MOVE ONLY: move Pedersen commitment stuff to generator module from rangeproof module

You can verify this commit with `git diff --color-moved=zebra`
2022-08-27 14:55:38 +00:00
parent b1f1675375
commit 87373f5145
12 changed files with 538 additions and 516 deletions
--- a/src/modules/generator/tests_impl.h
+++ b/src/modules/generator/tests_impl.h
@@ -223,11 +223,174 @@ void test_generator_fixed_vector(void) {
    CHECK(!secp256k1_generator_parse(ctx, &parse, result));
 }

+static void test_pedersen_api(void) {
+    secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
+    secp256k1_context *sign = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
+    secp256k1_context *vrfy = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY);
+    secp256k1_context *sttc = secp256k1_context_clone(secp256k1_context_no_precomp);
+    secp256k1_pedersen_commitment commit;
+    const secp256k1_pedersen_commitment *commit_ptr = &commit;
+    unsigned char blind[32];
+    unsigned char blind_out[32];
+    const unsigned char *blind_ptr = blind;
+    unsigned char *blind_out_ptr = blind_out;
+    uint64_t val = secp256k1_testrand32();
+    int32_t ecount = 0;
+
+    secp256k1_context_set_error_callback(none, counting_illegal_callback_fn, &ecount);
+    secp256k1_context_set_error_callback(sign, counting_illegal_callback_fn, &ecount);
+    secp256k1_context_set_error_callback(vrfy, counting_illegal_callback_fn, &ecount);
+    secp256k1_context_set_error_callback(sttc, counting_illegal_callback_fn, &ecount);
+    secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount);
+    secp256k1_context_set_illegal_callback(sign, counting_illegal_callback_fn, &ecount);
+    secp256k1_context_set_illegal_callback(vrfy, counting_illegal_callback_fn, &ecount);
+    secp256k1_context_set_illegal_callback(sttc, counting_illegal_callback_fn, &ecount);
+
+    secp256k1_testrand256(blind);
+    CHECK(secp256k1_pedersen_commit(none, &commit, blind, val, secp256k1_generator_h) != 0);
+    CHECK(secp256k1_pedersen_commit(vrfy, &commit, blind, val, secp256k1_generator_h) != 0);
+    CHECK(secp256k1_pedersen_commit(sign, &commit, blind, val, secp256k1_generator_h) != 0);
+    CHECK(ecount == 0);
+    CHECK(secp256k1_pedersen_commit(sttc, &commit, blind, val, secp256k1_generator_h) == 0);
+    CHECK(ecount == 1);
+
+    CHECK(secp256k1_pedersen_commit(sign, NULL, blind, val, secp256k1_generator_h) == 0);
+    CHECK(ecount == 2);
+    CHECK(secp256k1_pedersen_commit(sign, &commit, NULL, val, secp256k1_generator_h) == 0);
+    CHECK(ecount == 3);
+    CHECK(secp256k1_pedersen_commit(sign, &commit, blind, val, NULL) == 0);
+    CHECK(ecount == 4);
+
+    CHECK(secp256k1_pedersen_blind_sum(none, blind_out, &blind_ptr, 1, 1) != 0);
+    CHECK(ecount == 4);
+    CHECK(secp256k1_pedersen_blind_sum(none, NULL, &blind_ptr, 1, 1) == 0);
+    CHECK(ecount == 5);
+    CHECK(secp256k1_pedersen_blind_sum(none, blind_out, NULL, 1, 1) == 0);
+    CHECK(ecount == 6);
+    CHECK(secp256k1_pedersen_blind_sum(none, blind_out, &blind_ptr, 0, 1) == 0);
+    CHECK(ecount == 7);
+    CHECK(secp256k1_pedersen_blind_sum(none, blind_out, &blind_ptr, 0, 0) != 0);
+    CHECK(ecount == 7);
+
+    CHECK(secp256k1_pedersen_commit(sign, &commit, blind, val, secp256k1_generator_h) != 0);
+    CHECK(secp256k1_pedersen_verify_tally(none, &commit_ptr, 1, &commit_ptr, 1) != 0);
+    CHECK(secp256k1_pedersen_verify_tally(none, NULL, 0, &commit_ptr, 1) == 0);
+    CHECK(secp256k1_pedersen_verify_tally(none, &commit_ptr, 1, NULL, 0) == 0);
+    CHECK(secp256k1_pedersen_verify_tally(none, NULL, 0, NULL, 0) != 0);
+    CHECK(ecount == 7);
+    CHECK(secp256k1_pedersen_verify_tally(none, NULL, 1, &commit_ptr, 1) == 0);
+    CHECK(ecount == 8);
+    CHECK(secp256k1_pedersen_verify_tally(none, &commit_ptr, 1, NULL, 1) == 0);
+    CHECK(ecount == 9);
+
+    CHECK(secp256k1_pedersen_blind_generator_blind_sum(none, &val, &blind_ptr, &blind_out_ptr, 1, 0) != 0);
+    CHECK(ecount == 9);
+    CHECK(secp256k1_pedersen_blind_generator_blind_sum(none, &val, &blind_ptr, &blind_out_ptr, 1, 1) == 0);
+    CHECK(ecount == 10);
+    CHECK(secp256k1_pedersen_blind_generator_blind_sum(none, &val, &blind_ptr, &blind_out_ptr, 0, 0) == 0);
+    CHECK(ecount == 11);
+    CHECK(secp256k1_pedersen_blind_generator_blind_sum(none, NULL, &blind_ptr, &blind_out_ptr, 1, 0) == 0);
+    CHECK(ecount == 12);
+    CHECK(secp256k1_pedersen_blind_generator_blind_sum(none, &val, NULL, &blind_out_ptr, 1, 0) == 0);
+    CHECK(ecount == 13);
+    CHECK(secp256k1_pedersen_blind_generator_blind_sum(none, &val, &blind_ptr, NULL, 1, 0) == 0);
+    CHECK(ecount == 14);
+
+    secp256k1_context_destroy(none);
+    secp256k1_context_destroy(sign);
+    secp256k1_context_destroy(vrfy);
+    secp256k1_context_destroy(sttc);
+}
+
+static void test_pedersen(void) {
+    secp256k1_pedersen_commitment commits[19];
+    const secp256k1_pedersen_commitment *cptr[19];
+    unsigned char blinds[32*19];
+    const unsigned char *bptr[19];
+    secp256k1_scalar s;
+    uint64_t values[19];
+    int64_t totalv;
+    int i;
+    int inputs;
+    int outputs;
+    int total;
+    inputs = (secp256k1_testrand32() & 7) + 1;
+    outputs = (secp256k1_testrand32() & 7) + 2;
+    total = inputs + outputs;
+    for (i = 0; i < 19; i++) {
+        cptr[i] = &commits[i];
+        bptr[i] = &blinds[i * 32];
+    }
+    totalv = 0;
+    for (i = 0; i < inputs; i++) {
+        values[i] = secp256k1_testrandi64(0, INT64_MAX - totalv);
+        totalv += values[i];
+    }
+    for (i = 0; i < outputs - 1; i++) {
+        values[i + inputs] = secp256k1_testrandi64(0, totalv);
+        totalv -= values[i + inputs];
+    }
+    values[total - 1] = totalv;
+
+    for (i = 0; i < total - 1; i++) {
+        random_scalar_order(&s);
+        secp256k1_scalar_get_b32(&blinds[i * 32], &s);
+    }
+    CHECK(secp256k1_pedersen_blind_sum(ctx, &blinds[(total - 1) * 32], bptr, total - 1, inputs));
+    for (i = 0; i < total; i++) {
+        CHECK(secp256k1_pedersen_commit(ctx, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h));
+    }
+    CHECK(secp256k1_pedersen_verify_tally(ctx, cptr, inputs, &cptr[inputs], outputs));
+    CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[inputs], outputs, cptr, inputs));
+    if (inputs > 0 && values[0] > 0) {
+        CHECK(!secp256k1_pedersen_verify_tally(ctx, cptr, inputs - 1, &cptr[inputs], outputs));
+    }
+    random_scalar_order(&s);
+    for (i = 0; i < 4; i++) {
+        secp256k1_scalar_get_b32(&blinds[i * 32], &s);
+    }
+    values[0] = INT64_MAX;
+    values[1] = 0;
+    values[2] = 1;
+    for (i = 0; i < 3; i++) {
+        CHECK(secp256k1_pedersen_commit(ctx, &commits[i], &blinds[i * 32], values[i], secp256k1_generator_h));
+    }
+    CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[0], 1, &cptr[0], 1));
+    CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[1], 1, &cptr[1], 1));
+}
+
+void test_pedersen_commitment_fixed_vector(void) {
+    const unsigned char two_g[33] = {
+        0x09,
+        0xc6, 0x04, 0x7f, 0x94, 0x41, 0xed, 0x7d, 0x6d, 0x30, 0x45, 0x40, 0x6e, 0x95, 0xc0, 0x7c, 0xd8,
+        0x5c, 0x77, 0x8e, 0x4b, 0x8c, 0xef, 0x3c, 0xa7, 0xab, 0xac, 0x09, 0xb9, 0x5c, 0x70, 0x9e, 0xe5
+    };
+    unsigned char result[33];
+    secp256k1_pedersen_commitment parse;
+
+    CHECK(secp256k1_pedersen_commitment_parse(ctx, &parse, two_g));
+    CHECK(secp256k1_pedersen_commitment_serialize(ctx, result, &parse));
+    CHECK(secp256k1_memcmp_var(two_g, result, 33) == 0);
+
+    result[0] = 0x08;
+    CHECK(secp256k1_pedersen_commitment_parse(ctx, &parse, result));
+    result[0] = 0x0c;
+    CHECK(!secp256k1_pedersen_commitment_parse(ctx, &parse, result));
+}
+
+
 void run_generator_tests(void) {
+    int i;
+
    test_shallue_van_de_woestijne();
    test_generator_fixed_vector();
    test_generator_api();
    test_generator_generate();
+    test_pedersen_api();
+    test_pedersen_commitment_fixed_vector();
+    for (i = 0; i < count / 2 + 1; i++) {
+        test_pedersen();
+    }
 }

 #endif