Skip to content

Commit

Permalink
btcec/schnorr/musig2: add infinity testvectors
Browse files Browse the repository at this point in the history
This commit adds the testvectors from
jonasnick/bips@20ba031
  • Loading branch information
sputn1ck committed Jul 29, 2022
1 parent 7d25b4b commit cb1d4b5
Showing 1 changed file with 45 additions and 9 deletions.
54 changes: 45 additions & 9 deletions btcec/schnorr/musig2/musig2_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -309,6 +309,9 @@ var (
signExpected3 = mustParseHex("0D5B651E6DE34A29A12DE7A8B4183B4AE6A7F7F" +
"BE15CDCAFA4A3D1BCAABC7517")

signExpected4 = mustParseHex("8D5E0407FB4756EEBCD86264C32D792EE36EEB6" +
"9E952BBB30B8E41BEBC4D22FA")

signSetKeys = [][]byte{signSetPubKey, signSetKey2, signSetKey3, invalidPk1}

aggregatedNonce = toPubNonceSlice(mustParseHex("028465FCF0BBDBCF443AA" +
Expand All @@ -323,6 +326,9 @@ var (
verifyPnonce3 = mustParsePubNonce("032DE2662628C90B03F5E720284EB52FF7" +
"D71F4284F627B68A853D78C78E1FFE9303E4C5524E83FFE1493B9077CF1C" +
"A6BEB2090C93D930321071AD40B2F44E599046")
verifyPnonce4 = mustParsePubNonce("0237C87821AFD50A8644D820A8F3E02E49" +
"9C931865C2360FB43D0A0D20DAFE07EA0387BF891D2A6DEAEBADC909352A" +
"A9405D1428C15F4B75F04DAE642A95C2548480")

tweak1 = KeyTweakDesc{
Tweak: [32]byte{
Expand Down Expand Up @@ -442,15 +448,21 @@ func TestMuSig2SigningTestVectors(t *testing.T) {
aggNonce: aggregatedNonce,
expectedPartialSig: signExpected3,
},
// Vector 4 Both halves of aggregate nonce correspond to point at infinity
{
keyOrder: []int{0, 1},
aggNonce: mustNonceAgg([][66]byte{verifyPnonce1, verifyPnonce4}),
expectedPartialSig: signExpected4,
},

// Vector 4: Signer 2 provided an invalid public key
// Vector 5: Signer 2 provided an invalid public key
{
keyOrder: []int{1, 0, 3},
aggNonce: aggregatedNonce,
expectedError: secp256k1.ErrPubKeyNotOnCurve,
},

// Vector 5: Aggregate nonce is invalid due wrong tag, 0x04,
// Vector 6: Aggregate nonce is invalid due wrong tag, 0x04,
// in the first half.
{

Expand All @@ -463,7 +475,7 @@ func TestMuSig2SigningTestVectors(t *testing.T) {
expectedError: secp256k1.ErrPubKeyInvalidFormat,
},

// Vector 6: Aggregate nonce is invalid because the second half
// Vector 7: Aggregate nonce is invalid because the second half
// does not correspond to an X coordinate.
{

Expand All @@ -476,7 +488,7 @@ func TestMuSig2SigningTestVectors(t *testing.T) {
expectedError: secp256k1.ErrPubKeyNotOnCurve,
},

// Vector 7: Aggregate nonce is invalid because the second half
// Vector 8: Aggregate nonce is invalid because the second half
// exceeds field size.
{

Expand Down Expand Up @@ -714,7 +726,7 @@ func TestMusig2PartialSigVerifyTestVectors(t *testing.T) {
genTweakParity(tweak4, false),
},
},
// Vector 8.
// Vector 9.
{

partialSig: signExpected1,
Expand All @@ -726,7 +738,7 @@ func TestMusig2PartialSigVerifyTestVectors(t *testing.T) {
verifyPnonce3,
},
},
// Vector 9.
// Vector 10.
{

partialSig: signExpected2,
Expand All @@ -738,7 +750,7 @@ func TestMusig2PartialSigVerifyTestVectors(t *testing.T) {
verifyPnonce3,
},
},
// Vector 10.
// Vector 11.
{

partialSig: signExpected3,
Expand All @@ -750,7 +762,19 @@ func TestMusig2PartialSigVerifyTestVectors(t *testing.T) {
verifyPnonce1,
},
},
// Vector 11: Wrong signature (which is equal to the negation
// Vector 12: Both halves of aggregate nonce correspond to
// point at infinity.
{

partialSig: signExpected4,
pubnonceIndex: 0,
keyOrder: []int{0, 1},
nonces: [][66]byte{
verifyPnonce1,
verifyPnonce4,
},
},
// Vector 13: Wrong signature (which is equal to the negation
// of valid signature expected[0]).
{

Expand Down Expand Up @@ -1437,7 +1461,7 @@ func TestMusig2AggregateNoncesTestVectors(t *testing.T) {
getNegGBytes()...),
},
expectedNonce: append(append([]byte{},
expectedNonce[0:33]...), getGBytes()...),
expectedNonce[0:33]...), getInfinityBytes()...),
},
}
for i, testCase := range testCases {
Expand Down Expand Up @@ -1766,6 +1790,14 @@ func aggNonceToPubkey(combinedNonce [66]byte, combinedKey *AggregateKey,

}

func mustNonceAgg(nonces [][66]byte) [66]byte {
aggNonce, err := AggregateNonces(nonces)
if err != nil {
panic("can't aggregate nonces")
}
return aggNonce
}

func memsetLoop(a []byte, v uint8) {
for i := range a {
a[i] = byte(v)
Expand Down Expand Up @@ -1799,6 +1831,10 @@ func getNegGBytes() []byte {
return pk
}

func getInfinityBytes() []byte {
return make([]byte, 33)
}

func mustParseHex32(str string) [32]byte {
b, err := hex.DecodeString(str)
if err != nil {
Expand Down

0 comments on commit cb1d4b5

Please sign in to comment.