kris
/
SIDH_p751
1
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
126 Commit
14 Rami (Branch)
653 KiB
Albero (Tree): 70b81002a7
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '70b81002a7'
${ noResults }
SIDH_p751/p503/curve_test.go

curve_test.go 4.9 KiB
Originale Vista normale Cronologia

p503 in SIDH/SIKE * Makes it possible to use p503 in SIDH and SIKE * Refactors tests so that unit tests in SIKE and SIDH are run for each prime field. It adds test data array called 'tdata' which describes test parameters for underlying prime field. When new field is added, it's enough to simply add new test data to 'tdata' vector in order to run all existing tests with new prime field. * SIKE/p503 is now tested with official test vectors from NIST submission
6 anni fa
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. package p503

  2. 

  3. import (

  4. 	"bytes"

  5. 	. "github.com/cloudflare/p751sidh/internal/isogeny"

  6. 	"testing"

  7. 	"testing/quick"

  8. )

  9. 

  10. func TestOne(t *testing.T) {

  11. 	var tmp Fp2Element

  12. 

  13. 	kFieldOps.Mul(&tmp, &P503_OneFp2, &affine_xP)

  14. 	if !VartimeEqFp2(&tmp, &affine_xP) {

  15. 		t.Error("Not equal 1")

  16. 	}

  17. }

  18. 

  19. // This test is here only to ensure that ScalarMult helper works correctly

  20. func TestScalarMultVersusSage(t *testing.T) {

  21. 	var xP ProjectivePoint

  22. 

  23. 	xP = ProjectivePoint{X: affine_xP, Z: P503_OneFp2}

  24. 	xP = ScalarMult(&curve, &xP, mScalarBytes[:]) // = x([m]P)

  25. 	affine_xQ := xP.ToAffine(kCurveOps)

  26. 	if !VartimeEqFp2(&affine_xaP, affine_xQ) {

  27. 		t.Error("\nExpected\n", affine_xaP, "\nfound\n", affine_xQ)

  28. 	}

  29. }

  30. 

  31. func Test_jInvariant(t *testing.T) {

  32. 	var curve = ProjectiveCurveParameters{A: curve_A, C: curve_C}

  33. 	var jbufRes [P503_SharedSecretSize]byte

  34. 	var jbufExp [P503_SharedSecretSize]byte

  35. 	// Computed using Sage

  36. 	// j = 3674553797500778604587777859668542828244523188705960771798425843588160903687122861541242595678107095655647237100722594066610650373491179241544334443939077738732728884873568393760629500307797547379838602108296735640313894560419*i + 3127495302417548295242630557836520229396092255080675419212556702820583041296798857582303163183558315662015469648040494128968509467224910895884358424271180055990446576645240058960358037224785786494172548090318531038910933793845

  37. 	var known_j = Fp2Element{

  38. 		A: FpElement{0x2c441d03b72e27c, 0xf2c6748151dbf84, 0x3a774f6191070e, 0xa7c6212c9c800ba6, 0x23921b5cf09abc27, 0x9e1baefbb3cd4265, 0x8cd6a289f12e10dc, 0x3fa364128cf87e},

  39. 		B: FpElement{0xe7497ac2bf6b0596, 0x629ee01ad23bd039, 0x95ee11587a119fa7, 0x572fb28a24772269, 0x3c00410b6c71567e, 0xe681e83a345f8a34, 0x65d21b1d96bd2d52, 0x7889a47e58901},

  40. 	}

  41. 	kCurveOps.Jinvariant(&curve, jbufRes[:])

  42. 	kCurveOps.Fp2ToBytes(jbufExp[:], &known_j)

  43. 

  44. 	if !bytes.Equal(jbufRes[:], jbufExp[:]) {

  45. 		t.Error("Computed incorrect j-invariant: found\n", jbufRes, "\nexpected\n", jbufExp)

  46. 	}

  47. }

  48. 

  49. func TestProjectivePointVartimeEq(t *testing.T) {

  50. 	var xP ProjectivePoint

  51. 

  52. 	xP = ProjectivePoint{X: affine_xP, Z: P503_OneFp2}

  53. 	xQ := xP

  54. 	// Scale xQ, which results in the same projective point

  55. 	kFieldOps.Mul(&xQ.X, &xQ.X, &curve_A)

  56. 	kFieldOps.Mul(&xQ.Z, &xQ.Z, &curve_A)

  57. 	if !VartimeEqProjFp2(&xP, &xQ) {

  58. 		t.Error("Expected the scaled point to be equal to the original")

  59. 	}

  60. }

  61. 

  62. func TestPointDoubleVersusSage(t *testing.T) {

  63. 	var curve = ProjectiveCurveParameters{A: curve_A, C: curve_C}

  64. 	var params = kCurveOps.CalcCurveParamsEquiv4(&curve)

  65. 	var xP ProjectivePoint

  66. 

  67. 	xP = ProjectivePoint{X: affine_xP, Z: P503_OneFp2}

  68. 	kCurveOps.Pow2k(&xP, &params, 1)

  69. 	affine_xQ := xP.ToAffine(kCurveOps)

  70. 	if !VartimeEqFp2(affine_xQ, &affine_xP2) {

  71. 		t.Error("\nExpected\n", affine_xP2, "\nfound\n", affine_xQ)

  72. 	}

  73. }

  74. 

  75. func TestPointMul4VersusSage(t *testing.T) {

  76. 	var params = kCurveOps.CalcCurveParamsEquiv4(&curve)

  77. 	var xP ProjectivePoint

  78. 

  79. 	xP = ProjectivePoint{X: affine_xP, Z: P503_OneFp2}

  80. 	kCurveOps.Pow2k(&xP, &params, 2)

  81. 	affine_xQ := xP.ToAffine(kCurveOps)

  82. 	if !VartimeEqFp2(affine_xQ, &affine_xP4) {

  83. 		t.Error("\nExpected\n", affine_xP4, "\nfound\n", affine_xQ)

  84. 	}

  85. }

  86. 

  87. func TestPointMul9VersusSage(t *testing.T) {

  88. 	var params = kCurveOps.CalcCurveParamsEquiv3(&curve)

  89. 	var xP ProjectivePoint

  90. 

  91. 	xP = ProjectivePoint{X: affine_xP, Z: P503_OneFp2}

  92. 	kCurveOps.Pow3k(&xP, &params, 2)

  93. 	affine_xQ := xP.ToAffine(kCurveOps)

  94. 	if !VartimeEqFp2(affine_xQ, &affine_xP9) {

  95. 		t.Error("\nExpected\n", affine_xP9, "\nfound\n", affine_xQ)

  96. 	}

  97. }

  98. 

  99. func TestPointPow2kVersusScalarMult(t *testing.T) {

  100. 	var xP, xQ, xR ProjectivePoint

  101. 	var params = kCurveOps.CalcCurveParamsEquiv4(&curve)

  102. 

  103. 	xP = ProjectivePoint{X: affine_xP, Z: P503_OneFp2}

  104. 	xQ = xP

  105. 	kCurveOps.Pow2k(&xQ, &params, 5)

  106. 	xR = ScalarMult(&curve, &xP, []byte{32})

  107. 	affine_xQ := xQ.ToAffine(kCurveOps) // = x([32]P)

  108. 	affine_xR := xR.ToAffine(kCurveOps) // = x([32]P)

  109. 

  110. 	if !VartimeEqFp2(affine_xQ, affine_xR) {

  111. 		t.Error("\nExpected\n", affine_xQ, "\nfound\n", affine_xR)

  112. 	}

  113. }

  114. 

  115. func TestPointTripleVersusAddDouble(t *testing.T) {

  116. 	tripleEqualsAddDouble := func(params GeneratedTestParams) bool {

  117. 		var P2, P3, P2plusP ProjectivePoint

  118. 

  119. 		eqivParams4 := kCurveOps.CalcCurveParamsEquiv4(&params.Cparam)

  120. 		eqivParams3 := kCurveOps.CalcCurveParamsEquiv3(&params.Cparam)

  121. 		P2 = params.Point

  122. 		P3 = params.Point

  123. 		kCurveOps.Pow2k(&P2, &eqivParams4, 1)                   // = x([2]P)

  124. 		kCurveOps.Pow3k(&P3, &eqivParams3, 1)                   // = x([3]P)

  125. 		P2plusP = AddProjFp2(&P2, &params.Point, &params.Point) // = x([2]P + P)

  126. 		return VartimeEqProjFp2(&P3, &P2plusP)

  127. 	}

  128. 

  129. 	if err := quick.Check(tripleEqualsAddDouble, quickCheckConfig); err != nil {

  130. 		t.Error(err)

  131. 	}

  132. }

  133. 

  134. func BenchmarkThreePointLadder255BitScalar(b *testing.B) {

  135. 	var mScalarBytes = [...]uint8{203, 155, 185, 191, 131, 228, 50, 178, 207, 191, 61, 141, 174, 173, 207, 243, 159, 243, 46, 163, 19, 102, 69, 92, 36, 225, 0, 37, 114, 19, 191, 0}

  136. 	for n := 0; n < b.N; n++ {

  137. 		kCurveOps.ScalarMul3Pt(&curve, &threePointLadderInputs[0], &threePointLadderInputs[1], &threePointLadderInputs[2], 255, mScalarBytes[:])

  138. 	}

  139. }