Improve Test Vector Coverage

ZhePang / Python_Specification_for_Schnorr_Adaptor

5 stars 4 forks source link

Improve Test Vector Coverage #10

Closed siv2r closed 3 months ago

siv2r commented 9 months ago

Some additional test vectors that improve the coverage.

Extract Adaptor Test Vectors

No	Property	Purpose
1	R’.x is greater than p	`lift_x` fails
2	R’.x is not on the curve	`lift_x` fails
3	P.x is greater than p	`lift_x` fails
4	s’ is greater than n	hits `s0 >= n` branch
5	invalid parity byte for R’
6	create a presig with k (nonce) = 0	hits `R is None` branch
7	create a presig with T (adaptor) = 0	hits `T is None` branch
8	R'.x is small (21 bytes), k = t = 1/4

Regarding No 5: unlike schnorr_verify, we don’t need to worry about implementation error since we don’t have (not has_even_y(R) & x(R) != r checks in extract_adaptor.

All the above test vectors will make the extract_adadptor API generate invalid output.

siv2r commented 9 months ago

Adapt Test Vectors

No	Property	Purpose	Resut
1	R’.y is odd	hits s = s' + t branch	Valid
2	R'.y is even	hits s = s' - t branch	Valid
3	s’ is greater than n	hits s0 >= n branch	Invalid
4	secadaptor greater than n	hits t >= n branch	Invalid

The current test vectors cover the negated s' and R' scenarios. Just their testing needs to be corrected.

Instead of: https://github.com/ZhePang/Python_Specification_for_Schnorr_Adaptor/blob/a7121f1f2565196ec83fe1fb0bc28c703f5122db/reference.py#L323 We should have the following:

result_actual = schnorr_verify(sig_actual, pk, msg)

siv2r commented 9 months ago

Extract SecAdaptor Test Vectors

No	Property	Purpose	Resut
1	R’.y is odd	hits (s0 - s) % n branch	Valid
2	R'.y is even	hits (s - s0) % n branch	Valid
3	s’ is greater than n	hits s0 >= n branch	Invalid
4	s is greater than n	hits s >= n branch	Invalid
5	negated s value		Invalid

The current test vectors cover the negated s' and R' scenarios.

siv2r commented 9 months ago

While reading the test vectors, I noticed the scalar values were small. The random module can generate normal-looking large scalar or curve point values.

Example code:

from frost import *
import random as rand

G = FROST.secp256k1.G()
n = FROST.secp256k1.Q
p = FROST.secp256k1.P

if __name__ == '__main__':
    k = rand.randint(1, n)
    print(hex(k).upper())
    P = k*G
    print(P)

The above code uses some pre-defined classes and variables from this Python file

siv2r commented 5 months ago

Extract Adaptor Test Vectors

No Property Purpose 1 R’.x is greater than p lift_x fails 2 R’.x is not on the curve lift_x fails

These vectors depend on the parsing methods mentioned in #14