search

rdubois-crypto / FreshCryptoLib

Cryptographic Primitives for Blockchain Systems (solidity, cairo, C and rust)
MIT License
120 stars 22 forks source link

Eddsa Verify Tests #64

Open AmitShah opened 3 months ago

AmitShah commented 3 months ago

Hello, I was hoping to test this for an eddsa use case. Do we have complete tests for FCL_eddsa? I see FCL_eddsa.t.sol is incomplete ?

rdubois-crypto commented 3 months ago

eddsa is unfinished, only because of SHA512 incomplete implementation (it only deals with small blocks now).

The elliptic computations part of the protocol are working. I will push a complete version in April.

AmitShah commented 3 months ago

I tried to update the test to work as follow:

       uint256[2] memory kpub = [
            43933056957747458452560886832567536073542840507013052263144963060608791330050,
            16962727616734173323702303146057009569815335830970791807500022961899349823996
        ];
        buffer[0] = 0x6291d657deec2402; //Rs
        buffer[1] = 0x4827e69c3abe01a3;
        buffer[2] = 0x0ce548a284743a44;
        buffer[3] = 0x5e3680d7db5ac3ac;
        buffer[4] = 0xfc51cd8e6218a1a3; //public y value, swapped
        buffer[5] = 0x8da47ed00230f058;
        buffer[6] = 0x0816ed13ba3303ac;
        buffer[7] = 0x5deb911548908025;
        buffer[8] = 0xaf82800000000000; //msg+padd
        buffer[15] = 0x210; //end of padding, 66bytes=0x210 bits
        //second half of signature
        uint256 s = 0x18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a;
        bool flag =  EDDSA.Verify(kpub,buffer,s);

but it is producing flag = false. Can you provide any feedback if something is passed incorrectly ?

rdubois-crypto commented 3 months ago

I will push something in April. If you have some reference for test vectors adressing the elliptic part, i'm interested to validate SHA512 and ecc part separately, the only reference i found is: https://crypto.stackexchange.com/questions/99798/test-vectors-points-for-ed25519

AmitShah commented 3 months ago

I cant find seperate test vectors for each phase either but just the entire eddsa scheme:

https://asecuritysite.com/signatures/eddsa4

AmitShah commented 2 months ago

Hello @rdubois-crypto is there anything I can help with to move this work ahead ? Appreciate your efforts

rdubois-crypto commented 1 month ago

Hi Amit.

You will find a more advanced implementation on https://github.com/get-smooth/crypto-lib. The point multiplication is proven effective, and some tests vectors are successfull in the experimental branch. A more complete SHA512 must be pushed now to handle long vectors.

AmitShah commented 1 month ago

Hi @rdubois-crypto thank you so much for your feedback , I will look through the lib. Assuming this is your eth address crypt0grapher.eth, sending you coffee / beer on polygon

rdubois-crypto commented 1 month ago

Hi @AmitShah , Ed25519 is now tested OK against the test vectors of RFC8032 here:

https://github.com/get-smooth/crypto-lib/blob/8da911292d7816b4ac7afc10c819be2fe37aeaf4/test/libSCL_rip6565.t.sol#L112

Would gladly hear about the use cases you are projecting.