Closed siv2r closed 3 months ago
No | Property | Purpose | Resut |
---|---|---|---|
1 | R’.y is odd | hits s = s' + t branch | Valid |
2 | R'.y is even | hits s = s' - t branch | Valid |
3 | s’ is greater than n | hits s0 >= n branch | Invalid |
4 | secadaptor greater than n | hits t >= n branch | Invalid |
The current test vectors cover the negated s'
and R'
scenarios. Just their testing needs to be corrected.
Instead of: https://github.com/ZhePang/Python_Specification_for_Schnorr_Adaptor/blob/a7121f1f2565196ec83fe1fb0bc28c703f5122db/reference.py#L323 We should have the following:
result_actual = schnorr_verify(sig_actual, pk, msg)
No | Property | Purpose | Resut |
---|---|---|---|
1 | R’.y is odd | hits (s0 - s) % n branch | Valid |
2 | R'.y is even | hits (s - s0) % n branch | Valid |
3 | s’ is greater than n | hits s0 >= n branch | Invalid |
4 | s is greater than n | hits s >= n branch | Invalid |
5 | negated s value | Invalid |
The current test vectors cover the negated s'
and R'
scenarios.
While reading the test vectors, I noticed the scalar values were small. The random
module can generate normal-looking large scalar or curve point values.
Example code:
from frost import *
import random as rand
G = FROST.secp256k1.G()
n = FROST.secp256k1.Q
p = FROST.secp256k1.P
if __name__ == '__main__':
k = rand.randint(1, n)
print(hex(k).upper())
P = k*G
print(P)
The above code uses some pre-defined classes and variables from this Python file
Extract Adaptor Test Vectors
No Property Purpose 1 R’.x is greater than p
lift_x
fails 2 R’.x is not on the curvelift_x
fails
These vectors depend on the parsing methods mentioned in #14
Some additional test vectors that improve the coverage.
Extract Adaptor Test Vectors
lift_x
failslift_x
failslift_x
failss0 >= n
branchR is None
branchT is None
branchRegarding No 5: unlike
schnorr_verify
, we don’t need to worry about implementation error since we don’t have(not has_even_y(R)
&x(R) != r
checks inextract_adaptor
.All the above test vectors will make the
extract_adadptor
API generate invalid output.