Skip to content

Commit 50c8e98

Browse files
nickfarrownickfarrow
committed
bring back adaptor signature test
1 parent b921a09 commit 50c8e98

File tree

1 file changed

+122
-28
lines changed

1 file changed

+122
-28
lines changed

schnorr_fun/src/musig.rs

+122-28
Original file line numberDiff line numberDiff line change
@@ -576,6 +576,8 @@ impl<H: Digest<OutputSize = U32> + Clone, NG> MuSig<H, Schnorr<H, NG>> {
576576

577577
#[cfg(test)]
578578
mod test {
579+
use crate::adaptor::Adaptor;
580+
579581
use super::*;
580582
use secp256kfun::{
581583
nonce::Deterministic,
@@ -586,10 +588,10 @@ mod test {
586588
proptest! {
587589
#[test]
588590
fn test_end_to_end(sk1 in any::<Scalar>(),
589-
sk2 in any::<Scalar>(),
590-
sk3 in any::<Scalar>(),
591-
tweak1 in option::of(any::<Scalar<Public, Zero>>()),
592-
tweak2 in option::of(any::<Scalar<Public, Zero>>()),
591+
sk2 in any::<Scalar>(),
592+
sk3 in any::<Scalar>(),
593+
tweak1 in option::of(any::<Scalar<Public, Zero>>()),
594+
tweak2 in option::of(any::<Scalar<Public, Zero>>()),
593595
) {
594596
let schnorr = Schnorr::<Sha256, _>::new(Deterministic::<Sha256>::default());
595597
let musig = MuSig::new(schnorr);
@@ -603,7 +605,7 @@ mod test {
603605
.schnorr
604606
.new_keypair(sk3);
605607

606-
let mut keylist = musig.new_keylist(vec![
608+
let mut keylist1 = musig.new_keylist(vec![
607609
keypair1.public_key(),
608610
keypair2.public_key(),
609611
keypair3.public_key(),
@@ -621,76 +623,168 @@ mod test {
621623

622624
for tweak in [tweak1, tweak2] {
623625
if let Some(tweak) = tweak {
624-
keylist = keylist.tweak(tweak).unwrap();
626+
keylist1 = keylist1.tweak(tweak).unwrap();
625627
keylist2 = keylist2.tweak(tweak).unwrap();
626628
keylist3 = keylist3.tweak(tweak).unwrap();
627629
}
628630
}
629631

630-
assert_eq!(keylist.agg_public_key(), keylist2.agg_public_key());
631-
assert_eq!(keylist.agg_public_key(), keylist3.agg_public_key());
632+
assert_eq!(keylist1.agg_public_key(), keylist2.agg_public_key());
633+
assert_eq!(keylist1.agg_public_key(), keylist3.agg_public_key());
632634

633-
let p1_nonce = musig.gen_nonces(&keypair1.sk, &keylist, b"test");
634-
let p2_nonce = musig.gen_nonces(&keypair2.sk, &keylist, b"test");
635-
let p3_nonce = musig.gen_nonces(&keypair3.sk, &keylist, b"test");
635+
let p1_nonce = musig.gen_nonces(&keypair1.sk, &keylist1, b"test");
636+
let p2_nonce = musig.gen_nonces(&keypair2.sk, &keylist1, b"test");
637+
let p3_nonce = musig.gen_nonces(&keypair3.sk, &keylist1, b"test");
636638
let nonces = vec![p1_nonce.public, p2_nonce.public, p3_nonce.public];
637639

638640
let message =
639641
Message::<Public>::plain("test", b"Chancellor on brink of second bailout for banks");
640642

641643
let p1_session = musig
642644
.start_sign_session(
643-
&keylist,
645+
&keylist1,
644646
nonces.clone(),
645647
message,
646648
)
647649
.unwrap();
648650
let p2_session = musig
649651
.start_sign_session(
650-
&keylist,
652+
&keylist2,
651653
nonces.clone(),
652654
message,
653655
)
654656
.unwrap();
655657
let p3_session = musig
656658
.start_sign_session(
657-
&keylist,
659+
&keylist3,
658660
nonces.clone(),
659661
message,
660662
)
661663
.unwrap();
662664

663-
let p1_sig = musig.sign(&keylist, 0, &keypair1.sk, p1_nonce, &p1_session);
665+
let p1_sig = musig.sign(&keylist1, 0, &keypair1.sk, p1_nonce, &p1_session);
664666

665-
assert!(musig.verify_partial_signature(&keylist, &p1_session, 0, p1_sig));
667+
assert!(musig.verify_partial_signature(&keylist1, &p1_session, 0, p1_sig));
666668
dbg!(&p1_session, &p2_session);
667669
dbg!(&p1_sig);
668670
assert_eq!(p1_session, p2_session);
669671

670-
assert!(musig.verify_partial_signature(&keylist, &p2_session, 0, p1_sig));
671-
assert!(musig.verify_partial_signature(&keylist, &p3_session, 0, p1_sig));
672+
assert!(musig.verify_partial_signature(&keylist1, &p2_session, 0, p1_sig));
673+
assert!(musig.verify_partial_signature(&keylist1, &p3_session, 0, p1_sig));
672674

673-
let p2_sig = musig.sign(&keylist, 1, &keypair2.sk, p2_nonce, &p2_session);
674-
assert!(musig.verify_partial_signature(&keylist, &p1_session, 1, p2_sig));
675-
let p3_sig = musig.sign(&keylist, 2, &keypair3.sk, p3_nonce, &p3_session);
676-
assert!(musig.verify_partial_signature(&keylist, &p1_session, 2, p3_sig));
675+
let p2_sig = musig.sign(&keylist1, 1, &keypair2.sk, p2_nonce, &p2_session);
676+
assert!(musig.verify_partial_signature(&keylist1, &p1_session, 1, p2_sig));
677+
let p3_sig = musig.sign(&keylist1, 2, &keypair3.sk, p3_nonce, &p3_session);
678+
assert!(musig.verify_partial_signature(&keylist1, &p1_session, 2, p3_sig));
677679

678680
let partial_sigs = [p1_sig, p2_sig, p3_sig];
679-
let sig_p1 = musig.combine_partial_signatures(&keylist, &p1_session, partial_sigs);
680-
let sig_p2 = musig.combine_partial_signatures(&keylist, &p2_session, partial_sigs);
681-
let sig_p3 = musig.combine_partial_signatures(&keylist, &p3_session, partial_sigs);
681+
let sig_p1 = musig.combine_partial_signatures(&keylist1, &p1_session, partial_sigs);
682+
let sig_p2 = musig.combine_partial_signatures(&keylist1, &p2_session, partial_sigs);
683+
let sig_p3 = musig.combine_partial_signatures(&keylist1, &p3_session, partial_sigs);
682684
assert_eq!(sig_p1, sig_p2);
683685
assert_eq!(sig_p1, sig_p3);
684686

685687
assert!(musig
686688
.schnorr
687-
.verify(&keylist.agg_verification_key(), message, &sig_p1));
689+
.verify(&keylist1.agg_verification_key(), message, &sig_p1));
688690
assert!(musig
689691
.schnorr
690-
.verify(&keylist.agg_verification_key(), message, &sig_p2));
692+
.verify(&keylist1.agg_verification_key(), message, &sig_p2));
691693
assert!(musig
692694
.schnorr
693-
.verify(&keylist.agg_verification_key(), message, &sig_p3));
695+
.verify(&keylist1.agg_verification_key(), message, &sig_p3));
696+
}
697+
698+
#[test]
699+
fn test_musig_adaptor(
700+
sk1 in any::<Scalar>(),
701+
sk2 in any::<Scalar>(),
702+
sk3 in any::<Scalar>(),
703+
y in any::<Scalar>()
704+
) {
705+
let schnorr = Schnorr::<Sha256, _>::new(Deterministic::<Sha256>::default());
706+
let musig = MuSig::new(schnorr);
707+
let keypair1 = musig
708+
.schnorr
709+
.new_keypair(sk1);
710+
let keypair2 = musig
711+
.schnorr
712+
.new_keypair(sk2);
713+
let keypair3 = musig
714+
.schnorr
715+
.new_keypair(sk3);
716+
let encryption_key = musig.schnorr.encryption_key_for(&y);
717+
718+
let keylist = musig.new_keylist(vec![
719+
keypair1.public_key(),
720+
keypair2.public_key(),
721+
keypair3.public_key(),
722+
]);
723+
let keylist2 = musig.new_keylist(vec![
724+
keypair1.public_key(),
725+
keypair2.public_key(),
726+
keypair3.public_key(),
727+
]);
728+
let keylist3 = musig.new_keylist(vec![
729+
keypair1.public_key(),
730+
keypair2.public_key(),
731+
keypair3.public_key(),
732+
]);
733+
assert_eq!(keylist.agg_public_key(), keylist2.agg_public_key());
734+
735+
let p1_nonce = musig.gen_nonces(&keypair1.sk, &keylist, b"test");
736+
let p2_nonce = musig.gen_nonces(&keypair2.sk, &keylist2, b"test");
737+
let p3_nonce = musig.gen_nonces(&keypair3.sk, &keylist3, b"test");
738+
let nonces = vec![p1_nonce.public, p2_nonce.public, p3_nonce.public];
739+
let message =
740+
Message::<Public>::plain("test", b"Chancellor on brink of second bailout for banks");
741+
742+
let mut p1_session = musig
743+
.start_encrypted_sign_session(
744+
&keylist,
745+
nonces.clone(),
746+
message,
747+
&encryption_key
748+
)
749+
.unwrap();
750+
let mut p2_session = musig
751+
.start_encrypted_sign_session(
752+
&keylist2,
753+
nonces.clone(),
754+
message,
755+
&encryption_key
756+
)
757+
.unwrap();
758+
let mut p3_session = musig
759+
.start_encrypted_sign_session(
760+
&keylist3,
761+
nonces,
762+
message,
763+
&encryption_key
764+
)
765+
.unwrap();
766+
let p1_sig = musig.sign(&keylist, 0, &keypair1.sk, p1_nonce, &mut p1_session);
767+
let p2_sig = musig.sign(&keylist, 1, &keypair2.sk, p2_nonce, &mut p2_session);
768+
let p3_sig = musig.sign(&keylist, 2, &keypair3.sk, p3_nonce, &mut p3_session);
769+
770+
assert!(musig.verify_partial_signature(&keylist2, &p2_session, 0, p1_sig));
771+
assert!(musig.verify_partial_signature(&keylist, &p1_session, 0, p1_sig));
772+
773+
let partial_sigs = vec![p1_sig, p2_sig, p3_sig];
774+
let combined_sig_p1 = musig.combine_partial_encrypted_signatures(&keylist, &p1_session, partial_sigs.clone());
775+
let combined_sig_p2 = musig.combine_partial_encrypted_signatures(&keylist2, &p2_session, partial_sigs.clone());
776+
let combined_sig_p3 = musig.combine_partial_encrypted_signatures(&keylist3, &p3_session, partial_sigs);
777+
assert_eq!(combined_sig_p1, combined_sig_p2);
778+
assert_eq!(combined_sig_p1, combined_sig_p3);
779+
assert!(musig
780+
.schnorr
781+
.verify_encrypted_signature(&keylist.agg_verification_key(), &encryption_key, message, &combined_sig_p1));
782+
assert!(musig
783+
.schnorr
784+
.verify_encrypted_signature(&keylist2.agg_verification_key(), &encryption_key, message, &combined_sig_p2));
785+
assert!(musig
786+
.schnorr
787+
.verify_encrypted_signature(&keylist2.agg_verification_key(), &encryption_key, message, &combined_sig_p3));
694788
}
695789
}
696790

0 commit comments

Comments
 (0)