Skip to content

Commit

Permalink
clean up of api, docs, tests for single-signer aggsig
Browse files Browse the repository at this point in the history
  • Loading branch information
yeastplume committed Jan 7, 2018
1 parent d35cc95 commit 82dae5b
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 50 deletions.
23 changes: 12 additions & 11 deletions include/secp256k1_aggsig.h
Original file line number Diff line number Diff line change
Expand Up @@ -87,26 +87,26 @@ SECP256K1_API int secp256k1_aggsig_generate_nonce(
* Returns: 1 on success
* Args: ctx: an existing context object, initialized for signing (cannot be NULL)
* In: seed: A random seed value
* Out: secnonce32: The secure nonce (scalar)
* Out: secnonce32: The secure nonce (scalar), guaranteed to be Jacobi 1
*/
SECP256K1_API int secp256k1_aggsig_export_nonces_single(
SECP256K1_API int secp256k1_aggsig_export_secnonce_single(
const secp256k1_context* ctx,
unsigned char* secnonce32,
secp256k1_pubkey* pubkey_nonce,
const unsigned char* seed
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_WARN_UNUSED_RESULT;
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_WARN_UNUSED_RESULT;

/** Generate a single-signer signature, without a stored context
/** Generate a single-signer signature (or partial sig), without a stored context
*
* Returns: 1 on success, 0 on failure
* Args: ctx: an existing context object, initialized for signing (cannot be NULL)
* Out: sig64: the completed signature (cannot be NULL)
* In: msg32: the message to sign (cannot be NULL)
* seckey32: the secret signing key (cannot be NULL)
* secnonce32: secret nonce to use. If NULL, a nonce will be generated
* pubnonce: If this is non-NULL, encode this value in e instead of the derived
* public nonce of secnonce32
* final_nonce_sum: If intending to add the signatures, include the final nonce sum to know whether the sec nonce should be negated
* pubnonce_for_e: If this is non-NULL, encode this value in e instead of the derived
* pubnonce_total: If non-NULL, allow this signature to be included in combined sig
* in all cases by negating secnonce32 if the public nonce total has jacobi symbol
* -1. secnonce32 must also be provided
* seed: a 32-byte seed to use for the nonce-generating RNG (cannot be NULL)
*/

Expand Down Expand Up @@ -165,8 +165,7 @@ SECP256K1_API int secp256k1_aggsig_combine_signatures(
* Out: sig64: the completed signature (s1+s2,n1+n2) (cannot be NULL)
* In: sig1_64: a signature (from which s1 will2be taken)
* sig2_64: another signature (from which s1 will be taken)
* pubnonce1: public nonce1
* pubnonce2: public nonce2 (to be added to 1)
* pubnonce_total: the total of all public nonces, will simple become R (negated if needed)
*/

SECP256K1_API int secp256k1_aggsig_add_signatures_single(
Expand All @@ -186,14 +185,16 @@ SECP256K1_API int secp256k1_aggsig_add_signatures_single(
* msg32: the message to verify (cannot be NULL)
* pubnonce: if non-NULL, override the public nonce used to calculate e
* pubkey: the public key (cannot be NULL)
* is_partial: whether to ignore the jacobi symbol of the combined R, set this to 1
* to verify partial signatures that may have had their secret nonces negated
*/
int secp256k1_aggsig_verify_single(
const secp256k1_context* ctx,
const unsigned char *sig64,
const unsigned char *msg32,
const secp256k1_pubkey *pubnonce,
const secp256k1_pubkey *pubkey,
int is_partial)
const int is_partial)
SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5) SECP256K1_WARN_UNUSED_RESULT;

/** Verify an aggregate signature
Expand Down
79 changes: 40 additions & 39 deletions src/modules/aggsig/tests_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ void test_aggsig_api(void) {
int32_t ecount = 0;

size_t i;
size_t j;

secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount);
secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount);
Expand Down Expand Up @@ -165,60 +166,60 @@ void test_aggsig_api(void) {
/* Overriding sec nonce and pub nonce encoded in e */
memset(sig, 0, sizeof(sig));
CHECK(secp256k1_aggsig_sign_single(sign, sig, msg, seckeys[0], seckeys[1], &pubkeys[3], NULL, seed));
/*CHECK(secp256k1_aggsig_verify_single(vrfy, sig, msg, &pubkeys[3], &pubkeys[0]));*/
CHECK(secp256k1_aggsig_verify_single(vrfy, sig, msg, &pubkeys[3], &pubkeys[0], 0));

/* Testing aggsig exchange algorithm for Grin */
/* ****************************************** */

for (i=0;i<20;i++){
memset(sig, 0, sizeof(sig));
memset(sig, 0, sizeof(sig2));
memset(sig, 0, sizeof(combined_sig));

memset(sig, 0, sizeof(sig));
memset(sig, 0, sizeof(sig2));
memset(sig, 0, sizeof(combined_sig));
/* Create a couple of nonces */
/* Randomise seed to make it more interesting */
random_scalar_order_test(&tmp_s);
secp256k1_scalar_get_b32(seed, &tmp_s);
CHECK(secp256k1_aggsig_export_secnonce_single(sign, sec_nonces[0], seed));
random_scalar_order_test(&tmp_s);
secp256k1_scalar_get_b32(seed, &tmp_s);
CHECK(secp256k1_aggsig_export_secnonce_single(sign, sec_nonces[1], seed));

/* Create a couple of nonces */
printf("STARTING GRIN EXCHANGE\n");
/* Randomise seed to make it more interesting */
random_scalar_order_test(&tmp_s);
secp256k1_scalar_get_b32(seed, &tmp_s);
CHECK(secp256k1_aggsig_export_secnonce_single(sign, sec_nonces[0], seed));
random_scalar_order_test(&tmp_s);
secp256k1_scalar_get_b32(seed, &tmp_s);
CHECK(secp256k1_aggsig_export_secnonce_single(sign, sec_nonces[1], seed));
for (j = 0; j < 2; j++) {
CHECK(secp256k1_ec_pubkey_create(ctx, &pub_nonces[j], sec_nonces[j]) == 1);
}

for (i = 0; i < 2; i++) {
CHECK(secp256k1_ec_pubkey_create(ctx, &pub_nonces[i], sec_nonces[i]) == 1);
}
/* Combine pubnonces */
pubkey_combiner[0]=&pub_nonces[0];
pubkey_combiner[1]=&pub_nonces[1];
CHECK(secp256k1_ec_pubkey_combine(ctx, &combiner_sum, pubkey_combiner, 2) == 1);

/* Combine pubnonces */
pubkey_combiner[0]=&pub_nonces[0];
pubkey_combiner[1]=&pub_nonces[1];
CHECK(secp256k1_ec_pubkey_combine(ctx, &combiner_sum, pubkey_combiner, 2) == 1);
/* Create 2 partial signatures (Sender, Receiver)*/
CHECK(secp256k1_aggsig_sign_single(sign, sig, msg, seckeys[0], sec_nonces[0], &combiner_sum, &combiner_sum, seed));

/* Create 2 partial signatures (Sender, Receiver)*/
printf("\nSIGN FIRST\n");
CHECK(secp256k1_aggsig_sign_single(sign, sig, msg, seckeys[0], sec_nonces[0], &combiner_sum, &combiner_sum, seed));
/* Receiver verifies sender's Sig and signs */
CHECK(secp256k1_aggsig_verify_single(vrfy, sig, msg, &combiner_sum, &pubkeys[0], 1));

/* Receiver verifies sender's Sig and signs */
CHECK(secp256k1_aggsig_verify_single(vrfy, sig, msg, &combiner_sum, &pubkeys[0], 1));
printf("POST_VERIFY FIRST\n\n");
printf("\nSIGN SECOND\n");
CHECK(secp256k1_aggsig_sign_single(sign, sig2, msg, seckeys[1], sec_nonces[1], &combiner_sum, &combiner_sum, seed));
CHECK(secp256k1_aggsig_sign_single(sign, sig2, msg, seckeys[1], sec_nonces[1], &combiner_sum, &combiner_sum, seed));
/* sender verifies receiver's Sig then creates final combined sig */
CHECK(secp256k1_aggsig_verify_single(vrfy, sig2, msg, &combiner_sum, &pubkeys[1], 1));

/* sender verifies receiver's Sig then creates final combined sig */
CHECK(secp256k1_aggsig_verify_single(vrfy, sig2, msg, &combiner_sum, &pubkeys[1], 1));
printf("POST_VERIFY SECOND\n\n");
/* Add 2 sigs and nonces */
CHECK(secp256k1_aggsig_add_signatures_single(sign, combined_sig, sig, sig2, &combiner_sum));

/* Add 2 sigs and nonces */
CHECK(secp256k1_aggsig_add_signatures_single(sign, combined_sig, sig, sig2, &combiner_sum));
/* Combine pubkeys */
pubkey_combiner[0]=&pubkeys[0];
pubkey_combiner[1]=&pubkeys[1];
CHECK(secp256k1_ec_pubkey_combine(ctx, &combiner_sum_2, pubkey_combiner, 2) == 1);

/* Combine pubkeys */
pubkey_combiner[0]=&pubkeys[0];
pubkey_combiner[1]=&pubkeys[1];
CHECK(secp256k1_ec_pubkey_combine(ctx, &combiner_sum_2, pubkey_combiner, 2) == 1);
/* Ensure added sigs verify properly */
CHECK(secp256k1_aggsig_verify_single(vrfy, combined_sig, msg, &combiner_sum, &combiner_sum_2, 0));

/* Ensure added sigs verify properly */
CHECK(secp256k1_aggsig_verify_single(vrfy, combined_sig, msg, &combiner_sum, &combiner_sum_2, 0));
/* And anything else doesnt' */
CHECK(!secp256k1_aggsig_verify_single(vrfy, combined_sig, msg, &pub_nonces[0], &combiner_sum_2, 0));
CHECK(!secp256k1_aggsig_verify_single(vrfy, combined_sig, msg, &combiner_sum, &pub_nonces[1], 0));

}
/*** End aggsig for Grin exchange test ***/

/* cleanup */
Expand Down

0 comments on commit 82dae5b

Please sign in to comment.