Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
multisig.test.cpp
Go to the documentation of this file.
1#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
2#include <gtest/gtest.h>
3
4#include "./multisig.hpp"
5
6using namespace bb;
7using namespace bb::crypto;
8
9namespace {
10template <typename Hash> struct MultisigTest : public ::testing::Test {
11 using G = grumpkin::g1;
12 using Fr = grumpkin::fr;
13 using KeyPair = crypto::schnorr_key_pair<Fr, G>;
14 using multisig = crypto::schnorr_multisig<G, Hash, Blake2sHasher>;
15 using multisig_public_key = typename multisig::MultiSigPublicKey;
16
17 static KeyPair generate_account()
18 {
19 KeyPair account;
20 account.private_key = Fr::random_element();
21 account.public_key = G::one * account.private_key;
22 return account;
23 }
24
25 static std::vector<multisig_public_key> create_signer_pubkeys(const std::vector<KeyPair>& accounts)
26 {
27 // setup multisig signers
28 std::vector<multisig_public_key> signer_pubkeys;
29 for (size_t i = 0; i < accounts.size(); ++i) {
30 auto& signer = accounts[i];
31 signer_pubkeys.push_back(multisig_public_key(signer));
32 }
33 return signer_pubkeys;
34 }
35
36 static std::optional<crypto::schnorr_signature> create_multisig(const std::string& message,
37 const std::vector<KeyPair>& accounts,
38 const bool tamper_proof_of_possession = false)
39 {
40 std::vector<typename multisig::RoundOnePublicOutput> round1_pub;
41 std::vector<typename multisig::RoundOnePrivateOutput> round1_priv;
42 std::vector<typename multisig::RoundTwoPublicOutput> round2;
43 std::vector<typename multisig::MultiSigPublicKey> signer_pubkeys = create_signer_pubkeys(accounts);
44
45 if (tamper_proof_of_possession) {
46 signer_pubkeys[0].proof_of_possession.response += 1;
47 }
48 const size_t num_signers = accounts.size();
49
50 for (size_t i = 0; i < num_signers; ++i) {
51 auto [_round1_pub, _round1_priv] = multisig::construct_signature_round_1();
52 round1_pub.push_back(_round1_pub);
53 round1_priv.push_back(_round1_priv);
54 }
55
56 for (size_t i = 0; i < num_signers; ++i) {
57 auto& signer = accounts[i];
58 if (auto round2_output = multisig::construct_signature_round_2(
59 message, signer, round1_priv[i], signer_pubkeys, round1_pub)) {
60 round2.push_back(*round2_output);
61 }
62 }
63 return multisig::combine_signatures(message, signer_pubkeys, round1_pub, round2);
64 }
65};
66
67using HashTypes = ::testing::Types<KeccakHasher, Sha256Hasher>;
68} // namespace
69
70TYPED_TEST_SUITE(MultisigTest, HashTypes);
71
72TYPED_TEST(MultisigTest, verify_multi_signature_blake2s)
73{
74 using G = grumpkin::g1;
75 using Fr = grumpkin::fr;
76 using Fq = grumpkin::fq;
77 using KeyPair = crypto::schnorr_key_pair<Fr, G>;
78 using multisig = crypto::schnorr_multisig<G, TypeParam>;
79
80 std::string message = "The quick brown dog jumped over the lazy fox.";
81
82 const size_t num_signers = 5;
83
84 std::vector<KeyPair> accounts(num_signers);
85 for (auto& acct : accounts) {
86 acct = this->generate_account();
87 }
88
89 auto signature = this->create_multisig(message, accounts);
90 ASSERT_TRUE(signature.has_value());
91
92 auto pub_key = multisig::validate_and_combine_signer_pubkeys(this->create_signer_pubkeys(accounts));
93 ASSERT_TRUE(pub_key.has_value());
94
95 bool result = crypto::schnorr_verify_signature<Blake2sHasher, Fq, Fr, G>(message, *pub_key, *signature);
96
97 EXPECT_EQ(result, true);
98}
99
100TYPED_TEST(MultisigTest, multi_signature_fails_if_proof_of_possession_invalid)
101{
102 using G = grumpkin::g1;
103 using Fr = grumpkin::fr;
104 using KeyPair = crypto::schnorr_key_pair<Fr, G>;
105
106 std::string message = "The quick brown dog jumped over the lazy fox.";
107
108 const size_t num_signers = 5;
109
110 std::vector<KeyPair> accounts(num_signers);
111 for (auto& acct : accounts) {
112 acct = this->generate_account();
113 }
114
115 auto signature = this->create_multisig(message, accounts, true);
116 ASSERT_FALSE(signature.has_value());
117}
118
119TYPED_TEST(MultisigTest, multi_signature_fails_if_duplicates)
120{
121 using G = grumpkin::g1;
122 using Fr = grumpkin::fr;
123 using KeyPair = crypto::schnorr_key_pair<Fr, G>;
124
125 std::string message = "The quick brown dog jumped over the lazy fox.";
126
127 const size_t num_signers = 5;
128
129 std::vector<KeyPair> accounts(num_signers);
130 for (auto& acct : accounts) {
131 acct = this->generate_account();
132 }
133
134 accounts[2] = accounts[4]; // :o
135 auto signature = this->create_multisig(message, accounts);
136 ASSERT_FALSE(signature.has_value());
137}
bb::crypto::schnorr_multisig
Implements the SpeedyMuSig protocol; a secure 2-round interactive multisignature scheme whose signatu...
Definition multisig.hpp:34
bb::crypto::schnorr_multisig::combine_signatures
static std::optional< schnorr_signature > combine_signatures(const std::string &message, const std::vector< MultiSigPublicKey > &signer_pubkeys, const std::vector< RoundOnePublicOutput > &round_1_nonces, const std::vector< RoundTwoPublicOutput > &round_2_signature_shares)
the final step in the SpeedyMuSig multisig scheme. Can be computed by an untrusted 3rd party....
Definition multisig.hpp:400
bb::crypto::schnorr_multisig::construct_signature_round_1
static std::pair< RoundOnePublicOutput, RoundOnePrivateOutput > construct_signature_round_1()
First round of SpeedyMuSig. Signers generate random nonce keypairs R = {r, [R]}, S = {s,...
Definition multisig.hpp:317
bb::crypto::schnorr_multisig::construct_signature_round_2
static std::optional< RoundTwoPublicOutput > construct_signature_round_2(const std::string &message, const key_pair &signer, const RoundOnePrivateOutput &signer_round_1_private_output, const std::vector< MultiSigPublicKey > &signer_pubkeys, const std::vector< RoundOnePublicOutput > &round_1_nonces)
Second round of SpeedyMuSig. Given the signer pubkeys and the output of round 1, round 2 has each sig...
Definition multisig.hpp:348
bb::crypto::schnorr_multisig::validate_and_combine_signer_pubkeys
static std::optional< affine_element > validate_and_combine_signer_pubkeys(const std::vector< MultiSigPublicKey > &signer_pubkeys)
Computes the sum of all signer pubkeys. Output is the public key of the public-facing schnorr multisi...
Definition multisig.hpp:271
bb::group::one
static constexpr element one
Definition group.hpp:46
G
#define G(r, i, a, b, c, d)
Definition blake2s.cpp:116
multisig_public_key
typename multisig::MultiSigPublicKey multisig_public_key
Definition c_bind.cpp:16
bb::grumpkin::g1
bb::group< bb::fr, bb::fq, G1Params > g1
Definition grumpkin.hpp:45
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::TYPED_TEST_SUITE
TYPED_TEST_SUITE(ShpleminiTest, TestSettings)
bb::TYPED_TEST
TYPED_TEST(ShpleminiTest, CorrectnessOfMultivariateClaimBatching)
Definition shplemini.test.cpp:47
cdg::KeyPair
std::pair< uint32_t, size_t > KeyPair
Definition graph.hpp:28
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
HashTypes
::testing::Types< KeccakHasher, Sha256Hasher, Blake2sHasher > HashTypes
Definition proof_of_possession.test.cpp:23
bb::crypto::schnorr_key_pair
Definition schnorr.hpp:22
bb::crypto::schnorr_multisig::MultiSigPublicKey
MultiSigPublicKey wraps a signer's public key g1::affine_element along with a proof of posession: a s...
Definition multisig.hpp:57
bb::field< Bn254FqParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665