From 06e5dc13838fa9c162569334e5d85df65038f8a8 Mon Sep 17 00:00:00 2001 From: matteosz Date: Mon, 4 Mar 2024 11:03:23 +0100 Subject: [PATCH 01/12] Added fuzzer for tbls routine --- Makefile | 2 +- sign/tbls/tbls_test.go | 29 +++++++++++++++++++++++------ 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index f5b2c46aa..720452255 100644 --- a/Makefile +++ b/Makefile @@ -24,4 +24,4 @@ coverage: tidy # target to run all the possible checks; it's a good habit to run it before # pushing code check: lint vet test - echo "check done" + echo "check done" \ No newline at end of file diff --git a/sign/tbls/tbls_test.go b/sign/tbls/tbls_test.go index 5254bb7f6..c1fdb360a 100644 --- a/sign/tbls/tbls_test.go +++ b/sign/tbls/tbls_test.go @@ -10,22 +10,39 @@ import ( ) func TestTBLS(test *testing.T) { - var err error - msg := []byte("Hello threshold Boneh-Lynn-Shacham") + BLSRoutine(test, []byte("Hello threshold Boneh-Lynn-Shacham"), 10) +} + +func FuzzBLS(f *testing.F) { + f.Fuzz(func(t *testing.T, msg []byte, n int) { + if (n < 1) || (n > 100) { + t.Skip("n must be between 1 and 100") + } + if (len(msg) < 1) || (len(msg) > 1000) { + t.Skip("msg must have byte length between 1 and 1000") + } + BLSRoutine(t, msg, n) + }) +} + +func BLSRoutine(test *testing.T, msg []byte, n int) { suite := bn256.NewSuite() - n := 10 - t := n/2 + 1 + th := n/2 + 1 + secret := suite.G1().Scalar().Pick(suite.RandomStream()) - priPoly := share.NewPriPoly(suite.G2(), t, secret, suite.RandomStream()) + priPoly := share.NewPriPoly(suite.G2(), th, secret, suite.RandomStream()) pubPoly := priPoly.Commit(suite.G2().Point().Base()) sigShares := make([][]byte, 0) + for _, x := range priPoly.Shares(n) { sig, err := Sign(suite, x, msg) require.Nil(test, err) sigShares = append(sigShares, sig) } - sig, err := Recover(suite, pubPoly, msg, sigShares, t, n) + + sig, err := Recover(suite, pubPoly, msg, sigShares, th, n) require.Nil(test, err) + err = bls.Verify(suite, pubPoly.Commit(), msg, sig) require.Nil(test, err) } From 7da5f542f01639098bcb030abb7cb8cdacce1198 Mon Sep 17 00:00:00 2001 From: matteosz Date: Mon, 4 Mar 2024 11:03:23 +0100 Subject: [PATCH 02/12] Added fuzzers to some sign packages --- sign/bls/bls_test.go | 13 +++++++++++++ sign/cosi/cosi_test.go | 28 ++++++++++++++++++++++------ sign/schnorr/schnorr_test.go | 17 +++++++++++++++++ sign/tbls/tbls_test.go | 29 +++++++++++++++++++++++------ 4 files changed, 75 insertions(+), 12 deletions(-) diff --git a/sign/bls/bls_test.go b/sign/bls/bls_test.go index 0f7f3cfa9..926542ea2 100644 --- a/sign/bls/bls_test.go +++ b/sign/bls/bls_test.go @@ -12,6 +12,19 @@ import ( func TestBLS(t *testing.T) { msg := []byte("Hello Boneh-Lynn-Shacham") + BLSRoutine(t, msg) +} + +func FuzzBLS(f *testing.F) { + f.Fuzz(func(t *testing.T, msg []byte) { + if len(msg) < 1 || len(msg) > 1000 { + t.Skip("msg must have byte length between 1 and 1000") + } + BLSRoutine(t, msg) + }) +} + +func BLSRoutine(t *testing.T, msg []byte) { suite := bn256.NewSuite() private, public := NewKeyPair(suite, random.New()) sig, err := Sign(suite, private, msg) diff --git a/sign/cosi/cosi_test.go b/sign/cosi/cosi_test.go index 437e11e98..0bc4c2bc0 100644 --- a/sign/cosi/cosi_test.go +++ b/sign/cosi/cosi_test.go @@ -28,15 +28,31 @@ func (m *cosiSuite) RandomStream() cipher.Stream { return m.r } var testSuite = &cosiSuite{edwards25519.NewBlakeSHA256Ed25519(), blake2xb.New(nil)} func TestCoSi(t *testing.T) { - testCoSi(t, 2, 0) - testCoSi(t, 5, 0) - testCoSi(t, 5, 2) - testCoSi(t, 5, 4) + message := []byte("Hello World Cosi") + testCoSi(t, 2, 0, message) + testCoSi(t, 2, 0, message) + testCoSi(t, 5, 0, message) + testCoSi(t, 5, 2, message) + testCoSi(t, 5, 4, message) } -func testCoSi(t *testing.T, n, f int) { - message := []byte("Hello World Cosi") +func FuzzCoSi(f *testing.F) { + f.Fuzz(func(t *testing.T, n, f int, msg []byte) { + if (len(msg) < 1) || (len(msg) > 1000) { + t.Skip("msg must have byte length between 1 and 1000") + } + if n < 1 || n > 100 { + t.Skip("n must be between 1 and 100") + } + if f < 0 || f >= n { + t.Skip("f must be between 0 and n-1") + } + + testCoSi(t, n, f, msg) + }) +} +func testCoSi(t *testing.T, n, f int, message []byte) { // Generate key pairs var kps []*key.Pair var privates []kyber.Scalar diff --git a/sign/schnorr/schnorr_test.go b/sign/schnorr/schnorr_test.go index e669c2ce1..7a0987288 100644 --- a/sign/schnorr/schnorr_test.go +++ b/sign/schnorr/schnorr_test.go @@ -7,6 +7,7 @@ import ( "testing/quick" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "go.dedis.ch/kyber/v3/group/edwards25519" "go.dedis.ch/kyber/v3/sign/eddsa" "go.dedis.ch/kyber/v3/util/key" @@ -125,3 +126,19 @@ func TestSchnorrMalleability(t *testing.T) { err = Verify(suite, kp.Public, msg, s) assert.Error(t, err, "schnorr signature malleable") } + +func FuzzSchnorr(f *testing.F) { + f.Fuzz(func(t *testing.T, msg []byte) { + if (len(msg) < 1) || (len(msg) > 1000) { + t.Skip("msg must have byte length between 1 and 1000") + } + suite := edwards25519.NewBlakeSHA256Ed25519() + kp := key.NewKeyPair(suite) + + s, err := Sign(suite, kp.Private, msg) + require.NoError(t, err, "Couldn't sign msg: %s: %v", msg, err) + + err = Verify(suite, kp.Public, msg, s) + require.NoError(t, err, "Couldn't verify signature: \n%+v\nfor msg:'%s'. Error:\n%v", s, msg, err) + }) +} diff --git a/sign/tbls/tbls_test.go b/sign/tbls/tbls_test.go index 5254bb7f6..c1fdb360a 100644 --- a/sign/tbls/tbls_test.go +++ b/sign/tbls/tbls_test.go @@ -10,22 +10,39 @@ import ( ) func TestTBLS(test *testing.T) { - var err error - msg := []byte("Hello threshold Boneh-Lynn-Shacham") + BLSRoutine(test, []byte("Hello threshold Boneh-Lynn-Shacham"), 10) +} + +func FuzzBLS(f *testing.F) { + f.Fuzz(func(t *testing.T, msg []byte, n int) { + if (n < 1) || (n > 100) { + t.Skip("n must be between 1 and 100") + } + if (len(msg) < 1) || (len(msg) > 1000) { + t.Skip("msg must have byte length between 1 and 1000") + } + BLSRoutine(t, msg, n) + }) +} + +func BLSRoutine(test *testing.T, msg []byte, n int) { suite := bn256.NewSuite() - n := 10 - t := n/2 + 1 + th := n/2 + 1 + secret := suite.G1().Scalar().Pick(suite.RandomStream()) - priPoly := share.NewPriPoly(suite.G2(), t, secret, suite.RandomStream()) + priPoly := share.NewPriPoly(suite.G2(), th, secret, suite.RandomStream()) pubPoly := priPoly.Commit(suite.G2().Point().Base()) sigShares := make([][]byte, 0) + for _, x := range priPoly.Shares(n) { sig, err := Sign(suite, x, msg) require.Nil(test, err) sigShares = append(sigShares, sig) } - sig, err := Recover(suite, pubPoly, msg, sigShares, t, n) + + sig, err := Recover(suite, pubPoly, msg, sigShares, th, n) require.Nil(test, err) + err = bls.Verify(suite, pubPoly.Commit(), msg, sig) require.Nil(test, err) } From f2429946fa2c646ee8e3213c437b94579ed0d323 Mon Sep 17 00:00:00 2001 From: Linus Gasser Date: Mon, 20 Nov 2023 09:31:58 +0100 Subject: [PATCH 03/12] Update README.md Add a more prominent disclaimer about target audience of this library. --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index a6b4bbdac..23dd7549e 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,16 @@ and you need to constrain Kyber to offering only constant time implementations, you should use the [suites.RequireConstantTime()](https://godoc.org/go.dedis.ch/kyber/suites#RequireConstantTime) function in the `init()` function of your `main` package. +Target Audience +--------------- + +This library is intended to be used by developers who are at least moderately knowledgeable about cryptography. +If you want a crypto library that makes it easy to implement "basic crypto" functionality correctly - i.e., plain public-key encryption and signing - then [NaCl secretbox](https://godoc.org/golang.org/x/crypto/nacl/secretbox) may be a better choice. +Or use Google's [Tink](https://developers.google.com/tink) + +This toolkit's purpose is to make it possible - and preferably easy - to do slightly more interesting things that most current crypto libraries don't support effectively. +The one existing crypto library that this toolkit is probably most comparable to is the [Charm](https://charm-crypto.com/category/charm) rapid prototyping library for Python. + Versioning - Development ------------------------ From 8f0aa7c9336bef8fead8b5052f72c2fa4e830d23 Mon Sep 17 00:00:00 2001 From: matteosz Date: Mon, 4 Mar 2024 11:03:23 +0100 Subject: [PATCH 04/12] Added fuzzers to some sign packages --- sign/cosi/cosi_test.go | 1 - sign/schnorr/schnorr_test.go | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/sign/cosi/cosi_test.go b/sign/cosi/cosi_test.go index 0bc4c2bc0..0213aba8b 100644 --- a/sign/cosi/cosi_test.go +++ b/sign/cosi/cosi_test.go @@ -30,7 +30,6 @@ var testSuite = &cosiSuite{edwards25519.NewBlakeSHA256Ed25519(), blake2xb.New(ni func TestCoSi(t *testing.T) { message := []byte("Hello World Cosi") testCoSi(t, 2, 0, message) - testCoSi(t, 2, 0, message) testCoSi(t, 5, 0, message) testCoSi(t, 5, 2, message) testCoSi(t, 5, 4, message) diff --git a/sign/schnorr/schnorr_test.go b/sign/schnorr/schnorr_test.go index 7a0987288..f1a5cead8 100644 --- a/sign/schnorr/schnorr_test.go +++ b/sign/schnorr/schnorr_test.go @@ -128,13 +128,13 @@ func TestSchnorrMalleability(t *testing.T) { } func FuzzSchnorr(f *testing.F) { + suite := edwards25519.NewBlakeSHA256Ed25519() + kp := key.NewKeyPair(suite) + f.Fuzz(func(t *testing.T, msg []byte) { if (len(msg) < 1) || (len(msg) > 1000) { t.Skip("msg must have byte length between 1 and 1000") } - suite := edwards25519.NewBlakeSHA256Ed25519() - kp := key.NewKeyPair(suite) - s, err := Sign(suite, kp.Private, msg) require.NoError(t, err, "Couldn't sign msg: %s: %v", msg, err) From fa0c478eaad4652a5e615cb424b54bad9f8bd7f8 Mon Sep 17 00:00:00 2001 From: matteosz Date: Tue, 19 Mar 2024 12:04:49 +0100 Subject: [PATCH 05/12] Used deterministic streams in fuzzers --- sign/cosi/cosi_test.go | 35 +++++++++++++++++++++++------------ sign/tbls/tbls_test.go | 10 ++++++++-- 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/sign/cosi/cosi_test.go b/sign/cosi/cosi_test.go index 0213aba8b..6cabc4e43 100644 --- a/sign/cosi/cosi_test.go +++ b/sign/cosi/cosi_test.go @@ -29,13 +29,28 @@ var testSuite = &cosiSuite{edwards25519.NewBlakeSHA256Ed25519(), blake2xb.New(ni func TestCoSi(t *testing.T) { message := []byte("Hello World Cosi") - testCoSi(t, 2, 0, message) - testCoSi(t, 5, 0, message) - testCoSi(t, 5, 2, message) - testCoSi(t, 5, 4, message) + + // Generate key pairs + var kps []*key.Pair + for i := 0; i < 5; i++ { + kp := key.NewKeyPair(testSuite) + kps = append(kps, kp) + } + + testCoSi(t, 2, 0, message, kps) + testCoSi(t, 5, 0, message, kps) + testCoSi(t, 5, 2, message, kps) + testCoSi(t, 5, 4, message, kps) } func FuzzCoSi(f *testing.F) { + // Generate key pairs + var kps []*key.Pair + for i := 0; i < 100; i++ { + kp := key.NewKeyPair(testSuite) + kps = append(kps, kp) + } + f.Fuzz(func(t *testing.T, n, f int, msg []byte) { if (len(msg) < 1) || (len(msg) > 1000) { t.Skip("msg must have byte length between 1 and 1000") @@ -47,20 +62,16 @@ func FuzzCoSi(f *testing.F) { t.Skip("f must be between 0 and n-1") } - testCoSi(t, n, f, msg) + testCoSi(t, n, f, msg, kps) }) } -func testCoSi(t *testing.T, n, f int, message []byte) { - // Generate key pairs - var kps []*key.Pair +func testCoSi(t *testing.T, n, f int, message []byte, kps []*key.Pair) { var privates []kyber.Scalar var publics []kyber.Point for i := 0; i < n; i++ { - kp := key.NewKeyPair(testSuite) - kps = append(kps, kp) - privates = append(privates, kp.Private) - publics = append(publics, kp.Public) + privates = append(privates, kps[i].Private) + publics = append(publics, kps[i].Public) } // Init masks diff --git a/sign/tbls/tbls_test.go b/sign/tbls/tbls_test.go index c1fdb360a..b818e9a83 100644 --- a/sign/tbls/tbls_test.go +++ b/sign/tbls/tbls_test.go @@ -1,12 +1,15 @@ package tbls import ( + "bytes" + "crypto/rand" "testing" "github.com/stretchr/testify/require" "go.dedis.ch/kyber/v3/pairing/bn256" "go.dedis.ch/kyber/v3/share" "go.dedis.ch/kyber/v3/sign/bls" + "go.dedis.ch/kyber/v3/util/random" ) func TestTBLS(test *testing.T) { @@ -29,8 +32,11 @@ func BLSRoutine(test *testing.T, msg []byte, n int) { suite := bn256.NewSuite() th := n/2 + 1 - secret := suite.G1().Scalar().Pick(suite.RandomStream()) - priPoly := share.NewPriPoly(suite.G2(), th, secret, suite.RandomStream()) + r := bytes.NewReader(msg) + stream := random.New(r, rand.Reader) + + secret := suite.G1().Scalar().Pick(stream) + priPoly := share.NewPriPoly(suite.G2(), th, secret, stream) pubPoly := priPoly.Commit(suite.G2().Point().Base()) sigShares := make([][]byte, 0) From 8c0f5a3a372184f71f8b471568275c6615fcce8c Mon Sep 17 00:00:00 2001 From: lauener Date: Sun, 17 Mar 2024 14:46:25 +0100 Subject: [PATCH 06/12] Some refactoring --- shuffle/shuffle_test.go | 73 +++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 40 deletions(-) diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 8eafc2466..1f524eb81 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -1,6 +1,7 @@ package shuffle import ( + "crypto/cipher" "testing" "go.dedis.ch/kyber/v3" @@ -11,7 +12,7 @@ import ( var k = 5 var NQ = 6 -var N = 10 +var N = 1 func TestShufflePair(t *testing.T) { s := edwards25519.NewBlakeSHA256Ed25519WithRand(blake2xb.New(nil)) @@ -23,47 +24,51 @@ func TestShuffleSequence(t *testing.T) { sequenceShuffleTest(s, k, NQ, N) } -func pairShuffleTest(suite Suite, k, N int) { - rand := suite.RandomStream() - +func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Scalar, kyber.Point, []kyber.Scalar, []kyber.Point) { // Create a "server" private/public keypair - h := suite.Scalar().Pick(rand) - H := suite.Point().Mul(h, nil) + h0 := suite.Scalar().Pick(rand) + h1 := suite.Point().Mul(h0, nil) // Create a set of ephemeral "client" keypairs to shuffle - c := make([]kyber.Scalar, k) - C := make([]kyber.Point, k) - // fmt.Println("\nclient keys:") + c0 := make([]kyber.Scalar, k) + c1 := make([]kyber.Point, k) + for i := 0; i < k; i++ { - c[i] = suite.Scalar().Pick(rand) - C[i] = suite.Point().Mul(c[i], nil) - // fmt.Println(" "+C[i].String()) + c0[i] = suite.Scalar().Pick(rand) + c1[i] = suite.Point().Mul(c0[i], nil) + } + return h0, h1, c0, c1 +} + +func pairShuffleTest(suite Suite, k, n int) { + rand := suite.RandomStream() + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) + // ElGamal-encrypt all these keypairs with the "server" key - X := make([]kyber.Point, k) - Y := make([]kyber.Point, k) + x := make([]kyber.Point, k) + y := make([]kyber.Point, k) r := suite.Scalar() // temporary for i := 0; i < k; i++ { r.Pick(rand) - X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, H) // ElGamal blinding factor - Y[i].Add(Y[i], C[i]) // Encrypted client public key + x[i] = suite.Point().Mul(r, nil) + y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + y[i].Add(y[i], c1[i]) // Encrypted client public key } - // Repeat only the actual shuffle portion for test purposes. - for i := 0; i < N; i++ { + // Repeat only the actual shuffle portion for benchmark purposes. + for i := 0; i < n; i++ { // Do a key-shuffle - Xbar, Ybar, prover := Shuffle(suite, nil, H, X, Y, rand) + Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) prf, err := proof.HashProve(suite, "PairShuffle", prover) if err != nil { panic("Shuffle proof failed: " + err.Error()) } - //fmt.Printf("proof:\n%s\n",hex.Dump(prf)) // Check it - verifier := Verifier(suite, nil, H, X, Y, Xbar, Ybar) + verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { panic("Shuffle verify failed: " + err.Error()) @@ -73,19 +78,7 @@ func pairShuffleTest(suite Suite, k, N int) { func sequenceShuffleTest(suite Suite, k, NQ, N int) { rand := suite.RandomStream() - - // Create a "server" private/public keypair - h := suite.Scalar().Pick(rand) - H := suite.Point().Mul(h, nil) - - // Create a set of ephemeral "client" keypairs to shuffle - c := make([]kyber.Scalar, k) - C := make([]kyber.Point, k) - - for i := 0; i < k; i++ { - c[i] = suite.Scalar().Pick(rand) - C[i] = suite.Point().Mul(c[i], nil) - } + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) X := make([][]kyber.Point, NQ) Y := make([][]kyber.Point, NQ) @@ -110,16 +103,16 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { for i := 0; i < k; i++ { r.Pick(rand) X[j][i] = suite.Point().Mul(r, nil) - Y[j][i] = suite.Point().Mul(r, H) // ElGamal blinding factor - Y[j][i].Add(Y[j][i], C[i]) // Encrypted client public key + Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key } } - // Repeat only the actual shuffle portion for test purposes. + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle - XX, YY, getProver := SequencesShuffle(suite, nil, H, X, Y, rand) + XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) e := make([]kyber.Scalar, NQ) for j := 0; j < NQ; j++ { @@ -139,7 +132,7 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) // Check it - verifier := Verifier(suite, nil, H, XXUp, YYUp, XXDown, YYDown) + verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { From b034f2021feb2563e25d08b5771b9ad927b56e52 Mon Sep 17 00:00:00 2001 From: lauener Date: Sun, 17 Mar 2024 14:50:58 +0100 Subject: [PATCH 07/12] Add test wrong shuffles on pair --- shuffle/shuffle_test.go | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 1f524eb81..0972b7c3b 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -4,6 +4,7 @@ import ( "crypto/cipher" "testing" + "github.com/stretchr/testify/assert" "go.dedis.ch/kyber/v3" "go.dedis.ch/kyber/v3/group/edwards25519" "go.dedis.ch/kyber/v3/proof" @@ -19,6 +20,11 @@ func TestShufflePair(t *testing.T) { pairShuffleTest(s, k, N) } +func TestShuffleInvalidPair(t *testing.T) { + s := edwards25519.NewBlakeSHA256Ed25519WithRand(blake2xb.New(nil)) + pairInvalidShuffleTest(t, s, k) +} + func TestShuffleSequence(t *testing.T) { s := edwards25519.NewBlakeSHA256Ed25519WithRand(blake2xb.New(nil)) sequenceShuffleTest(s, k, NQ, N) @@ -76,6 +82,36 @@ func pairShuffleTest(suite Suite, k, n int) { } } +func pairInvalidShuffleTest(t *testing.T, suite Suite, k int) { + rand := suite.RandomStream() + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) + + // ElGamal-encrypt all these keypairs with the "server" key + x := make([]kyber.Point, k) + y := make([]kyber.Point, k) + r := suite.Scalar() // temporary + for i := 0; i < k; i++ { + r.Pick(rand) + x[i] = suite.Point().Mul(r, nil) + y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + y[i].Add(y[i], c1[i]) // Encrypted client public key + } + + // Do a key-shuffle + Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) + + // Corrupt the shuffle + Xbar[1], Xbar[0] = Xbar[0], Xbar[1] + + prf, err := proof.HashProve(suite, "PairShuffle", prover) + assert.Nil(t, err) + + // Check it + verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) + err = proof.HashVerify(suite, "PairShuffle", verifier, prf) + assert.Error(t, err) +} + func sequenceShuffleTest(suite Suite, k, NQ, N int) { rand := suite.RandomStream() _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) From 4db59bf3ffdd7b7552c8f1d828165dbfa01eb443 Mon Sep 17 00:00:00 2001 From: lauener Date: Sun, 17 Mar 2024 16:03:15 +0100 Subject: [PATCH 08/12] Add test wrong Shuffle Sequence --- shuffle/shuffle_test.go | 63 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 0972b7c3b..51e96cb67 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -30,6 +30,11 @@ func TestShuffleSequence(t *testing.T) { sequenceShuffleTest(s, k, NQ, N) } +func TestInvalidShuffleSequence(t *testing.T) { + s := edwards25519.NewBlakeSHA256Ed25519WithRand(blake2xb.New(nil)) + sequenceInvalidShuffleTest(t, s, k, NQ) +} + func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Scalar, kyber.Point, []kyber.Scalar, []kyber.Point) { // Create a "server" private/public keypair h0 := suite.Scalar().Pick(rand) @@ -176,3 +181,61 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { } } } + +func sequenceInvalidShuffleTest(t *testing.T, suite Suite, k, NQ int) { + rand := suite.RandomStream() + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) + + X := make([][]kyber.Point, NQ) + Y := make([][]kyber.Point, NQ) + + // generate random sequences + for i := 0; i < NQ; i++ { + xs := make([]kyber.Point, k) + ys := make([]kyber.Point, k) + + for j := 0; j < k; j++ { + xs[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) + ys[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) + } + + X[i] = xs + Y[i] = ys + } + + // ElGamal-encrypt all these keypairs with the "server" key + r := suite.Scalar() // temporary + for j := 0; j < NQ; j++ { + for i := 0; i < k; i++ { + r.Pick(rand) + X[j][i] = suite.Point().Mul(r, nil) + Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key + } + } + + // Do a key-shuffle + XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) + + // Corrupt original inputs + X[0][0], Y[0][0] = X[0][1], Y[0][1] + + e := make([]kyber.Scalar, NQ) + for j := 0; j < NQ; j++ { + e[j] = suite.Scalar().Pick(suite.RandomStream()) + } + + prover, err := getProver(e) + assert.Nil(t, err) + + prf, err := proof.HashProve(suite, "PairShuffle", prover) + assert.Nil(t, err) + + XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) + + // Check it + verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) + + err = proof.HashVerify(suite, "PairShuffle", verifier, prf) + assert.Error(t, err) +} From 35cd9904a49875ba33ef63a13cb7fdfab606bfc3 Mon Sep 17 00:00:00 2001 From: lauener Date: Mon, 18 Mar 2024 14:54:42 +0100 Subject: [PATCH 09/12] Add negative test for shuffle/Biffle --- shuffle/biffle_test.go | 61 +++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 18 deletions(-) diff --git a/shuffle/biffle_test.go b/shuffle/biffle_test.go index 2b73cde33..00f017ae1 100644 --- a/shuffle/biffle_test.go +++ b/shuffle/biffle_test.go @@ -15,22 +15,15 @@ func TestBiffle(t *testing.T) { biffleTest(s, N) } +func TestInvalidBiffle(t *testing.T) { + rand := blake2xb.New(nil) + s := edwards25519.NewBlakeSHA256Ed25519WithRand(rand) + biffleInvalidTest(s) +} + func biffleTest(suite Suite, N int) { rand := suite.RandomStream() - - // Create a "server" private/public keypair - h := suite.Scalar().Pick(rand) - H := suite.Point().Mul(h, nil) - - // Create a set of ephemeral "client" keypairs to shuffle - var c [2]kyber.Scalar - var C [2]kyber.Point - // fmt.Println("\nclient keys:") - for i := 0; i < 2; i++ { - c[i] = suite.Scalar().Pick(rand) - C[i] = suite.Point().Mul(c[i], nil) - // fmt.Println(" "+C[i].String()) - } + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) // ElGamal-encrypt all these keypairs with the "server" key var X, Y [2]kyber.Point @@ -38,15 +31,15 @@ func biffleTest(suite Suite, N int) { for i := 0; i < 2; i++ { r.Pick(rand) X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, H) // ElGamal blinding factor - Y[i].Add(Y[i], C[i]) // Encrypted client public key + Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + Y[i].Add(Y[i], c1[i]) // Encrypted client public key } // Repeat only the actual shuffle portion for test purposes. for i := 0; i < N; i++ { // Do a key-shuffle - Xbar, Ybar, prover := Biffle(suite, nil, H, X, Y, rand) + Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) prf, err := proof.HashProve(suite, "Biffle", prover) if err != nil { panic("Biffle proof failed: " + err.Error()) @@ -54,10 +47,42 @@ func biffleTest(suite Suite, N int) { //fmt.Printf("proof:\n%s\n",hex.Dump(prf)) // Check it - verifier := BiffleVerifier(suite, nil, H, X, Y, Xbar, Ybar) + verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) err = proof.HashVerify(suite, "Biffle", verifier, prf) if err != nil { panic("Biffle verify failed: " + err.Error()) } } } + +func biffleInvalidTest(suite Suite) { + rand := suite.RandomStream() + _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) + + // ElGamal-encrypt all these keypairs with the "server" key + var X, Y [2]kyber.Point + r := suite.Scalar() // temporary + for i := 0; i < 2; i++ { + r.Pick(rand) + X[i] = suite.Point().Mul(r, nil) + Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor + Y[i].Add(Y[i], c1[i]) // Encrypted client public key + } + + // Do a key-shuffle + Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) + prf, err := proof.HashProve(suite, "Biffle", prover) + if err != nil { + panic("Biffle proof failed: " + err.Error()) + } + + // Corrupt inputs + X[0], Y[0] = X[1], Y[1] + + // Check it + verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) + err = proof.HashVerify(suite, "Biffle", verifier, prf) + if err == nil { + panic("Biffle verify should have failed") + } +} From 93aab6e14d30f30404018af8f3f5d54c82b6d423 Mon Sep 17 00:00:00 2001 From: lauener Date: Mon, 18 Mar 2024 14:57:25 +0100 Subject: [PATCH 10/12] Fix comment --- shuffle/biffle_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shuffle/biffle_test.go b/shuffle/biffle_test.go index 00f017ae1..18a34e916 100644 --- a/shuffle/biffle_test.go +++ b/shuffle/biffle_test.go @@ -35,7 +35,7 @@ func biffleTest(suite Suite, N int) { Y[i].Add(Y[i], c1[i]) // Encrypted client public key } - // Repeat only the actual shuffle portion for test purposes. + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle From 5a66cf2b9d34e582262b8e6d35764a3fb904d1bd Mon Sep 17 00:00:00 2001 From: lauener Date: Wed, 20 Mar 2024 18:09:10 +0100 Subject: [PATCH 11/12] Reduce code duplication --- shuffle/biffle_test.go | 20 +++---- shuffle/shuffle_test.go | 114 +++++++++++++++++----------------------- sign/bls/bls_test.go | 12 +++-- sign/tbls/tbls_test.go | 17 +++--- 4 files changed, 71 insertions(+), 92 deletions(-) diff --git a/shuffle/biffle_test.go b/shuffle/biffle_test.go index 18a34e916..c4150eaa6 100644 --- a/shuffle/biffle_test.go +++ b/shuffle/biffle_test.go @@ -23,7 +23,7 @@ func TestInvalidBiffle(t *testing.T) { func biffleTest(suite Suite, N int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) + h, c := setShuffleKeyPairs(rand, suite, 2) // ElGamal-encrypt all these keypairs with the "server" key var X, Y [2]kyber.Point @@ -31,15 +31,15 @@ func biffleTest(suite Suite, N int) { for i := 0; i < 2; i++ { r.Pick(rand) X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[i].Add(Y[i], c1[i]) // Encrypted client public key + Y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[i].Add(Y[i], c[i]) // Encrypted client public key } // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle - Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) + Xbar, Ybar, prover := Biffle(suite, nil, h, X, Y, rand) prf, err := proof.HashProve(suite, "Biffle", prover) if err != nil { panic("Biffle proof failed: " + err.Error()) @@ -47,7 +47,7 @@ func biffleTest(suite Suite, N int) { //fmt.Printf("proof:\n%s\n",hex.Dump(prf)) // Check it - verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) + verifier := BiffleVerifier(suite, nil, h, X, Y, Xbar, Ybar) err = proof.HashVerify(suite, "Biffle", verifier, prf) if err != nil { panic("Biffle verify failed: " + err.Error()) @@ -57,7 +57,7 @@ func biffleTest(suite Suite, N int) { func biffleInvalidTest(suite Suite) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) + h, c := setShuffleKeyPairs(rand, suite, 2) // ElGamal-encrypt all these keypairs with the "server" key var X, Y [2]kyber.Point @@ -65,12 +65,12 @@ func biffleInvalidTest(suite Suite) { for i := 0; i < 2; i++ { r.Pick(rand) X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[i].Add(Y[i], c1[i]) // Encrypted client public key + Y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[i].Add(Y[i], c[i]) // Encrypted client public key } // Do a key-shuffle - Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) + Xbar, Ybar, prover := Biffle(suite, nil, h, X, Y, rand) prf, err := proof.HashProve(suite, "Biffle", prover) if err != nil { panic("Biffle proof failed: " + err.Error()) @@ -80,7 +80,7 @@ func biffleInvalidTest(suite Suite) { X[0], Y[0] = X[1], Y[1] // Check it - verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) + verifier := BiffleVerifier(suite, nil, h, X, Y, Xbar, Ybar) err = proof.HashVerify(suite, "Biffle", verifier, prf) if err == nil { panic("Biffle verify should have failed") diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 51e96cb67..822f31e30 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -35,27 +35,27 @@ func TestInvalidShuffleSequence(t *testing.T) { sequenceInvalidShuffleTest(t, s, k, NQ) } -func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Scalar, kyber.Point, []kyber.Scalar, []kyber.Point) { +func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Point, []kyber.Point) { // Create a "server" private/public keypair h0 := suite.Scalar().Pick(rand) h1 := suite.Point().Mul(h0, nil) // Create a set of ephemeral "client" keypairs to shuffle - c0 := make([]kyber.Scalar, k) c1 := make([]kyber.Point, k) for i := 0; i < k; i++ { - c0[i] = suite.Scalar().Pick(rand) - c1[i] = suite.Point().Mul(c0[i], nil) - + c0 := suite.Scalar().Pick(rand) + c1[i] = suite.Point().Mul(c0, nil) } - return h0, h1, c0, c1 + return h1, c1 } -func pairShuffleTest(suite Suite, k, n int) { - rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) +func elGamalEncryptPair( + rand cipher.Stream, + suite Suite, + c []kyber.Point, + h kyber.Point, k int) ([]kyber.Point, []kyber.Point) { // ElGamal-encrypt all these keypairs with the "server" key x := make([]kyber.Point, k) @@ -64,22 +64,29 @@ func pairShuffleTest(suite Suite, k, n int) { for i := 0; i < k; i++ { r.Pick(rand) x[i] = suite.Point().Mul(r, nil) - y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - y[i].Add(y[i], c1[i]) // Encrypted client public key + y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + y[i].Add(y[i], c[i]) // Encrypted client public key } + return x, y +} + +func pairShuffleTest(suite Suite, k, n int) { + rand := suite.RandomStream() + h, c := setShuffleKeyPairs(rand, suite, k) + x, y := elGamalEncryptPair(rand, suite, c, h, k) + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < n; i++ { - // Do a key-shuffle - Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) + Xbar, Ybar, prover := Shuffle(suite, nil, h, x, y, rand) prf, err := proof.HashProve(suite, "PairShuffle", prover) if err != nil { panic("Shuffle proof failed: " + err.Error()) } // Check it - verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) + verifier := Verifier(suite, nil, h, x, y, Xbar, Ybar) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { panic("Shuffle verify failed: " + err.Error()) @@ -89,21 +96,11 @@ func pairShuffleTest(suite Suite, k, n int) { func pairInvalidShuffleTest(t *testing.T, suite Suite, k int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - - // ElGamal-encrypt all these keypairs with the "server" key - x := make([]kyber.Point, k) - y := make([]kyber.Point, k) - r := suite.Scalar() // temporary - for i := 0; i < k; i++ { - r.Pick(rand) - x[i] = suite.Point().Mul(r, nil) - y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - y[i].Add(y[i], c1[i]) // Encrypted client public key - } + h, c := setShuffleKeyPairs(rand, suite, k) + x, y := elGamalEncryptPair(rand, suite, c, h, k) // Do a key-shuffle - Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) + Xbar, Ybar, prover := Shuffle(suite, nil, h, x, y, rand) // Corrupt the shuffle Xbar[1], Xbar[0] = Xbar[0], Xbar[1] @@ -112,15 +109,17 @@ func pairInvalidShuffleTest(t *testing.T, suite Suite, k int) { assert.Nil(t, err) // Check it - verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) + verifier := Verifier(suite, nil, h, x, y, Xbar, Ybar) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) assert.Error(t, err) } -func sequenceShuffleTest(suite Suite, k, NQ, N int) { - rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - +func generateAndEncryptRandomSequences( + rand cipher.Stream, + suite Suite, + h kyber.Point, + c []kyber.Point, + k int) ([][]kyber.Point, [][]kyber.Point) { X := make([][]kyber.Point, NQ) Y := make([][]kyber.Point, NQ) @@ -144,16 +143,24 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { for i := 0; i < k; i++ { r.Pick(rand) X[j][i] = suite.Point().Mul(r, nil) - Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key + Y[j][i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[j][i].Add(Y[j][i], c[i]) // Encrypted client public key } } + return X, Y +} + +func sequenceShuffleTest(suite Suite, k, NQ, N int) { + rand := suite.RandomStream() + h, c := setShuffleKeyPairs(rand, suite, k) + X, Y := generateAndEncryptRandomSequences(rand, suite, h, c, k) + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle - XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) + XX, YY, getProver := SequencesShuffle(suite, nil, h, X, Y, rand) e := make([]kyber.Scalar, NQ) for j := 0; j < NQ; j++ { @@ -173,7 +180,7 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) // Check it - verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) + verifier := Verifier(suite, nil, h, XXUp, YYUp, XXDown, YYDown) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { @@ -184,38 +191,11 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { func sequenceInvalidShuffleTest(t *testing.T, suite Suite, k, NQ int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - - X := make([][]kyber.Point, NQ) - Y := make([][]kyber.Point, NQ) - - // generate random sequences - for i := 0; i < NQ; i++ { - xs := make([]kyber.Point, k) - ys := make([]kyber.Point, k) - - for j := 0; j < k; j++ { - xs[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) - ys[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) - } - - X[i] = xs - Y[i] = ys - } - - // ElGamal-encrypt all these keypairs with the "server" key - r := suite.Scalar() // temporary - for j := 0; j < NQ; j++ { - for i := 0; i < k; i++ { - r.Pick(rand) - X[j][i] = suite.Point().Mul(r, nil) - Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key - } - } + h, c := setShuffleKeyPairs(rand, suite, k) + X, Y := generateAndEncryptRandomSequences(rand, suite, h, c, k) // Do a key-shuffle - XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) + XX, YY, getProver := SequencesShuffle(suite, nil, h, X, Y, rand) // Corrupt original inputs X[0][0], Y[0][0] = X[0][1], Y[0][1] @@ -234,7 +214,7 @@ func sequenceInvalidShuffleTest(t *testing.T, suite Suite, k, NQ int) { XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) // Check it - verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) + verifier := Verifier(suite, nil, h, XXUp, YYUp, XXDown, YYDown) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) assert.Error(t, err) diff --git a/sign/bls/bls_test.go b/sign/bls/bls_test.go index 926542ea2..35c214064 100644 --- a/sign/bls/bls_test.go +++ b/sign/bls/bls_test.go @@ -8,25 +8,27 @@ import ( "go.dedis.ch/kyber/v3" "go.dedis.ch/kyber/v3/pairing/bn256" "go.dedis.ch/kyber/v3/util/random" + "go.dedis.ch/kyber/v3/xof/blake2xb" ) func TestBLS(t *testing.T) { + suite := bn256.NewSuite() msg := []byte("Hello Boneh-Lynn-Shacham") - BLSRoutine(t, msg) + BLSRoutine(t, msg, suite) } func FuzzBLS(f *testing.F) { + suite := bn256.NewSuite() f.Fuzz(func(t *testing.T, msg []byte) { if len(msg) < 1 || len(msg) > 1000 { t.Skip("msg must have byte length between 1 and 1000") } - BLSRoutine(t, msg) + BLSRoutine(t, msg, suite) }) } -func BLSRoutine(t *testing.T, msg []byte) { - suite := bn256.NewSuite() - private, public := NewKeyPair(suite, random.New()) +func BLSRoutine(t *testing.T, msg []byte, suite *bn256.Suite) { + private, public := NewKeyPair(suite, blake2xb.New(msg)) sig, err := Sign(suite, private, msg) require.Nil(t, err) err = Verify(suite, public, msg, sig) diff --git a/sign/tbls/tbls_test.go b/sign/tbls/tbls_test.go index b818e9a83..191efa8a9 100644 --- a/sign/tbls/tbls_test.go +++ b/sign/tbls/tbls_test.go @@ -1,22 +1,20 @@ package tbls import ( - "bytes" - "crypto/rand" "testing" "github.com/stretchr/testify/require" "go.dedis.ch/kyber/v3/pairing/bn256" "go.dedis.ch/kyber/v3/share" "go.dedis.ch/kyber/v3/sign/bls" - "go.dedis.ch/kyber/v3/util/random" + "go.dedis.ch/kyber/v3/xof/blake2xb" ) func TestTBLS(test *testing.T) { - BLSRoutine(test, []byte("Hello threshold Boneh-Lynn-Shacham"), 10) + TBLSRoutine(test, []byte("Hello threshold Boneh-Lynn-Shacham"), 10) } -func FuzzBLS(f *testing.F) { +func FuzzTBLS(f *testing.F) { f.Fuzz(func(t *testing.T, msg []byte, n int) { if (n < 1) || (n > 100) { t.Skip("n must be between 1 and 100") @@ -24,17 +22,16 @@ func FuzzBLS(f *testing.F) { if (len(msg) < 1) || (len(msg) > 1000) { t.Skip("msg must have byte length between 1 and 1000") } - BLSRoutine(t, msg, n) + TBLSRoutine(t, msg, n) }) } -func BLSRoutine(test *testing.T, msg []byte, n int) { +func TBLSRoutine(test *testing.T, msg []byte, n int) { suite := bn256.NewSuite() th := n/2 + 1 - r := bytes.NewReader(msg) - stream := random.New(r, rand.Reader) - + // Use a deterministic seed for the random stream + stream := blake2xb.New(msg) secret := suite.G1().Scalar().Pick(stream) priPoly := share.NewPriPoly(suite.G2(), th, secret, stream) pubPoly := priPoly.Commit(suite.G2().Point().Base()) From cd28172f041672b2074e59954dfb82962e04229b Mon Sep 17 00:00:00 2001 From: matteosz Date: Thu, 4 Apr 2024 23:03:08 +0200 Subject: [PATCH 12/12] Added determinist stream to suite --- sign/tbls/tbls_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sign/tbls/tbls_test.go b/sign/tbls/tbls_test.go index 191efa8a9..b7acc616f 100644 --- a/sign/tbls/tbls_test.go +++ b/sign/tbls/tbls_test.go @@ -27,11 +27,11 @@ func FuzzTBLS(f *testing.F) { } func TBLSRoutine(test *testing.T, msg []byte, n int) { - suite := bn256.NewSuite() - th := n/2 + 1 - // Use a deterministic seed for the random stream stream := blake2xb.New(msg) + suite := bn256.NewSuiteRand(stream) + th := n/2 + 1 + secret := suite.G1().Scalar().Pick(stream) priPoly := share.NewPriPoly(suite.G2(), th, secret, stream) pubPoly := priPoly.Commit(suite.G2().Point().Base())