Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ecdsa.test.cpp
Go to the documentation of this file.
1#include "barretenberg/crypto/ecdsa/ecdsa.hpp"
2#include "../../primitives/bigfield/bigfield.hpp"
3#include "../../primitives/biggroup/biggroup.hpp"
4#include "../../primitives/curves/secp256k1.hpp"
5#include "../../primitives/curves/secp256r1.hpp"
6#include "barretenberg/circuit_checker/circuit_checker.hpp"
7#include "barretenberg/common/test.hpp"
8#include "ecdsa.hpp"
9
10#include <gtest/gtest.h>
11
12using namespace bb;
13using namespace bb::crypto;
14
15template <class Curve> class EcdsaTests : public ::testing::Test {
16 public:
17 using Builder = Curve::Builder;
18
19 // Native Types
20 using FrNative = Curve::fr;
21 using FqNative = Curve::fq;
22 using G1Native = Curve::g1;
23
24 // Stdlib types
25 using Fr = Curve::bigfr_ct;
26 using Fq = Curve::fq_ct;
27 using G1 = Curve::g1_bigfr_ct;
28
34
35 std::pair<ecdsa_key_pair<FrNative, G1Native>, ecdsa_signature> generate_dummy_ecdsa_data(std::string message_string,
36 bool tamper_with_signature)
37 {
38 ecdsa_key_pair<FrNative, G1Native> account;
39 account.private_key = FrNative::random_element();
40 account.public_key = G1Native::one * account.private_key;
41
42 ecdsa_signature signature =
43 ecdsa_construct_signature<Sha256Hasher, FqNative, FrNative, G1Native>(message_string, account);
44
45 if (tamper_with_signature) {
46 signature.r[1] += 1;
47 }
48
49 return { account, signature };
50 }
51
52 StdlibEcdsaData create_stdlib_ecdsa_data(Builder& builder,
53 std::string message_string,
54 ecdsa_key_pair<FrNative, G1Native>& account,
55 ecdsa_signature& signature)
56 {
57 stdlib::byte_array<Builder> message(&builder, message_string);
58
59 G1 pub_key = G1::from_witness(&builder, account.public_key);
60
61 std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());
62 std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());
63 std::vector<uint8_t> vv = { signature.v };
64
65 stdlib::ecdsa_signature<Builder> sig{ stdlib::byte_array<Builder>(&builder, rr),
66 stdlib::byte_array<Builder>(&builder, ss) };
67
68 return { message, pub_key, sig };
69 }
70
71 void test_verify_signature(bool tamper_with_signature)
72 {
73 // whaaablaghaaglerijgeriij
74 std::string message_string = "Instructions unclear, ask again later.";
75
76 auto [account, signature] =
77 generate_dummy_ecdsa_data(message_string, /*tamper_with_signature=*/tamper_with_signature);
78
79 // Natively verify the signature
80 bool native_verification = ecdsa_verify_signature<Sha256Hasher, FqNative, FrNative, G1Native>(
81 message_string, account.public_key, signature);
82 EXPECT_EQ(native_verification, !tamper_with_signature);
83
84 // Create ECDSA verification circuit
85 Builder builder;
86
87 auto [message, public_key, sig] = create_stdlib_ecdsa_data(builder, message_string, account, signature);
88
89 // Compute H(m)
90 stdlib::byte_array<Builder> hashed_message =
91 static_cast<stdlib::byte_array<Builder>>(stdlib::SHA256<Builder>::hash(message));
92
93 // Verify signature
94 stdlib::bool_t<Builder> signature_result =
95 stdlib::ecdsa_verify_signature<Builder, Curve, Fq, Fr, G1>(hashed_message, public_key, sig);
96
97 // Enforce verification passed successfully
98 signature_result.assert_equal(stdlib::bool_t<Builder>(true));
99
100 EXPECT_EQ(signature_result.get_value(), !tamper_with_signature);
101
102 std::cerr << "num gates = " << builder.get_estimated_num_finalized_gates() << std::endl;
103 benchmark_info(Builder::NAME_STRING,
104 "ECDSA",
105 "Signature Verification Test",
106 "Gate Count",
107 builder.get_estimated_num_finalized_gates());
108 bool proof_result = CircuitChecker::check(builder);
109 EXPECT_EQ(proof_result, !tamper_with_signature);
110 }
111};
112
113using Curves = testing::Types<stdlib::secp256k1<UltraCircuitBuilder>,
114 stdlib::secp256r1<UltraCircuitBuilder>>; // TODO(federicobarbacovi): Is
115 // UltraCircuitBuilder a valid assumption?
116
117TYPED_TEST_SUITE(EcdsaTests, Curves);
118
119TYPED_TEST(EcdsaTests, VerifySignature)
120{
121 TestFixture::test_verify_signature(/*tamper_with_signature=*/false);
122}
123
124TYPED_TEST(EcdsaTests, VerifySignatureFails)
125{
126 TestFixture::test_verify_signature(/*tamper_with_signature=*/true);
127}
circuit_checker.hpp
EcdsaTests::Fr
Curve::bigfr_ct Fr
Definition ecdsa.test.cpp:25
EcdsaTests::create_stdlib_ecdsa_data
StdlibEcdsaData create_stdlib_ecdsa_data(Builder &builder, std::string message_string, ecdsa_key_pair< FrNative, G1Native > &account, ecdsa_signature &signature)
Definition ecdsa.test.cpp:52
EcdsaTests::G1
Curve::g1_bigfr_ct G1
Definition ecdsa.test.cpp:27
EcdsaTests::test_verify_signature
void test_verify_signature(bool tamper_with_signature)
Definition ecdsa.test.cpp:71
EcdsaTests::FrNative
Curve::fr FrNative
Definition ecdsa.test.cpp:20
EcdsaTests::generate_dummy_ecdsa_data
std::pair< ecdsa_key_pair< FrNative, G1Native >, ecdsa_signature > generate_dummy_ecdsa_data(std::string message_string, bool tamper_with_signature)
Definition ecdsa.test.cpp:35
EcdsaTests::FqNative
Curve::fq FqNative
Definition ecdsa.test.cpp:21
EcdsaTests::Fq
Curve::fq_ct Fq
Definition ecdsa.test.cpp:26
EcdsaTests::Builder
Curve::Builder Builder
Definition ecdsa.test.cpp:17
EcdsaTests::G1Native
Curve::g1 G1Native
Definition ecdsa.test.cpp:22
bb::TranslatorCircuitChecker::check
static bool check(const Builder &circuit)
Check the witness satisifies the circuit.
Definition translator_circuit_checker.cpp:20
bb::stdlib::SHA256::hash
static byte_array< Builder > hash(const byte_array_ct &input)
Definition sha256.cpp:308
bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:59
bb::stdlib::byte_array
Represents a dynamic array of bytes in-circuit.
Definition byte_array.hpp:28
bb::stdlib::byte_array::get_value
std::vector< uint8_t > get_value() const
A helper converting a byte_array into the vector of its uint8_t values.
Definition byte_array.cpp:315
benchmark_info
void benchmark_info(Args...)
Info used to store circuit statistics during CI/CD with concrete structure. Writes straight to log.
Definition log.hpp:103
builder
AluTraceBuilder builder
Definition alu.test.cpp:123
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::TYPED_TEST_SUITE
TYPED_TEST_SUITE(ShpleminiTest, TestSettings)
bb::TYPED_TEST
TYPED_TEST(ShpleminiTest, CorrectnessOfMultivariateClaimBatching)
Definition shplemini.test.cpp:47
bb::Curves
::testing::Types< curve::BN254, curve::Grumpkin > Curves
Definition sparse_commitment.test.cpp:93
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
EcdsaTests::StdlibEcdsaData::sig
stdlib::ecdsa_signature< Builder > sig
Definition ecdsa.test.cpp:32
EcdsaTests::StdlibEcdsaData::message
stdlib::byte_array< Builder > message
Definition ecdsa.test.cpp:30
bb::crypto::ecdsa_key_pair
Definition ecdsa.hpp:18
bb::crypto::ecdsa_key_pair::public_key
G1::affine_element public_key
Definition ecdsa.hpp:20
bb::crypto::ecdsa_key_pair::private_key
Fr private_key
Definition ecdsa.hpp:19
bb::crypto::ecdsa_signature
Definition ecdsa.hpp:25
bb::crypto::ecdsa_signature::r
std::array< uint8_t, 32 > r
Definition ecdsa.hpp:26
bb::crypto::ecdsa_signature::s
std::array< uint8_t, 32 > s
Definition ecdsa.hpp:27
bb::crypto::ecdsa_signature::v
uint8_t v
Definition ecdsa.hpp:28
bb::stdlib::ecdsa_signature
Definition ecdsa.hpp:14