test(bn254, bls12-381): test points intentionally not on sugroups G1/2

[yelhousni]

Description

• Generate test points that are intentionally on the G1/2 cofactor-torsions for fuzzing purposes.
• Renamed some test methods to make more sense.

This is useful for geth fuzzer for bn254 and bls12-381. We could also generify the test for other curves but it's not a priority now IMO.

Type of change

• New feature (non-breaking change which adds functionality)

How has this been tested?

Last test in TestIsOnG2 generates points (using fuzzCofactorOfG*Jac) that pass the IsOnCurve test but not IsInSubGroup test.

How has this been benchmarked?

N/A

Checklist:

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• I did not modify files generated from templates
• golangci-lint does not output errors locally
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

[holiman]

This is very useful, thanks!

Currently, as far as I can tell this is not exported?

t would be highly useful for external callers to be able to use this, to create points that are not in the right subgroups. Ideally using a custom source, so that fuzzing can produce points reproducably.

Either maybe something like GeneratePointInWrontgSubgroup( io.Reader) or something which converts a point into a "not-on-subgroup-point) somehow.

Alternatively: not expose the full "generate a point not on subgroup" but the individual smaller parts, making it easier for the outer caller to construct it by themselves.

But maybe I'm just misunderstanding, and this is already doable? I'm not a cryptographer, this stuff is hard for me :)

[yelhousni]

This is very useful, thanks!

Currently, as far as I can tell this is not exported?

t would be highly useful for external callers to be able to use this, to create points that are not in the right subgroups. Ideally using a custom source, so that fuzzing can produce points reproducably.

Either maybe something like GeneratePointInWrontgSubgroup( io.Reader) or something which converts a point into a "not-on-subgroup-point) somehow.

Alternatively: not expose the full "generate a point not on subgroup" but the individual smaller parts, making it easier for the outer caller to construct it by themselves.

But maybe I'm just misunderstanding, and this is already doable? I'm not a cryptographer, this stuff is hard for me :)

Hey!
Would something like:

func GeneratePointInWrongSubgroup() (*G1Jac, error) {
        var f fp.Element
        var p G1Jac
        _, err := f.SetRandom()
        if err != nil {
                return &p, err
        }
        p = fuzzCofactorOfG1Jac(f)
        return &p, nil
}

be sufficient?
where SetRandom() is derived from go/src/crypto/rand.

We can export this method or similar if so.

[holiman]

Iiuc, using SetRandom like that will make it difficult to emit reproducible points.

[holiman]

How about taking an fp.Element as input?