Skip to content

Yuliakot/scalar multiply tests #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jonathanpwang merged 32 commits into from
Jun 9, 2023
Merged

Yuliakot/scalar multiply tests #83

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
da7d5b1
More ecdsa tests
May 20, 2023
150b88f
Update mod.rs
yuliakot May 20, 2023
e9386b9
Update tests.rs
yuliakot May 20, 2023
c42a2ef
Update ecdsa.rs
yuliakot May 20, 2023
33fcccc
Update ecdsa.rs
yuliakot May 20, 2023
44bc744
Update ecdsa.rs
yuliakot May 20, 2023
dc5f61f
msm tests
yuliakot May 29, 2023
9373b7c
Update mod.rs
yuliakot May 29, 2023
d038055
Update msm_sum_infinity.rs
yuliakot May 29, 2023
a89f672
fix: ec_sub_strict was panicing when output is identity
jonathanpwang May 29, 2023
2434241
Merge branch 'fix/ec_sub_strict' into fix/ec_sub_strict_identity
jonathanpwang May 29, 2023
72d46ee
Merge branch 'fix/ec_sub_strict_identity' into fix/msm_tests_output_i…
jonathanpwang May 29, 2023
282ee8e
fix: change all `1` to `1u64` to prevent unexpected overflow (#72)
jonathanpwang Jun 3, 2023
966bd25
fixed base msm tests for output infinity
Jun 4, 2023
d4b9427
fixed base msm tests for output infinity
Jun 4, 2023
8b9bdc2
[Fix] Panic when dealing with identity point (#71)
jonathanpwang Jun 6, 2023
77285b2
sm
Jun 7, 2023
bc13b66
scalar multiplication sep256k1 things
yuliakot Jun 9, 2023
d32a5c2
Delete msm_sum_infinity.rs
yuliakot Jun 9, 2023
6f73554
Delete msm_sum_infinity_fixed_base.rs
yuliakot Jun 9, 2023
80d807f
Delete mod.rs
yuliakot Jun 9, 2023
2aad658
Update mod.rs
yuliakot Jun 9, 2023
a3a6330
Update mod.rs
yuliakot Jun 9, 2023
a95c296
Update mod.rs
yuliakot Jun 9, 2023
2ac9a36
Update mod.rs
yuliakot Jun 9, 2023
44f051b
fix: replace `scalar_multiply` with passthrough to MSM for now
jonathanpwang Jun 9, 2023
67f7084
feat(msm): use strict mode always
jonathanpwang Jun 9, 2023
65a84c3
Merge branch 'fix/scalar_mul_completeness' into ce/scalar_mult
jonathanpwang Jun 9, 2023
a461fb8
Merge remote-tracking branch 'yuliakot/scalar_multiply_tests' into ce…
jonathanpwang Jun 9, 2023
8cbd248
fix: clippy and add tests to CI
jonathanpwang Jun 9, 2023
2f7a7ce
docs: add assumptions to ec_sub_strict
jonathanpwang Jun 9, 2023
4ef545e
Merge branch 'docs_ec_sub_strict' into yuliakot/scalar_multiply_tests
jonathanpwang Jun 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ jobs:
cargo test -- test_ec_add
cargo test -- test_fixed
cargo test -- test_msm
cargo test -- test_sm
cargo test -- test_fb
cargo test -- test_pairing
cd ..
Expand Down
9 changes: 9 additions & 0 deletions halo2-ecc/configs/secp256k1/scalar_multiplication.config
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{"strategy":"Simple",
"degree":18,
"num_advice":2,
"num_lookup_advice":1,
"num_fixed":1,
"lookup_bits":17,
"limb_bits":88,
"num_limbs":3,
"window_bits":4}
9 changes: 7 additions & 2 deletions halo2-ecc/src/ecc/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,9 @@ pub fn ec_sub_unequal<F: PrimeField, FC: FieldChip<F>>(

/// Constrains `P != -Q` but allows `P == Q`, in which case output is (0,0).
/// For Weierstrass curves only.
///
/// Assumptions
/// # Neither P or Q is the point at infinity
pub fn ec_sub_strict<F: PrimeField, FC: FieldChip<F>>(
chip: &FC,
ctx: &mut Context<F>,
Expand Down Expand Up @@ -496,7 +499,8 @@ where
assert!(!scalar.is_empty());
assert!((max_bits as u64) <= modulus::<F>().bits());
assert!(window_bits != 0);

multi_scalar_multiply::<F, FC, C>(chip, ctx, &[P], vec![scalar], max_bits, window_bits)
/*
let total_bits = max_bits * scalar.len();
let num_windows = (total_bits + window_bits - 1) / window_bits;
let rounded_bitlen = num_windows * window_bits;
Expand Down Expand Up @@ -577,6 +581,7 @@ where
// if at the end, return identity point (0,0) if still not started
let zero = chip.load_constant(ctx, FC::FieldType::zero());
ec_select(chip, ctx, curr_point, EcPoint::new(zero.clone(), zero), *is_started.last().unwrap())
*/
}

/// Checks that `P` is indeed a point on the elliptic curve `C`.
Expand Down Expand Up @@ -729,7 +734,7 @@ where
ctx,
&rand_start_vec[k],
&rand_start_vec[0],
k >= F::CAPACITY as usize,
true, // k >= F::CAPACITY as usize, // this assumed random points on `C` were of prime order equal to modulus of `F`. Since this is easily missed, we turn on strict mode always
);
let mut curr_point = start_point.clone();

Expand Down
1 change: 1 addition & 0 deletions halo2-ecc/src/secp256k1/tests/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,3 +160,4 @@ fn test_secp_sm_0_1() {
let circuit = sm_circuit(params, CircuitBuilderStage::Mock, None, base, s);
MockProver::run(params.degree, &circuit, vec![]).unwrap().assert_satisfied();
}
pub mod sm_unsafe_scalars;
141 changes: 141 additions & 0 deletions halo2-ecc/src/secp256k1/tests/sm_unsafe_scalars.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
use crate::{
ecc::fixed_base::scalar_multiply,
fields::{fp::FpChip, FpStrategy},
};
use ff::PrimeField;
use halo2_base::{
gates::{builder::GateThreadBuilder, RangeChip},
halo2_proofs::halo2curves::secp256k1::{Fp, Secp256k1, Secp256k1Affine},
};
use std::fs::File;

use super::*;

const GROUP_ORDER: Fp =
Fp::from_raw([0xbfd25e8cd0364141, 0xbaaedce6af48a03b, 0xfffffffffffffffe, 0xffffffffffffffff]);

#[derive(Clone, Copy, Debug, Serialize, Deserialize)]
struct SMCircuitParams {
strategy: FpStrategy,
degree: u32,
num_advice: usize,
num_lookup_advice: usize,
num_fixed: usize,
lookup_bits: usize,
limb_bits: usize,
num_limbs: usize,
window_bits: usize,
}

fn scalar_multiply_test(params: SMCircuitParams, point: Secp256k1Affine, scalar: Fp) {
let mut builder = GateThreadBuilder::mock();

std::env::set_var("LOOKUP_BITS", params.lookup_bits.to_string());
let range = RangeChip::<Fp>::default(params.lookup_bits);
let fp_chip = FpChip::<Fp, Fp>::new(&range, params.limb_bits, params.num_limbs);
let ecc_chip = EccChip::new(&fp_chip);

let ctx = builder.main(0);
let scalar_assigned = vec![ctx.load_witness(scalar)];

let _sm = scalar_multiply(
ecc_chip.field_chip(),
ctx,
&point,
scalar_assigned,
Fp::NUM_BITS as usize,
params.window_bits,
);

//println!("{:?}", sm.x().value());
}

#[test]
fn test_sm1() {
let path = "configs/secp256k1/scalar_multiplication.config";
let params: SMCircuitParams = serde_json::from_reader(
File::open(path).unwrap_or_else(|e| panic!("{path} does not exist: {e:?}")),
)
.unwrap();
let generator_point = Secp256k1::generator().to_affine();

let scalar = GROUP_ORDER;

println!("the scalar is {scalar:?}");
scalar_multiply_test(params, generator_point, scalar);
}

#[test]
fn test_sm2() {
let path = "configs/secp256k1/scalar_multiplication.config";
let params: SMCircuitParams = serde_json::from_reader(
File::open(path).unwrap_or_else(|e| panic!("{path} does not exist: {e:?}")),
)
.unwrap();
let generator_point = Secp256k1::generator().to_affine();

let scalar = GROUP_ORDER - Fp::one();

println!("the scalar is {scalar:?}");
scalar_multiply_test(params, generator_point, scalar);
}

#[test]
fn test_sm3() {
let path = "configs/secp256k1/scalar_multiplication.config";
let params: SMCircuitParams = serde_json::from_reader(
File::open(path).unwrap_or_else(|e| panic!("{path} does not exist: {e:?}")),
)
.unwrap();
let generator_point = Secp256k1::generator().to_affine();

let scalar = GROUP_ORDER - Fp::one();

println!("the scalar is {scalar:?}");
scalar_multiply_test(params, generator_point, scalar);
}

#[test]
fn test_sm4() {
let path = "configs/secp256k1/scalar_multiplication.config";
let params: SMCircuitParams = serde_json::from_reader(
File::open(path).unwrap_or_else(|e| panic!("{path} does not exist: {e:?}")),
)
.unwrap();
let generator_point = Secp256k1::generator().to_affine();

let scalar = GROUP_ORDER - Fp::from(2);

println!("the scalar is {scalar:?}");
scalar_multiply_test(params, generator_point, scalar);
}

#[test]
fn test_sm5() {
let path = "configs/secp256k1/scalar_multiplication.config";
let params: SMCircuitParams = serde_json::from_reader(
File::open(path).unwrap_or_else(|e| panic!("{path} does not exist: {e:?}")),
)
.unwrap();
let generator_point = Secp256k1::generator().to_affine();

let scalar = GROUP_ORDER + Fp::one();

println!("the scalar is {scalar:?}");
scalar_multiply_test(params, generator_point, scalar);
}

#[test]
fn test_sm6() {
let path = "configs/secp256k1/scalar_multiplication.config";
let params: SMCircuitParams = serde_json::from_reader(
File::open(path).unwrap_or_else(|e| panic!("{path} does not exist: {e:?}")),
)
.unwrap();
let generator_point = Secp256k1::generator().to_affine();

let scalar = GROUP_ORDER + Fp::from(2);

println!("the scalar is {scalar:?}");
scalar_multiply_test(params, generator_point, scalar);
}