From aa3bbe165ef53ce78719a3adcd9a30a461757075 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Fri, 10 Dec 2021 22:18:04 +0000 Subject: [PATCH 01/22] zuse: schnorrsig stubs --- pkg/arvo/sys/zuse.hoon | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 4481d43e81..ba47fd2bfd 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2235,6 +2235,16 @@ =/ pub (from.j qj) ?< =([0 0] pub) pub + ++ schnorrsig-sign + ~& %no-impl + ~/ %sosi + |= * + !! + ++ schnorrsig-verify + ~& %no-impl + ~/ %sove + |= * + !! -- -- :: From a1c548ced4899938633709c90c47df52e2a9549d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Sat, 25 Dec 2021 21:29:53 +0000 Subject: [PATCH 02/22] zuse: schnorrsig-sign from spec test vectors match, but are byte-flipped. has to do a lot of endianness twiddling. --- pkg/arvo/sys/zuse.hoon | 53 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 6 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index ba47fd2bfd..8d1e958ce8 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2235,14 +2235,55 @@ =/ pub (from.j qj) ?< =([0 0] pub) pub + ++ hash-tag + |= [tag=@ [l=@ x=@]] + =+ hat=(shax tag) + %- shay + =/ pin + (cat 8 hat (cat 8 hat x)) + [(add 64 l) pin] ++ schnorrsig-sign - ~& %no-impl - ~/ %sosi - |= * - !! + :: ~/ %sosi + |= [sk=@I m=@I a=@I] + =/ c curve + =/ j jc.c + ?< |(=(0 sk) (gte sk n.domain.c)) + =/ pp (mul-point-scalar g.domain.c sk) + =/ d + ?: =(0 (mod y.pp 2)) + sk + (sub n.domain.c sk) + =/ t + %+ mix (rev 3 32 d) + (hash-tag 'BIP0340/aux' [32 (rev 3 32 a)]) + =/ rand + %+ hash-tag 'BIP0340/nonce' + =/ pin + (can 8 ~[[1 t] [1 (rev 3 32 x.pp)] [1 (rev 3 32 m)]]) + [96 pin] + =/ kp (rev 3 32 (mod rand n.domain.c)) + =/ rr (mul-point-scalar g.domain.c kp) + =/ k + ?: =(0 (mod y.rr 2)) + kp + (sub n.domain.c kp) + =/ e + %^ rev 3 32 + %+ mod + %+ hash-tag 'BIP0340/challenge' + =/ pin + (can 8 ~[[1 (rev 3 32 x.rr)] [1 (rev 3 32 x.pp)] [1 (rev 3 32 m)]]) + [96 pin] + n.domain.c + =/ sig + %^ cat 8 + (rev 3 32 x.rr) + %^ rev 3 32 + (mod (add k (mul e d)) n.domain.c) + :: ?> (schnorrsig-verify pp message sig) + sig ++ schnorrsig-verify - ~& %no-impl - ~/ %sove + :: ~/ %sove |= * !! -- From f39421c97b6bb22c1c7cc18749b2b326223fd9cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 29 Dec 2021 19:02:51 +0000 Subject: [PATCH 03/22] zuse: flip bytes in sig gross! --- pkg/arvo/sys/zuse.hoon | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 8d1e958ce8..ee1c0e8666 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2281,7 +2281,7 @@ %^ rev 3 32 (mod (add k (mul e d)) n.domain.c) :: ?> (schnorrsig-verify pp message sig) - sig + (rev 3 64 sig) ++ schnorrsig-verify :: ~/ %sove |= * From ab4b735471d5165782326c732b0ca5bfe4e2de1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 29 Dec 2021 19:56:32 +0000 Subject: [PATCH 04/22] zuse: sign:schnorr basically done Schnorr's choice of big-endian encoding commits us to some degree of byte twiddling; try to make this fairly seamless. --- pkg/arvo/sys/zuse.hoon | 111 ++++++++++++++++++++++------------------- 1 file changed, 61 insertions(+), 50 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index ee1c0e8666..c4e6274c3d 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2235,58 +2235,69 @@ =/ pub (from.j qj) ?< =([0 0] pub) pub - ++ hash-tag - |= [tag=@ [l=@ x=@]] - =+ hat=(shax tag) - %- shay - =/ pin - (cat 8 hat (cat 8 hat x)) - [(add 64 l) pin] - ++ schnorrsig-sign - :: ~/ %sosi - |= [sk=@I m=@I a=@I] - =/ c curve - =/ j jc.c - ?< |(=(0 sk) (gte sk n.domain.c)) - =/ pp (mul-point-scalar g.domain.c sk) - =/ d - ?: =(0 (mod y.pp 2)) - sk - (sub n.domain.c sk) - =/ t - %+ mix (rev 3 32 d) - (hash-tag 'BIP0340/aux' [32 (rev 3 32 a)]) - =/ rand - %+ hash-tag 'BIP0340/nonce' - =/ pin - (can 8 ~[[1 t] [1 (rev 3 32 x.pp)] [1 (rev 3 32 m)]]) - [96 pin] - =/ kp (rev 3 32 (mod rand n.domain.c)) - =/ rr (mul-point-scalar g.domain.c kp) - =/ k - ?: =(0 (mod y.rr 2)) - kp - (sub n.domain.c kp) - =/ e - %^ rev 3 32 - %+ mod - %+ hash-tag 'BIP0340/challenge' + ++ schnorr + => |% ++ tagged-hash + |= [tag=@ [l=@ x=@]] + =+ hat=(shax tag) + %- shay + =/ pin + (cat 8 hat (cat 8 hat x)) + [(add 64 l) pin] + ++ flip |=(byts (rev 3 wid dat)) :: endianness remedy + -- + |% + :: + ++ sign + :: ~/ %sosi + |= [sk=@I m=@I a=@I] + =/ c curve + ?< |(=(0 sk) (gte sk n.domain.c)) + =/ pp + (mul-point-scalar g.domain.c sk) + =/ d + ?: =(0 (mod y.pp 2)) + sk + (sub n.domain.c sk) + =/ t + %+ mix + (flip 32 d) + (tagged-hash 'BIP0340/aux' [32 (flip 32 a)]) + =/ rand + %+ tagged-hash 'BIP0340/nonce' =/ pin - (can 8 ~[[1 (rev 3 32 x.rr)] [1 (rev 3 32 x.pp)] [1 (rev 3 32 m)]]) + (can 8 ~[[1 t] [1 (flip 32 x.pp)] [1 (flip 32 m)]]) [96 pin] - n.domain.c - =/ sig - %^ cat 8 - (rev 3 32 x.rr) - %^ rev 3 32 - (mod (add k (mul e d)) n.domain.c) - :: ?> (schnorrsig-verify pp message sig) - (rev 3 64 sig) - ++ schnorrsig-verify - :: ~/ %sove - |= * - !! - -- + =/ kp (mod (flip 32 rand) n.domain.c) + =/ rr (mul-point-scalar g.domain.c kp) + =/ k + ?: =(0 (mod y.rr 2)) + kp + (sub n.domain.c kp) + =/ e + %- mod + :_ n.domain.c + %+ flip 32 + %+ tagged-hash 'BIP0340/challenge' + =/ pin + %+ can 8 + :~ [1 (flip 32 x.rr)] + [1 (flip 32 x.pp)] + [1 (flip 32 m)] + == + [96 pin] + =/ sig + %^ cat 8 + (flip 32 x.rr) + %+ flip 32 + (mod (add k (mul e d)) n.domain.c) + :: ?> (schnorrsig-verify pp message sig) + (flip 64 sig) + :: + ++ verify + :: ~/ %sove + |= * + !! + -- -- :: ++ blake From b296f3912ef826089bcb68752527a61683954f85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 29 Dec 2021 23:32:17 +0000 Subject: [PATCH 05/22] zuse: verify:schnorr works --- pkg/arvo/sys/zuse.hoon | 65 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 4 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index c4e6274c3d..b39cf267b5 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2244,12 +2244,27 @@ (cat 8 hat (cat 8 hat x)) [(add 64 l) pin] ++ flip |=(byts (rev 3 wid dat)) :: endianness remedy + ++ lift-x + |= x=@I + ^- (unit point) + =/ c curve + =/ fop field-p.c + =+ [fadd ffra fpow]=[sum.fop fra.fop exp.fop] + =/ cp (fadd (fpow 3 x) 7) + =/ y (fpow (rsh [0 2] +(p.domain.c)) cp) + ?. =(cp (fpow 2 y)) + ~ + %- some :- x + ?: =(0 (mod y 2)) + y + (sub p.domain.c y) -- |% :: ++ sign :: ~/ %sosi |= [sk=@I m=@I a=@I] + ^- @J =/ c curve ?< |(=(0 sk) (gte sk n.domain.c)) =/ pp @@ -2286,18 +2301,60 @@ == [96 pin] =/ sig + %+ flip 64 %^ cat 8 (flip 32 x.rr) %+ flip 32 (mod (add k (mul e d)) n.domain.c) - :: ?> (schnorrsig-verify pp message sig) - (flip 64 sig) + ?> (verify x.pp m sig) + sig :: ++ verify :: ~/ %sove - |= * - !! + |= [pk=@I m=@I sig=@J] + ^- ? + =/ c curve + =/ ppx (lift-x pk) + ?~ ppx + %.n + =/ pp u.ppx + =/ r (cut 8 [1 1] sig) + ?: (gte r p.domain.c) + %.n + =/ s (cut 8 [0 1] sig) + ?: (gte s n.domain.c) + %.n + =/ e + %- mod + :_ n.domain.c + %+ flip 32 + %+ tagged-hash 'BIP0340/challenge' + :- 96 + %+ can 8 + :~ [1 (flip 32 r)] + [1 (flip 32 x.pp)] + [1 (flip 32 m)] + == + =/ aa + (mul-point-scalar g.domain.c s) + =/ bb + (mul-point-scalar pp (sub n.domain.c e)) + ?: &(=(x.aa x.bb) !=(y.aa y.bb)) + %.n + =/ rr (add-points aa bb) + ~& :- m+`@ux`m + :- pk+`@ux`pk + :- sig+`@ux`sig + :- pp+`[@ux @ux]`pp + :- r+`@ux`r + :- s+`@ux`s + :- e+`@ux`e + rr+`[@ux @ux]`rr + ?. =(0 (mod y.rr 2)) + %.n + =(r x.rr) -- + -- -- :: ++ blake From 4f1269b2050f589ec7b393fa11eef1431149b237 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 29 Dec 2021 23:43:16 +0000 Subject: [PATCH 06/22] zuse: cleanup in schnorr --- pkg/arvo/sys/zuse.hoon | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index b39cf267b5..9d035348ec 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2261,7 +2261,7 @@ -- |% :: - ++ sign + ++ sign :: schnorr signature :: ~/ %sosi |= [sk=@I m=@I a=@I] ^- @J @@ -2276,12 +2276,16 @@ =/ t %+ mix (flip 32 d) - (tagged-hash 'BIP0340/aux' [32 (flip 32 a)]) + %+ tagged-hash 'BIP0340/aux' + [32 (flip 32 a)] =/ rand %+ tagged-hash 'BIP0340/nonce' - =/ pin - (can 8 ~[[1 t] [1 (flip 32 x.pp)] [1 (flip 32 m)]]) - [96 pin] + :- 96 + %+ can 8 + :~ [1 t] + [1 (flip 32 x.pp)] + [1 (flip 32 m)] + == =/ kp (mod (flip 32 rand) n.domain.c) =/ rr (mul-point-scalar g.domain.c kp) =/ k @@ -2293,13 +2297,12 @@ :_ n.domain.c %+ flip 32 %+ tagged-hash 'BIP0340/challenge' - =/ pin - %+ can 8 - :~ [1 (flip 32 x.rr)] - [1 (flip 32 x.pp)] - [1 (flip 32 m)] - == - [96 pin] + :- 96 + %+ can 8 + :~ [1 (flip 32 x.rr)] + [1 (flip 32 x.pp)] + [1 (flip 32 m)] + == =/ sig %+ flip 64 %^ cat 8 @@ -2309,7 +2312,7 @@ ?> (verify x.pp m sig) sig :: - ++ verify + ++ verify :: schnorr verify :: ~/ %sove |= [pk=@I m=@I sig=@J] ^- ? @@ -2339,17 +2342,9 @@ (mul-point-scalar g.domain.c s) =/ bb (mul-point-scalar pp (sub n.domain.c e)) - ?: &(=(x.aa x.bb) !=(y.aa y.bb)) + ?: &(=(x.aa x.bb) !=(y.aa y.bb)) :: check infinity %.n =/ rr (add-points aa bb) - ~& :- m+`@ux`m - :- pk+`@ux`pk - :- sig+`@ux`sig - :- pp+`[@ux @ux]`pp - :- r+`@ux`r - :- s+`@ux`s - :- e+`@ux`e - rr+`[@ux @ux]`rr ?. =(0 (mod y.rr 2)) %.n =(r x.rr) From 4c6187787f9091437ba2cd49843ef7e115416acd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 29 Dec 2021 23:46:01 +0000 Subject: [PATCH 07/22] zuse: remove redundant flips on sig --- pkg/arvo/sys/zuse.hoon | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 9d035348ec..ffdc5e89b4 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2304,10 +2304,7 @@ [1 (flip 32 m)] == =/ sig - %+ flip 64 - %^ cat 8 - (flip 32 x.rr) - %+ flip 32 + %^ cat 8 x.rr (mod (add k (mul e d)) n.domain.c) ?> (verify x.pp m sig) sig @@ -2321,10 +2318,10 @@ ?~ ppx %.n =/ pp u.ppx - =/ r (cut 8 [1 1] sig) + =/ r (cut 8 [0 1] sig) ?: (gte r p.domain.c) %.n - =/ s (cut 8 [0 1] sig) + =/ s (cut 8 [1 1] sig) ?: (gte s n.domain.c) %.n =/ e From 09294d79bc40a3d3829dd2ec446e158703a62b02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 29 Dec 2021 23:48:21 +0000 Subject: [PATCH 08/22] zuse: unused ffra --- pkg/arvo/sys/zuse.hoon | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index ffdc5e89b4..38c58e237f 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2249,7 +2249,7 @@ ^- (unit point) =/ c curve =/ fop field-p.c - =+ [fadd ffra fpow]=[sum.fop fra.fop exp.fop] + =+ [fadd fpow]=[sum.fop exp.fop] =/ cp (fadd (fpow 3 x) 7) =/ y (fpow (rsh [0 2] +(p.domain.c)) cp) ?. =(cp (fpow 2 y)) From 57ef17fc91213ff29e062e71fc321536ca552979 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 29 Dec 2021 23:58:31 +0000 Subject: [PATCH 09/22] zuse: signatures were backwards --- pkg/arvo/sys/zuse.hoon | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 38c58e237f..2eb434feea 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2304,8 +2304,9 @@ [1 (flip 32 m)] == =/ sig - %^ cat 8 x.rr - (mod (add k (mul e d)) n.domain.c) + %^ cat 8 + (mod (add k (mul e d)) n.domain.c) + x.rr ?> (verify x.pp m sig) sig :: @@ -2318,10 +2319,10 @@ ?~ ppx %.n =/ pp u.ppx - =/ r (cut 8 [0 1] sig) + =/ r (cut 8 [1 1] sig) ?: (gte r p.domain.c) %.n - =/ s (cut 8 [1 1] sig) + =/ s (cut 8 [0 1] sig) ?: (gte s n.domain.c) %.n =/ e From 022ec2867d811296043765ce24b87025a87e9082 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Thu, 30 Dec 2021 00:42:47 +0000 Subject: [PATCH 10/22] zuse: banish byte twiddling from schnorr Actually it's just hidden in +sha-256l:sha now. --- pkg/arvo/sys/zuse.hoon | 37 ++++++++++--------------------------- 1 file changed, 10 insertions(+), 27 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 2eb434feea..3cc2c527b9 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2238,12 +2238,10 @@ ++ schnorr => |% ++ tagged-hash |= [tag=@ [l=@ x=@]] - =+ hat=(shax tag) - %- shay - =/ pin - (cat 8 hat (cat 8 hat x)) - [(add 64 l) pin] - ++ flip |=(byts (rev 3 wid dat)) :: endianness remedy + =+ hat=(sha-256:sha (swp 3 tag)) + %- sha-256l:sha + :- (add 64 l) + (can 3 ~[[l x] [32 hat] [32 hat]]) ++ lift-x |= x=@I ^- (unit point) @@ -2274,19 +2272,14 @@ sk (sub n.domain.c sk) =/ t - %+ mix - (flip 32 d) + %+ mix d %+ tagged-hash 'BIP0340/aux' - [32 (flip 32 a)] + [32 a] =/ rand %+ tagged-hash 'BIP0340/nonce' :- 96 - %+ can 8 - :~ [1 t] - [1 (flip 32 x.pp)] - [1 (flip 32 m)] - == - =/ kp (mod (flip 32 rand) n.domain.c) + (can 8 ~[[1 m] [1 x.pp] [1 t]]) + =/ kp (mod rand n.domain.c) =/ rr (mul-point-scalar g.domain.c kp) =/ k ?: =(0 (mod y.rr 2)) @@ -2295,14 +2288,9 @@ =/ e %- mod :_ n.domain.c - %+ flip 32 %+ tagged-hash 'BIP0340/challenge' :- 96 - %+ can 8 - :~ [1 (flip 32 x.rr)] - [1 (flip 32 x.pp)] - [1 (flip 32 m)] - == + (can 8 ~[[1 m] [1 x.pp] [1 x.rr]]) =/ sig %^ cat 8 (mod (add k (mul e d)) n.domain.c) @@ -2328,14 +2316,9 @@ =/ e %- mod :_ n.domain.c - %+ flip 32 %+ tagged-hash 'BIP0340/challenge' :- 96 - %+ can 8 - :~ [1 (flip 32 r)] - [1 (flip 32 x.pp)] - [1 (flip 32 m)] - == + (can 8 ~[[1 m] [1 x.pp] [1 r]]) =/ aa (mul-point-scalar g.domain.c s) =/ bb From 0fb3dd5ed0ec726dad0ddeb833bfd54c1e35908e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Thu, 30 Dec 2021 00:47:11 +0000 Subject: [PATCH 11/22] zuse: cleanup --- pkg/arvo/sys/zuse.hoon | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 3cc2c527b9..8b1edee288 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2273,8 +2273,7 @@ (sub n.domain.c sk) =/ t %+ mix d - %+ tagged-hash 'BIP0340/aux' - [32 a] + (tagged-hash 'BIP0340/aux' [32 a]) =/ rand %+ tagged-hash 'BIP0340/nonce' :- 96 From f93457ce9c00b8394514538295506e7ba05be6f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Thu, 30 Dec 2021 04:14:25 +0000 Subject: [PATCH 12/22] zuse: style --- pkg/arvo/sys/zuse.hoon | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 8b1edee288..f39eaffb2f 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2302,10 +2302,10 @@ |= [pk=@I m=@I sig=@J] ^- ? =/ c curve - =/ ppx (lift-x pk) - ?~ ppx + =/ pup (lift-x pk) + ?~ pup %.n - =/ pp u.ppx + =/ pp u.pup =/ r (cut 8 [1 1] sig) ?: (gte r p.domain.c) %.n @@ -2322,7 +2322,7 @@ (mul-point-scalar g.domain.c s) =/ bb (mul-point-scalar pp (sub n.domain.c e)) - ?: &(=(x.aa x.bb) !=(y.aa y.bb)) :: check infinity + ?: &(=(x.aa x.bb) !=(y.aa y.bb)) :: infinite? %.n =/ rr (add-points aa bb) ?. =(0 (mod y.rr 2)) From cb5983c6aee54751d57dd78868846aaf9531a75e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Thu, 30 Dec 2021 04:25:31 +0000 Subject: [PATCH 13/22] zuse: schnorr jet hints --- pkg/arvo/sys/zuse.hoon | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index f39eaffb2f..9da9f94a75 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2236,6 +2236,7 @@ ?< =([0 0] pub) pub ++ schnorr + ~% %schnorr + ~ => |% ++ tagged-hash |= [tag=@ [l=@ x=@]] =+ hat=(sha-256:sha (swp 3 tag)) @@ -2260,7 +2261,7 @@ |% :: ++ sign :: schnorr signature - :: ~/ %sosi + ~/ %sosi |= [sk=@I m=@I a=@I] ^- @J =/ c curve @@ -2298,7 +2299,7 @@ sig :: ++ verify :: schnorr verify - :: ~/ %sove + ~/ %sove |= [pk=@I m=@I sig=@J] ^- ? =/ c curve From 40fbd160364b0c481ec2e00f1865290c48143ae5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Thu, 30 Dec 2021 05:46:44 +0000 Subject: [PATCH 14/22] zuse: schnorr address --- pkg/arvo/sys/zuse.hoon | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 9da9f94a75..0191705912 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2236,7 +2236,7 @@ ?< =([0 0] pub) pub ++ schnorr - ~% %schnorr + ~ + ~% %schnorr ..schnorr ~ => |% ++ tagged-hash |= [tag=@ [l=@ x=@]] =+ hat=(sha-256:sha (swp 3 tag)) From 4591fa272eb7b0c6ab1bc1688e8960cf13bbb303 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Sun, 9 Jan 2022 05:28:22 +0000 Subject: [PATCH 15/22] zuse: schnorr test cases These are from: --- pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon | 200 ++++++++++++++++++ 1 file changed, 200 insertions(+) diff --git a/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon b/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon index ee27c2ef88..f7d0233b96 100644 --- a/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon +++ b/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon @@ -116,4 +116,204 @@ 3d07.03a9.9925.0581. f7de.cd5e.f0f4.f809 == +++ test-schnorr + => |% + +$ case-sec + $: sec=@ + pub=@ + aux=@ + mes=@ + sig=@ + == + +$ case-pub + $: pub=@ + mes=@ + sig=@ + res=? + == + -- + =< %+ category "bip-0340 vectors" + (zing :(weld t1 t2 t3)) + =/ cases-sec=(list case-sec) + :~ + :* 0x3 + 0xf930.8a01.9258.c310.4934.4f85.f89d.5229. + b531.c845.836f.99b0.8601.f113.bce0.36f9 + 0 + 0 + 0xe907.831f.8084.8d10.69a5.371b.4024.1036. + 4bdf.1c5f.8307.b008.4c55.f1ce.2dca.8215. + 25f6.6a4a.85ea.8b71.e482.a74f.382d.2ce5. + ebee.e8fd.b217.2f47.7df4.900d.3105.36c0 + == + :* 0xb7e1.5162.8aed.2a6a.bf71.5880.9cf4.f3c7. + 62e7.160f.38b4.da56.a784.d904.5190.cfef + 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 1 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x6896.bd60.eeae.296d.b48a.229f.f71d.fe07. + 1bde.413e.6d43.f917.dc8d.cf8c.78de.3341. + 8906.d11a.c976.abcc.b20b.0912.92bf.f4ea. + 897e.fcb6.39ea.871c.fa95.f6de.339e.4b0a + == + :* 0xc90f.daa2.2168.c234.c4c6.628b.80dc.1cd1. + 2902.4e08.8a67.cc74.020b.bea6.3b14.e5c9 + 0xdd30.8afe.c577.7e13.121f.a72b.9cc1.b7cc. + 0139.7153.09b0.86c9.60e1.8fd9.6977.4eb8 + 0xc87a.a538.24b4.d7ae.2eb0.35a2.b5bb.bccc. + 080e.76cd.c6d1.692c.4b0b.62d7.98e6.d906 + 0x7e2d.58d8.b3bc.df1a.bade.c782.9054.f90d. + da98.05aa.b56c.7733.3024.b9d0.a508.b75c + 0x5831.aaee.d7b4.4bb7.4e5e.ab94.ba9d.4294. + c49b.cf2a.6072.8d8b.4c20.0f50.dd31.3c1b. + ab74.5879.a5ad.954a.72c4.5a91.c3a5.1d3c. + 7ade.a98d.82f8.481e.0e1e.0367.4a6f.3fb7 + == + :* 0xb43.2b26.7793.7381.aef0.5bb0.2a66.ecd0. + 1277.3062.cf3f.a254.9e44.f58e.d240.1710 + 0x25d1.dff9.5105.f525.3c40.22f6.28a9.96ad. + 3a0d.95fb.f21d.468a.1b33.f8c1.60d8.f517 + 0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff. + ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff + 0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff. + ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff + 0x7eb0.5097.57e2.46f1.9449.8856.5161.1cb9. + 65ec.c1a1.87dd.51b6.4fda.1edc.9637.d5ec. + 9758.2b9c.b13d.b393.3705.b32b.a982.af5a. + f25f.d788.81eb.b327.71fc.5922.efc6.6ea3 + == + == + =/ t1 + %+ turn cases-sec + |= case-sec + ^- tang + %+ expect-eq + !> sig + !> (sign:schnorr:ecc sec mes aux) + =/ t2 + %+ turn cases-sec + |= case-sec + ^- tang + %- expect + !> (verify:schnorr:ecc pub mes sig) + =/ cases-pub=(list case-pub) + :~ + :* 0xd69c.3509.bb99.e412.e68b.0fe8.544e.7283. + 7dfa.3074.6d8b.e2aa.6597.5f29.d22d.c7b9 + 0x4df3.c3f6.8fcc.83b2.7e9d.42c9.0431.a724. + 99f1.7875.c81a.599b.566c.9889.b969.6703 + 0x3b.78ce.563f.89a0.ed94.14f5.aa28.ad0d. + 96d6.795f.9c63.76af.b154.8af6.03b3.eb45. + c9f8.207d.ee10.60cb.71c0.4e80.f593.060b. + 07d2.8308.d7f4 + %.y + == + :* 0xeefd.ea4c.db67.7750.a420.fee8.07ea.cf21. + eb98.98ae.79b9.7687.66e4.faa0.4a2d.4a34 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f. + 74c1.9760.89b2.d996.3da2.e554.3e17.7769. + 69e8.9b4c.5564.d003.4910.6b84.9778.5dd7. + d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b + %.n + == + :* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0xfff9.7bd5.755e.eea4.2045.3a14.3552.35d3. + 82f6.472f.8568.a18b.2f05.7a14.6029.7556. + 3cc2.7944.640a.c607.cd10.7ae1.0923.d9ef. + 7a73.c643.e166.be5e.beaf.a34b.1ac5.53e2 + %.n + == + :* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x1fa6.2e33.1edb.c21c.3947.92d2.ab11.00a7. + b432.b013.df3f.6ff4.f99f.cb33.e0e1.515f. + 2889.0b3e.db6e.7189.b630.448b.515c.e4f8. + 622a.954c.fe54.5735.aaea.5134.fccd.b2bd + %.n + == + :* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f. + 74c1.9760.89b2.d996.3da2.e554.3e17.7769. + 9617.64b3.aa9b.2ffc.b6ef.947b.6887.a226. + e8d7.c93e.00c5.ed0c.1834.ff0d.0c2e.6da6 + %.n + == + :* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x123d.da83.28af.9c23.a94c.1fee.cfd1.23ba. + 4fb7.3476.f0d5.94dc.b65c.6425.bd18.6051 + %.n + == + :* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x1.7615.fbaf.5ae2.8864.013c.0997.42de. + adb4.dba8.7f11.ac67.54f9.3780.d5a1.837c. + f197 + %.n + == + :* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x4a29.8dac.ae57.395a.15d0.795d.dbfd.1dcb. + 564d.a82b.0f26.9bc7.0a74.f822.0429.ba1d. + 69e8.9b4c.5564.d003.4910.6b84.9778.5dd7. + d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b + %.n + == + :* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff. + ffff.ffff.ffff.ffff.ffff.fffe.ffff.fc2f. + 69e8.9b4c.5564.d003.4910.6b84.9778.5dd7. + d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b + %.n + == + :* 0xdff1.d77f.2a67.1c5f.3618.3726.db23.41be. + 58fe.ae1d.a2de.ced8.4324.0f7b.502b.a659 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f. + 74c1.9760.89b2.d996.3da2.e554.3e17.7769. + ffff.ffff.ffff.ffff.ffff.ffff.ffff.fffe. + baae.dce6.af48.a03b.bfd2.5e8c.d036.4141 + %.n + == + :* 0xffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff. + ffff.ffff.ffff.ffff.ffff.fffe.ffff.fc30 + 0x243f.6a88.85a3.08d3.1319.8a2e.0370.7344. + a409.3822.299f.31d0.082e.fa98.ec4e.6c89 + 0x6cff.5c3b.a86c.69ea.4b73.76f3.1a9b.cb4f. + 74c1.9760.89b2.d996.3da2.e554.3e17.7769. + 69e8.9b4c.5564.d003.4910.6b84.9778.5dd7. + d1d7.13a8.ae82.b32f.a79d.5f7f.c407.d39b + %.n + == + == + :_ . + ^= t3 + %+ turn cases-pub + |= case-pub + ^- tang + %+ expect-eq + !> res + !> (verify:schnorr:ecc pub mes sig) -- From 71c59737d8888416b29de2b9fdf0b6260a5f7a5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Sun, 9 Jan 2022 05:31:36 +0000 Subject: [PATCH 16/22] zuse: boundary assertions for schnorr Just assert on mis-sized values. --- pkg/arvo/sys/zuse.hoon | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 0191705912..dbcf547450 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2264,6 +2264,9 @@ ~/ %sosi |= [sk=@I m=@I a=@I] ^- @J + ?> (gte 32 (met 3 sk)) + ?> (gte 32 (met 3 m)) + ?> (gte 32 (met 3 a)) =/ c curve ?< |(=(0 sk) (gte sk n.domain.c)) =/ pp @@ -2302,6 +2305,9 @@ ~/ %sove |= [pk=@I m=@I sig=@J] ^- ? + ?> (gte 32 (met 3 pk)) + ?> (gte 32 (met 3 m)) + ?> (gte 64 (met 3 sig)) =/ c curve =/ pup (lift-x pk) ?~ pup From ce05e562eda2c319021b4526b4805b2d93e0703f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Sun, 9 Jan 2022 05:49:47 +0000 Subject: [PATCH 17/22] test: schnorr bounds checking --- pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon b/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon index f7d0233b96..fff832c57b 100644 --- a/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon +++ b/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon @@ -316,4 +316,37 @@ %+ expect-eq !> res !> (verify:schnorr:ecc pub mes sig) +++ test-schnorr-bounds + => |% +$ case [sec=@ pub=@ aux=@ mes=@ sig=@] -- + =< %+ category "bounds" + (zing (weld t1 t2)) + =/ too-big + 0xff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff. + ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff + =/ big-sig + 0xff.ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff. + ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff. + ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff. + ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff + =/ cases-big-sec=(list case) + :~ [too-big 0 0 0 0] + [0 0 too-big 0 0] + [0 0 0 too-big 0] + == + =/ cases-big-pub=(list case) + :~ [0 too-big 0 0 0] + [0 0 0 too-big 0] + [0 0 0 0 big-sig] + == + =/ t1 + %+ turn cases-big-sec + |= case + %- expect-fail + |. (sign:schnorr:ecc sec mes aux) + :_ . + ^= t2 + %+ turn cases-big-pub + |= case + %- expect-fail + |. (verify:schnorr:ecc pub mes sig) -- From b277fd5e84abb299af12b170d2ca5dcd56449efb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 2 Feb 2022 21:06:23 -0600 Subject: [PATCH 18/22] pill: solid, brass --- bin/brass.pill | 4 ++-- bin/solid.pill | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/brass.pill b/bin/brass.pill index 799a4e8de7..99aaaee04f 100644 --- a/bin/brass.pill +++ b/bin/brass.pill @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9a56f675d2a6c5dafa92a9e2d55040d994f3d3d27a1ed827bd87d1158b1e69d0 -size 3749183 +oid sha256:ae4a7a69fe81c5f2114d7b7360c05602f614fe66b96d1db4c3dc0c2a2a5d856e +size 7536000 diff --git a/bin/solid.pill b/bin/solid.pill index 19ab8aa5d4..32d8e91132 100644 --- a/bin/solid.pill +++ b/bin/solid.pill @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:843387cce113f18b403f76b6ba97ddf1746a5436b107d087d1f33b38db6f8c1a -size 26237959 +oid sha256:bcab0698de6efda1bbac54b0833da5e853bca058919110aa5668aa63fb40626e +size 9392699 From f07f759253ffba48d5a060b90d5f87ce41fce1fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Thu, 3 Feb 2022 12:54:27 -0600 Subject: [PATCH 19/22] zuse: style cleanup, use +rep/+end --- pkg/arvo/sys/zuse.hoon | 51 ++++++++++--------- pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon | 4 +- 2 files changed, 28 insertions(+), 27 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index dbcf547450..5667250387 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2237,27 +2237,28 @@ pub ++ schnorr ~% %schnorr ..schnorr ~ - => |% ++ tagged-hash - |= [tag=@ [l=@ x=@]] - =+ hat=(sha-256:sha (swp 3 tag)) - %- sha-256l:sha - :- (add 64 l) - (can 3 ~[[l x] [32 hat] [32 hat]]) - ++ lift-x - |= x=@I - ^- (unit point) - =/ c curve - =/ fop field-p.c - =+ [fadd fpow]=[sum.fop exp.fop] - =/ cp (fadd (fpow 3 x) 7) - =/ y (fpow (rsh [0 2] +(p.domain.c)) cp) - ?. =(cp (fpow 2 y)) - ~ - %- some :- x - ?: =(0 (mod y 2)) - y - (sub p.domain.c y) - -- + => |% + ++ tagged-hash + |= [tag=@ [l=@ x=@]] + =+ hat=(sha-256:sha (swp 3 tag)) + %- sha-256l:sha + :- (add 64 l) + (can 3 ~[[l x] [32 hat] [32 hat]]) + ++ lift-x + |= x=@I + ^- (unit point) + =/ c curve + =/ fop field-p.c + =+ [fadd fpow]=[sum.fop exp.fop] + =/ cp (fadd (fpow 3 x) 7) + =/ y (fpow (rsh [0 2] +(p.domain.c)) cp) + ?. =(cp (fpow 2 y)) + ~ + %- some :- x + ?: =(0 (mod y 2)) + y + (sub p.domain.c y) + -- |% :: ++ sign :: schnorr signature @@ -2281,7 +2282,7 @@ =/ rand %+ tagged-hash 'BIP0340/nonce' :- 96 - (can 8 ~[[1 m] [1 x.pp] [1 t]]) + (rep 8 ~[m x.pp t]) =/ kp (mod rand n.domain.c) =/ rr (mul-point-scalar g.domain.c kp) =/ k @@ -2293,7 +2294,7 @@ :_ n.domain.c %+ tagged-hash 'BIP0340/challenge' :- 96 - (can 8 ~[[1 m] [1 x.pp] [1 x.rr]]) + (rep 8 ~[m x.pp x.rr]) =/ sig %^ cat 8 (mod (add k (mul e d)) n.domain.c) @@ -2316,7 +2317,7 @@ =/ r (cut 8 [1 1] sig) ?: (gte r p.domain.c) %.n - =/ s (cut 8 [0 1] sig) + =/ s (end 8 sig) ?: (gte s n.domain.c) %.n =/ e @@ -2324,7 +2325,7 @@ :_ n.domain.c %+ tagged-hash 'BIP0340/challenge' :- 96 - (can 8 ~[[1 m] [1 x.pp] [1 r]]) + (rep 8 ~[m x.pp r]) =/ aa (mul-point-scalar g.domain.c s) =/ bb diff --git a/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon b/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon index fff832c57b..2d3e8d5f28 100644 --- a/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon +++ b/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon @@ -191,7 +191,7 @@ ^- tang %+ expect-eq !> sig - !> (sign:schnorr:ecc sec mes aux) + !> (sign:schnorr:ecc sec mes aux) =/ t2 %+ turn cases-sec |= case-sec @@ -315,7 +315,7 @@ ^- tang %+ expect-eq !> res - !> (verify:schnorr:ecc pub mes sig) + !> (verify:schnorr:ecc pub mes sig) ++ test-schnorr-bounds => |% +$ case [sec=@ pub=@ aux=@ mes=@ sig=@] -- =< %+ category "bounds" From 4cef7dc38bee7e9dd9fb3df36e31bcff8da41d6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Thu, 3 Feb 2022 13:21:21 -0600 Subject: [PATCH 20/22] bounds-check against sk=1 +sign:schnorr crashes on `=(0 sk)`, so the bounds checking code is not exercised for sk=0. It also crashes on `(gte sk n.domain.c)`, which is redundant with the size check on sk, so we remove that. --- pkg/arvo/sys/zuse.hoon | 1 - pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 5667250387..1bb50e4b46 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2265,7 +2265,6 @@ ~/ %sosi |= [sk=@I m=@I a=@I] ^- @J - ?> (gte 32 (met 3 sk)) ?> (gte 32 (met 3 m)) ?> (gte 32 (met 3 a)) =/ c curve diff --git a/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon b/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon index 2d3e8d5f28..03ef63f8d5 100644 --- a/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon +++ b/pkg/arvo/tests/sys/zuse/crypto/secp256k1.hoon @@ -330,8 +330,8 @@ ffff.ffff.ffff.ffff.ffff.ffff.ffff.ffff =/ cases-big-sec=(list case) :~ [too-big 0 0 0 0] - [0 0 too-big 0 0] - [0 0 0 too-big 0] + [1 0 too-big 0 0] + [1 0 0 too-big 0] == =/ cases-big-pub=(list case) :~ [0 too-big 0 0 0] From 64fcd685af0ddfadb91d7233127d691377562447 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Thu, 3 Feb 2022 13:52:09 -0600 Subject: [PATCH 21/22] zuse: comment clarifying sk bounds check --- pkg/arvo/sys/zuse.hoon | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 1bb50e4b46..69b24cb14d 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2268,6 +2268,8 @@ ?> (gte 32 (met 3 m)) ?> (gte 32 (met 3 a)) =/ c curve + :: implies (gte 32 (met 3 sk)) + :: ?< |(=(0 sk) (gte sk n.domain.c)) =/ pp (mul-point-scalar g.domain.c sk) From ca0a861c5e8d84a21c8604c738f34449eed8f56c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C5=8Dshin?= Date: Wed, 9 Feb 2022 14:14:12 -0600 Subject: [PATCH 22/22] zuse: add missing assertions --- pkg/arvo/sys/zuse.hoon | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index 69b24cb14d..6967e68837 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -2248,6 +2248,8 @@ |= x=@I ^- (unit point) =/ c curve + ?. (lth x p.domain.c) + ~ =/ fop field-p.c =+ [fadd fpow]=[sum.fop exp.fop] =/ cp (fadd (fpow 3 x) 7) @@ -2285,6 +2287,7 @@ :- 96 (rep 8 ~[m x.pp t]) =/ kp (mod rand n.domain.c) + ?< =(0 kp) =/ rr (mul-point-scalar g.domain.c kp) =/ k ?: =(0 (mod y.rr 2))