Skip to content

Commit 26e2ebf

Browse files
nickfarrownickfarrow
committed
Add tests back - with secp256k1-zkp test vectors for signing tests
Signed-off-by: nickfarrow <[email protected]>
1 parent e845b6c commit 26e2ebf

File tree

1 file changed

+204
-2
lines changed

1 file changed

+204
-2
lines changed

schnorr_fun/src/musig.rs

Lines changed: 204 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -590,8 +590,6 @@ impl<H: Digest<OutputSize = U32> + Clone, NG> MuSig<H, Schnorr<H, NG>> {
590590

591591
#[cfg(test)]
592592
mod test {
593-
use crate::adaptor::Adaptor;
594-
595593
use super::*;
596594
use secp256kfun::{
597595
nonce::Deterministic,
@@ -709,4 +707,208 @@ mod test {
709707
.verify(&keylist.agg_verification_key(), message, &sig_p3));
710708
}
711709
}
710+
711+
#[test]
712+
fn test_key_agg() {
713+
let X1 = XOnly::from_bytes([
714+
0xF9, 0x30, 0x8A, 0x01, 0x92, 0x58, 0xC3, 0x10, 0x49, 0x34, 0x4F, 0x85, 0xF8, 0x9D,
715+
0x52, 0x29, 0xB5, 0x31, 0xC8, 0x45, 0x83, 0x6F, 0x99, 0xB0, 0x86, 0x01, 0xF1, 0x13,
716+
0xBC, 0xE0, 0x36, 0xF9,
717+
])
718+
.unwrap();
719+
let X2 = XOnly::from_bytes([
720+
0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F, 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23,
721+
0x41, 0xBE, 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8, 0x43, 0x24, 0x0F, 0x7B,
722+
0x50, 0x2B, 0xA6, 0x59,
723+
])
724+
.unwrap();
725+
let X3 = XOnly::from_bytes([
726+
0x35, 0x90, 0xA9, 0x4E, 0x76, 0x8F, 0x8E, 0x18, 0x15, 0xC2, 0xF2, 0x4B, 0x4D, 0x80,
727+
0xA8, 0xE3, 0x14, 0x93, 0x16, 0xC3, 0x51, 0x8C, 0xE7, 0xB7, 0xAD, 0x33, 0x83, 0x68,
728+
0xD0, 0x38, 0xCA, 0x66,
729+
])
730+
.unwrap();
731+
let X = vec![X1, X2, X3];
732+
733+
let expected: Vec<XOnly> = vec![
734+
XOnly::from_bytes([
735+
0xE5, 0x83, 0x01, 0x40, 0x51, 0x21, 0x95, 0xD7, 0x4C, 0x83, 0x07, 0xE3, 0x96, 0x37,
736+
0xCB, 0xE5, 0xFB, 0x73, 0x0E, 0xBE, 0xAB, 0x80, 0xEC, 0x51, 0x4C, 0xF8, 0x8A, 0x87,
737+
0x7C, 0xEE, 0xEE, 0x0B,
738+
])
739+
.unwrap(),
740+
XOnly::from_bytes([
741+
0xD7, 0x0C, 0xD6, 0x9A, 0x26, 0x47, 0xF7, 0x39, 0x09, 0x73, 0xDF, 0x48, 0xCB, 0xFA,
742+
0x2C, 0xCC, 0x40, 0x7B, 0x8B, 0x2D, 0x60, 0xB0, 0x8C, 0x5F, 0x16, 0x41, 0x18, 0x5C,
743+
0x79, 0x98, 0xA2, 0x90,
744+
])
745+
.unwrap(),
746+
XOnly::from_bytes([
747+
0x81, 0xA8, 0xB0, 0x93, 0x91, 0x2C, 0x9E, 0x48, 0x14, 0x08, 0xD0, 0x97, 0x76, 0xCE,
748+
0xFB, 0x48, 0xAE, 0xB8, 0xB6, 0x54, 0x81, 0xB6, 0xBA, 0xAF, 0xB3, 0xC5, 0x81, 0x01,
749+
0x06, 0x71, 0x7B, 0xEB,
750+
])
751+
.unwrap(),
752+
XOnly::from_bytes([
753+
0x2E, 0xB1, 0x88, 0x51, 0x88, 0x7E, 0x7B, 0xDC, 0x5E, 0x83, 0x0E, 0x89, 0xB1, 0x9D,
754+
0xDB, 0xC2, 0x80, 0x78, 0xF1, 0xFA, 0x88, 0xAA, 0xD0, 0xAD, 0x01, 0xCA, 0x06, 0xFE,
755+
0x4F, 0x80, 0x21, 0x0B,
756+
])
757+
.unwrap(),
758+
];
759+
760+
let musig = MuSig::<Sha256, Schnorr<Sha256, Deterministic<Sha256>>>::default();
761+
assert_eq!(
762+
musig.new_keylist(vec![X[0], X[1], X[2]]).agg_public_key(),
763+
expected[0]
764+
);
765+
assert_eq!(
766+
musig.new_keylist(vec![X[2], X[1], X[0]]).agg_public_key(),
767+
expected[1]
768+
);
769+
assert_eq!(
770+
musig.new_keylist(vec![X[0], X[0], X[0]]).agg_public_key(),
771+
expected[2]
772+
);
773+
assert_eq!(
774+
musig
775+
.new_keylist(vec![X[0], X[0], X[1], X[1]])
776+
.agg_public_key(),
777+
expected[3]
778+
);
779+
}
780+
781+
#[test]
782+
fn test_sign_vectors() {
783+
let X1 = XOnly::from_bytes([
784+
0xF9, 0x30, 0x8A, 0x01, 0x92, 0x58, 0xC3, 0x10, 0x49, 0x34, 0x4F, 0x85, 0xF8, 0x9D,
785+
0x52, 0x29, 0xB5, 0x31, 0xC8, 0x45, 0x83, 0x6F, 0x99, 0xB0, 0x86, 0x01, 0xF1, 0x13,
786+
0xBC, 0xE0, 0x36, 0xF9,
787+
])
788+
.unwrap();
789+
let X2 = XOnly::from_bytes([
790+
0xDF, 0xF1, 0xD7, 0x7F, 0x2A, 0x67, 0x1C, 0x5F, 0x36, 0x18, 0x37, 0x26, 0xDB, 0x23,
791+
0x41, 0xBE, 0x58, 0xFE, 0xAE, 0x1D, 0xA2, 0xDE, 0xCE, 0xD8, 0x43, 0x24, 0x0F, 0x7B,
792+
0x50, 0x2B, 0xA6, 0x59,
793+
])
794+
.unwrap();
795+
796+
let sec_nonce = NonceKeyPair::from_bytes([
797+
0x50, 0x8B, 0x81, 0xA6, 0x11, 0xF1, 0x00, 0xA6, 0xB2, 0xB6, 0xB2, 0x96, 0x56, 0x59,
798+
0x08, 0x98, 0xAF, 0x48, 0x8B, 0xCF, 0x2E, 0x1F, 0x55, 0xCF, 0x22, 0xE5, 0xCF, 0xB8,
799+
0x44, 0x21, 0xFE, 0x61, 0xFA, 0x27, 0xFD, 0x49, 0xB1, 0xD5, 0x00, 0x85, 0xB4, 0x81,
800+
0x28, 0x5E, 0x1C, 0xA2, 0x05, 0xD5, 0x5C, 0x82, 0xCC, 0x1B, 0x31, 0xFF, 0x5C, 0xD5,
801+
0x4A, 0x48, 0x98, 0x29, 0x35, 0x59, 0x01, 0xF7,
802+
])
803+
.unwrap();
804+
805+
let agg_pubnonce = Nonce::from_bytes([
806+
0x02, 0x84, 0x65, 0xFC, 0xF0, 0xBB, 0xDB, 0xCF, 0x44, 0x3A, 0xAB, 0xCC, 0xE5, 0x33,
807+
0xD4, 0x2B, 0x4B, 0x5A, 0x10, 0x96, 0x6A, 0xC0, 0x9A, 0x49, 0x65, 0x5E, 0x8C, 0x42,
808+
0xDA, 0xAB, 0x8F, 0xCD, 0x61, 0x03, 0x74, 0x96, 0xA3, 0xCC, 0x86, 0x92, 0x6D, 0x45,
809+
0x2C, 0xAF, 0xCF, 0xD5, 0x5D, 0x25, 0x97, 0x2C, 0xA1, 0x67, 0x5D, 0x54, 0x93, 0x10,
810+
0xDE, 0x29, 0x6B, 0xFF, 0x42, 0xF7, 0x2E, 0xEE, 0xA8, 0xC9,
811+
])
812+
.unwrap();
813+
814+
let sk = Scalar::from_bytes([
815+
0x7F, 0xB9, 0xE0, 0xE6, 0x87, 0xAD, 0xA1, 0xEE, 0xBF, 0x7E, 0xCF, 0xE2, 0xF2, 0x1E,
816+
0x73, 0xEB, 0xDB, 0x51, 0xA7, 0xD4, 0x50, 0x94, 0x8D, 0xFE, 0x8D, 0x76, 0xD7, 0xF2,
817+
0xD1, 0x00, 0x76, 0x71,
818+
])
819+
.unwrap()
820+
.mark::<NonZero>()
821+
.unwrap();
822+
823+
let msg = [
824+
0xF9, 0x54, 0x66, 0xD0, 0x86, 0x77, 0x0E, 0x68, 0x99, 0x64, 0x66, 0x42, 0x19, 0x26,
825+
0x6F, 0xE5, 0xED, 0x21, 0x5C, 0x92, 0xAE, 0x20, 0xBA, 0xB5, 0xC9, 0xD7, 0x9A, 0xDD,
826+
0xDD, 0xF3, 0xC0, 0xCF,
827+
];
828+
829+
let expected: Vec<Scalar> = vec![
830+
Scalar::from_bytes([
831+
0x68, 0x53, 0x7C, 0xC5, 0x23, 0x4E, 0x50, 0x5B, 0xD1, 0x40, 0x61, 0xF8, 0xDA, 0x9E,
832+
0x90, 0xC2, 0x20, 0xA1, 0x81, 0x85, 0x5F, 0xD8, 0xBD, 0xB7, 0xF1, 0x27, 0xBB, 0x12,
833+
0x40, 0x3B, 0x4D, 0x3B,
834+
])
835+
.unwrap()
836+
.mark::<NonZero>()
837+
.unwrap(),
838+
Scalar::from_bytes([
839+
0x2D, 0xF6, 0x7B, 0xFF, 0xF1, 0x8E, 0x3D, 0xE7, 0x97, 0xE1, 0x3C, 0x64, 0x75, 0xC9,
840+
0x63, 0x04, 0x81, 0x38, 0xDA, 0xEC, 0x5C, 0xB2, 0x0A, 0x35, 0x7C, 0xEC, 0xA7, 0xC8,
841+
0x42, 0x42, 0x95, 0xEA,
842+
])
843+
.unwrap()
844+
.mark::<NonZero>()
845+
.unwrap(),
846+
Scalar::from_bytes([
847+
0x0D, 0x5B, 0x65, 0x1E, 0x6D, 0xE3, 0x4A, 0x29, 0xA1, 0x2D, 0xE7, 0xA8, 0xB4, 0x18,
848+
0x3B, 0x4A, 0xE6, 0xA7, 0xF7, 0xFB, 0xE1, 0x5C, 0xDC, 0xAF, 0xA4, 0xA3, 0xD1, 0xBC,
849+
0xAA, 0xBC, 0x75, 0x17,
850+
])
851+
.unwrap()
852+
.mark::<NonZero>()
853+
.unwrap(),
854+
];
855+
856+
let musig = MuSig::<Sha256, Schnorr<Sha256, Deterministic<Sha256>>>::default();
857+
let keypair = musig.schnorr.new_keypair(sk);
858+
859+
let (remote_nonce1, remote_nonce2) = (
860+
agg_pubnonce,
861+
Nonce([-sec_nonce.public.0[0], -sec_nonce.public.0[1]]),
862+
);
863+
let message = Message::<Public>::raw(&msg);
864+
let keylist = musig.new_keylist(vec![keypair.pk, X1, X2]);
865+
866+
let sign_session = musig
867+
.start_sign_session(
868+
&keylist,
869+
vec![
870+
sec_nonce.public(),
871+
remote_nonce1.clone(),
872+
remote_nonce2.clone(),
873+
],
874+
message,
875+
)
876+
.unwrap();
877+
let sig = musig.sign(&keylist, 0, &keypair.sk, sec_nonce.clone(), &sign_session);
878+
assert_eq!(sig, expected[0]);
879+
880+
{
881+
let keylist = musig.new_keylist(vec![X1, keypair.pk, X2]);
882+
let sign_session = musig
883+
.start_sign_session(
884+
&keylist,
885+
vec![
886+
remote_nonce1.clone(),
887+
sec_nonce.public(),
888+
remote_nonce2.clone(),
889+
],
890+
message,
891+
)
892+
.unwrap();
893+
let sig = musig.sign(&keylist, 1, &keypair.sk, sec_nonce.clone(), &sign_session);
894+
assert_eq!(sig, expected[1]);
895+
}
896+
897+
{
898+
let keylist = musig.new_keylist(vec![X1, X2, keypair.pk]);
899+
let sign_session = musig
900+
.start_sign_session(
901+
&keylist,
902+
vec![
903+
remote_nonce1.clone(),
904+
remote_nonce2.clone(),
905+
sec_nonce.public(),
906+
],
907+
message,
908+
)
909+
.unwrap();
910+
let sig = musig.sign(&keylist, 2, &keypair.sk, sec_nonce.clone(), &sign_session);
911+
assert_eq!(sig, expected[2]);
912+
}
913+
}
712914
}

0 commit comments

Comments
 (0)