Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ecdsa_tests_data.hpp
Go to the documentation of this file.
1
2
3#include <array>
4#include <cstdint>
5#include <stdexcept>
6#include <string>
7#include <vector>
8
9#include "barretenberg/ecc/curves/secp256k1/secp256k1.hpp"
10#include "barretenberg/ecc/curves/secp256r1/secp256r1.hpp"
11
12namespace bb::stdlib {
13
14using namespace bb;
15using namespace bb::curve;
16
17template <class Curve> struct WycherproofTest {
18 using Fr = Curve::ScalarField;
19 using Fq = Curve::BaseField;
20
21 // Public Key
22 Fq x;
23 Fq y;
24
25 // Data
26 std::vector<uint8_t> message;
27 Fr r;
28 Fr s;
29 bool is_valid_signature;
30 bool is_circuit_satisfied;
31 std::string comment;
32 std::string failure_msg;
33};
34
35using WycherproofSecp256k1 = WycherproofTest<bb::curve::SECP256K1>;
36using WycherproofSecp256r1 = WycherproofTest<bb::curve::SECP256R1>;
37
42const std::vector<WycherproofSecp256k1> secp256k1_tests{
43 // Arithmetic error tests
44 WycherproofSecp256k1{
45 .x = WycherproofSecp256k1::Fq("0x02ef4d6d6cfd5a94f1d7784226e3e2a6c0a436c55839619f38fb4472b5f9ee77"),
46 .y = WycherproofSecp256k1::Fq("0x7eb4acd4eebda5cd72875ffd2a2f26229c2dc6b46500919a432c86739f3ae866"),
47 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
48 .r = WycherproofSecp256k1::Fr("0x0000000000000000000000000000000000000000000000000000000000000101"),
49 .s = WycherproofSecp256k1::Fr("0xc58b162c58b162c58b162c58b162c58a1b242973853e16db75c8a1a71da4d39d"),
50 .is_valid_signature = true,
51 .is_circuit_satisfied = false,
52 .comment = "Arithmetic error, s is larger than (n+1)/2",
53 .failure_msg =
54 "ECDSA input validation: the s component of the signature is bigger than Fr::modulus - s.: hi limb.",
55 },
56 WycherproofSecp256k1{
57 .x = WycherproofSecp256k1::Fq("0xd6ef20be66c893f741a9bf90d9b74675d1c2a31296397acb3ef174fd0b300c65"),
58 .y = WycherproofSecp256k1::Fq("0x4a0c95478ca00399162d7f0f2dc89efdc2b28a30fbabe285857295a4b0c4e265"),
59 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
60 .r = WycherproofSecp256k1::Fr("0x00000000000000000000000000000000000000062522bbd3ecbe7c39e93e7c26"),
61 .s = WycherproofSecp256k1::Fr("0x783266e90f43dafe5cd9b3b0be86de22f9de83677d0f50713a468ec72fcf5d57"),
62 .is_valid_signature = true,
63 .is_circuit_satisfied = true,
64 .comment = "Arithmetic error, r component is small",
65 .failure_msg = "",
66 },
67 // Point duplication tests
68 WycherproofSecp256k1{
69 .x = WycherproofSecp256k1::Fq("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
70 .y = WycherproofSecp256k1::Fq("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"),
71 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
72 .r = WycherproofSecp256k1::Fr("0xbb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023"),
73 .s = WycherproofSecp256k1::Fr("0x2492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952"),
74 .is_valid_signature = false,
75 .is_circuit_satisfied = true,
76 .comment = "Point duplication, public key shares x-coordinates with generator",
77 .failure_msg = "",
78 },
79 // Edge case public key tests
80 WycherproofSecp256k1{
81 .x = WycherproofSecp256k1::Fq("0x6e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff"),
82 .y = WycherproofSecp256k1::Fq("0x00000001060492d5a5673e0f25d8d50fb7e58c49d86d46d4216955e0aa3d40e1"),
83 .message = { 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65 },
84 .r = WycherproofSecp256k1::Fr("0x6d6a4f556ccce154e7fb9f19e76c3deca13d59cc2aeb4ecad968aab2ded45965"),
85 .s = WycherproofSecp256k1::Fr("0x53b9fa74803ede0fc4441bf683d56c564d3e274e09ccf47390badd1471c05fb7"),
86 .is_valid_signature = true,
87 .is_circuit_satisfied = true,
88 .comment = "Edge case public key, y coordinate is small",
89 .failure_msg = "",
90 },
91};
92
97const std::vector<WycherproofSecp256r1> secp256r1_tests{
98 // Arithmetic error test
99 WycherproofSecp256r1{
100 .x = WycherproofSecp256r1::Fq("0x8d3c2c2c3b765ba8289e6ac3812572a25bf75df62d87ab7330c3bdbad9ebfa5c"),
101 .y = WycherproofSecp256r1::Fq("0x4c6845442d66935b238578d43aec54f7caa1621d1af241d4632e0b780c423f5d"),
102 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
103 .r = WycherproofSecp256r1::Fr("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
104 .s = WycherproofSecp256r1::Fr("0x16a4502e2781e11ac82cbc9d1edd8c981584d13e18411e2f6e0478c34416e3bb"),
105 .is_valid_signature = true,
106 .is_circuit_satisfied = true,
107 .comment = "Arithmetic error",
108 .failure_msg = "",
109 },
110 // Point duplication test
111 WycherproofSecp256r1{
112 .x = WycherproofSecp256r1::Fq("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
113 .y = WycherproofSecp256r1::Fq("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),
114 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
115 .r = WycherproofSecp256r1::Fr("0xbb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023"),
116 .s = WycherproofSecp256r1::Fr("0x249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2"),
117 .is_valid_signature = false,
118 .is_circuit_satisfied =
119 false, // When the public key is equal to ±G, the circuit fails because of the generation of lookup tables
120 .comment = "Point duplication, public key shares x-coordinates with generator",
121 .failure_msg = "ECDSA input validation: the public key is equal to plus or minus the generator point.",
122 },
123 // Edge case public key test
124 WycherproofSecp256r1{
125 .x = WycherproofSecp256r1::Fq("0x4f337ccfd67726a805e4f1600ae2849df3807eca117380239fbd816900000000"),
126 .y = WycherproofSecp256r1::Fq("0xed9dea124cc8c396416411e988c30f427eb504af43a3146cd5df7ea60666d685"),
127 .message = { 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65 },
128 .r = WycherproofSecp256r1::Fr("0x0fe774355c04d060f76d79fd7a772e421463489221bf0a33add0be9b1979110b"),
129 .s = WycherproofSecp256r1::Fr("0x500dcba1c69a8fbd43fa4f57f743ce124ca8b91a1f325f3fac6181175df55737"),
130 .is_valid_signature = true,
131 .is_circuit_satisfied = true,
132 .comment = "Edge case public key, x-coordinate has many trailing zeros",
133 .failure_msg = "",
134 },
135};
136} // namespace bb::stdlib
bb::stdlib::secp256k1_tests
const std::vector< WycherproofSecp256k1 > secp256k1_tests
Test for Secp256k1 ECDSA signatures taken from the Wycherproof project.
Definition ecdsa_tests_data.hpp:42
bb::stdlib::secp256r1_tests
const std::vector< WycherproofSecp256r1 > secp256r1_tests
Test for Secp256r1 ECDSA signatures taken from the Wycherproof project.
Definition ecdsa_tests_data.hpp:97
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::stdlib::WycherproofTest::message
std::vector< uint8_t > message
Definition ecdsa_tests_data.hpp:26