632912423657e9b79fe0ea58c333667893a6c205eaf3a75822a", 86 | "V": "0242a2fabc74574a78453dd9db7b0b9eaf32890cb2188f5c855c0723db0d3b92a1", 87 | "C": "03409379b58af01fea446e18df1b465a4634806900825200334d5390cc3ae3fc89", 88 | "E": "66343214024de8c3f31e4985628f446f43c17c82bbff3b401324124aeb494e9f", 89 | "ID": "8151b308bee69f9dfe705c290ce4dea9", 90 | "AD": "cace19ad3775febf42974c801012b386" 91 | } 92 | ] -------------------------------------------------------------------------------- /test/unit/test_d_schnorr_verify.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/schnorr.h" 23 | 24 | /* Double Schnorr's Proof challenge verify test */ 25 | 26 | #define LINE_LEN 256 27 | 28 | int main(int argc, char **argv) 29 | { 30 | if (argc != 2) 31 | { 32 | printf("usage: ./test_schnorr_d_verify [path to test vector file]\n"); 33 | exit(EXIT_FAILURE); 34 | } 35 | 36 | int rc; 37 | int test_run = 0; 38 | 39 | char err_msg[128]; 40 | 41 | FILE *fp; 42 | char line[LINE_LEN] = {0}; 43 | 44 | const char *TESTline = "TEST = "; 45 | int testNo = 0; 46 | 47 | char r[SFS_SECP256K1+1]; 48 | octet R = {0, sizeof(r), r}; 49 | const char *Rline = "R = "; 50 | 51 | char v[SFS_SECP256K1+1]; 52 | octet V = {0, sizeof(v), v}; 53 | const char *Vline = "V = "; 54 | 55 | char c[SFS_SECP256K1+1]; 56 | octet C = {0, sizeof(c), c}; 57 | const char *Cline = "C = "; 58 | 59 | char e[SGS_SECP256K1]; 60 | octet E = {0, sizeof(e), e}; 61 | const char *Eline = "E = "; 62 | 63 | char t[SGS_SECP256K1]; 64 | octet T = {0, sizeof(t), t}; 65 | const char *Tline = "T = "; 66 | 67 | char u[SGS_SECP256K1]; 68 | octet U = {0, sizeof(u), u}; 69 | const char *Uline = "U = "; 70 | 71 | // Line terminating a test vector 72 | const char *last_line = Uline; 73 | 74 | fp = fopen(argv[1], "r"); 75 | if (fp == NULL) 76 | { 77 | printf("ERROR opening test vector file\n"); 78 | exit(EXIT_FAILURE); 79 | } 80 | 81 | /* Test happy path with test vectors */ 82 | while (fgets(line, LINE_LEN, fp) != NULL) 83 | { 84 | scan_int(&testNo, line, TESTline); 85 | 86 | // Read input 87 | scan_OCTET(fp, &R, line, Rline); 88 | scan_OCTET(fp, &V, line, Vline); 89 | scan_OCTET(fp, &C, line, Cline); 90 | scan_OCTET(fp, &E, line, Eline); 91 | scan_OCTET(fp, &T, line, Tline); 92 | scan_OCTET(fp, &U, line, Uline); 93 | 94 | if (!strncmp(line, last_line, strlen(last_line))) 95 | { 96 | rc = SCHNORR_D_verify(&R, &V, &C, &E, &T, &U); 97 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_D_verify. rc %d", rc); 98 | assert_tv(fp, testNo, err_msg, rc == SCHNORR_OK); 99 | 100 | // Mark that at least one test vector was executed 101 | test_run = 1; 102 | } 103 | } 104 | 105 | fclose(fp); 106 | 107 | if (test_run == 0) 108 | { 109 | printf("ERROR no test vector was executed\n"); 110 | exit(EXIT_FAILURE); 111 | } 112 | 113 | /* Test unhappy path */ 114 | char zero[SFS_SECP256K1+1] = {0}; 115 | octet ZERO = {0, sizeof(zero), zero}; 116 | 117 | rc = SCHNORR_D_verify(&ZERO, &V, &C, &E, &T, &U); 118 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_D_verify invalid R. rc %d", rc); 119 | assert(NULL, err_msg, rc == SCHNORR_INVALID_ECP); 120 | 121 | rc = SCHNORR_D_verify(&R, &ZERO, &C, &E, &T, &U); 122 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_D_verify invalid V. rc %d", rc); 123 | assert(NULL, err_msg, rc == SCHNORR_INVALID_ECP); 124 | 125 | rc = SCHNORR_D_verify(&R, &V, &ZERO, &E, &T, &U); 126 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_D_verify invalid C. rc %d", rc); 127 | assert(NULL, err_msg, rc == SCHNORR_INVALID_ECP); 128 | 129 | rc = SCHNORR_D_verify(&R, &V, &C, &E, &ZERO, &U); 130 | snprintf(err_msg, sizeof(err_msg), "SCHNORR_D_verify invalid proof. rc %d", rc); 131 | assert(NULL, err_msg, rc == SCHNORR_FAIL); 132 | 133 | printf("SUCCESS\n"); 134 | exit(EXIT_SUCCESS); 135 | } 136 | -------------------------------------------------------------------------------- /testVectors/schnorr/dverify.txt: -------------------------------------------------------------------------------- 1 | TEST = 0, 2 | R = 020537773ffc3da376e2f3dabba54b84f3c865ad8acf3d77f72afaf20a5cb44e57, 3 | V = 033b69f8bdf508ca2bebe2518e177b20f12c4d8335f628b318160a5b4201ef93ad, 4 | C = 028053a7ddd2d195913e2e520b1b6be09d6f3dd3b3dcc7f5dad04ba2afc2307d90, 5 | E = edebdfc8bda2088507f63a7dea84a2a2b704c97e42e48127f68dcea818325d8d, 6 | T = d1d8e4894b8c5c7262d1aaba981a7a75d31e7bb269890d53116e70be0cdf99d9, 7 | U = bb7b364ec9d428e273f5e71e689fe1ded08f9805416fb366894fec518b5ab9f8, 8 | 9 | TEST = 1, 10 | R = 02daa4bb8bfcdd6293e04b68686d3b05c06b195cc880062c2625e3007ea4cfe0c0, 11 | V = 029485b64dc10ac2d0ce3555c94975998af4d9c71d29fe5ae0649bcc7ffce5e7e6, 12 | C = 03874b1fae542def460a696815b5a903c5d37ff7adfc2baa49fb8b9433a25d1509, 13 | E = 587b8ccd7122bb35e02c94b2db3e23f1ee65bccdc8f9e71d034c89b94a090cb8, 14 | T = b93f24de57b859db76a884313aa730ef18c63e2ca53ad6d2c7d90b337450c16d, 15 | U = 64cc0abb4245a5d37359a324324a7e9e64d115b39ea0a2f5b7d9ad6f210e5c3b, 16 | 17 | TEST = 2, 18 | R = 02913dc55b4d1e8e89d9e7c3e38702add012aae04a42439f9fe1d5d690d3255566, 19 | V = 023ec4892b5efe9e5db85104034a20b9cca6b7d7129f760b65ea19c33e6f4287a9, 20 | C = 03adab79913fc68007fe6db89ab64240edc864bc1a08dbea210492837707b53458, 21 | E = d455924c96c02ec532e137a2b288aa04745ecb18cc1000a55613cdf412a46427, 22 | T = 97e10ec3f596284e1efdbb20dfc53593339e5aa9e3117ac3dc7e0087c0ffc831, 23 | U = 2425097f2bdedd1b7294e6c35a036e1968bf5ec0cee387b948f4afc6827566b4, 24 | 25 | TEST = 3, 26 | R = 02cb97763b448ee16c0dbdcdef765e2ae257ec129fc7ef992b04850a51137ff5f5, 27 | V = 0211d00ede35b17508461d8d31323a86825bdd0b7458626a76a83705c0f95a5351, 28 | C = 03c4d0adc3e672fb70a9a0138b173d1d09ff23f9e4329035f5a7136c6fd9564849, 29 | E = 83c5149c51cf6a9c246a6b407b0c8dc7b47e99977b1deba413d88437aebe813c, 30 | T = 50ed725d57e38dbda89a2e87fe9cd72dad2434e5583243cb183cf611679e7972, 31 | U = 254066df913b9132a6534451968844058ab803f485642e686e30ac19c78d88f5, 32 | 33 | TEST = 4, 34 | R = 03c5c2ba8cf4e0ddd06803f2eab8426e7250467e8a521e6e4764f8ed50f99e8ead, 35 | V = 03dcb5f6ead7e81963ab4a3f1f5c6d77e4c079001343b7058e8bff7c5d84f5da4a, 36 | C = 036410928e258ce7800407f127141ae617f5e2e89864b66c1dfa72a401fb5fbb61, 37 | E = ec74f330ac0ceea0d1c957fb01a07dccd1798d98d33b567b0c931dcc2c3e90ea, 38 | T = dc77f3cc4b31c8677ef566fc182a8c32bd98188aaa5255062104019dfc3b09dc, 39 | U = 6774443dbc5ecc5bcaf4597f36ede169372611417c53b8445ca56cb92aafe852, 40 | 41 | TEST = 5, 42 | R = 02d1ee046200382c654c90a02fcc1b025ac15b34d26cb864b7278e359d04779792, 43 | V = 02380955f1798a27cd14802b947ec8b4b57fa206ac44707d3bc0d4beb7e2b1db5e, 44 | C = 02aab91a349d395b360362ca157a005c2cf9feab3ea25a86e62ee6f6bb8948968a, 45 | E = 8e50b3197f779789bcb082d9be490863fd2b68b9357d951b222fc5724e2aedcd, 46 | T = abc2b26aa50342df17c1adb5d600557d1460fa21360a386af8d4042b86ae87e6, 47 | U = e9f3f4669b61ace1037c04b0273500cadd2bdac058d1f50fccec4b0b71893c74, 48 | 49 | TEST = 6, 50 | R = 02bb995b6ef4415dac329d0f02aaebf248121e2cf844fce54d947b14e7b1c756c8, 51 | V = 03b4f1b72b07951c4db6ed445f1386fdd9859813b9bbcf3d59b78f2c41a1b0f417, 52 | C = 0258882ae61e1e8549cb4c2af92d479819c87bc02714106eabb1d1e8eaec36b26f, 53 | E = 70bb1893f91f520378838b35a240e65e3153d5b891ffafc7ecdd838c2042cbde, 54 | T = 88e8d7350400868a8d48f630868cbbc2ef97112696b985a3ad0c78d833a33625, 55 | U = bc4471af39ffe173f59807badbe79ffc9548f6d8fcaa8ecdccf6c3f7797f82cb, 56 | 57 | TEST = 7, 58 | R = 038bb34386bc9c7f065136d04f1c62c936ddbe9874235b2b27e378cf7514e34e10, 59 | V = 03a02e15a584f591c5fc8f0b4c1408552433c8547225643eff5414afdbaec8abf2, 60 | C = 021d1064a0e59a75d7e0f8b08d958c6a7f25882dc838acee5a962300e1b02de047, 61 | E = 5623eeafec05f5a592647f78b351f8adca1d4d99aec7992fdc1db4c830a39366, 62 | T = fea34fc356079b51b529bd6681ba0bd8d01f3417cce03944b21386ca9ddc7e3b, 63 | U = 74071f2a607cbc64255c8d64df7eb5cd31ab8a85d91d6497288c6339ca1fb526, 64 | 65 | TEST = 8, 66 | R = 0390d1fe5c60463086f65d1b44dbdf65c001f4e532f763e45646765d06019960de, 67 | V = 03a603e43e1a98b839f6971eb0fe73c7a70130e0c27411fda59617c8365ac6cdf2, 68 | C = 02938dcf17c55d78aa6b871d38ae838ea56d38c321c470527340212c4ada21fbd5, 69 | E = 51902fda78bb40a1eb2099512ae3e4853f596f0be0e73f478a01f4fff9c48e4c, 70 | T = 8daf81313b9aa20c44bbe6daa070618b571ad03df23e390ae7ec2585f1205ffd, 71 | U = a77503c8846192032f79f882ad9e8e21b7534553c2db6f0e988659c3675b5aa5, 72 | 73 | TEST = 9, 74 | R = 025e534768bafa3171b850bcccbfad82702adc69d90f9db32debe7afe7fdd06f1c, 75 | V = 0229bc145f45468201a47c3e62785503d006fa9be41cd5892a65002a7aef0e79cd, 76 | C = 0248d59ed28567a329f442051fb7e91069a136e68751c52d5e592693295ecc0e81, 77 | E = 104b7d4a22cd1cee0d853f5b3d0e4e9a14e5156201b92b4860bcd8a07423e7b0, 78 | T = b4a9bf92910036da6342cf59bb6b545e7faf8dd3affb4ff1223d1c1805de7884, 79 | U = 4e78b645d5dba4a43f1fd896f62ba089608c4410bb6478de9a2ca9323dd7b0dc, 80 | 81 | -------------------------------------------------------------------------------- /examples/example_d_schnorr.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include "amcl/schnorr.h" 21 | 22 | /* Double Schnorr's proofs example */ 23 | 24 | int main() 25 | { 26 | int rc; 27 | 28 | BIG_256_56 r; 29 | BIG_256_56 s; 30 | BIG_256_56 l; 31 | BIG_256_56 q; 32 | ECP_SECP256K1 G; 33 | ECP_SECP256K1 ECPR; 34 | 35 | char oct_s[SGS_SECP256K1]; 36 | octet S = {0, sizeof(oct_s), oct_s}; 37 | 38 | char oct_l[SGS_SECP256K1]; 39 | octet L = {0, sizeof(oct_l), oct_l}; 40 | 41 | char oct_r[SFS_SECP256K1 + 1]; 42 | octet R = {0, sizeof(oct_r), oct_r}; 43 | 44 | char v[SFS_SECP256K1+1]; 45 | octet V = {0, sizeof(v), v}; 46 | 47 | char id[32]; 48 | octet ID = {0, sizeof(id), id}; 49 | 50 | char ad[32]; 51 | octet AD = {0, sizeof(ad), ad}; 52 | 53 | char a[SGS_SECP256K1]; 54 | octet A = {0, sizeof(a), a}; 55 | 56 | char b[SGS_SECP256K1]; 57 | octet B = {0, sizeof(b), b}; 58 | 59 | char c[SFS_SECP256K1+1]; 60 | octet C = {0, sizeof(c), c}; 61 | 62 | char e[SGS_SECP256K1]; 63 | octet E = {0, sizeof(e), e}; 64 | 65 | char t[SGS_SECP256K1]; 66 | octet T = {0, sizeof(t), t}; 67 | 68 | char u[SGS_SECP256K1]; 69 | octet U = {0, sizeof(u), u}; 70 | 71 | // Deterministic RNG for example 72 | char seed[32] = {0}; 73 | csprng RNG; 74 | RAND_seed(&RNG, 32, seed); 75 | 76 | BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); 77 | ECP_SECP256K1_generator(&G); 78 | ECP_SECP256K1_generator(&ECPR); 79 | 80 | // Generate ID and AD 81 | OCT_rand(&ID, &RNG, ID.len); 82 | OCT_rand(&AD, &RNG, AD.len); 83 | 84 | // Generate public R 85 | BIG_256_56_randomnum(r, q, &RNG); 86 | ECP_SECP256K1_mul(&ECPR, r); 87 | 88 | ECP_SECP256K1_toOctet(&R, &ECPR, 1); 89 | 90 | // Generate double DLOG 91 | BIG_256_56_randomnum(s, q, &RNG); 92 | BIG_256_56_randomnum(l, q, &RNG); 93 | 94 | ECP_SECP256K1_mul2(&G, &ECPR, l, s); 95 | 96 | BIG_256_56_toBytes(S.val, s); 97 | BIG_256_56_toBytes(L.val, l); 98 | S.len = SGS_SECP256K1; 99 | L.len = SGS_SECP256K1; 100 | 101 | ECP_SECP256K1_toOctet(&V, &G, 1); 102 | 103 | printf("Double Schnorr's Proof of knowledge of a DLOG. V = s.R + l.G\n"); 104 | printf("\ts = "); 105 | OCT_output(&S); 106 | printf("\tl = "); 107 | OCT_output(&L); 108 | printf("\tR = "); 109 | OCT_output(&R); 110 | printf("\tV = "); 111 | OCT_output(&V); 112 | printf("\tID = "); 113 | OCT_output(&ID); 114 | printf("\tAD = "); 115 | OCT_output(&AD); 116 | 117 | printf("\nGenerate a commitment C = a.R + b.G\n"); 118 | rc = SCHNORR_D_commit(&RNG, &R, &A, &B, &C); 119 | if (rc != SCHNORR_OK) 120 | { 121 | printf("FAILURE SCHNORR_D_commit. RC %d\n", rc); 122 | exit(EXIT_FAILURE); 123 | } 124 | 125 | printf("\ta = "); 126 | OCT_output(&A); 127 | printf("\tb = "); 128 | OCT_output(&B); 129 | printf("\tC = "); 130 | OCT_output(&C); 131 | 132 | printf("\nGenerate a challenge from the public parameters\n"); 133 | SCHNORR_D_challenge(&R, &V, &C, &ID, &AD, &E); 134 | 135 | printf("\te = "); 136 | OCT_output(&E); 137 | 138 | printf("\nGenerate the proof (t, u)\n"); 139 | SCHNORR_D_prove(&A, &B, &E, &S, &L, &T, &U); 140 | 141 | printf("\tt = "); 142 | OCT_output(&T); 143 | printf("\tu = "); 144 | OCT_output(&U); 145 | 146 | printf("\nTransmit proof (C,t,u) for V\n"); 147 | 148 | printf("\nCompute challenge from public parameters and verify proof\n"); 149 | rc = SCHNORR_D_verify(&R, &V, &C, &E, &T, &U); 150 | if (rc != SCHNORR_OK) 151 | { 152 | printf("\tFailure! RC %d\n", rc); 153 | } 154 | else 155 | { 156 | printf("\tSuccess!\n"); 157 | } 158 | } -------------------------------------------------------------------------------- /testVectors/schnorr/dverify.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "TEST": 0, 4 | "R": "020537773ffc3da376e2f3dabba54b84f3c865ad8acf3d77f72afaf20a5cb44e57", 5 | "V": "033b69f8bdf508ca2bebe2518e177b20f12c4d8335f628b318160a5b4201ef93ad", 6 | "C": "028053a7ddd2d195913e2e520b1b6be09d6f3dd3b3dcc7f5dad04ba2afc2307d90", 7 | "E": "edebdfc8bda2088507f63a7dea84a2a2b704c97e42e48127f68dcea818325d8d", 8 | "T": "d1d8e4894b8c5c7262d1aaba981a7a75d31e7bb269890d53116e70be0cdf99d9", 9 | "U": "bb7b364ec9d428e273f5e71e689fe1ded08f9805416fb366894fec518b5ab9f8" 10 | }, 11 | { 12 | "TEST": 1, 13 | "R": "02daa4bb8bfcdd6293e04b68686d3b05c06b195cc880062c2625e3007ea4cfe0c0", 14 | "V": "029485b64dc10ac2d0ce3555c94975998af4d9c71d29fe5ae0649bcc7ffce5e7e6", 15 | "C": "03874b1fae542def460a696815b5a903c5d37ff7adfc2baa49fb8b9433a25d1509", 16 | "E": "587b8ccd7122bb35e02c94b2db3e23f1ee65bccdc8f9e71d034c89b94a090cb8", 17 | "T": "b93f24de57b859db76a884313aa730ef18c63e2ca53ad6d2c7d90b337450c16d", 18 | "U": "64cc0abb4245a5d37359a324324a7e9e64d115b39ea0a2f5b7d9ad6f210e5c3b" 19 | }, 20 | { 21 | "TEST": 2, 22 | "R": "02913dc55b4d1e8e89d9e7c3e38702add012aae04a42439f9fe1d5d690d3255566", 23 | "V": "023ec4892b5efe9e5db85104034a20b9cca6b7d7129f760b65ea19c33e6f4287a9", 24 | "C": "03adab79913fc68007fe6db89ab64240edc864bc1a08dbea210492837707b53458", 25 | "E": "d455924c96c02ec532e137a2b288aa04745ecb18cc1000a55613cdf412a46427", 26 | "T": "97e10ec3f596284e1efdbb20dfc53593339e5aa9e3117ac3dc7e0087c0ffc831", 27 | "U": "2425097f2bdedd1b7294e6c35a036e1968bf5ec0cee387b948f4afc6827566b4" 28 | }, 29 | { 30 | "TEST": 3, 31 | "R": "02cb97763b448ee16c0dbdcdef765e2ae257ec129fc7ef992b04850a51137ff5f5", 32 | "V": "0211d00ede35b17508461d8d31323a86825bdd0b7458626a76a83705c0f95a5351", 33 | "C": "03c4d0adc3e672fb70a9a0138b173d1d09ff23f9e4329035f5a7136c6fd9564849", 34 | "E": "83c5149c51cf6a9c246a6b407b0c8dc7b47e99977b1deba413d88437aebe813c", 35 | "T": "50ed725d57e38dbda89a2e87fe9cd72dad2434e5583243cb183cf611679e7972", 36 | "U": "254066df913b9132a6534451968844058ab803f485642e686e30ac19c78d88f5" 37 | }, 38 | { 39 | "TEST": 4, 40 | "R": "03c5c2ba8cf4e0ddd06803f2eab8426e7250467e8a521e6e4764f8ed50f99e8ead", 41 | "V": "03dcb5f6ead7e81963ab4a3f1f5c6d77e4c079001343b7058e8bff7c5d84f5da4a", 42 | "C": "036410928e258ce7800407f127141ae617f5e2e89864b66c1dfa72a401fb5fbb61", 43 | "E": "ec74f330ac0ceea0d1c957fb01a07dccd1798d98d33b567b0c931dcc2c3e90ea", 44 | "T": "dc77f3cc4b31c8677ef566fc182a8c32bd98188aaa5255062104019dfc3b09dc", 45 | "U": "6774443dbc5ecc5bcaf4597f36ede169372611417c53b8445ca56cb92aafe852" 46 | }, 47 | { 48 | "TEST": 5, 49 | "R": "02d1ee046200382c654c90a02fcc1b025ac15b34d26cb864b7278e359d04779792", 50 | "V": "02380955f1798a27cd14802b947ec8b4b57fa206ac44707d3bc0d4beb7e2b1db5e", 51 | "C": "02aab91a349d395b360362ca157a005c2cf9feab3ea25a86e62ee6f6bb8948968a", 52 | "E": "8e50b3197f779789bcb082d9be490863fd2b68b9357d951b222fc5724e2aedcd", 53 | "T": "abc2b26aa50342df17c1adb5d600557d1460fa21360a386af8d4042b86ae87e6", 54 | "U": "e9f3f4669b61ace1037c04b0273500cadd2bdac058d1f50fccec4b0b71893c74" 55 | }, 56 | { 57 | "TEST": 6, 58 | "R": "02bb995b6ef4415dac329d0f02aaebf248121e2cf844fce54d947b14e7b1c756c8", 59 | "V": "03b4f1b72b07951c4db6ed445f1386fdd9859813b9bbcf3d59b78f2c41a1b0f417", 60 | "C": "0258882ae61e1e8549cb4c2af92d479819c87bc02714106eabb1d1e8eaec36b26f", 61 | "E": "70bb1893f91f520378838b35a240e65e3153d5b891ffafc7ecdd838c2042cbde", 62 | "T": "88e8d7350400868a8d48f630868cbbc2ef97112696b985a3ad0c78d833a33625", 63 | "U": "bc4471af39ffe173f59807badbe79ffc9548f6d8fcaa8ecdccf6c3f7797f82cb" 64 | }, 65 | { 66 | "TEST": 7, 67 | "R": "038bb34386bc9c7f065136d04f1c62c936ddbe9874235b2b27e378cf7514e34e10", 68 | "V": "03a02e15a584f591c5fc8f0b4c1408552433c8547225643eff5414afdbaec8abf2", 69 | "C": "021d1064a0e59a75d7e0f8b08d958c6a7f25882dc838acee5a962300e1b02de047", 70 | "E": "5623eeafec05f5a592647f78b351f8adca1d4d99aec7992fdc1db4c830a39366", 71 | "T": "fea34fc356079b51b529bd6681ba0bd8d01f3417cce03944b21386ca9ddc7e3b", 72 | "U": "74071f2a607cbc64255c8d64df7eb5cd31ab8a85d91d6497288c6339ca1fb526" 73 | }, 74 | { 75 | "TEST": 8, 76 | "R": "0390d1fe5c60463086f65d1b44dbdf65c001f4e532f763e45646765d06019960de", 77 | "V": "03a603e43e1a98b839f6971eb0fe73c7a70130e0c27411fda59617c8365ac6cdf2", 78 | "C": "02938dcf17c55d78aa6b871d38ae838ea56d38c321c470527340212c4ada21fbd5", 79 | "E": "51902fda78bb40a1eb2099512ae3e4853f596f0be0e73f478a01f4fff9c48e4c", 80 | "T": "8daf81313b9aa20c44bbe6daa070618b571ad03df23e390ae7ec2585f1205ffd", 81 | "U": "a77503c8846192032f79f882ad9e8e21b7534553c2db6f0e988659c3675b5aa5" 82 | }, 83 | { 84 | "TEST": 9, 85 | "R": "025e534768bafa3171b850bcccbfad82702adc69d90f9db32debe7afe7fdd06f1c", 86 | "V": "0229bc145f45468201a47c3e62785503d006fa9be41cd5892a65002a7aef0e79cd", 87 | "C": "0248d59ed28567a329f442051fb7e91069a136e68751c52d5e592693295ecc0e81", 88 | "E": "104b7d4a22cd1cee0d853f5b3d0e4e9a14e5156201b92b4860bcd8a07423e7b0", 89 | "T": "b4a9bf92910036da6342cf59bb6b545e7faf8dd3affb4ff1223d1c1805de7884", 90 | "U": "4e78b645d5dba4a43f1fd896f62ba089608c4410bb6478de9a2ca9323dd7b0dc" 91 | } 92 | ] -------------------------------------------------------------------------------- /testVectors/schnorr/dprove.txt: -------------------------------------------------------------------------------- 1 | TEST = 0, 2 | A = 98805901e0372ed6d0a40b6713fefc8287e8d1db602e019f2ed5351409d9706d, 3 | B = 26cc836888ad8d992f6a9147d708fe9a8f2d65fe86004730d12592c7b8b040ef, 4 | E = 1461d3a0ab285ff20abb1f57feab8d5177f48f7886ec7b40295daebb028f3585, 5 | S = 7a576ef122d172a58e5fe6dd5d99420b0ba1c484e3f3c4b7c68f1b61e62c0743, 6 | L = 0886d359c3d6d968e013364166ff8a99c19cbf8cf31682cac557033206616515, 7 | T = 82620066f763e041c98582a702a9c96862acb2ff1e8ddc41453d7de181649109, 8 | U = b6808109110b2f095dff929e6f70ffb212ed541bea0e9c502393b77354892e06, 9 | 10 | TEST = 1, 11 | A = 0cb56a12df35413544e656003152984ef3ca4dcdc0521eaf8c64e6bc6c1e64f4, 12 | B = f0d0b41a157ce4fbb7d1489a35a9292a9613d04a762b4a2877fc00e65e8403ca, 13 | E = 0fd895b69a81143a766bc083b0b2438a056db9c7eaba689bf3eef1a27289a957, 14 | S = 4ca7684fe26ab68f8add3d5c7ffd93cabe7d1a40d6ac7275289c14e949f783cb, 15 | L = f3183da05f4eacd598ecfee13aafab0a66c4e8305fcdd6a125551b28421e4a18, 16 | T = 9a80b742ac91e1dfabdacc7beda876630da20fdfa68371594f0fc91767f97ef5, 17 | U = 09bd1bcc47053e8eaa41e620e0afcacbeffe9204b94b7adc4ea672791feaeae4, 18 | 19 | TEST = 2, 20 | A = 2470fd1f08b27218902e84f7831b145a3397feea9063bb6dbc1dc58043793d36, 21 | B = aac9c4169145697d2be942b35b477d8f5e05d3380bf4a477b155a0b5b1cdca04, 22 | E = 557b85666a49026cf91b4f1131378a1e6b95bc9bbdc73a7dcd305ccc40005af7, 23 | S = 9f43938ac39a90d371ce160f091ec669b972f8406ca38cde8f14c17461e2294f, 24 | L = 38709c38e13a8d52051f5ddf14266c4179abaf37ef553bdf4871e343e51bcef7, 25 | T = 1e7ab0926591ea57389515a97932c5195f467a65154f1814b8c63990fe5c80d7, 26 | U = ff9a8a42430a35c1a667887a9cad3241f244e8823884ceb27cb576019fd8b09b, 27 | 28 | TEST = 3, 29 | A = c5a4d6df2f2764c9218a8e83725f2d7ff489135f7b2ea0f83b06ed307d189540, 30 | B = ed016425bbb01beca9566bbf781774a5599ec9dcbf85f3e1a10698aaba5a5861, 31 | E = d046ffb08dcf4e6252943b222d5197bb82b6e564fce6bd772bb27a8e3e5944bb, 32 | S = cac09fc7c620c462f53d1793aec83182405ffa71f89e6e26a6fb461ad7bf90ac, 33 | L = 53c088a61f158eff3bd18592e595ed15474b1ac60c12fd84f5e4c59a07ccdc3c, 34 | T = 26452cf9fa404db00ae243e45d5a9902a8e11bb4f6025904b04e58bf0b3f513d, 35 | U = 3643906e09efca1b1edfbbe9dd10c3d9aacbadfffba6f3bd539bdfc79fb11f62, 36 | 37 | TEST = 4, 38 | A = 2c3cc0f8606707858227db376e49d0539b35bb9a13e09394feda22125802d2fd, 39 | B = b20fd6417866c586ecbafcd3f3893baedd81897091beca86d6420eaf10d87931, 40 | E = 7c9d86a12b86d6fb2f17f528fa37832f85668dc967e7730e2a5299d59faf60f4, 41 | S = e73f8faf79981194c4ee0f1eadbd942d6e9297a6f7f2aa48ca384564392f6ef1, 42 | L = 4ce5e76bb95c0930d3fd86dde66b60f6810af5e27d7af9084ab2c1163dd292e5, 43 | T = ea39d54be9c92890cfb7ee8aba9b6403301dd69df490c29c0ef4a98fde987309, 44 | U = f8f44f48ab719fa71612f39c74416bcd9dad664c1be35f8b68c39519de49275d, 45 | 46 | TEST = 5, 47 | A = c3df2d0f74fe039e5fbddf583555399f0ab564034eaa5eaa871e734021f77689, 48 | B = d30ec4e0969fa9cf0dd1c61b725e5b5faac8c96e12f5bfc8ac441180a85357c1, 49 | E = 67bd9cd0b2e0695346b66d07053f26ba60022473f986ab4956b0c20ca5eeb7d4, 50 | S = e86b00ec424317d9e6c983682b76e0589149c2be2de586515ccb403bb61613ea, 51 | L = 6345b6f3ec1ec358e700f8d19a0dfde21a4a91cc262a1f4673b451c72539a294, 52 | T = 85148b51e33264a188b79df3cac87e78041047e2300678d0d8984ec2af8043ff, 53 | U = 096147a069b0d63da7a85d68047a827cec23c3da65d590345291cbe491e769c3, 54 | 55 | TEST = 6, 56 | A = 7f65618bf4531471c0b419bde1c06dcf7f20064fc65a97510658fe81db7eba0b, 57 | B = 1a141938c4c0e7e3ad4f648be35ab96f39b9329129556d8f549e1995d0af503e, 58 | E = 2449978fa5cca2b27e17085429f9071d5d8bbe3f8f53df285eee5f6cc5efe1e5, 59 | S = f4e7cccc8bf490e705720a33776fab2ec700010dd971b8430abba2cdb77d48e7, 60 | L = e58b630fc1350574468489f76a6c5fe3298a6174343a261c9af87bdbfe79dd80, 61 | T = dd0d19687a3ce16fd50720f3f06971089ca91ea50c22d489bcf2c1cdfce6a83c, 62 | U = dba67e6ef893225ec8a86ffe4f5fba51820117efd25dbbe1dadcd8f9dffe1174, 63 | 64 | TEST = 7, 65 | A = c712cd92b407de5731a351dfb230b1ae0f65f99184ff97d7e7dbd3d9921ffd1e, 66 | B = 08e02f9c632d3fd1f48bdddcfdaca3588b168f0b6ff4cbaee99356d23d1e355a, 67 | E = e0eb9c89aa93820c6a81431ca3c3e2d33088f1d0c1bddea749bb91a252425145, 68 | S = c212f5fe66de61ebf95c0e0797bea72fcf10bb5f4aa903085aef685e35f68220, 69 | L = 234d8df29b1ee7f841b6d74a9bb8139d379df056716187225acc45fcc7d364f3, 70 | T = 3e82ff64fde662cec1730ca59d759c22f191326dbbbeaf09fa2c01a9184782ab, 71 | U = 51e0c8ba1580270fd2b69b37cdde5d28ed42c4de9d69c8676b1863879082bfed, 72 | 73 | TEST = 8, 74 | A = 8c445e5b7ded4cbe35c3ee3f7099c8e934f91af1c40769f8393e41accf99b0e0, 75 | B = 4a1e2a5cf808072ea5c16e1fb30c50937917bcd820d2ca6b576d46ec3921ae9a, 76 | E = edf5287bd261774cb5bb598cb3cf2a0fceae399bd11052ae3d49981f7eb208e4, 77 | S = a810da8072d0d8a25d80804a4b42aa271266bfdd9d5a381d16159ca68c99364b, 78 | L = 31029b181072637a6f1c37e78f43a027c5914a9d3e6490ee44a6556e5aa78479, 79 | T = 74929c82affb7002b6498f8eb4fa4a3f3c885555a76ad123ebe509b3e0563095, 80 | U = eaf7f0aa49345ea20bcf7a0b6455d7ee93a22250578f685a4a47a2a1e00708e3, 81 | 82 | TEST = 9, 83 | A = 0ee46716e7ff3dd305539228c6b43eaa5e4b62eeff4774040f58e4a525dc3507, 84 | B = 9f89f7464b6d8b6696b993fd8d9d67e340a00ce74d20d451ef12f480cdb586e1, 85 | E = fe5401db00e97272706a38f44a9e1242842124fb8961b5ee3c1d9c15224755e4, 86 | S = 5c4b0eb387613f0051b3d015470b82f0ad4cb2ae6b8ddf509f43098cd001b025, 87 | L = 3d1e96f31d07cd0ee32e5f427e8649509792443cee564ab9ad271277b14ed16d, 88 | T = c3c448911a041b09b90f2e70c32f0a46e4c8051f243048473f9f9fc705b89b0e, 89 | U = ef6ba05a3654d955ab2d5ce2331e1eaac4d6610d89b397deceb87377d15609c2, 90 | 91 | -------------------------------------------------------------------------------- /test/smoke/test_shamir_smoke.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /* SSS/VSS smoke test */ 21 | 22 | #include 23 | #include 24 | #include 25 | #include "amcl/shamir.h" 26 | 27 | int main() 28 | { 29 | int i; 30 | int rc; 31 | 32 | int n=4; 33 | int k=3; 34 | 35 | // Secret 36 | char s[SGS_SECP256K1]; 37 | octet S = {0,sizeof(s),s}; 38 | 39 | char s_golden[SGS_SECP256K1]; 40 | octet S_GOLDEN = {0, sizeof(s_golden), s_golden}; 41 | 42 | // Secret shares 43 | char x[n][SGS_SECP256K1]; 44 | octet X[n]; 45 | char y[n][SGS_SECP256K1]; 46 | octet Y[n]; 47 | 48 | for(i = 0; i < n; i++) 49 | { 50 | Y[i].max = SGS_SECP256K1; 51 | Y[i].len = SGS_SECP256K1; 52 | Y[i].val = y[i]; 53 | 54 | X[i].max = SGS_SECP256K1; 55 | X[i].len = SGS_SECP256K1; 56 | X[i].val = x[i]; 57 | } 58 | 59 | SSS_shares shares = {X, Y}; 60 | 61 | // Deterministic RNG for testing 62 | char seed[32] = {0}; 63 | csprng RNG; 64 | RAND_seed(&RNG, 32, seed); 65 | 66 | /* Shamir Secret Sharing */ 67 | 68 | // Create random shares and test reconstruction 69 | SSS_make_shares(k, n, &RNG, &shares, &S_GOLDEN); 70 | SSS_recover_secret(k, &shares, &S); 71 | 72 | if (!OCT_comp(&S, &S_GOLDEN)) 73 | { 74 | printf("FAILURE SSS_recover_secret - first k shares\n"); 75 | exit(EXIT_FAILURE); 76 | } 77 | 78 | // Reconstruct secret using last k shares in X, Y 79 | shares.X = X + n - k; 80 | shares.Y = Y + n - k; 81 | SSS_recover_secret(k, &shares, &S); 82 | 83 | if (!OCT_comp(&S, &S_GOLDEN)) 84 | { 85 | printf("FAILURE SSS_recover_secret - last k shares\n"); 86 | exit(EXIT_FAILURE); 87 | } 88 | 89 | // Restore the shares 90 | shares.X = X; 91 | shares.Y = Y; 92 | 93 | /* Shamir to additive conversion */ 94 | char sh[SGS_SECP256K1]; 95 | octet SH = {0, sizeof(sh), sh}; 96 | 97 | char others[k-1][SGS_SECP256K1]; 98 | octet OTHERS[k-1]; 99 | 100 | for (i = 0; i < k-1; i++) 101 | { 102 | OTHERS[i].max = SGS_SECP256K1; 103 | OTHERS[i].len = SGS_SECP256K1; 104 | OTHERS[i].val = others[i]; 105 | } 106 | 107 | BIG_256_56 acc; 108 | BIG_256_56 share; 109 | BIG_256_56 q; 110 | 111 | BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); 112 | BIG_256_56_zero(acc); 113 | 114 | for (i = 0; i < k; i++) 115 | { 116 | // Load other X shares into memory 117 | octet *other_shares_ptr = OTHERS; 118 | for (int j = 0; j < k; j++) 119 | { 120 | if (j == i) continue; 121 | 122 | OCT_copy(other_shares_ptr, X+j); 123 | other_shares_ptr++; 124 | } 125 | 126 | SSS_shamir_to_additive(k, X+i, Y+i, OTHERS, &SH); 127 | 128 | BIG_256_56_fromBytesLen(share, SH.val, SH.len); 129 | BIG_256_56_add(acc, acc, share); 130 | BIG_256_56_mod(acc, q); 131 | } 132 | 133 | BIG_256_56_toBytes(SH.val, acc); 134 | SH.len = SGS_SECP256K1; 135 | 136 | if (!OCT_comp(&SH, &S)) 137 | { 138 | printf("FAILURE SSS_shamir_to_additive\n"); 139 | exit(EXIT_FAILURE); 140 | } 141 | 142 | /* Verifiable Secret Sharing */ 143 | 144 | // Additional checks for verification 145 | char c[k][1 + SFS_SECP256K1]; 146 | octet C[k]; 147 | 148 | for(i = 0; i < k; i++) 149 | { 150 | C[i].max = 1 + SFS_SECP256K1; 151 | C[i].len = 1 + SFS_SECP256K1; 152 | C[i].val = c[i]; 153 | } 154 | 155 | // Resuse same S_GOLDEN from above to test path where the 156 | // secret is supplied 157 | VSS_make_shares(k, n, &RNG, &shares, C, &S_GOLDEN); 158 | 159 | for (i = 0; i < n; i++) 160 | { 161 | rc = VSS_verify_shares(k, X+i, Y+i, C); 162 | 163 | if (rc != VSS_OK) 164 | { 165 | printf("FAILURE VSS_verify_shares, share %d. rc %d\n", i, rc); 166 | exit(EXIT_FAILURE); 167 | } 168 | } 169 | 170 | // Test secret recovery when shares are generated using VSS 171 | SSS_recover_secret(k, &shares, &S); 172 | 173 | if (!OCT_comp(&S, &S_GOLDEN)) 174 | { 175 | printf("FAILURE SSS_recover_secret - VSS shares\n"); 176 | exit(EXIT_FAILURE); 177 | } 178 | 179 | printf("SUCCESS\n"); 180 | exit(EXIT_SUCCESS); 181 | } 182 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | cmake_minimum_required (VERSION 3.1 FATAL_ERROR) 19 | project (libmpc) 20 | 21 | # Helper Macros 22 | macro(log var) 23 | message(STATUS "${var}: ${${var}}") 24 | endmacro() 25 | 26 | add_definitions(-D CMAKE) 27 | 28 | # Includes 29 | list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) 30 | include(CMakeDependentOption) 31 | include(CTest) 32 | include(GNUInstallDirs) 33 | 34 | # Extract version from the VERSION file 35 | file(STRINGS VERSION VERSION_FILE_CONTENT) 36 | string(REPLACE "." ";" VERSION_FILE_PARTS ${VERSION_FILE_CONTENT}) 37 | list(GET VERSION_FILE_PARTS 0 VERSION_MAJOR) 38 | list(GET VERSION_FILE_PARTS 1 VERSION_MINOR) 39 | list(GET VERSION_FILE_PARTS 2 VERSION_PATCH) 40 | set(BUILD_VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}") 41 | log(BUILD_VERSION) 42 | log(CMAKE_GENERATOR) 43 | 44 | # Add options for build 45 | option(BUILD_DOXYGEN "Build Doxygen" ON) 46 | option(BUILD_SHARED_LIBS "Build shared libraries" ON) 47 | option(BUILD_TESTS "Build tests" ON) 48 | option(BUILD_EXAMPLES "Build examples" ON) 49 | log(BUILD_DOXYGEN) 50 | log(BUILD_SHARED_LIBS) 51 | log(BUILD_TESTS) 52 | log(BUILD_EXAMPLES) 53 | 54 | # Allow the developer to select if Dynamic or Static libraries are built 55 | # Set the default LIB_TYPE variable to STATIC 56 | SET (LIB_TYPE STATIC) 57 | IF (BUILD_SHARED_LIBS) 58 | # User wants to build Dynamic Libraries, so change the LIB_TYPE variable to CMake keyword 'SHARED' 59 | SET (LIB_TYPE SHARED) 60 | ENDIF (BUILD_SHARED_LIBS) 61 | 62 | # Configure build 63 | set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} 64 | CACHE STRING "Choose the type of build: Debug Release Coverage ASan" 65 | FORCE) 66 | 67 | # Set a default build type if none was specified 68 | if(NOT CMAKE_BUILD_TYPE) 69 | message(STATUS "Setting build type to 'Release' as none was specified.") 70 | set(CMAKE_BUILD_TYPE Release) 71 | endif(NOT CMAKE_BUILD_TYPE) 72 | log(CMAKE_BUILD_TYPE) 73 | 74 | if(CMAKE_COMPILER_IS_GNUCC) 75 | execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion 76 | OUTPUT_VARIABLE GCC_VERSION) 77 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99 -Wall -Wextra -Wno-strict-prototypes -Wunused-value -Wcast-align -Wunused-variable -Wundef -Wformat-security") 78 | 79 | if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) 80 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") 81 | set(CMAKE_C_FLAGS_ASAN "-O0 -g3 -fsanitize=address -fsanitize=undefined -fno-sanitize-recover -fno-strict-overflow") 82 | else (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) 83 | message(STATUS "GCC 4.8 required to run address sanitizer - please upgrade your installation") 84 | endif(GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) 85 | 86 | IF (BUILD_SHARED_LIBS) 87 | set(CMAKE_C_FLAGS_RELEASE "-O2 -fno-strict-overflow") 88 | set(CMAKE_C_FLAGS_DEBUG "-O0 -g3 -fno-strict-overflow -D DEBUG") 89 | set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 -fno-strict-overflow --coverage") 90 | else(BUILD_SHARED_LIBS) 91 | set(CMAKE_C_FLAGS_RELEASE "-static -O2 -fno-strict-overflow") 92 | set(CMAKE_C_FLAGS_DEBUG "-static -O0 -g3 -fno-strict-overflow -D DEBUG") 93 | set(CMAKE_C_FLAGS_COVERAGE "-static -O0 -g3 -fno-strict-overflow --coverage") 94 | endif(BUILD_SHARED_LIBS) 95 | 96 | endif(CMAKE_COMPILER_IS_GNUCC) 97 | 98 | if(CMAKE_BUILD_TYPE STREQUAL "Coverage") 99 | set(CMAKE_SHARED_LINKER_FLAGS "--coverage") 100 | endif(CMAKE_BUILD_TYPE STREQUAL "Coverage") 101 | 102 | log(CMAKE_INSTALL_PREFIX) 103 | 104 | # /include subdir 105 | set(INSTALL_INCLUDESUBDIR "${CMAKE_INSTALL_INCLUDEDIR}/amcl") 106 | log(CMAKE_INSTALL_INCLUDEDIR) 107 | log(INSTALL_INCLUDESUBDIR) 108 | 109 | # Add subdirectories 110 | add_subdirectory(include) 111 | add_subdirectory(src) 112 | 113 | if(BUILD_EXAMPLES) 114 | message(STATUS "Build examples") 115 | add_subdirectory(examples) 116 | endif() 117 | 118 | if(BUILD_TESTS) 119 | message(STATUS "Build tests") 120 | add_subdirectory(test) 121 | endif() 122 | 123 | 124 | # uninstall target 125 | configure_file( 126 | "${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in" 127 | "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake" 128 | IMMEDIATE @ONLY) 129 | 130 | add_custom_target(uninstall 131 | COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake) 132 | 133 | include(CPackConfig.cmake) 134 | 135 | -------------------------------------------------------------------------------- /examples/cg21/example_cg21_pi_mod.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | 19 | This example is for the implementation of CG21:PI_MOD, eprint, page:36, figure:16 20 | For checking validity of Paillier N visit 21 | https://dl.acm.org/doi/abs/10.1145/3372297.3423367, page:1779, figure:5 22 | 23 | */ 24 | 25 | #include 26 | #include 27 | #include "amcl/cg21/cg21_pi_mod.h" 28 | #include 29 | #include 30 | #include 31 | #include "amcl/schnorr.h" 32 | 33 | bool Debug = false; 34 | 35 | 36 | void dec_to_octet(int decimal_Number, octet *O) 37 | { 38 | BIG_256_56 temp; 39 | 40 | BIG_256_56_zero(temp); 41 | BIG_256_56_inc(temp, decimal_Number); 42 | OCT_pad(O, iLEN); 43 | BIG_256_56_toBytes(O->val,temp); 44 | } 45 | 46 | void init_octets(char* mem, octet *OCTETS, int max, int n) 47 | { 48 | for (int i = 0; i < n; i++) 49 | { 50 | OCTETS[i].val = mem + (i*max); 51 | OCTETS[i].len = 0; 52 | OCTETS[i].max = max; 53 | } 54 | } 55 | 56 | char* P_hex = "ffa0ec8cec4d2ffbef2a251111a361ad0199133f0aaa715df5ef052ad1efee2efda77a9349a74743e394ecef4da268c63171b8a896df79ec940f0c11d5de4a90d66628646f21f1ac0ac5f13adf45d2fd1d795c766dff1f656c91c3650ac2b59734efd3431332d691815da465b0d6f65b1620f4b1c7b9c18b38f63f478c06ca67"; 57 | char* Q_hex = "e4d2fcd44d6bda22588e7f64e47fb32b1783cdc6ea43df8618cd27ae50e38a7d2ff1a252aec54625ab497f3cfe5860547ee0c66cb4ca0e29ccb1098fa3c04cee2565a20510596f5e0c8e4e2adde5aedcbb1803250f3465941880055798f1e36f5ba60e8878328132c070c6fad3c8ad2c155fd4cc88927f4410d498a5a5e40d8b"; 58 | 59 | char* rid_hex = "fe3d9b2809ea3595990283e7baf121910ec681e70a83255c05761008d42dce95"; 60 | char* rho_hex = "b40a06d473a944f6100d16f4900291eb929325339f52b9a058584be26f934ca2"; 61 | char* X_packed_hex = "03868dccba08f5021b5f9bf59e7834ba093ed7ca6381c6e8122207d9cdd67aa07a03bba617c6a6c6d6f76d4ea64b58bc66fb02a00de037d47fbf4852003374b9983303bc549c825221baeaa606d875e7ae28afd1785e170388c6e1d1defca48d4b3c2a"; 62 | char* j_packed_hex = "000100020003"; 63 | int n = 3; // number of players in the network 64 | 65 | int main() { 66 | 67 | // Deterministic RNG for debugging 68 | const char* seedHex = "78d0fb6705ce77dee47d03eb5b9c5d30"; 69 | char seed[16] = {0}; 70 | octet SEED = {sizeof(seed),sizeof(seed),seed}; 71 | 72 | // CSPRNG 73 | csprng RNG; 74 | 75 | // fake random source 76 | OCT_fromHex(&SEED,seedHex); 77 | printf("SEED: "); 78 | OCT_output(&SEED); 79 | 80 | // initialise RNG 81 | CREATE_CSPRNG(&RNG,&SEED); 82 | 83 | char p[FS_2048] = {0}; 84 | octet P = {0,sizeof(p),p}; 85 | 86 | char qq[FS_2048]; 87 | octet Q = {0,sizeof(qq),qq}; 88 | 89 | char rid[EGS_SECP256K1]; 90 | octet RID = {0,sizeof(rid),rid}; 91 | 92 | char rho[EGS_SECP256K1]; 93 | octet RHO = {0,sizeof(rho),rho}; 94 | 95 | char x_packed[n * (EFS_SECP256K1 + 1)]; 96 | octet X_Packed = {0,n * (EFS_SECP256K1 + 1),x_packed}; 97 | 98 | char j_packed[n * 4 + 1]; 99 | octet J_Packed = {0,n * 4 + 1,j_packed}; 100 | 101 | // Load values 102 | OCT_fromHex(&P,P_hex); 103 | OCT_fromHex(&Q,Q_hex); 104 | 105 | OCT_fromHex(&RID,rid_hex); 106 | OCT_fromHex(&RHO,rho_hex); 107 | OCT_fromHex(&X_Packed,X_packed_hex); 108 | OCT_fromHex(&J_Packed,j_packed_hex); 109 | 110 | CG21_PAILLIER_KEYS paillierKeys; 111 | 112 | PAILLIER_KEY_PAIR(NULL, &P, &Q, &paillierKeys.paillier_pk, &paillierKeys.paillier_sk); 113 | 114 | BIG_256_56 q; 115 | BIG_256_56_rcopy(q, CURVE_Order_SECP256K1); 116 | 117 | // define variables 118 | char xoct[CG21_PAILLIER_PROOF_SIZE]; 119 | octet Xoct = {0, sizeof(xoct), xoct}; 120 | 121 | char zoct[CG21_PAILLIER_PROOF_SIZE]; 122 | octet Zoct = {0, sizeof(zoct), zoct}; 123 | 124 | char ab[CG21_PAILLIER_PROOF_ITERS*4]; 125 | octet AB = {0,sizeof(ab),ab}; 126 | 127 | char w[HFS_4096]; 128 | octet W = {0, sizeof(w), w}; 129 | 130 | CG21_SSID ssid; 131 | ssid.rid = &RID; 132 | ssid.j_set_packed = &J_Packed; 133 | ssid.rho = &RHO; 134 | ssid.X_set_packed = &X_Packed; 135 | 136 | CG21_PIMOD_PROOF_OCT paillierProof; 137 | paillierProof.w = &W; 138 | paillierProof.x = &Xoct; 139 | paillierProof.z = &Zoct; 140 | paillierProof.ab = &AB; 141 | 142 | // generate proofs for the correctness of Paillier Pk 143 | int rc = CG21_PI_MOD_PROVE(&RNG, paillierKeys,&ssid, &paillierProof, n); 144 | if (rc != CG21_OK){ 145 | exit(rc); 146 | } 147 | 148 | // verify the proofs 149 | rc = CG21_PI_MOD_VERIFY(&paillierProof, &ssid, paillierKeys.paillier_pk, n); 150 | if (rc == CG21_OK){ 151 | printf("SUCCESS\n"); 152 | exit(0); 153 | } 154 | printf("FAILURE\n"); 155 | exit(1); 156 | } -------------------------------------------------------------------------------- /test/unit/test_vss.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | #include 21 | #include "test.h" 22 | #include "amcl/shamir.h" 23 | 24 | /* 25 | * Test VSS interoperability and error codes 26 | */ 27 | 28 | /* 29 | Licensed to the Apache Software Foundation (ASF) under one 30 | or more contributor license agreements. See the NOTICE file 31 | distributed with this work for additional information 32 | regarding copyright ownership. The ASF licenses this file 33 | to you under the Apache License, Version 2.0 (the 34 | "License"); you may not use this file except in compliance 35 | with the License. You may obtain a copy of the License at 36 | 37 | http://www.apache.org/licenses/LICENSE-2.0 38 | 39 | Unless required by applicable law or agreed to in writing, 40 | software distributed under the License is distributed on an 41 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 42 | KIND, either express or implied. See the License for the 43 | specific language governing permissions and limitations 44 | under the License. 45 | */ 46 | 47 | #include 48 | #include "test.h" 49 | #include "amcl/shamir.h" 50 | 51 | /* 52 | * Test Verifiable Secret Sharing verification 53 | */ 54 | 55 | #define LINE_LEN 1024 56 | #define OCT_ARRAY_LEN 16 57 | 58 | int main(int argc, char **argv) 59 | { 60 | if (argc != 2) 61 | { 62 | printf("usage: ./test_vss [path to test vector file]\n"); 63 | exit(EXIT_FAILURE); 64 | } 65 | 66 | int i; 67 | int rc; 68 | int test_run = 0; 69 | 70 | FILE *fp; 71 | char line[LINE_LEN] = {0}; 72 | 73 | const char *TESTline = "TEST = "; 74 | int testNo = 0; 75 | 76 | const char *Kline = "K = "; 77 | int k; 78 | 79 | const char *Nline = "N = "; 80 | int n; 81 | 82 | const char *Xline = "X = "; 83 | char x[OCT_ARRAY_LEN][SGS_SECP256K1]; 84 | octet X[OCT_ARRAY_LEN]; 85 | 86 | const char *Yline = "Y = "; 87 | char y[OCT_ARRAY_LEN][SGS_SECP256K1]; 88 | octet Y[OCT_ARRAY_LEN]; 89 | 90 | const char *CHECKSline = "CHECKS = "; 91 | char checks[OCT_ARRAY_LEN][1 + SGS_SECP256K1]; 92 | octet CHECKS[OCT_ARRAY_LEN]; 93 | 94 | for (i = 0; i < OCT_ARRAY_LEN; i++) 95 | { 96 | X[i].val = x[i]; 97 | X[i].len = 0; 98 | X[i].max = sizeof(x[i]); 99 | 100 | Y[i].val = y[i]; 101 | Y[i].len = 0; 102 | Y[i].max = sizeof(y[i]); 103 | 104 | CHECKS[i].val = checks[i]; 105 | CHECKS[i].len = 0; 106 | CHECKS[i].max = sizeof(checks[i]); 107 | } 108 | 109 | // Line terminating a test vector 110 | const char *last_line = CHECKSline; 111 | 112 | fp = fopen(argv[1], "r"); 113 | if (fp == NULL) 114 | { 115 | printf("ERROR opening test vector file\n"); 116 | exit(EXIT_FAILURE); 117 | } 118 | 119 | /* Test happy path with test vectors */ 120 | while (fgets(line, LINE_LEN, fp) != NULL) 121 | { 122 | scan_int(&testNo, line, TESTline); 123 | 124 | scan_int(&k, line, Kline); 125 | scan_int(&n, line, Nline); 126 | 127 | scan_OCTET_ARRAY(fp, X, line, Xline, n); 128 | scan_OCTET_ARRAY(fp, Y, line, Yline, n); 129 | scan_OCTET_ARRAY(fp, CHECKS, line, CHECKSline, k); 130 | 131 | if (!strncmp(line, last_line, strlen(last_line))) 132 | { 133 | for (i = 0; i < n; i++) 134 | { 135 | rc = VSS_verify_shares(k, X+i, Y+i, CHECKS); 136 | 137 | assert_tv(fp, testNo, "VSS_verify_shares", rc == VSS_OK); 138 | } 139 | 140 | // Mark that at least one test vector was executed 141 | test_run = 1; 142 | } 143 | } 144 | 145 | fclose(fp); 146 | 147 | if (test_run == 0) 148 | { 149 | printf("ERROR no test vector was executed\n"); 150 | exit(EXIT_FAILURE); 151 | } 152 | 153 | /* Test unhappy paths */ 154 | 155 | // Test Inconsistent shares 156 | rc = VSS_verify_shares(k, X, Y+1, CHECKS); 157 | assert(NULL, "VSS_verify_shares inconsistent share", rc == VSS_INVALID_SHARES); 158 | 159 | // Test Invalid Free term in the exponent 160 | CHECKS[0].val = x[0]; 161 | rc = VSS_verify_shares(k, X, Y, CHECKS); 162 | assert(NULL, "VSS_verify_checks invalid free term in the exponent", rc == VSS_INVALID_CHECKS); 163 | CHECKS[0].val = checks[0]; 164 | 165 | // Test invalid Generic Check 166 | CHECKS[1].val = x[0]; 167 | rc = VSS_verify_shares(k, X, Y, CHECKS); 168 | assert(NULL, "VSS_verify_checks invalid generic check", rc == VSS_INVALID_CHECKS); 169 | CHECKS[0].val = checks[0]; 170 | 171 | printf("SUCCESS\n"); 172 | exit(EXIT_SUCCESS); 173 | } 174 | 175 | -------------------------------------------------------------------------------- /include/amcl/cg21/cg21_pi_factor.h: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include "cg21_utilities.h" 27 | #include "amcl/shamir.h" 28 | #include "amcl/modulus.h" 29 | 30 | #define CG21_PI_FACTOR_INVALID_RANGE 3130201 31 | #define CG21_PI_FACTOR_INVALID_PROOF 3130202 32 | #define CG21_PI_FACTOR_MAX_N_LENGTH (256 * 8) /**< Minimum bit-length of N*/ 33 | 34 | 35 | 36 | 37 | typedef struct 38 | { 39 | octet *alpha; // Random value in [0, ..., 2^{\ell+\epsilon}.(N)^{1/2}] (FFLEN_2048) 40 | octet *beta; // Random value in [0, ..., 2^{\ell+\epslion}.(N)^{1/2}] (FFLEN_2048) 41 | octet *mu; // Random value in [0, ..., 2^{\ell}.N] (FFLEN_2048 + HFLEN_2048) 42 | octet *nu; // Random value in [0, ..., 2^{\ell}.N] (FFLEN_2048 + HFLEN_2048) 43 | octet *r; // Random value in [0, ..., 2^{\ell+\epsilon}.N^2] (2*FFLEN_2048 + HFLEN_2048) 44 | octet *x; // Random value in [0, ..., 2^{\ell+\epsilon}.N] (FFLEN_2048 + HFLEN_2048) 45 | octet *y; // Random value in [0, ..., 2^{\ell+\epsilon}.N] (FFLEN_2048 + HFLEN_2048) 46 | } CG21_PiFACTOR_SECRETS; 47 | 48 | typedef struct 49 | { 50 | octet *P; 51 | octet *Q; 52 | octet *A; 53 | octet *B; 54 | octet *T; 55 | octet *sigma; // Random value in [0, ..., 2^{\ell}.N^2] (2*FFLEN_2048 + HFLEN_2048) 56 | 57 | } CG21_PiFACTOR_COMMIT; 58 | 59 | typedef struct 60 | { 61 | octet *z1; 62 | octet *z2; 63 | octet *w1; 64 | octet *w2; 65 | octet *v; 66 | 67 | } CG21_PiFACTOR_PROOF; 68 | 69 | 70 | /** @brief Sample randoms and generate commitments 71 | * 72 | * 1: choose randoms 73 | * 2: commit to sampled randoms 74 | * 75 | * Note: All the randoms are sampled from positive range. Sampling from both negative and positive ranges 76 | * improves the efficiency and not security. 77 | * 78 | * @param RNG a pointer to a cryptographically secure random number generator 79 | * @param r1priv sampled randoms to be stored locally 80 | * @param r1pub commitment to be broadcast 81 | * @param pub_com Pedersen public parameters 82 | * @param p1 safe prime 83 | * @param q1 safe prime 84 | * @param e challenge for sigma protocol 85 | * @param ssid system-wide session-ID, refers to the same notation as in CG21 86 | * @param n number of elements in packed octets of ssid 87 | */ 88 | extern void CG21_PI_FACTOR_COMMIT(csprng *RNG, CG21_PiFACTOR_SECRETS *r1priv, CG21_PiFACTOR_COMMIT *r1pub, 89 | PEDERSEN_PUB *pub_com, octet *p1, octet *q1, octet *e, const CG21_SSID *ssid, int n); 90 | 91 | /** @brief Generate proof that N's primes are larger than ~2q-bit 92 | * 93 | * @param r1priv sampled randoms to be stored locally 94 | * @param r1pub commitment for sampled randoms 95 | * @param proof generated range proof for the primes 96 | * @param p1 safe prime 97 | * @param q1 safe prime 98 | * @param e challenge for sigma protocol 99 | */ 100 | extern void CG21_PI_FACTOR_PROVE(const CG21_PiFACTOR_SECRETS *r1priv, const CG21_PiFACTOR_COMMIT *r1pub, CG21_PiFACTOR_PROOF *proof, 101 | octet *p1, octet *q1, octet *e); 102 | 103 | /** @brief Sample randoms, generate commitments and proof that N's primes are larger than ~2q-bit 104 | * 105 | * @param RNG a pointer to a cryptographically secure random number generator 106 | * @param ssid system-wide session-ID, refers to the same notation as in CG21 107 | * @param pub_com Pedersen public parameters 108 | * @param commit commitment to be broadcast 109 | * @param proof generated range proof for the primes 110 | * @param p1 safe prime 111 | * @param q1 safe prime 112 | * @param pack_size number of elements in packed octets of ssid 113 | * 114 | */ 115 | extern void CG21_PI_FACTOR_COMMIT_PROVE(csprng *RNG, const CG21_SSID *ssid, PEDERSEN_PUB *pub_com, CG21_PiFACTOR_COMMIT *commit, 116 | CG21_PiFACTOR_PROOF *proof, octet *p1, octet *q1, int pack_size); 117 | 118 | /** @brief Verify generated proofs for the lengths of N's primes 119 | * 120 | * @param r1pub commitment for sampled randoms 121 | * @param proof generated range proof for the primes 122 | * @param N_oct RSA N modulus 123 | * @param priv_com Pedersen private parameters 124 | * @param ssid system-wide session-ID, refers to the same notation as in CG21 125 | * @param n number of elements in packed octets of ssid 126 | */ 127 | extern int CG21_PI_FACTOR_VERIFY(const CG21_PiFACTOR_COMMIT *r1pub, const CG21_PiFACTOR_PROOF *proof, octet *N_oct, 128 | PEDERSEN_PRIV *priv_com, const CG21_SSID *ssid, int n); -------------------------------------------------------------------------------- /examples/cg21/example_cg21_pi_prm.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | 19 | This example is for the implementation of CG21:PI_PRM, eprint, page:37, figure:17 20 | For checking the original paper refer to F097 ( Statistical zero knowledge protocols 21 | to prove modular polynomial relations) 22 | https://link.springer.com/chapter/10.1007/BFb0052225, page:4, section 3.1 23 | 24 | Note that in CGG21, Algorithm M in page 5 is selected to generating Pedersen params; however, 25 | in this implementation of follow the main protocol for params generation to enjoy full security 26 | features at the cost of more computational and communication costs. 27 | 28 | */ 29 | 30 | #include 31 | #include 32 | #include "amcl/cg21/cg21_pi_prm.h" 33 | #include 34 | #include 35 | #include 36 | #include "amcl/schnorr.h" 37 | #include "amcl/cg21/cg21_utilities.h" 38 | 39 | 40 | 41 | char* P_hex = "ffa0ec8cec4d2ffbef2a251111a361ad0199133f0aaa715df5ef052ad1efee2efda77a9349a74743e394ecef4da268c63171b8a896df79ec940f0c11d5de4a90d66628646f21f1ac0ac5f13adf45d2fd1d795c766dff1f656c91c3650ac2b59734efd3431332d691815da465b0d6f65b1620f4b1c7b9c18b38f63f478c06ca67"; 42 | char* Q_hex = "e4d2fcd44d6bda22588e7f64e47fb32b1783cdc6ea43df8618cd27ae50e38a7d2ff1a252aec54625ab497f3cfe5860547ee0c66cb4ca0e29ccb1098fa3c04cee2565a20510596f5e0c8e4e2adde5aedcbb1803250f3465941880055798f1e36f5ba60e8878328132c070c6fad3c8ad2c155fd4cc88927f4410d498a5a5e40d8b"; 43 | 44 | char* rid_hex = "fe3d9b2809ea3595990283e7baf121910ec681e70a83255c05761008d42dce95"; 45 | char* rho_hex = "b40a06d473a944f6100d16f4900291eb929325339f52b9a058584be26f934ca2"; 46 | char* X_packed_hex = "03868dccba08f5021b5f9bf59e7834ba093ed7ca6381c6e8122207d9cdd67aa07a03bba617c6a6c6d6f76d4ea64b58bc66fb02a00de037d47fbf4852003374b9983303bc549c825221baeaa606d875e7ae28afd1785e170388c6e1d1defca48d4b3c2a"; 47 | char* j_packed_hex = "000100020003"; 48 | int n = 3; // number of players in the network and the octets in the packages generated in key re-sharing protocol 49 | 50 | int main() { 51 | 52 | // Deterministic RNG for debugging 53 | const char* seedHex = "78d0fb6705ce77dee47d03eb5b9c5d30"; 54 | char seed[16] = {0}; 55 | octet SEED = {sizeof(seed),sizeof(seed),seed}; 56 | 57 | // CSPRNG 58 | csprng RNG; 59 | 60 | // fake random source 61 | OCT_fromHex(&SEED,seedHex); 62 | printf("SEED: "); 63 | OCT_output(&SEED); 64 | 65 | // initialise RNG 66 | CREATE_CSPRNG(&RNG,&SEED); 67 | 68 | char p[FS_2048] = {0}; 69 | octet P = {0,sizeof(p),p}; 70 | 71 | char qq[FS_2048]; 72 | octet Q = {0,sizeof(qq),qq}; 73 | 74 | char rid[EGS_SECP256K1]; 75 | octet RID = {0,sizeof(rid),rid}; 76 | 77 | char rho[EGS_SECP256K1]; 78 | octet RHO = {0,sizeof(rho),rho}; 79 | 80 | char x_packed[n * (EFS_SECP256K1 + 1)]; 81 | octet X_Packed = {0,n * (EFS_SECP256K1 + 1),x_packed}; 82 | 83 | char j_packed[n * 4 + 1]; 84 | octet J_Packed = {0,n * 4 + 1,j_packed}; 85 | 86 | // Load values 87 | OCT_fromHex(&P,P_hex); 88 | OCT_fromHex(&Q,Q_hex); 89 | 90 | OCT_fromHex(&RID,rid_hex); 91 | OCT_fromHex(&RHO,rho_hex); 92 | OCT_fromHex(&X_Packed,X_packed_hex); 93 | OCT_fromHex(&J_Packed,j_packed_hex); 94 | 95 | CG21_SSID ssid; 96 | ssid.rid = &RID; 97 | ssid.j_set_packed = &J_Packed; 98 | ssid.rho = &RHO; 99 | ssid.X_set_packed = &X_Packed; 100 | ssid.n1 = &n; 101 | 102 | 103 | char rr1[HDLOG_VALUES_SIZE]; 104 | octet rho_oct = {0, sizeof(rr1), rr1}; 105 | 106 | char rr2[HDLOG_VALUES_SIZE]; 107 | octet irho_oct = {0, sizeof(rr2), rr2}; 108 | 109 | char rr3[HDLOG_VALUES_SIZE]; 110 | octet t_oct = {0, sizeof(rr3), rr3}; 111 | 112 | char rr4[HDLOG_VALUES_SIZE]; 113 | octet it_oct = {0, sizeof(rr4), rr4}; 114 | 115 | CG21_PIPRM_PROOF_OCT proofOct; 116 | proofOct.rho = &rho_oct; 117 | proofOct.irho = &irho_oct; 118 | proofOct.t = &t_oct; 119 | proofOct.it = &it_oct; 120 | 121 | CG21_PEDERSEN_KEYS pedersenKeys; 122 | 123 | // Using externally generated primes 124 | ring_Pedersen_setup(&RNG, &pedersenKeys.pedersenPriv, &P,&Q); 125 | 126 | // Prove b0, b1, n have correct form 127 | printf("\nProve the generated parameters are well formed ..."); 128 | 129 | int rc = CG21_PI_PRM_PROVE(&RNG, &pedersenKeys.pedersenPriv, &ssid, &proofOct); 130 | if (rc != CG21_OK){ 131 | printf("\nProve failed!, %d", rc); 132 | exit(1); 133 | } 134 | 135 | printf("\nDone."); 136 | 137 | printf("\n\nVerify the proof ...\n"); 138 | 139 | // copy public params to another structure 140 | Pedersen_get_public_param(&pedersenKeys.pedersenPub, &pedersenKeys.pedersenPriv); 141 | 142 | rc = CG21_PI_PRM_VERIFY(&pedersenKeys.pedersenPub, &ssid, &proofOct, n); 143 | 144 | if (rc != CG21_OK) 145 | { 146 | printf("Failure! RC %d\n", rc); 147 | exit(0); 148 | } 149 | else 150 | { 151 | printf("Success!\n"); 152 | exit(rc); 153 | } 154 | 155 | } -------------------------------------------------------------------------------- /test/smoke/test_hidden_dlog_smoke.c: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | /* ZKPoK of DLOG over a hidden order group smoke test */ 21 | 22 | #include "amcl/hidden_dlog.h" 23 | 24 | // Safe primes P = 2p+1, Q = 2q+1 25 | char *Phex = "e41615620cb68a9ea8df28551b27f333cf65c770c7e959435786d4b510fe360a304fd2bf437431e790dc4c54da6db03119e75ef0b3f47436acf78a9e7b2276ebdd864e49d3bf450c496b10471f024dc4ae1f659c41aacdfb8ee6d52ba46a82d41f79a14277a61474a6473b7e4ab82528383d6400dc71278941e16c138d74d5bb"; 26 | char *Qhex = "d344c02d8379387e773ab6fa6de6b92b395d5b7f0c41660778766a1ec4740468203bff2d05f263ff6f22740d4b2e799fd1fd2e2339e328c62d31eeecba30fd4892e0c1637e0f62b4de34f5d778a7dfd181b94464f3669751264a0058708a360552535653efc75e3035485e966df30a17146d692747e20b2f04f3877dd1f56dcf"; 27 | 28 | // B1 = B0 ^ A mod PQ with B0 generator of G_pq 29 | char *Ahex = "2545cf613d4a6fa16bec6ec4dfc0c512bb6b8ea31250414f01f466776d30ca080e323392759180cf0e853a9168b59cf32589f84c1380c3a1482c031cb3b32b5e2dc062dde861fe09dd57afb1c2b8674a35dfe016368e2345592fd90e76060532ce61cbec50a49c67c5ab3f3b433aaa8d0480f79123b14a375f6a8f8ebc91cabd8e5fe5428a37f11caee1f7833418d60c2a757304ca1f12e2a63a366e7ec3007a4c62b068b6207aa2ce2ea287fbdeff973f4a725da10df44134a8f981f22157ee932a3b3565ec723af666553c668fcd31cf342712b4dff9bb5e95dc0d6cc23cfb31b9fdd92f00a35a200c2656054bbcddea10284027667da8598f650083a23fd6"; 30 | char *B0hex = "5e712c49e4648060d2a1f4487aa56496f75106571e4f6fedebf0150fa628d968e8694919d151e21a521c3e80309e5830b4c284f0e00e084fbac1defffbbf2f4f467b2ba14b7ca796fab4574310bf5afead953bfaf01750f0dd8f771df7bc6cfa64b9a108648d8a180a361f5faa9549a56afae8b2bd0563b5591a20439e0781babb280ab30f2b5b6abe4e35b600403f9e86564197fd7a5da724f3fb265600c619645b50cad7ed2597c189b082a18f641dbbf79c28a75add4915ce0ff19ef229a4d03e11cdc1b37d42df20c25b6cd991ab8b31d82051bcb7c3848ca1eac18cb9bab5eaf36390f90bf7e34aace31279cad4fd55aec4689881c49b7bf7cf4939ebb4"; 31 | char *B1hex = "199540bcefff1aa1af7d665e5fb401a57a0962004fd0f6c4e7ec1543daf9a57c4e758b7e3bb8e9bb9528699cddd5ae23522decee78a67da3a872e1b2fcbc3be354674fd4c037639da2ace925805471bf960d6679bfdac6b722bd1f607f314e05c2c2b7f5af9d85c49c82a40a91b217806f8e18fc1b3746f380b0512458fc7f81e58a052afadcd9fe448e61ce846ab729344b9c845dd4590888ee25abc695ef04efdd9f02a35e89bb563a68cb54ed8a7fba6de284385b8e065372082b10b00499f62dd522ad51d0a4f44f509876b6b3a9e824e172550ef09f5d07183b6ab87671fda390a5a080f50e88d987c5d0ea64f77149beba2b0e5a77c6ee0cff08854fc6"; 32 | 33 | int main() 34 | { 35 | int rc; 36 | 37 | char p[HFS_2048]; 38 | octet P = {0, sizeof(p), p}; 39 | 40 | char q[HFS_2048]; 41 | octet Q = {0, sizeof(q), q}; 42 | 43 | char w[FS_2048]; 44 | octet W = {0, sizeof(w), w}; 45 | 46 | MODULUS_priv m; 47 | 48 | BIG_1024_58 ord[FFLEN_2048]; 49 | 50 | BIG_1024_58 alpha[FFLEN_2048]; 51 | BIG_1024_58 b0[FFLEN_2048]; 52 | BIG_1024_58 b1[FFLEN_2048]; 53 | 54 | BIG_1024_58 ws1[HFLEN_2048]; 55 | BIG_1024_58 ws2[HFLEN_2048]; 56 | 57 | HDLOG_iter_values r; 58 | HDLOG_iter_values rho; 59 | HDLOG_iter_values t; 60 | 61 | char id[32]; 62 | octet ID = {0, sizeof(id), id}; 63 | 64 | char ad[32]; 65 | octet AD = {0, sizeof(ad), ad}; 66 | 67 | char e[HDLOG_CHALLENGE_SIZE]; 68 | octet E = {0, sizeof(e), e}; 69 | 70 | // Deterministic RNG for testing 71 | char seed[32] = {0}; 72 | csprng RNG; 73 | RAND_seed(&RNG, 32, seed); 74 | 75 | // Pseudorandom ID and AD 76 | OCT_rand(&ID, &RNG, ID.len); 77 | OCT_rand(&AD, &RNG, AD.len); 78 | 79 | // Load values 80 | OCT_fromHex(&P, Phex); 81 | OCT_fromHex(&Q, Qhex); 82 | 83 | MODULUS_fromOctets(&m, &P, &Q); 84 | 85 | OCT_fromHex(&W, Ahex); 86 | FF_2048_fromOctet(alpha, &W, FFLEN_2048); 87 | 88 | OCT_fromHex(&W, B0hex); 89 | FF_2048_fromOctet(b0, &W, FFLEN_2048); 90 | 91 | OCT_fromHex(&W, B1hex); 92 | FF_2048_fromOctet(b1, &W, FFLEN_2048); 93 | 94 | // Compute order of B0 95 | FF_2048_copy(ws1, m.p, HFLEN_2048); 96 | FF_2048_copy(ws2, m.q, HFLEN_2048); 97 | 98 | FF_2048_shr(ws1, HFLEN_2048); 99 | FF_2048_shr(ws2, HFLEN_2048); 100 | 101 | FF_2048_mul(ord, ws1, ws2, HFLEN_2048); 102 | 103 | // Smoke test 104 | HDLOG_commit(&RNG, &m, ord, b0, r, rho); 105 | 106 | HDLOG_challenge(m.n, b0, b1, rho, &ID, &AD, &E); 107 | 108 | HDLOG_prove(ord, alpha, r, &E, t); 109 | 110 | rc = HDLOG_verify(m.n, b0, b1, rho, &E, t); 111 | if (rc != HDLOG_OK) 112 | { 113 | fprintf(stderr, "FAILURE HDLOG_verify failed"); 114 | exit(EXIT_FAILURE); 115 | } 116 | 117 | HDLOG_iter_values_kill(r); 118 | 119 | for (int i = 0; i < HDLOG_PROOF_ITERS; i++) 120 | { 121 | if (!FF_2048_iszilch(r[i], FFLEN_2048)) 122 | { 123 | printf("FAILURE HDLOG_iter_values_kill at %d\n", i); 124 | exit(EXIT_FAILURE); 125 | } 126 | } 127 | 128 | MODULUS_kill(&m); 129 | FF_2048_zero(ws1, FFLEN_2048); 130 | FF_2048_zero(ws2, FFLEN_2048); 131 | FF_2048_zero(ord, FFLEN_2048); 132 | FF_2048_zero(alpha, FFLEN_2048); 133 | 134 | OCT_clear(&P); 135 | OCT_clear(&Q); 136 | 137 | printf("SUCCESS\n"); 138 | exit(EXIT_SUCCESS); 139 | } 140 | -------------------------------------------------------------------------------- /testVectors/schnorr/dprove.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "TEST": 0, 4 | "A": "98805901e0372ed6d0a40b6713fefc8287e8d1db602e019f2ed5351409d9706d", 5 | "B": "26cc836888ad8d992f6a9147d708fe9a8f2d65fe86004730d12592c7b8b040ef", 6 | "E": "1461d3a0ab285ff20abb1f57feab8d5177f48f7886ec7b40295daebb028f3585", 7 | "S": "7a576ef122d172a58e5fe6dd5d99420b0ba1c484e3f3c4b7c68f1b61e62c0743", 8 | "L": "0886d359c3d6d968e013364166ff8a99c19cbf8cf31682cac557033206616515", 9 | "T": "82620066f763e041c98582a702a9c96862acb2ff1e8ddc41453d7de181649109", 10 | "U": "b6808109110b2f095dff929e6f70ffb212ed541bea0e9c502393b77354892e06" 11 | }, 12 | { 13 | "TEST": 1, 14 | "A": "0cb56a12df35413544e656003152984ef3ca4dcdc0521eaf8c64e6bc6c1e64f4", 15 | "B": "f0d0b41a157ce4fbb7d1489a35a9292a9613d04a762b4a2877fc00e65e8403ca", 16 | "E": "0fd895b69a81143a766bc083b0b2438a056db9c7eaba689bf3eef1a27289a957", 17 | "S": "4ca7684fe26ab68f8add3d5c7ffd93cabe7d1a40d6ac7275289c14e949f783cb", 18 | "L": "f3183da05f4eacd598ecfee13aafab0a66c4e8305fcdd6a125551b28421e4a18", 19 | "T": "9a80b742ac91e1dfabdacc7beda876630da20fdfa68371594f0fc91767f97ef5", 20 | "U": "09bd1bcc47053e8eaa41e620e0afcacbeffe9204b94b7adc4ea672791feaeae4" 21 | }, 22 | { 23 | "TEST": 2, 24 | "A": "2470fd1f08b27218902e84f7831b145a3397feea9063bb6dbc1dc58043793d36", 25 | "B": "aac9c4169145697d2be942b35b477d8f5e05d3380bf4a477b155a0b5b1cdca04", 26 | "E": "557b85666a49026cf91b4f1131378a1e6b95bc9bbdc73a7dcd305ccc40005af7", 27 | "S": "9f43938ac39a90d371ce160f091ec669b972f8406ca38cde8f14c17461e2294f", 28 | "L": "38709c38e13a8d52051f5ddf14266c4179abaf37ef553bdf4871e343e51bcef7", 29 | "T": "1e7ab0926591ea57389515a97932c5195f467a65154f1814b8c63990fe5c80d7", 30 | "U": "ff9a8a42430a35c1a667887a9cad3241f244e8823884ceb27cb576019fd8b09b" 31 | }, 32 | { 33 | "TEST": 3, 34 | "A": "c5a4d6df2f2764c9218a8e83725f2d7ff489135f7b2ea0f83b06ed307d189540", 35 | "B": "ed016425bbb01beca9566bbf781774a5599ec9dcbf85f3e1a10698aaba5a5861", 36 | "E": "d046ffb08dcf4e6252943b222d5197bb82b6e564fce6bd772bb27a8e3e5944bb", 37 | "S": "cac09fc7c620c462f53d1793aec83182405ffa71f89e6e26a6fb461ad7bf90ac", 38 | "L": "53c088a61f158eff3bd18592e595ed15474b1ac60c12fd84f5e4c59a07ccdc3c", 39 | "T": "26452cf9fa404db00ae243e45d5a9902a8e11bb4f6025904b04e58bf0b3f513d", 40 | "U": "3643906e09efca1b1edfbbe9dd10c3d9aacbadfffba6f3bd539bdfc79fb11f62" 41 | }, 42 | { 43 | "TEST": 4, 44 | "A": "2c3cc0f8606707858227db376e49d0539b35bb9a13e09394feda22125802d2fd", 45 | "B": "b20fd6417866c586ecbafcd3f3893baedd81897091beca86d6420eaf10d87931", 46 | "E": "7c9d86a12b86d6fb2f17f528fa37832f85668dc967e7730e2a5299d59faf60f4", 47 | "S": "e73f8faf79981194c4ee0f1eadbd942d6e9297a6f7f2aa48ca384564392f6ef1", 48 | "L": "4ce5e76bb95c0930d3fd86dde66b60f6810af5e27d7af9084ab2c1163dd292e5", 49 | "T": "ea39d54be9c92890cfb7ee8aba9b6403301dd69df490c29c0ef4a98fde987309", 50 | "U": "f8f44f48ab719fa71612f39c74416bcd9dad664c1be35f8b68c39519de49275d" 51 | }, 52 | { 53 | "TEST": 5, 54 | "A": "c3df2d0f74fe039e5fbddf583555399f0ab564034eaa5eaa871e734021f77689", 55 | "B": "d30ec4e0969fa9cf0dd1c61b725e5b5faac8c96e12f5bfc8ac441180a85357c1", 56 | "E": "67bd9cd0b2e0695346b66d07053f26ba60022473f986ab4956b0c20ca5eeb7d4", 57 | "S": "e86b00ec424317d9e6c983682b76e0589149c2be2de586515ccb403bb61613ea", 58 | "L": "6345b6f3ec1ec358e700f8d19a0dfde21a4a91cc262a1f4673b451c72539a294", 59 | "T": "85148b51e33264a188b79df3cac87e78041047e2300678d0d8984ec2af8043ff", 60 | "U": "096147a069b0d63da7a85d68047a827cec23c3da65d590345291cbe491e769c3" 61 | }, 62 | { 63 | "TEST": 6, 64 | "A": "7f65618bf4531471c0b419bde1c06dcf7f20064fc65a97510658fe81db7eba0b", 65 | "B": "1a141938c4c0e7e3ad4f648be35ab96f39b9329129556d8f549e1995d0af503e", 66 | "E": "2449978fa5cca2b27e17085429f9071d5d8bbe3f8f53df285eee5f6cc5efe1e5", 67 | "S": "f4e7cccc8bf490e705720a33776fab2ec700010dd971b8430abba2cdb77d48e7", 68 | "L": "e58b630fc1350574468489f76a6c5fe3298a6174343a261c9af87bdbfe79dd80", 69 | "T": "dd0d19687a3ce16fd50720f3f06971089ca91ea50c22d489bcf2c1cdfce6a83c", 70 | "U": "dba67e6ef893225ec8a86ffe4f5fba51820117efd25dbbe1dadcd8f9dffe1174" 71 | }, 72 | { 73 | "TEST": 7, 74 | "A": "c712cd92b407de5731a351dfb230b1ae0f65f99184ff97d7e7dbd3d9921ffd1e", 75 | "B": "08e02f9c632d3fd1f48bdddcfdaca3588b168f0b6ff4cbaee99356d23d1e355a", 76 | "E": "e0eb9c89aa93820c6a81431ca3c3e2d33088f1d0c1bddea749bb91a252425145", 77 | "S": "c212f5fe66de61ebf95c0e0797bea72fcf10bb5f4aa903085aef685e35f68220", 78 | "L": "234d8df29b1ee7f841b6d74a9bb8139d379df056716187225acc45fcc7d364f3", 79 | "T": "3e82ff64fde662cec1730ca59d759c22f191326dbbbeaf09fa2c01a9184782ab", 80 | "U": "51e0c8ba1580270fd2b69b37cdde5d28ed42c4de9d69c8676b1863879082bfed" 81 | }, 82 | { 83 | "TEST": 8, 84 | "A": "8c445e5b7ded4cbe35c3ee3f7099c8e934f91af1c40769f8393e41accf99b0e0", 85 | "B": "4a1e2a5cf808072ea5c16e1fb30c50937917bcd820d2ca6b576d46ec3921ae9a", 86 | "E": "edf5287bd261774cb5bb598cb3cf2a0fceae399bd11052ae3d49981f7eb208e4", 87 | "S": "a810da8072d0d8a25d80804a4b42aa271266bfdd9d5a381d16159ca68c99364b", 88 | "L": "31029b181072637a6f1c37e78f43a027c5914a9d3e6490ee44a6556e5aa78479", 89 | "T": "74929c82affb7002b6498f8eb4fa4a3f3c885555a76ad123ebe509b3e0563095", 90 | "U": "eaf7f0aa49345ea20bcf7a0b6455d7ee93a22250578f685a4a47a2a1e00708e3" 91 | }, 92 | { 93 | "TEST": 9, 94 | "A": "0ee46716e7ff3dd305539228c6b43eaa5e4b62eeff4774040f58e4a525dc3507", 95 | "B": "9f89f7464b6d8b6696b993fd8d9d67e340a00ce74d20d451ef12f480cdb586e1", 96 | "E": "fe5401db00e97272706a38f44a9e1242842124fb8961b5ee3c1d9c15224755e4", 97 | "S": "5c4b0eb387613f0051b3d015470b82f0ad4cb2ae6b8ddf509f43098cd001b025", 98 | "L": "3d1e96f31d07cd0ee32e5f427e8649509792443cee564ab9ad271277b14ed16d", 99 | "T": "c3c448911a041b09b90f2e70c32f0a46e4c8051f243048473f9f9fc705b89b0e", 100 | "U": "ef6ba05a3654d955ab2d5ce2331e1eaac4d6610d89b397deceb87377d15609c2" 101 | } 102 | ] --------------------------------------------------------------------------------