circomlibjs/test/eddsa.js
Micah Zoltu fc0c01e400 Removes many dependencies and bundles to ES Module.
* NodeJS has built-in testing tools now, so no need to include Mocha/Chai which bring in a lot of transitive dependencies.
* Removes ethers, as it was only being used for a few utility functions (which are now in `utils.js` and `keccak256`, whiche is better sourced from @noble/hashes.
* Adds @noble/hashes for `keccak256`.
* Removes hardhat, since it was brought in only to test one thing, and it is huge.
* Switches to esbuild for simple ESM targeted bundling with inlnined NodeJS dependencies.
* Pinned all JS dependencies to fixed versions.
* Adds a Dockerfile for generating reproducible builds.
* Commented out two tests that had a dependency on Hardhat.
2024-12-06 13:17:31 +08:00

166 lines
7.5 KiB
JavaScript

import { describe, it, before } from 'node:test'
import assert from 'node:assert'
import { Scalar } from "ffjavascript";
import buildEddsa from "../src/eddsa.js";
const fromHexString = hexString =>
new Uint8Array(hexString.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
const toHexString = bytes =>
bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
describe("EdDSA js test", { timeout: 100000 }, function () {
let eddsa;
before(async () => {
eddsa = await buildEddsa();
});
it("Sign (using Pedersen) a single 10 bytes from 0 to 9", () => {
const F = eddsa.babyJub.F;
const msgBuf = fromHexString("00010203040506070809");
const prvKey = fromHexString("0001020304050607080900010203040506070809000102030405060708090001");
const pubKey = eddsa.prv2pub(prvKey);
assert(F.eq(pubKey[0], F.e("13277427435165878497778222415993513565335242147425444199013288855685581939618")));
assert(F.eq(pubKey[1], F.e("13622229784656158136036771217484571176836296686641868549125388198837476602820")));
const pPubKey = eddsa.babyJub.packPoint(pubKey);
const signature = eddsa.signPedersen(prvKey, msgBuf);
// console.log(F.toString(signature.R8[0]));
assert(F.eq(signature.R8[0], F.e("21253904451576600568378459528205653033385900307028841334532552830614710476912")));
// console.log(F.toString(signature.R8[1]));
assert(F.eq(signature.R8[1], F.e("20125634407542493427571099944365246191501563803226486072348038614369379124499")));
// console.log(Scalar.toString(signature.S));
assert(Scalar.eq(signature.S, Scalar.e("2129243915978267980511515511350111723623685317644064470882297086073041379651")));
const pSignature = eddsa.packSignature(signature);
// console.log(toHexString(pSignature));
assert.equal(toHexString(pSignature), ""+
"138501d9e734e73f485269bcdc29a9ef2da3fac2f5c9653761d0364f95b47eac"+
"43e1a02b56ff3dacfdac040f3e8c2023dc259ba3f6880ca8ad246b4bfe1bb504");
const uSignature = eddsa.unpackSignature(pSignature);
assert(eddsa.verifyPedersen(msgBuf, uSignature, pubKey));
});
it("Sign (using Mimc7) a single 10 bytes from 0 to 9", () => {
const F = eddsa.babyJub.F;
const msgBuf = fromHexString("000102030405060708090000");
const msg = eddsa.babyJub.F.e(Scalar.fromRprLE(msgBuf, 0));
// const prvKey = crypto.randomBytes(32);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
const pubKey = eddsa.prv2pub(prvKey);
assert(F.eq(pubKey[0], F.e("13277427435165878497778222415993513565335242147425444199013288855685581939618")));
assert(F.eq(pubKey[1], F.e("13622229784656158136036771217484571176836296686641868549125388198837476602820")));
const pPubKey = eddsa.babyJub.packPoint(pubKey);
const signature = eddsa.signMiMC(prvKey, msg);
// console.log(F.toString(signature.R8[0]));
assert(F.eq(signature.R8[0], F.e("11384336176656855268977457483345535180380036354188103142384839473266348197733")));
// console.log(F.toString(signature.R8[1]));
assert(F.eq(signature.R8[1], F.e("15383486972088797283337779941324724402501462225528836549661220478783371668959")));
// console.log(Scalar.toString(signature.S));
assert(Scalar.eq(signature.S, Scalar.e("2523202440825208709475937830811065542425109372212752003460238913256192595070")));
const pSignature = eddsa.packSignature(signature);
// console.log(toHexString(pSignature));
assert.equal(toHexString(pSignature), ""+
"dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
"7ed40dab29bf993c928e789d007387998901a24913d44fddb64b1f21fc149405");
const uSignature = eddsa.unpackSignature(pSignature);
assert(eddsa.verifyMiMC(msg, uSignature, pubKey));
});
it("Sign (using Poseidon) a single 10 bytes from 0 to 9", () => {
const F = eddsa.babyJub.F;
const msgBuf = fromHexString("000102030405060708090000");
const msg = eddsa.babyJub.F.e(Scalar.fromRprLE(msgBuf, 0));
// const prvKey = crypto.randomBytes(32);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
const pubKey = eddsa.prv2pub(prvKey);
assert(F.eq(pubKey[0], F.e("13277427435165878497778222415993513565335242147425444199013288855685581939618")));
assert(F.eq(pubKey[1], F.e("13622229784656158136036771217484571176836296686641868549125388198837476602820")));
const pPubKey = eddsa.babyJub.packPoint(pubKey);
const signature = eddsa.signPoseidon(prvKey, msg);
// console.log(F.toString(signature.R8[0]));
assert(F.eq(signature.R8[0], F.e("11384336176656855268977457483345535180380036354188103142384839473266348197733")));
// console.log(F.toString(signature.R8[1]));
assert(F.eq(signature.R8[1], F.e("15383486972088797283337779941324724402501462225528836549661220478783371668959")));
// console.log(Scalar.toString(signature.S));
assert(Scalar.eq(signature.S, Scalar.e("1672775540645840396591609181675628451599263765380031905495115170613215233181")));
const pSignature = eddsa.packSignature(signature);
// console.log(toHexString(pSignature));
assert.equal(toHexString(pSignature), ""+
"dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
"9d043ece562a8f82bfc0adb640c0107a7d3a27c1c7c1a6179a0da73de5c1b203");
const uSignature = eddsa.unpackSignature(pSignature);
assert(eddsa.verifyPoseidon(msg, uSignature, pubKey));
});
it("Sign (using mimcsponge) a single 10 bytes from 0 to 9", () => {
const F = eddsa.babyJub.F;
const msgBuf = fromHexString("000102030405060708090000");
const msg = eddsa.babyJub.F.e(Scalar.fromRprLE(msgBuf, 0));
// const prvKey = crypto.randomBytes(32);
const prvKey = Buffer.from("0001020304050607080900010203040506070809000102030405060708090001", "hex");
const pubKey = eddsa.prv2pub(prvKey);
assert(F.eq(pubKey[0], F.e("13277427435165878497778222415993513565335242147425444199013288855685581939618")));
assert(F.eq(pubKey[1], F.e("13622229784656158136036771217484571176836296686641868549125388198837476602820")));
const pPubKey = eddsa.babyJub.packPoint(pubKey);
const signature = eddsa.signMiMCSponge(prvKey, msg);
// console.log(F.toString(signature.R8[0]));
assert(F.eq(signature.R8[0], F.e("11384336176656855268977457483345535180380036354188103142384839473266348197733")));
// console.log(F.toString(signature.R8[1]));
assert(F.eq(signature.R8[1], F.e("15383486972088797283337779941324724402501462225528836549661220478783371668959")));
// console.log(Scalar.toString(signature.S));
assert(Scalar.eq(signature.S, Scalar.e("1868336918738674306327358602987493427631678603535639134028485964115448322340")));
const pSignature = eddsa.packSignature(signature);
// console.log(toHexString(pSignature));
assert.equal(toHexString(pSignature), ""+
"dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+
"24599218a1c2e5290bf58b2eec37bfec1395179ed5e817f10f86c9e7f3702104");
const uSignature = eddsa.unpackSignature(pSignature);
assert(eddsa.verifyMiMCSponge(msg, uSignature, pubKey));
});
});