import { deepStrictEqual, throws } from 'assert'; import { should } from 'micro-should'; import * as fc from 'fast-check'; import { ed25519, ed448 } from '../lib/ed.js'; import { hexToBytes, bytesToHex, randomBytes } from '@noble/hashes/utils'; import { default as ed448vectors } from './wycheproof/ed448_test.json' assert { type: 'json' }; import { default as x448vectors } from './wycheproof/x448_test.json' assert { type: 'json' }; const ed = ed448; const hex = bytesToHex; ed.utils.precompute(4); should(`Basic`, () => { const G1 = ed.Point.BASE; deepStrictEqual( G1.x, 224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710n ); deepStrictEqual( G1.y, 298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660n ); const G2 = ed.Point.BASE.multiply(2n); deepStrictEqual( G2.x, 484559149530404593699549205258669689569094240458212040187660132787056912146709081364401144455726350866276831544947397859048262938744149n ); deepStrictEqual( G2.y, 494088759867433727674302672526735089350544552303727723746126484473087719117037293890093462157703888342865036477787453078312060500281069n ); const G3 = ed.Point.BASE.multiply(3n); deepStrictEqual( G3.x, 23839778817283171003887799738662344287085130522697782688245073320169861206004018274567429238677677920280078599146891901463786155880335n ); deepStrictEqual( G3.y, 636046652612779686502873775776967954190574036985351036782021535703553242737829645273154208057988851307101009474686328623630835377952508n ); }); should('Basic/decompress', () => { const G1 = ed.Point.BASE; const G2 = ed.Point.BASE.multiply(2n); const G3 = ed.Point.BASE.multiply(3n); const points = [G1, G2, G3]; const getXY = (p) => ({ x: p.x, y: p.y }); for (const p of points) deepStrictEqual(getXY(ed.Point.fromHex(p.toHex())), getXY(p)); }); const VECTORS_RFC8032 = [ { secretKey: '6c82a562cb808d10d632be89c8513ebf' + '6c929f34ddfa8c9f63c9960ef6e348a3' + '528c8a3fcc2f044e39a3fc5b94492f8f' + '032e7549a20098f95b', publicKey: '5fd7449b59b461fd2ce787ec616ad46a' + '1da1342485a70e1f8a0ea75d80e96778' + 'edf124769b46c7061bd6783df1e50f6c' + 'd1fa1abeafe8256180', message: '', signature: '533a37f6bbe457251f023c0d88f976ae' + '2dfb504a843e34d2074fd823d41a591f' + '2b233f034f628281f2fd7a22ddd47d78' + '28c59bd0a21bfd3980ff0d2028d4b18a' + '9df63e006c5d1c2d345b925d8dc00b41' + '04852db99ac5c7cdda8530a113a0f4db' + 'b61149f05a7363268c71d95808ff2e65' + '2600', }, { secretKey: 'c4eab05d357007c632f3dbb48489924d' + '552b08fe0c353a0d4a1f00acda2c463a' + 'fbea67c5e8d2877c5e3bc397a659949e' + 'f8021e954e0a12274e', publicKey: '43ba28f430cdff456ae531545f7ecd0a' + 'c834a55d9358c0372bfa0c6c6798c086' + '6aea01eb00742802b8438ea4cb82169c' + '235160627b4c3a9480', message: '03', signature: '26b8f91727bd62897af15e41eb43c377' + 'efb9c610d48f2335cb0bd0087810f435' + '2541b143c4b981b7e18f62de8ccdf633' + 'fc1bf037ab7cd779805e0dbcc0aae1cb' + 'cee1afb2e027df36bc04dcecbf154336' + 'c19f0af7e0a6472905e799f1953d2a0f' + 'f3348ab21aa4adafd1d234441cf807c0' + '3a00', }, { secretKey: 'cd23d24f714274e744343237b93290f5' + '11f6425f98e64459ff203e8985083ffd' + 'f60500553abc0e05cd02184bdb89c4cc' + 'd67e187951267eb328', publicKey: 'dcea9e78f35a1bf3499a831b10b86c90' + 'aac01cd84b67a0109b55a36e9328b1e3' + '65fce161d71ce7131a543ea4cb5f7e9f' + '1d8b00696447001400', message: '0c3e544074ec63b0265e0c', signature: '1f0a8888ce25e8d458a21130879b840a' + '9089d999aaba039eaf3e3afa090a09d3' + '89dba82c4ff2ae8ac5cdfb7c55e94d5d' + '961a29fe0109941e00b8dbdeea6d3b05' + '1068df7254c0cdc129cbe62db2dc957d' + 'bb47b51fd3f213fb8698f064774250a5' + '028961c9bf8ffd973fe5d5c206492b14' + '0e00', }, { secretKey: '258cdd4ada32ed9c9ff54e63756ae582' + 'fb8fab2ac721f2c8e676a72768513d93' + '9f63dddb55609133f29adf86ec9929dc' + 'cb52c1c5fd2ff7e21b', publicKey: '3ba16da0c6f2cc1f30187740756f5e79' + '8d6bc5fc015d7c63cc9510ee3fd44adc' + '24d8e968b6e46e6f94d19b945361726b' + 'd75e149ef09817f580', message: '64a65f3cdedcdd66811e2915', signature: '7eeeab7c4e50fb799b418ee5e3197ff6' + 'bf15d43a14c34389b59dd1a7b1b85b4a' + 'e90438aca634bea45e3a2695f1270f07' + 'fdcdf7c62b8efeaf00b45c2c96ba457e' + 'b1a8bf075a3db28e5c24f6b923ed4ad7' + '47c3c9e03c7079efb87cb110d3a99861' + 'e72003cbae6d6b8b827e4e6c143064ff' + '3c00', }, { secretKey: '7ef4e84544236752fbb56b8f31a23a10' + 'e42814f5f55ca037cdcc11c64c9a3b29' + '49c1bb60700314611732a6c2fea98eeb' + 'c0266a11a93970100e', publicKey: 'b3da079b0aa493a5772029f0467baebe' + 'e5a8112d9d3a22532361da294f7bb381' + '5c5dc59e176b4d9f381ca0938e13c6c0' + '7b174be65dfa578e80', message: '64a65f3cdedcdd66811e2915e7', signature: '6a12066f55331b6c22acd5d5bfc5d712' + '28fbda80ae8dec26bdd306743c5027cb' + '4890810c162c027468675ecf645a8317' + '6c0d7323a2ccde2d80efe5a1268e8aca' + '1d6fbc194d3f77c44986eb4ab4177919' + 'ad8bec33eb47bbb5fc6e28196fd1caf5' + '6b4e7e0ba5519234d047155ac727a105' + '3100', }, { secretKey: 'd65df341ad13e008567688baedda8e9d' + 'cdc17dc024974ea5b4227b6530e339bf' + 'f21f99e68ca6968f3cca6dfe0fb9f4fa' + 'b4fa135d5542ea3f01', publicKey: 'df9705f58edbab802c7f8363cfe5560a' + 'b1c6132c20a9f1dd163483a26f8ac53a' + '39d6808bf4a1dfbd261b099bb03b3fb5' + '0906cb28bd8a081f00', message: 'bd0f6a3747cd561bdddf4640a332461a' + '4a30a12a434cd0bf40d766d9c6d458e5' + '512204a30c17d1f50b5079631f64eb31' + '12182da3005835461113718d1a5ef944', signature: '554bc2480860b49eab8532d2a533b7d5' + '78ef473eeb58c98bb2d0e1ce488a98b1' + '8dfde9b9b90775e67f47d4a1c3482058' + 'efc9f40d2ca033a0801b63d45b3b722e' + 'f552bad3b4ccb667da350192b61c508c' + 'f7b6b5adadc2c8d9a446ef003fb05cba' + '5f30e88e36ec2703b349ca229c267083' + '3900', }, { secretKey: '2ec5fe3c17045abdb136a5e6a913e32a' + 'b75ae68b53d2fc149b77e504132d3756' + '9b7e766ba74a19bd6162343a21c8590a' + 'a9cebca9014c636df5', publicKey: '79756f014dcfe2079f5dd9e718be4171' + 'e2ef2486a08f25186f6bff43a9936b9b' + 'fe12402b08ae65798a3d81e22e9ec80e' + '7690862ef3d4ed3a00', message: '15777532b0bdd0d1389f636c5f6b9ba7' + '34c90af572877e2d272dd078aa1e567c' + 'fa80e12928bb542330e8409f31745041' + '07ecd5efac61ae7504dabe2a602ede89' + 'e5cca6257a7c77e27a702b3ae39fc769' + 'fc54f2395ae6a1178cab4738e543072f' + 'c1c177fe71e92e25bf03e4ecb72f47b6' + '4d0465aaea4c7fad372536c8ba516a60' + '39c3c2a39f0e4d832be432dfa9a706a6' + 'e5c7e19f397964ca4258002f7c0541b5' + '90316dbc5622b6b2a6fe7a4abffd9610' + '5eca76ea7b98816af0748c10df048ce0' + '12d901015a51f189f3888145c03650aa' + '23ce894c3bd889e030d565071c59f409' + 'a9981b51878fd6fc110624dcbcde0bf7' + 'a69ccce38fabdf86f3bef6044819de11', signature: 'c650ddbb0601c19ca11439e1640dd931' + 'f43c518ea5bea70d3dcde5f4191fe53f' + '00cf966546b72bcc7d58be2b9badef28' + '743954e3a44a23f880e8d4f1cfce2d7a' + '61452d26da05896f0a50da66a239a8a1' + '88b6d825b3305ad77b73fbac0836ecc6' + '0987fd08527c1a8e80d5823e65cafe2a' + '3d00', }, { secretKey: '872d093780f5d3730df7c212664b37b8' + 'a0f24f56810daa8382cd4fa3f77634ec' + '44dc54f1c2ed9bea86fafb7632d8be19' + '9ea165f5ad55dd9ce8', publicKey: 'a81b2e8a70a5ac94ffdbcc9badfc3feb' + '0801f258578bb114ad44ece1ec0e799d' + 'a08effb81c5d685c0c56f64eecaef8cd' + 'f11cc38737838cf400', message: '6ddf802e1aae4986935f7f981ba3f035' + '1d6273c0a0c22c9c0e8339168e675412' + 'a3debfaf435ed651558007db4384b650' + 'fcc07e3b586a27a4f7a00ac8a6fec2cd' + '86ae4bf1570c41e6a40c931db27b2faa' + '15a8cedd52cff7362c4e6e23daec0fbc' + '3a79b6806e316efcc7b68119bf46bc76' + 'a26067a53f296dafdbdc11c77f7777e9' + '72660cf4b6a9b369a6665f02e0cc9b6e' + 'dfad136b4fabe723d2813db3136cfde9' + 'b6d044322fee2947952e031b73ab5c60' + '3349b307bdc27bc6cb8b8bbd7bd32321' + '9b8033a581b59eadebb09b3c4f3d2277' + 'd4f0343624acc817804728b25ab79717' + '2b4c5c21a22f9c7839d64300232eb66e' + '53f31c723fa37fe387c7d3e50bdf9813' + 'a30e5bb12cf4cd930c40cfb4e1fc6225' + '92a49588794494d56d24ea4b40c89fc0' + '596cc9ebb961c8cb10adde976a5d602b' + '1c3f85b9b9a001ed3c6a4d3b1437f520' + '96cd1956d042a597d561a596ecd3d173' + '5a8d570ea0ec27225a2c4aaff26306d1' + '526c1af3ca6d9cf5a2c98f47e1c46db9' + 'a33234cfd4d81f2c98538a09ebe76998' + 'd0d8fd25997c7d255c6d66ece6fa56f1' + '1144950f027795e653008f4bd7ca2dee' + '85d8e90f3dc315130ce2a00375a318c7' + 'c3d97be2c8ce5b6db41a6254ff264fa6' + '155baee3b0773c0f497c573f19bb4f42' + '40281f0b1f4f7be857a4e59d416c06b4' + 'c50fa09e1810ddc6b1467baeac5a3668' + 'd11b6ecaa901440016f389f80acc4db9' + '77025e7f5924388c7e340a732e554440' + 'e76570f8dd71b7d640b3450d1fd5f041' + '0a18f9a3494f707c717b79b4bf75c984' + '00b096b21653b5d217cf3565c9597456' + 'f70703497a078763829bc01bb1cbc8fa' + '04eadc9a6e3f6699587a9e75c94e5bab' + '0036e0b2e711392cff0047d0d6b05bd2' + 'a588bc109718954259f1d86678a579a3' + '120f19cfb2963f177aeb70f2d4844826' + '262e51b80271272068ef5b3856fa8535' + 'aa2a88b2d41f2a0e2fda7624c2850272' + 'ac4a2f561f8f2f7a318bfd5caf969614' + '9e4ac824ad3460538fdc25421beec2cc' + '6818162d06bbed0c40a387192349db67' + 'a118bada6cd5ab0140ee273204f628aa' + 'd1c135f770279a651e24d8c14d75a605' + '9d76b96a6fd857def5e0b354b27ab937' + 'a5815d16b5fae407ff18222c6d1ed263' + 'be68c95f32d908bd895cd76207ae7264' + '87567f9a67dad79abec316f683b17f2d' + '02bf07e0ac8b5bc6162cf94697b3c27c' + 'd1fea49b27f23ba2901871962506520c' + '392da8b6ad0d99f7013fbc06c2c17a56' + '9500c8a7696481c1cd33e9b14e40b82e' + '79a5f5db82571ba97bae3ad3e0479515' + 'bb0e2b0f3bfcd1fd33034efc6245eddd' + '7ee2086ddae2600d8ca73e214e8c2b0b' + 'db2b047c6a464a562ed77b73d2d841c4' + 'b34973551257713b753632efba348169' + 'abc90a68f42611a40126d7cb21b58695' + '568186f7e569d2ff0f9e745d0487dd2e' + 'b997cafc5abf9dd102e62ff66cba87', signature: 'e301345a41a39a4d72fff8df69c98075' + 'a0cc082b802fc9b2b6bc503f926b65bd' + 'df7f4c8f1cb49f6396afc8a70abe6d8a' + 'ef0db478d4c6b2970076c6a0484fe76d' + '76b3a97625d79f1ce240e7c576750d29' + '5528286f719b413de9ada3e8eb78ed57' + '3603ce30d8bb761785dc30dbc320869e' + '1a00', }, ]; for (let i = 0; i < VECTORS_RFC8032.length; i++) { const v = VECTORS_RFC8032[i]; should(`RFC8032/${i}`, () => { deepStrictEqual(hex(ed.getPublicKey(v.secretKey)), v.publicKey); deepStrictEqual(hex(ed.sign(v.message, v.secretKey)), v.signature); deepStrictEqual(ed.verify(v.signature, v.message, v.publicKey), true); }); } should('ed448/should not accept >57byte private keys', async () => { const invalidPriv = 100000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800073278156000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000n; throws(() => ed.getPublicKey(invalidPriv)); }); function to57Bytes(numOrStr) { let hex = typeof numOrStr === 'string' ? numOrStr : numOrStr.toString(16); return hexToBytes(hex.padStart(114, '0')); } should('ed448/should verify recent signature', () => { fc.assert( fc.property( fc.hexaString({ minLength: 2, maxLength: 57 }), fc.bigInt(2n, ed.CURVE.n), (message, privateKey) => { const publicKey = ed.getPublicKey(to57Bytes(privateKey)); const signature = ed.sign(to57Bytes(message), to57Bytes(privateKey)); deepStrictEqual(publicKey.length, 57); deepStrictEqual(signature.length, 114); deepStrictEqual(ed.verify(signature, to57Bytes(message), publicKey), true); } ), { numRuns: 5 } ); }); should('ed448/should not verify signature with wrong message', () => { fc.assert( fc.property( fc.array(fc.integer({ min: 0x00, max: 0xff })), fc.array(fc.integer({ min: 0x00, max: 0xff })), fc.bigInt(1n, ed.CURVE.n), (bytes, wrongBytes, privateKey) => { const message = new Uint8Array(bytes); const wrongMessage = new Uint8Array(wrongBytes); const priv = to57Bytes(privateKey); const publicKey = ed.getPublicKey(priv); const signature = ed.sign(message, priv); deepStrictEqual( ed.verify(signature, wrongMessage, publicKey), bytes.toString() === wrongBytes.toString() ); } ), { numRuns: 5 } ); }); const privKey = to57Bytes('a665a45920422f9d417e4867ef'); const msg = hexToBytes('874f9960c5d2b7a9b5fad383e1ba44719ebb743a'); const wrongMsg = hexToBytes('589d8c7f1da0a24bc07b7381ad48b1cfc211af1c'); should('ed25519/basic methods/should sign and verify', () => { const publicKey = ed.getPublicKey(privKey); const signature = ed.sign(msg, privKey); deepStrictEqual(ed.verify(signature, msg, publicKey), true); }); should('ed25519/basic methods/should not verify signature with wrong public key', () => { const publicKey = ed.getPublicKey(12); const signature = ed.sign(msg, privKey); deepStrictEqual(ed.verify(signature, msg, publicKey), false); }); should('ed25519/basic methods/should not verify signature with wrong hash', () => { const publicKey = ed.getPublicKey(privKey); const signature = ed.sign(msg, privKey); deepStrictEqual(ed.verify(signature, wrongMsg, publicKey), false); }); should('ed25519/sync methods/should sign and verify', () => { const publicKey = ed.getPublicKey(privKey); const signature = ed.sign(msg, privKey); deepStrictEqual(ed.verify(signature, msg, publicKey), true); }); should('ed25519/sync methods/should not verify signature with wrong public key', async () => { const publicKey = ed.getPublicKey(12); const signature = ed.sign(msg, privKey); deepStrictEqual(ed.verify(signature, msg, publicKey), false); }); should('ed25519/sync methods/should not verify signature with wrong hash', async () => { const publicKey = ed.getPublicKey(privKey); const signature = ed.sign(msg, privKey); deepStrictEqual(ed.verify(signature, wrongMsg, publicKey), false); }); should('ed25519/BASE_POINT.multiply()/should throw Point#multiply on TEST 5', () => { for (const num of [0n, 0, -1n, -1, 1.1]) { throws(() => ed.Point.BASE.multiply(num)); } }); // should('ed25519/getSharedSecret()/should convert base point to montgomery using toX25519()', () => { // deepStrictEqual(hex(ed.Point.BASE.toX25519()), ed.curve25519.BASE_POINT_U); // }); // should('ed25519/getSharedSecret()/should be commutative', async () => { // for (let i = 0; i < 512; i++) { // const asec = ed.utils.randomPrivateKey(); // const apub = ed.getPublicKey(asec); // const bsec = ed.utils.randomPrivateKey(); // const bpub = ed.getPublicKey(bsec); // try { // deepStrictEqual(ed.getSharedSecret(asec, bpub), ed.getSharedSecret(bsec, apub)); // } catch (error) { // console.error('not commutative', { asec, apub, bsec, bpub }); // throw error; // } // } // }); should('input immutability: sign/verify are immutable', () => { const privateKey = ed.utils.randomPrivateKey(); const publicKey = ed.getPublicKey(privateKey); for (let i = 0; i < 100; i++) { let payload = randomBytes(100); let signature = ed.sign(payload, privateKey); if (!ed.verify(signature, payload, publicKey)) { throw new Error('Signature verification failed'); } const signatureCopy = Buffer.alloc(signature.byteLength); signatureCopy.set(signature, 0); // <-- breaks payload = payload.slice(); signature = signature.slice(); if (!ed.verify(signatureCopy, payload, publicKey)) throw new Error('Copied signature verification failed'); } }); { for (let g = 0; g < ed448vectors.testGroups.length; g++) { const group = ed448vectors.testGroups[g]; const key = group.key; should(`Wycheproof/ED448(${g}, public)`, () => { deepStrictEqual(hex(ed.getPublicKey(key.sk)), key.pk); }); for (let i = 0; i < group.tests.length; i++) { const v = group.tests[i]; should(`Wycheproof/ED448(${g}/${i}, ${v.result}): ${v.comment}`, () => { if (v.result === 'valid' || v.result === 'acceptable') { deepStrictEqual(hex(ed.sign(v.msg, key.sk)), v.sig); deepStrictEqual(ed.verify(v.sig, v.msg, key.pk), true); } else if (v.result === 'invalid') { let failed = false; try { failed = !ed.verify(v.sig, v.msg, key.pk); } catch (error) { failed = true; } deepStrictEqual(failed, true, 'invalid'); } else throw new Error('unknown test result'); }); } } } // { // const group = x25519vectors.testGroups[0]; // for (let i = 0; i < group.tests.length; i++) { // const v = group.tests[i]; // should(`Wycheproof/X25519(${i}, ${v.result}) ${v.comment}`, () => { // if (v.result === 'valid' || v.result === 'acceptable') { // try { // ed.Point.fromHex(v.public); // } catch (e) { // if (e.message.includes('Point.fromHex: invalid y coordinate')) return; // throw e; // } // const shared = hex(ed.getSharedSecret(v.private, v.public)); // deepStrictEqual(shared, v.shared, 'valid'); // } else if (v.result === 'invalid') { // let failed = false; // try { // ed.getSharedSecret(v.private, v.public); // } catch (error) { // failed = true; // } // deepStrictEqual(failed, true, 'invalid'); // } else throw new Error('unknown test result'); // }); // } // } // ESM is broken. import url from 'url'; if (import.meta.url === url.pathToFileURL(process.argv[1]).href) { should.run(); } /* OUR: verify(r) Point { x: 117083889870452976893611547833716470707682026107584166971579726410379933200511856552571178072395970298806909801597194212619985635844270n, y: 664613439225768038924451828443390535972832706605490606711138767575182918078146210986473699054775106829537240700777959779811881639147732n } verify(s) 171560600556246420336815304075147406138580530023825761769062776185328256162525428025207885397693292244020015666168990464688721996580108n verify(G*s) Point { x: 162580569181617012512915096099987276929520102470148179595683186785564923123644100210058934137413137508679834237807539232961980479559703n, y: 300823828808029813226461528962321558722882991716498392051038897352648558972404548670077149616666377671445681138581862112882370877960540n } verify(k, hashed) 8903905151968610333524336167784696500100432517973872822290595420701503447289798240464976231189650851226450153394571270017367997886911n verify(kA, pubKey*k) Point { x: 689275764828592611152871878771714953006357504547408405065617338137477032523786110957620128317758694018203461690302684307888964572340785n, y: 481328274497162994197716136544465653692120986048960981855841218770941500118441012672159998270864104759919787387966448820647078734831560n } verify(RkA, r+kA) Point { x: 122982406147090575324915101352793466553671728663998628086189507014151752138194638629641411526703069442455515495095211707112301230852909n, y: 628599576854758762451451863221817761200843280520482487953855243757271313346398229758661810534375546179313418158952236033181207878869809n } verify(RkA*h) Point { x: 285367816437357046852385747901568148949273863571594761351869427482364138883891040584481510007402650226067916995110428282873262921611092n, y: 156274886003874424437114343095234538185297810914769372891105611450134155931335556420419362638465757217877136785807507867845960943191541n } verify(SB*h) Point { x: 49879895074926972607089290381794972663529905435154505099510082025305354413619454150885832024420892269163908738032246918490575686924369n, y: 493395180352948178031760912270438078255871801590750728653962749871941650726588112030608282487999493622892374555049324278196950479173047n } verify(RkA-SB) Point { x: 387994761565948378495106619286831545021939931213704916072043327425382665414799988004170105004375426191018762465670849206465968350321870n, y: 6861694927033303775201514393095605504169468049999574963263295660536234490030921387020643041252124207285319521500442198840633575797105n } verify((RkA-SB)*h) Point { x: 459153706735977722773001536505633023208447605158247558496590837749184216434578577646373840599757767671074933212247199030379143045005320n, y: 610562540704855906228140299454456520343298226945170317172546981746408207471796755968182254530606222931325758957275600304516146767443812n } verify(R) x=117083889870452976893611547833716470707682026107584166971579726410379933200511856552571178072395970298806909801597194212619985635844270 y=664613439225768038924451828443390535972832706605490606711138767575182918078146210986473699054775106829537240700777959779811881639147732 verify(S) 171560600556246420336815304075147406138580530023825761769062776185328256162525428025207885397693292244020015666168990464688721996580108 Verify parsed !!!!!!!! CTX True b'' b'53696745643434380000' verify(h) 8903905151968610333524336167784696500100432517973872822290595420701503447289798240464976231189650851226450153394571270017367997886911 MUL 8903905151968610333524336167784696500100432517973872822290595420701503447289798240464976231189650851226450153394571270017367997886911 MUL 171560600556246420336815304075147406138580530023825761769062776185328256162525428025207885397693292244020015666168990464688721996580108 verify((R+(a*h)) ) x=122982406147090575324915101352793466553671728663998628086189507014151752138194638629641411526703069442455515495095211707112301230852909 y=628599576854758762451451863221817761200843280520482487953855243757271313346398229758661810534375546179313418158952236033181207878869809 ok ^ verify(B*S) x=162580569181617012512915096099987276929520102470148179595683186785564923123644100210058934137413137508679834237807539232961980479559703 y=300823828808029813226461528962321558722882991716498392051038897352648558972404548670077149616666377671445681138581862112882370877960540 OK! verify((R+(a*h)) * c) x=285367816437357046852385747901568148949273863571594761351869427482364138883891040584481510007402650226067916995110428282873262921611092 y=156274886003874424437114343095234538185297810914769372891105611450134155931335556420419362638465757217877136785807507867845960943191541 verify(B*S*c) x=49879895074926972607089290381794972663529905435154505099510082025305354413619454150885832024420892269163908738032246918490575686924369 y=493395180352948178031760912270438078255871801590750728653962749871941650726588112030608282487999493622892374555049324278196950479173047 */