diff --git a/ecc/bls12-377/g1_test.go b/ecc/bls12-377/g1_test.go index f32180292..442b68e74 100644 --- a/ecc/bls12-377/g1_test.go +++ b/ecc/bls12-377/g1_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG1AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -499,7 +499,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineCofactorCleaning(t *testing.T) { +func TestG1CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -538,7 +538,7 @@ func TestG1AffineCofactorCleaning(t *testing.T) { } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bls12-377/g2_test.go b/ecc/bls12-377/g2_test.go index eba5190a5..32ca456e7 100644 --- a/ecc/bls12-377/g2_test.go +++ b/ecc/bls12-377/g2_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG2AffineEndomorphism(t *testing.T) { +func TestG2Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -74,7 +74,7 @@ func TestG2AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineIsOnCurve(t *testing.T) { +func TestIsOnG2(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -123,7 +123,7 @@ func TestG2AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineConversions(t *testing.T) { +func TestG2Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -491,7 +491,7 @@ func TestG2AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineCofactorCleaning(t *testing.T) { +func TestG2CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -527,7 +527,7 @@ func TestG2AffineCofactorCleaning(t *testing.T) { } -func TestG2AffineBatchScalarMultiplication(t *testing.T) { +func TestG2BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bls12-381/g1.go b/ecc/bls12-381/g1.go index 6f3e639d1..5f5a94311 100644 --- a/ecc/bls12-381/g1.go +++ b/ecc/bls12-381/g1.go @@ -506,6 +506,19 @@ func (p *G1Jac) IsInSubGroup() bool { } +func GeneratePointNotInG1(f fp.Element) G1Jac { + var res, jac G1Jac + aff := MapToCurve1(&f) + g1Isogeny(&aff) + jac.FromAffine(&aff) + // p+x²ϕ(p) = [r]p + res.phi(&jac). + mulBySeed(&res). + mulBySeed(&res). + AddAssign(&jac) + return res +} + // mulWindowed computes the 2-bits windowed double-and-add scalar // multiplication p=[s]q in Jacobian coordinates. func (p *G1Jac) mulWindowed(q *G1Jac, s *big.Int) *G1Jac { diff --git a/ecc/bls12-381/g1_test.go b/ecc/bls12-381/g1_test.go index c705b7a67..5f50bd339 100644 --- a/ecc/bls12-381/g1_test.go +++ b/ecc/bls12-381/g1_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -105,11 +105,18 @@ func TestG1AffineIsOnCurve(t *testing.T) { }, GenFp(), )) + properties.Property("[BLS12-381] IsInSubGroup should return false for a point on the cofactor-torsion", prop.ForAll( + func(a fp.Element) bool { + op := fuzzCofactorOfG1(a) + return op.IsOnCurve() && !op.IsInSubGroup() + }, + GenFp(), + )) properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -499,7 +506,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineCofactorCleaning(t *testing.T) { +func TestG1CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -538,7 +545,7 @@ func TestG1AffineCofactorCleaning(t *testing.T) { } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -852,6 +859,18 @@ func BenchmarkG1AffineDouble(b *testing.B) { a.Double(&a) } } +func fuzzCofactorOfG1(f fp.Element) G1Jac { + var res, jac G1Jac + aff := MapToCurve1(&f) + g1Isogeny(&aff) + jac.FromAffine(&aff) + // p+x²ϕ(p) = [r]p + res.phi(&jac). + mulBySeed(&res). + mulBySeed(&res). + AddAssign(&jac) + return res +} func fuzzG1Jac(p *G1Jac, f fp.Element) G1Jac { var res G1Jac diff --git a/ecc/bls12-381/g2.go b/ecc/bls12-381/g2.go index b92fcbadb..7c8551d70 100644 --- a/ecc/bls12-381/g2.go +++ b/ecc/bls12-381/g2.go @@ -503,6 +503,18 @@ func (p *G2Jac) IsInSubGroup() bool { return res.Equal(&img) } +func GeneratePointNotInG2(f E2) G2Jac { + var res, jac G2Jac + aff := MapToCurve2(&f) + g2Isogeny(&aff) + jac.FromAffine(&aff) + // ψ(p)-[x₀]P = [r]p + res.mulBySeed(&jac) + jac.psi(&jac) + res.AddAssign(&jac) + return res +} + // mulWindowed computes the 2-bits windowed double-and-add scalar // multiplication p=[s]q in Jacobian coordinates. func (p *G2Jac) mulWindowed(q *G2Jac, s *big.Int) *G2Jac { diff --git a/ecc/bls12-381/g2_test.go b/ecc/bls12-381/g2_test.go index 45753354c..4ae25ba8f 100644 --- a/ecc/bls12-381/g2_test.go +++ b/ecc/bls12-381/g2_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG2AffineEndomorphism(t *testing.T) { +func TestG2Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -74,7 +74,7 @@ func TestG2AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineIsOnCurve(t *testing.T) { +func TestIsOnG2(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -119,11 +119,18 @@ func TestG2AffineIsOnCurve(t *testing.T) { }, GenE2(), )) + properties.Property("[BLS12-381] IsInSubGroup should return false for a point on the cofactor-torsion", prop.ForAll( + func(a fptower.E2) bool { + op := fuzzCofactorOfG2(a) + return op.IsOnCurve() && !op.IsInSubGroup() + }, + GenE2(), + )) properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineConversions(t *testing.T) { +func TestG2Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -491,7 +498,7 @@ func TestG2AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineCofactorCleaning(t *testing.T) { +func TestG2CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -527,7 +534,7 @@ func TestG2AffineCofactorCleaning(t *testing.T) { } -func TestG2AffineBatchScalarMultiplication(t *testing.T) { +func TestG2BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -841,6 +848,17 @@ func BenchmarkG2AffineDouble(b *testing.B) { a.Double(&a) } } +func fuzzCofactorOfG2(f fptower.E2) G2Jac { + var res, jac G2Jac + aff := MapToCurve2(&f) + g2Isogeny(&aff) + jac.FromAffine(&aff) + // ψ(p)-[x₀]P = [r]p + res.mulBySeed(&jac) + jac.psi(&jac) + res.AddAssign(&jac) + return res +} func fuzzG2Jac(p *G2Jac, f fptower.E2) G2Jac { var res G2Jac diff --git a/ecc/bls24-315/g1_test.go b/ecc/bls24-315/g1_test.go index 8cfd54e14..9a5003907 100644 --- a/ecc/bls24-315/g1_test.go +++ b/ecc/bls24-315/g1_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG1AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -499,7 +499,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineCofactorCleaning(t *testing.T) { +func TestG1CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -538,7 +538,7 @@ func TestG1AffineCofactorCleaning(t *testing.T) { } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bls24-315/g2_test.go b/ecc/bls24-315/g2_test.go index b748c00f6..1dec0cd03 100644 --- a/ecc/bls24-315/g2_test.go +++ b/ecc/bls24-315/g2_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG2AffineEndomorphism(t *testing.T) { +func TestG2Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -74,7 +74,7 @@ func TestG2AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineIsOnCurve(t *testing.T) { +func TestIsOnG2(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -123,7 +123,7 @@ func TestG2AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineConversions(t *testing.T) { +func TestG2Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -491,7 +491,7 @@ func TestG2AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineCofactorCleaning(t *testing.T) { +func TestG2CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -527,7 +527,7 @@ func TestG2AffineCofactorCleaning(t *testing.T) { } -func TestG2AffineBatchScalarMultiplication(t *testing.T) { +func TestG2BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bls24-317/g1_test.go b/ecc/bls24-317/g1_test.go index 647f6a6c4..8ff80d660 100644 --- a/ecc/bls24-317/g1_test.go +++ b/ecc/bls24-317/g1_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG1AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -499,7 +499,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineCofactorCleaning(t *testing.T) { +func TestG1CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -538,7 +538,7 @@ func TestG1AffineCofactorCleaning(t *testing.T) { } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bls24-317/g2_test.go b/ecc/bls24-317/g2_test.go index 8d4e7aca3..ffb56ab7e 100644 --- a/ecc/bls24-317/g2_test.go +++ b/ecc/bls24-317/g2_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG2AffineEndomorphism(t *testing.T) { +func TestG2Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -74,7 +74,7 @@ func TestG2AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineIsOnCurve(t *testing.T) { +func TestIsOnG2(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -123,7 +123,7 @@ func TestG2AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineConversions(t *testing.T) { +func TestG2Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -491,7 +491,7 @@ func TestG2AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineCofactorCleaning(t *testing.T) { +func TestG2CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -527,7 +527,7 @@ func TestG2AffineCofactorCleaning(t *testing.T) { } -func TestG2AffineBatchScalarMultiplication(t *testing.T) { +func TestG2BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bn254/g1_test.go b/ecc/bn254/g1_test.go index a489fec09..d97c98dd6 100644 --- a/ecc/bn254/g1_test.go +++ b/ecc/bn254/g1_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG1AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -499,7 +499,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bn254/g2.go b/ecc/bn254/g2.go index 50fd2806c..c8f31ad92 100644 --- a/ecc/bn254/g2.go +++ b/ecc/bn254/g2.go @@ -516,6 +516,24 @@ func (p *G2Jac) IsInSubGroup() bool { return res.Equal(&c) } +func GeneratePointNotInG2(f E2) G2Jac { + var res, jac, a, b, c G2Jac + aff := MapToCurve2(&f) + jac.FromAffine(&aff) + // [x₀+1]P + ψ([x₀]P) + ψ²([x₀]P) - ψ³([2x₀]P) = [r]P + a.mulBySeed(&jac) + b.psi(&a) + a.AddAssign(&jac) + res.psi(&b) + c.Set(&res). + AddAssign(&b). + AddAssign(&a) + res.psi(&res). + Double(&res). + SubAssign(&c) + return res +} + // mulWindowed computes the 2-bits windowed double-and-add scalar // multiplication p=[s]q in Jacobian coordinates. func (p *G2Jac) mulWindowed(q *G2Jac, s *big.Int) *G2Jac { diff --git a/ecc/bn254/g2_test.go b/ecc/bn254/g2_test.go index eb6b67164..6737ce4d3 100644 --- a/ecc/bn254/g2_test.go +++ b/ecc/bn254/g2_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG2AffineEndomorphism(t *testing.T) { +func TestG2Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -73,7 +73,7 @@ func TestG2AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineIsOnCurve(t *testing.T) { +func TestIsOnG2(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -118,11 +118,18 @@ func TestG2AffineIsOnCurve(t *testing.T) { }, GenE2(), )) + properties.Property("[BN254] IsInSubGroup should return false for a point on the cofactor-torsion", prop.ForAll( + func(a fptower.E2) bool { + op := fuzzCofactorOfG2(a) + return op.IsOnCurve() && !op.IsInSubGroup() + }, + GenE2(), + )) properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineConversions(t *testing.T) { +func TestG2Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -490,7 +497,7 @@ func TestG2AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineCofactorCleaning(t *testing.T) { +func TestG2CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -526,7 +533,7 @@ func TestG2AffineCofactorCleaning(t *testing.T) { } -func TestG2AffineBatchScalarMultiplication(t *testing.T) { +func TestG2BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -840,6 +847,23 @@ func BenchmarkG2AffineDouble(b *testing.B) { a.Double(&a) } } +func fuzzCofactorOfG2(f fptower.E2) G2Jac { + var res, jac, a, b, c G2Jac + aff := MapToCurve2(&f) + jac.FromAffine(&aff) + // [x₀+1]P + ψ([x₀]P) + ψ²([x₀]P) - ψ³([2x₀]P) = [r]P + a.mulBySeed(&jac) + b.psi(&a) + a.AddAssign(&jac) + res.psi(&b) + c.Set(&res). + AddAssign(&b). + AddAssign(&a) + res.psi(&res). + Double(&res). + SubAssign(&c) + return res +} func fuzzG2Jac(p *G2Jac, f fptower.E2) G2Jac { var res G2Jac diff --git a/ecc/bw6-633/g1_test.go b/ecc/bw6-633/g1_test.go index 59d10ffea..4a33d0362 100644 --- a/ecc/bw6-633/g1_test.go +++ b/ecc/bw6-633/g1_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG1AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -499,7 +499,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineCofactorCleaning(t *testing.T) { +func TestG1CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -538,7 +538,7 @@ func TestG1AffineCofactorCleaning(t *testing.T) { } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bw6-633/g2_test.go b/ecc/bw6-633/g2_test.go index 0d3ca6317..f957217a6 100644 --- a/ecc/bw6-633/g2_test.go +++ b/ecc/bw6-633/g2_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG2AffineEndomorphism(t *testing.T) { +func TestG2Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG2AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineIsOnCurve(t *testing.T) { +func TestIsOnG2(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG2AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineConversions(t *testing.T) { +func TestG2Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -469,7 +469,7 @@ func TestG2AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineCofactorCleaning(t *testing.T) { +func TestG2CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -508,7 +508,7 @@ func TestG2AffineCofactorCleaning(t *testing.T) { } -func TestG2AffineBatchScalarMultiplication(t *testing.T) { +func TestG2BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bw6-761/g1_test.go b/ecc/bw6-761/g1_test.go index fd81b0ffe..55374561f 100644 --- a/ecc/bw6-761/g1_test.go +++ b/ecc/bw6-761/g1_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG1AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -499,7 +499,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineCofactorCleaning(t *testing.T) { +func TestG1CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -538,7 +538,7 @@ func TestG1AffineCofactorCleaning(t *testing.T) { } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/bw6-761/g2_test.go b/ecc/bw6-761/g2_test.go index 92555681b..d4fb02f4d 100644 --- a/ecc/bw6-761/g2_test.go +++ b/ecc/bw6-761/g2_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG2AffineEndomorphism(t *testing.T) { +func TestG2Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG2AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineIsOnCurve(t *testing.T) { +func TestIsOnG2(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG2AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineConversions(t *testing.T) { +func TestG2Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -469,7 +469,7 @@ func TestG2AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG2AffineCofactorCleaning(t *testing.T) { +func TestG2CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -508,7 +508,7 @@ func TestG2AffineCofactorCleaning(t *testing.T) { } -func TestG2AffineBatchScalarMultiplication(t *testing.T) { +func TestG2BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/grumpkin/g1_test.go b/ecc/grumpkin/g1_test.go index bb1111e97..0f311a21e 100644 --- a/ecc/grumpkin/g1_test.go +++ b/ecc/grumpkin/g1_test.go @@ -18,7 +18,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -60,7 +60,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -109,7 +109,7 @@ func TestG1AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -499,7 +499,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/ecc/secp256k1/g1_test.go b/ecc/secp256k1/g1_test.go index aee07c948..2800422c2 100644 --- a/ecc/secp256k1/g1_test.go +++ b/ecc/secp256k1/g1_test.go @@ -20,7 +20,7 @@ import ( "github.com/leanovate/gopter/prop" ) -func TestG1AffineEndomorphism(t *testing.T) { +func TestG1Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -62,7 +62,7 @@ func TestG1AffineEndomorphism(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineIsOnCurve(t *testing.T) { +func TestIsOnG1(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -111,7 +111,7 @@ func TestG1AffineIsOnCurve(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineConversions(t *testing.T) { +func TestG1Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -501,7 +501,7 @@ func TestG1AffineOps(t *testing.T) { properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func TestG1AffineBatchScalarMultiplication(t *testing.T) { +func TestG1BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { diff --git a/internal/generator/ecc/template/point.go.tmpl b/internal/generator/ecc/template/point.go.tmpl index fd7a4f3db..b10f3ac67 100644 --- a/internal/generator/ecc/template/point.go.tmpl +++ b/internal/generator/ecc/template/point.go.tmpl @@ -810,6 +810,51 @@ func (p *{{ $TJacobian }}) IsOnCurve() bool { {{- end}} +{{- if eq .Name "bls12-381"}} + {{- if eq .PointName "g1" }} +func GeneratePointNotIn{{ toUpper .PointName}}(f {{ .CoordType}}) {{ $TJacobian }} { + var res, jac {{ $TJacobian }} + aff := MapToCurve1(&f) + g1Isogeny(&aff) + jac.FromAffine(&aff) + // p+x²ϕ(p) = [r]p + res.phi(&jac). + mulBySeed(&res). + mulBySeed(&res). + AddAssign(&jac) + {{- else}} +func GeneratePointNotIn{{ toUpper .PointName}}(f E2) {{ $TJacobian }} { + var res, jac {{ $TJacobian }} + aff := MapToCurve2(&f) + g2Isogeny(&aff) + jac.FromAffine(&aff) + // ψ(p)-[x₀]P = [r]p + res.mulBySeed(&jac) + jac.psi(&jac) + res.AddAssign(&jac) + {{- end}} + return res +} +{{- else if and (eq .Name "bn254") (eq .PointName "g2")}} +func GeneratePointNotIn{{ toUpper .PointName}}(f E2) {{ $TJacobian }} { + var res, jac, a, b, c {{ $TJacobian }} + aff := MapToCurve2(&f) + jac.FromAffine(&aff) + // [x₀+1]P + ψ([x₀]P) + ψ²([x₀]P) - ψ³([2x₀]P) = [r]P + a.mulBySeed(&jac) + b.psi(&a) + a.AddAssign(&jac) + res.psi(&b) + c.Set(&res). + AddAssign(&b). + AddAssign(&a) + res.psi(&res). + Double(&res). + SubAssign(&c) + return res +} +{{- end}} + // mulWindowed computes the 2-bits windowed double-and-add scalar // multiplication p=[s]q in Jacobian coordinates. func (p *{{ $TJacobian }}) mulWindowed(q *{{ $TJacobian }}, s *big.Int) *{{ $TJacobian }} { diff --git a/internal/generator/ecc/template/tests/point.go.tmpl b/internal/generator/ecc/template/tests/point.go.tmpl index 1cbc95303..5d763a066 100644 --- a/internal/generator/ecc/template/tests/point.go.tmpl +++ b/internal/generator/ecc/template/tests/point.go.tmpl @@ -36,7 +36,7 @@ import ( ) {{if .GLV}} - func Test{{ $TAffine }}Endomorphism(t *testing.T) { + func Test{{ toUpper .PointName }}Endomorphism(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -104,7 +104,7 @@ import ( } {{end}} -func Test{{ $TAffine }}IsOnCurve(t *testing.T) { +func TestIsOn{{ toUpper .PointName }}(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -150,11 +150,21 @@ func Test{{ $TAffine }}IsOnCurve(t *testing.T) { {{$fuzzer}}, )) + {{- if or (eq .Name "bls12-381") (and (eq .Name "bn254") (eq .PointName "g2"))}} + properties.Property("[{{ toUpper .Name }}] IsInSubGroup should return false for a point on the cofactor-torsion", prop.ForAll( + func(a {{ .CoordType}}) bool { + op := fuzzCofactorOf{{ toUpper .PointName}}(a) + return op.IsOnCurve() && !op.IsInSubGroup() + }, + {{$fuzzer}}, + )) + {{- end}} + properties.TestingRun(t, gopter.ConsoleReporter(false)) } -func Test{{ $TAffine }}Conversions(t *testing.T) { +func Test{{ toUpper .PointName }}Conversions(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -569,7 +579,7 @@ func Test{{ $TAffine }}Ops(t *testing.T) { {{if .CofactorCleaning }} -func Test{{ $TAffine }}CofactorCleaning(t *testing.T) { +func Test{{ toUpper .PointName }}CofactorClearing(t *testing.T) { t.Parallel() parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -621,7 +631,7 @@ func Test{{ $TAffine }}CofactorCleaning(t *testing.T) { } {{end}} -func Test{{ $TAffine }}BatchScalarMultiplication(t *testing.T) { +func Test{{ toUpper .PointName }}BatchScalarMultiplication(t *testing.T) { parameters := gopter.DefaultTestParameters() if testing.Short() { @@ -941,6 +951,50 @@ func Benchmark{{ toUpper .PointName}}AffineDouble(b *testing.B) { } } +{{- if eq .Name "bls12-381"}} +func fuzzCofactorOf{{ toUpper .PointName}}(f {{ .CoordType}}) {{ $TJacobian }} { + var res, jac {{ $TJacobian }} + {{- if eq .PointName "g1" }} + aff := MapToCurve1(&f) + g1Isogeny(&aff) + jac.FromAffine(&aff) + // p+x²ϕ(p) = [r]p + res.phi(&jac). + mulBySeed(&res). + mulBySeed(&res). + AddAssign(&jac) + {{- else}} + aff := MapToCurve2(&f) + g2Isogeny(&aff) + jac.FromAffine(&aff) + // ψ(p)-[x₀]P = [r]p + res.mulBySeed(&jac) + jac.psi(&jac) + res.AddAssign(&jac) + {{- end}} + return res +} + +{{- else if and (eq .Name "bn254") (eq .PointName "g2")}} +func fuzzCofactorOf{{ toUpper .PointName}}(f {{ .CoordType}}) {{ $TJacobian }} { + var res, jac, a, b, c {{ $TJacobian }} + aff := MapToCurve2(&f) + jac.FromAffine(&aff) + // [x₀+1]P + ψ([x₀]P) + ψ²([x₀]P) - ψ³([2x₀]P) = [r]P + a.mulBySeed(&jac) + b.psi(&a) + a.AddAssign(&jac) + res.psi(&b) + c.Set(&res). + AddAssign(&b). + AddAssign(&a) + res.psi(&res). + Double(&res). + SubAssign(&c) + return res +} +{{- end}} + func fuzz{{ $TJacobian }}(p *{{ $TJacobian }}, f {{ .CoordType}}) {{ $TJacobian }} { var res {{ $TJacobian }} res.X.Mul(&p.X, &f).Mul(&res.X, &f)