circomlib/test/eddsa.js

73 lines
2.0 KiB
JavaScript

const chai = require("chai");
const path = require("path");
const snarkjs = require("@tornado/snarkjs");
const compiler = require("circom");
// const crypto = require("crypto");
const eddsa = require("../src/eddsa.js");
const babyJub = require("../src/babyjub.js");
const assert = chai.assert;
const bigInt = snarkjs.bigInt;
function print(circuit, w, s) {
console.log(s + ": " + w[circuit.getSignalIdx(s)]);
}
function buffer2bits(buff) {
const res = [];
for (let i = 0; i < buff.length; i++) {
for (let j = 0; j < 8; j++) {
if ((buff[i] >> j) & 1) {
res.push(bigInt.one);
} else {
res.push(bigInt.zero);
}
}
}
return res;
}
describe("EdDSA test", function () {
let circuit;
this.timeout(100000);
before(async () => {
const cirDef = await compiler(path.join(__dirname, "circuits", "eddsa_test.circom"));
circuit = new snarkjs.Circuit(cirDef);
console.log("NConstrains EdDSA: " + circuit.nConstraints);
});
it("Sign a single 10 bytes from 0 to 9", async () => {
const msg = Buffer.from("00010203040506070809", "hex");
// const prvKey = crypto.randomBytes(32);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
const pubKey = eddsa.prv2pub(prvKey);
const pPubKey = babyJub.packPoint(pubKey);
const signature = eddsa.sign(prvKey, msg);
const pSignature = eddsa.packSignature(signature);
const uSignature = eddsa.unpackSignature(pSignature);
assert(eddsa.verify(msg, uSignature, pubKey));
const msgBits = buffer2bits(msg);
const r8Bits = buffer2bits(pSignature.slice(0, 32));
const sBits = buffer2bits(pSignature.slice(32, 64));
const aBits = buffer2bits(pPubKey);
const w = circuit.calculateWitness({ A: aBits, R8: r8Bits, S: sBits, msg: msgBits });
assert(circuit.checkWitness(w));
});
});