2024-12-05 17:53:43 +08:00
|
|
|
import { describe, it, before } from 'node:test'
|
|
|
|
import assert from 'node:assert'
|
2021-10-30 13:57:29 +02:00
|
|
|
import { Scalar } from "ffjavascript";
|
2021-10-06 11:28:14 +02:00
|
|
|
|
2021-10-30 13:57:29 +02:00
|
|
|
import buildEddsa from "../src/eddsa.js";
|
|
|
|
|
|
|
|
const fromHexString = hexString =>
|
|
|
|
new Uint8Array(hexString.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
|
|
|
|
|
|
|
|
const toHexString = bytes =>
|
|
|
|
bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
|
2021-10-06 11:28:14 +02:00
|
|
|
|
|
|
|
|
2024-12-05 17:53:43 +08:00
|
|
|
describe("EdDSA js test", { timeout: 100000 }, function () {
|
2021-10-06 11:28:14 +02:00
|
|
|
|
2021-10-30 13:57:29 +02:00
|
|
|
let eddsa;
|
2021-10-06 11:28:14 +02:00
|
|
|
|
2021-10-30 13:57:29 +02:00
|
|
|
before(async () => {
|
|
|
|
eddsa = await buildEddsa();
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it("Sign (using Pedersen) a single 10 bytes from 0 to 9", () => {
|
|
|
|
const F = eddsa.babyJub.F;
|
|
|
|
const msgBuf = fromHexString("00010203040506070809");
|
|
|
|
|
|
|
|
const prvKey = fromHexString("0001020304050607080900010203040506070809000102030405060708090001");
|
|
|
|
|
|
|
|
const pubKey = eddsa.prv2pub(prvKey);
|
|
|
|
|
|
|
|
assert(F.eq(pubKey[0], F.e("13277427435165878497778222415993513565335242147425444199013288855685581939618")));
|
|
|
|
assert(F.eq(pubKey[1], F.e("13622229784656158136036771217484571176836296686641868549125388198837476602820")));
|
|
|
|
|
|
|
|
const pPubKey = eddsa.babyJub.packPoint(pubKey);
|
|
|
|
|
|
|
|
const signature = eddsa.signPedersen(prvKey, msgBuf);
|
|
|
|
// console.log(F.toString(signature.R8[0]));
|
|
|
|
assert(F.eq(signature.R8[0], F.e("21253904451576600568378459528205653033385900307028841334532552830614710476912")));
|
|
|
|
// console.log(F.toString(signature.R8[1]));
|
|
|
|
assert(F.eq(signature.R8[1], F.e("20125634407542493427571099944365246191501563803226486072348038614369379124499")));
|
|
|
|
// console.log(Scalar.toString(signature.S));
|
|
|
|
assert(Scalar.eq(signature.S, Scalar.e("2129243915978267980511515511350111723623685317644064470882297086073041379651")));
|
|
|
|
|
|
|
|
const pSignature = eddsa.packSignature(signature);
|
|
|
|
|
|
|
|
// console.log(toHexString(pSignature));
|
|
|
|
assert.equal(toHexString(pSignature), ""+
|
|
|
|
"138501d9e734e73f485269bcdc29a9ef2da3fac2f5c9653761d0364f95b47eac"+
|
|
|
|
"43e1a02b56ff3dacfdac040f3e8c2023dc259ba3f6880ca8ad246b4bfe1bb504");
|
|
|
|
|
|
|
|
const uSignature = eddsa.unpackSignature(pSignature);
|
|
|
|
assert(eddsa.verifyPedersen(msgBuf, uSignature, pubKey));
|
|
|
|
|
|
|
|
});
|
|
|
|
|
2021-10-06 11:28:14 +02:00
|
|
|
it("Sign (using Mimc7) a single 10 bytes from 0 to 9", () => {
|
2021-10-30 13:57:29 +02:00
|
|
|
const F = eddsa.babyJub.F;
|
|
|
|
const msgBuf = fromHexString("000102030405060708090000");
|
|
|
|
|
|
|
|
const msg = eddsa.babyJub.F.e(Scalar.fromRprLE(msgBuf, 0));
|
2021-10-06 11:28:14 +02:00
|
|
|
|
|
|
|
// const prvKey = crypto.randomBytes(32);
|
|
|
|
|
|
|
|
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
|
|
|
|
|
|
const pubKey = eddsa.prv2pub(prvKey);
|
|
|
|
|
2021-10-30 13:57:29 +02:00
|
|
|
assert(F.eq(pubKey[0], F.e("13277427435165878497778222415993513565335242147425444199013288855685581939618")));
|
|
|
|
assert(F.eq(pubKey[1], F.e("13622229784656158136036771217484571176836296686641868549125388198837476602820")));
|
2021-10-06 11:28:14 +02:00
|
|
|
|
2021-10-30 13:57:29 +02:00
|
|
|
const pPubKey = eddsa.babyJub.packPoint(pubKey);
|
2021-10-06 11:28:14 +02:00
|
|
|
|
|
|
|
const signature = eddsa.signMiMC(prvKey, msg);
|
2021-10-30 13:57:29 +02:00
|
|
|
// console.log(F.toString(signature.R8[0]));
|
|
|
|
assert(F.eq(signature.R8[0], F.e("11384336176656855268977457483345535180380036354188103142384839473266348197733")));
|
|
|
|
// console.log(F.toString(signature.R8[1]));
|
|
|
|
assert(F.eq(signature.R8[1], F.e("15383486972088797283337779941324724402501462225528836549661220478783371668959")));
|
|
|
|
// console.log(Scalar.toString(signature.S));
|
|
|
|
assert(Scalar.eq(signature.S, Scalar.e("2523202440825208709475937830811065542425109372212752003460238913256192595070")));
|
|
|
|
|
2021-10-06 11:28:14 +02:00
|
|
|
const pSignature = eddsa.packSignature(signature);
|
2021-10-30 13:57:29 +02:00
|
|
|
|
|
|
|
// console.log(toHexString(pSignature));
|
|
|
|
assert.equal(toHexString(pSignature), ""+
|
2021-10-06 11:28:14 +02:00
|
|
|
"dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
|
|
|
|
"7ed40dab29bf993c928e789d007387998901a24913d44fddb64b1f21fc149405");
|
|
|
|
|
|
|
|
const uSignature = eddsa.unpackSignature(pSignature);
|
|
|
|
assert(eddsa.verifyMiMC(msg, uSignature, pubKey));
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
it("Sign (using Poseidon) a single 10 bytes from 0 to 9", () => {
|
2021-10-30 13:57:29 +02:00
|
|
|
const F = eddsa.babyJub.F;
|
|
|
|
const msgBuf = fromHexString("000102030405060708090000");
|
|
|
|
|
|
|
|
const msg = eddsa.babyJub.F.e(Scalar.fromRprLE(msgBuf, 0));
|
|
|
|
|
|
|
|
// const prvKey = crypto.randomBytes(32);
|
2021-10-06 11:28:14 +02:00
|
|
|
|
|
|
|
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
|
|
|
|
|
|
const pubKey = eddsa.prv2pub(prvKey);
|
|
|
|
|
2021-10-30 13:57:29 +02:00
|
|
|
assert(F.eq(pubKey[0], F.e("13277427435165878497778222415993513565335242147425444199013288855685581939618")));
|
|
|
|
assert(F.eq(pubKey[1], F.e("13622229784656158136036771217484571176836296686641868549125388198837476602820")));
|
2021-10-06 11:28:14 +02:00
|
|
|
|
2021-10-30 13:57:29 +02:00
|
|
|
const pPubKey = eddsa.babyJub.packPoint(pubKey);
|
2021-10-06 11:28:14 +02:00
|
|
|
|
|
|
|
const signature = eddsa.signPoseidon(prvKey, msg);
|
2021-10-30 13:57:29 +02:00
|
|
|
// console.log(F.toString(signature.R8[0]));
|
|
|
|
assert(F.eq(signature.R8[0], F.e("11384336176656855268977457483345535180380036354188103142384839473266348197733")));
|
|
|
|
// console.log(F.toString(signature.R8[1]));
|
|
|
|
assert(F.eq(signature.R8[1], F.e("15383486972088797283337779941324724402501462225528836549661220478783371668959")));
|
|
|
|
// console.log(Scalar.toString(signature.S));
|
|
|
|
assert(Scalar.eq(signature.S, Scalar.e("1672775540645840396591609181675628451599263765380031905495115170613215233181")));
|
|
|
|
|
2021-10-06 11:28:14 +02:00
|
|
|
const pSignature = eddsa.packSignature(signature);
|
2021-10-30 13:57:29 +02:00
|
|
|
|
|
|
|
// console.log(toHexString(pSignature));
|
|
|
|
assert.equal(toHexString(pSignature), ""+
|
2021-10-06 11:28:14 +02:00
|
|
|
"dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
|
|
|
|
"9d043ece562a8f82bfc0adb640c0107a7d3a27c1c7c1a6179a0da73de5c1b203");
|
|
|
|
|
|
|
|
const uSignature = eddsa.unpackSignature(pSignature);
|
|
|
|
assert(eddsa.verifyPoseidon(msg, uSignature, pubKey));
|
2021-10-30 13:57:29 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
it("Sign (using mimcsponge) a single 10 bytes from 0 to 9", () => {
|
|
|
|
const F = eddsa.babyJub.F;
|
|
|
|
const msgBuf = fromHexString("000102030405060708090000");
|
|
|
|
|
|
|
|
const msg = eddsa.babyJub.F.e(Scalar.fromRprLE(msgBuf, 0));
|
|
|
|
|
|
|
|
// const prvKey = crypto.randomBytes(32);
|
2021-10-06 11:28:14 +02:00
|
|
|
|
2021-10-30 13:57:29 +02:00
|
|
|
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
|
|
|
|
|
|
|
|
const pubKey = eddsa.prv2pub(prvKey);
|
|
|
|
|
|
|
|
assert(F.eq(pubKey[0], F.e("13277427435165878497778222415993513565335242147425444199013288855685581939618")));
|
|
|
|
assert(F.eq(pubKey[1], F.e("13622229784656158136036771217484571176836296686641868549125388198837476602820")));
|
|
|
|
|
|
|
|
const pPubKey = eddsa.babyJub.packPoint(pubKey);
|
|
|
|
|
|
|
|
const signature = eddsa.signMiMCSponge(prvKey, msg);
|
|
|
|
// console.log(F.toString(signature.R8[0]));
|
|
|
|
assert(F.eq(signature.R8[0], F.e("11384336176656855268977457483345535180380036354188103142384839473266348197733")));
|
|
|
|
// console.log(F.toString(signature.R8[1]));
|
|
|
|
assert(F.eq(signature.R8[1], F.e("15383486972088797283337779941324724402501462225528836549661220478783371668959")));
|
|
|
|
// console.log(Scalar.toString(signature.S));
|
|
|
|
assert(Scalar.eq(signature.S, Scalar.e("1868336918738674306327358602987493427631678603535639134028485964115448322340")));
|
|
|
|
|
|
|
|
const pSignature = eddsa.packSignature(signature);
|
|
|
|
|
|
|
|
// console.log(toHexString(pSignature));
|
|
|
|
assert.equal(toHexString(pSignature), ""+
|
|
|
|
"dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
|
|
|
|
"24599218a1c2e5290bf58b2eec37bfec1395179ed5e817f10f86c9e7f3702104");
|
|
|
|
|
|
|
|
const uSignature = eddsa.unpackSignature(pSignature);
|
|
|
|
assert(eddsa.verifyMiMCSponge(msg, uSignature, pubKey));
|
2021-10-06 11:28:14 +02:00
|
|
|
});
|
|
|
|
});
|