Skip to content

Commit a801a1f

Browse files
nickfarrownickfarrow
committed
bring back adaptor signature test
1 parent 89e63bf commit a801a1f

File tree

1 file changed

+122
-28
lines changed

1 file changed

+122
-28
lines changed

schnorr_fun/src/musig.rs

Lines changed: 122 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -573,6 +573,8 @@ impl<H: Digest<OutputSize = U32> + Clone, NG> MuSig<H, Schnorr<H, NG>> {
573573

574574
#[cfg(test)]
575575
mod test {
576+
use crate::adaptor::Adaptor;
577+
576578
use super::*;
577579
use secp256kfun::{
578580
nonce::Deterministic,
@@ -583,10 +585,10 @@ mod test {
583585
proptest! {
584586
#[test]
585587
fn test_end_to_end(sk1 in any::<Scalar>(),
586-
sk2 in any::<Scalar>(),
587-
sk3 in any::<Scalar>(),
588-
tweak1 in option::of(any::<Scalar<Public, Zero>>()),
589-
tweak2 in option::of(any::<Scalar<Public, Zero>>()),
588+
sk2 in any::<Scalar>(),
589+
sk3 in any::<Scalar>(),
590+
tweak1 in option::of(any::<Scalar<Public, Zero>>()),
591+
tweak2 in option::of(any::<Scalar<Public, Zero>>()),
590592
) {
591593
let schnorr = Schnorr::<Sha256, _>::new(Deterministic::<Sha256>::default());
592594
let musig = MuSig::new(schnorr);
@@ -600,7 +602,7 @@ mod test {
600602
.schnorr
601603
.new_keypair(sk3);
602604

603-
let mut keylist = musig.new_keylist(vec![
605+
let mut keylist1 = musig.new_keylist(vec![
604606
keypair1.public_key(),
605607
keypair2.public_key(),
606608
keypair3.public_key(),
@@ -618,76 +620,168 @@ mod test {
618620

619621
for tweak in [tweak1, tweak2] {
620622
if let Some(tweak) = tweak {
621-
keylist = keylist.tweak(tweak).unwrap();
623+
keylist1 = keylist1.tweak(tweak).unwrap();
622624
keylist2 = keylist2.tweak(tweak).unwrap();
623625
keylist3 = keylist3.tweak(tweak).unwrap();
624626
}
625627
}
626628

627-
assert_eq!(keylist.agg_public_key(), keylist2.agg_public_key());
628-
assert_eq!(keylist.agg_public_key(), keylist3.agg_public_key());
629+
assert_eq!(keylist1.agg_public_key(), keylist2.agg_public_key());
630+
assert_eq!(keylist1.agg_public_key(), keylist3.agg_public_key());
629631

630-
let p1_nonce = musig.gen_nonces(&keypair1.sk, &keylist, b"test");
631-
let p2_nonce = musig.gen_nonces(&keypair2.sk, &keylist, b"test");
632-
let p3_nonce = musig.gen_nonces(&keypair3.sk, &keylist, b"test");
632+
let p1_nonce = musig.gen_nonces(&keypair1.sk, &keylist1, b"test");
633+
let p2_nonce = musig.gen_nonces(&keypair2.sk, &keylist1, b"test");
634+
let p3_nonce = musig.gen_nonces(&keypair3.sk, &keylist1, b"test");
633635
let nonces = vec![p1_nonce.public, p2_nonce.public, p3_nonce.public];
634636

635637
let message =
636638
Message::<Public>::plain("test", b"Chancellor on brink of second bailout for banks");
637639

638640
let p1_session = musig
639641
.start_sign_session(
640-
&keylist,
642+
&keylist1,
641643
nonces.clone(),
642644
message,
643645
)
644646
.unwrap();
645647
let p2_session = musig
646648
.start_sign_session(
647-
&keylist,
649+
&keylist2,
648650
nonces.clone(),
649651
message,
650652
)
651653
.unwrap();
652654
let p3_session = musig
653655
.start_sign_session(
654-
&keylist,
656+
&keylist3,
655657
nonces.clone(),
656658
message,
657659
)
658660
.unwrap();
659661

660-
let p1_sig = musig.sign(&keylist, 0, &keypair1.sk, p1_nonce, &p1_session);
662+
let p1_sig = musig.sign(&keylist1, 0, &keypair1.sk, p1_nonce, &p1_session);
661663

662-
assert!(musig.verify_partial_signature(&keylist, &p1_session, 0, p1_sig));
664+
assert!(musig.verify_partial_signature(&keylist1, &p1_session, 0, p1_sig));
663665
dbg!(&p1_session, &p2_session);
664666
dbg!(&p1_sig);
665667
assert_eq!(p1_session, p2_session);
666668

667-
assert!(musig.verify_partial_signature(&keylist, &p2_session, 0, p1_sig));
668-
assert!(musig.verify_partial_signature(&keylist, &p3_session, 0, p1_sig));
669+
assert!(musig.verify_partial_signature(&keylist1, &p2_session, 0, p1_sig));
670+
assert!(musig.verify_partial_signature(&keylist1, &p3_session, 0, p1_sig));
669671

670-
let p2_sig = musig.sign(&keylist, 1, &keypair2.sk, p2_nonce, &p2_session);
671-
assert!(musig.verify_partial_signature(&keylist, &p1_session, 1, p2_sig));
672-
let p3_sig = musig.sign(&keylist, 2, &keypair3.sk, p3_nonce, &p3_session);
673-
assert!(musig.verify_partial_signature(&keylist, &p1_session, 2, p3_sig));
672+
let p2_sig = musig.sign(&keylist1, 1, &keypair2.sk, p2_nonce, &p2_session);
673+
assert!(musig.verify_partial_signature(&keylist1, &p1_session, 1, p2_sig));
674+
let p3_sig = musig.sign(&keylist1, 2, &keypair3.sk, p3_nonce, &p3_session);
675+
assert!(musig.verify_partial_signature(&keylist1, &p1_session, 2, p3_sig));
674676

675677
let partial_sigs = [p1_sig, p2_sig, p3_sig];
676-
let sig_p1 = musig.combine_partial_signatures(&keylist, &p1_session, partial_sigs);
677-
let sig_p2 = musig.combine_partial_signatures(&keylist, &p2_session, partial_sigs);
678-
let sig_p3 = musig.combine_partial_signatures(&keylist, &p3_session, partial_sigs);
678+
let sig_p1 = musig.combine_partial_signatures(&keylist1, &p1_session, partial_sigs);
679+
let sig_p2 = musig.combine_partial_signatures(&keylist1, &p2_session, partial_sigs);
680+
let sig_p3 = musig.combine_partial_signatures(&keylist1, &p3_session, partial_sigs);
679681
assert_eq!(sig_p1, sig_p2);
680682
assert_eq!(sig_p1, sig_p3);
681683

682684
assert!(musig
683685
.schnorr
684-
.verify(&keylist.agg_verification_key(), message, &sig_p1));
686+
.verify(&keylist1.agg_verification_key(), message, &sig_p1));
685687
assert!(musig
686688
.schnorr
687-
.verify(&keylist.agg_verification_key(), message, &sig_p2));
689+
.verify(&keylist1.agg_verification_key(), message, &sig_p2));
688690
assert!(musig
689691
.schnorr
690-
.verify(&keylist.agg_verification_key(), message, &sig_p3));
692+
.verify(&keylist1.agg_verification_key(), message, &sig_p3));
693+
}
694+
695+
#[test]
696+
fn test_musig_adaptor(
697+
sk1 in any::<Scalar>(),
698+
sk2 in any::<Scalar>(),
699+
sk3 in any::<Scalar>(),
700+
y in any::<Scalar>()
701+
) {
702+
let schnorr = Schnorr::<Sha256, _>::new(Deterministic::<Sha256>::default());
703+
let musig = MuSig::new(schnorr);
704+
let keypair1 = musig
705+
.schnorr
706+
.new_keypair(sk1);
707+
let keypair2 = musig
708+
.schnorr
709+
.new_keypair(sk2);
710+
let keypair3 = musig
711+
.schnorr
712+
.new_keypair(sk3);
713+
let encryption_key = musig.schnorr.encryption_key_for(&y);
714+
715+
let keylist = musig.new_keylist(vec![
716+
keypair1.public_key(),
717+
keypair2.public_key(),
718+
keypair3.public_key(),
719+
]);
720+
let keylist2 = musig.new_keylist(vec![
721+
keypair1.public_key(),
722+
keypair2.public_key(),
723+
keypair3.public_key(),
724+
]);
725+
let keylist3 = musig.new_keylist(vec![
726+
keypair1.public_key(),
727+
keypair2.public_key(),
728+
keypair3.public_key(),
729+
]);
730+
assert_eq!(keylist.agg_public_key(), keylist2.agg_public_key());
731+
732+
let p1_nonce = musig.gen_nonces(&keypair1.sk, &keylist, b"test");
733+
let p2_nonce = musig.gen_nonces(&keypair2.sk, &keylist2, b"test");
734+
let p3_nonce = musig.gen_nonces(&keypair3.sk, &keylist3, b"test");
735+
let nonces = vec![p1_nonce.public, p2_nonce.public, p3_nonce.public];
736+
let message =
737+
Message::<Public>::plain("test", b"Chancellor on brink of second bailout for banks");
738+
739+
let mut p1_session = musig
740+
.start_encrypted_sign_session(
741+
&keylist,
742+
nonces.clone(),
743+
message,
744+
&encryption_key
745+
)
746+
.unwrap();
747+
let mut p2_session = musig
748+
.start_encrypted_sign_session(
749+
&keylist2,
750+
nonces.clone(),
751+
message,
752+
&encryption_key
753+
)
754+
.unwrap();
755+
let mut p3_session = musig
756+
.start_encrypted_sign_session(
757+
&keylist3,
758+
nonces,
759+
message,
760+
&encryption_key
761+
)
762+
.unwrap();
763+
let p1_sig = musig.sign(&keylist, 0, &keypair1.sk, p1_nonce, &mut p1_session);
764+
let p2_sig = musig.sign(&keylist, 1, &keypair2.sk, p2_nonce, &mut p2_session);
765+
let p3_sig = musig.sign(&keylist, 2, &keypair3.sk, p3_nonce, &mut p3_session);
766+
767+
assert!(musig.verify_partial_signature(&keylist2, &p2_session, 0, p1_sig));
768+
assert!(musig.verify_partial_signature(&keylist, &p1_session, 0, p1_sig));
769+
770+
let partial_sigs = vec![p1_sig, p2_sig, p3_sig];
771+
let combined_sig_p1 = musig.combine_partial_encrypted_signatures(&keylist, &p1_session, partial_sigs.clone());
772+
let combined_sig_p2 = musig.combine_partial_encrypted_signatures(&keylist2, &p2_session, partial_sigs.clone());
773+
let combined_sig_p3 = musig.combine_partial_encrypted_signatures(&keylist3, &p3_session, partial_sigs);
774+
assert_eq!(combined_sig_p1, combined_sig_p2);
775+
assert_eq!(combined_sig_p1, combined_sig_p3);
776+
assert!(musig
777+
.schnorr
778+
.verify_encrypted_signature(&keylist.agg_verification_key(), &encryption_key, message, &combined_sig_p1));
779+
assert!(musig
780+
.schnorr
781+
.verify_encrypted_signature(&keylist2.agg_verification_key(), &encryption_key, message, &combined_sig_p2));
782+
assert!(musig
783+
.schnorr
784+
.verify_encrypted_signature(&keylist2.agg_verification_key(), &encryption_key, message, &combined_sig_p3));
691785
}
692786
}
693787

0 commit comments

Comments
 (0)