Skip to content

Commit

Permalink
btcec/schnorr/musig2: add infinity testvectors
Browse files Browse the repository at this point in the history
This commit adds the testvectors from
jonasnick/bips@20ba031
  • Loading branch information
sputn1ck committed Jul 29, 2022
1 parent 3e6452b commit d7acd5d
Showing 1 changed file with 45 additions and 9 deletions.
54 changes: 45 additions & 9 deletions btcec/schnorr/musig2/musig2_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,9 @@ var (
signExpected3 = mustParseHex("0D5B651E6DE34A29A12DE7A8B4183B4AE6A7F7F" +
"BE15CDCAFA4A3D1BCAABC7517")

signExpected4 = mustParseHex("8D5E0407FB4756EEBCD86264C32D792EE36EEB6" +
"9E952BBB30B8E41BEBC4D22FA")

signSetKeys = [][]byte{signSetPubKey, signSetKey2, signSetKey3, invalidPk1}

aggregatedNonce = toPubNonceSlice(mustParseHex("028465FCF0BBDBCF443AA" +
Expand All @@ -318,6 +321,9 @@ var (
verifyPnonce3 = mustParsePubNonce("032DE2662628C90B03F5E720284EB52FF7" +
"D71F4284F627B68A853D78C78E1FFE9303E4C5524E83FFE1493B9077CF1C" +
"A6BEB2090C93D930321071AD40B2F44E599046")
verifyPnonce4 = mustParsePubNonce("0237C87821AFD50A8644D820A8F3E02E49" +
"9C931865C2360FB43D0A0D20DAFE07EA0387BF891D2A6DEAEBADC909352A" +
"A9405D1428C15F4B75F04DAE642A95C2548480")

tweak1 = KeyTweakDesc{
Tweak: [32]byte{
Expand Down Expand Up @@ -437,15 +443,21 @@ func TestMuSig2SigningTestVectors(t *testing.T) {
aggNonce: aggregatedNonce,
expectedPartialSig: signExpected3,
},
// Vector 4 Both halves of aggregate nonce correspond to point at infinity
{
keyOrder: []int{0, 1},
aggNonce: mustNonceAgg([][66]byte{verifyPnonce1, verifyPnonce4}),
expectedPartialSig: signExpected4,
},

// Vector 4: Signer 2 provided an invalid public key
// Vector 5: Signer 2 provided an invalid public key
{
keyOrder: []int{1, 0, 3},
aggNonce: aggregatedNonce,
expectedError: secp256k1.ErrPubKeyNotOnCurve,
},

// Vector 5: Aggregate nonce is invalid due wrong tag, 0x04,
// Vector 6: Aggregate nonce is invalid due wrong tag, 0x04,
// in the first half.
{

Expand All @@ -458,7 +470,7 @@ func TestMuSig2SigningTestVectors(t *testing.T) {
expectedError: secp256k1.ErrPubKeyInvalidFormat,
},

// Vector 6: Aggregate nonce is invalid because the second half
// Vector 7: Aggregate nonce is invalid because the second half
// does not correspond to an X coordinate.
{

Expand All @@ -471,7 +483,7 @@ func TestMuSig2SigningTestVectors(t *testing.T) {
expectedError: secp256k1.ErrPubKeyNotOnCurve,
},

// Vector 7: Aggregate nonce is invalid because the second half
// Vector 8: Aggregate nonce is invalid because the second half
// exceeds field size.
{

Expand Down Expand Up @@ -705,7 +717,7 @@ func TestMusig2PartialSigVerifyTestVectors(t *testing.T) {
genTweakParity(tweak4, false),
},
},
// Vector 8.
// Vector 9.
{

partialSig: signExpected1,
Expand All @@ -717,7 +729,7 @@ func TestMusig2PartialSigVerifyTestVectors(t *testing.T) {
verifyPnonce3,
},
},
// Vector 9.
// Vector 10.
{

partialSig: signExpected2,
Expand All @@ -729,7 +741,7 @@ func TestMusig2PartialSigVerifyTestVectors(t *testing.T) {
verifyPnonce3,
},
},
// Vector 10.
// Vector 11.
{

partialSig: signExpected3,
Expand All @@ -741,7 +753,19 @@ func TestMusig2PartialSigVerifyTestVectors(t *testing.T) {
verifyPnonce1,
},
},
// Vector 11: Wrong signature (which is equal to the negation
// Vector 12: Both halves of aggregate nonce correspond to
// point at infinity.
{

partialSig: signExpected4,
pubnonceIndex: 0,
keyOrder: []int{0, 1},
nonces: [][66]byte{
verifyPnonce1,
verifyPnonce4,
},
},
// Vector 13: Wrong signature (which is equal to the negation
// of valid signature expected[0]).
{

Expand Down Expand Up @@ -1420,7 +1444,7 @@ func TestMusig2AggregateNoncesTestVectors(t *testing.T) {
getNegGBytes()...),
},
expectedNonce: append(append([]byte{},
expectedNonce[0:33]...), getGBytes()...),
expectedNonce[0:33]...), getInfinityBytes()...),
},
}
for i, testCase := range testCases {
Expand Down Expand Up @@ -1743,6 +1767,14 @@ func aggNonceToPubkey(combinedNonce [66]byte, combinedKey *AggregateKey,

}

func mustNonceAgg(nonces [][66]byte) [66]byte {
aggNonce, err := AggregateNonces(nonces)
if err != nil {
panic("can't aggregate nonces")
}
return aggNonce
}

func memsetLoop(a []byte, v uint8) {
for i := range a {
a[i] = byte(v)
Expand Down Expand Up @@ -1776,6 +1808,10 @@ func getNegGBytes() []byte {
return pk
}

func getInfinityBytes() []byte {
return make([]byte, 33)
}

func mustParseHex32(str string) [32]byte {
b, err := hex.DecodeString(str)
if err != nil {
Expand Down

0 comments on commit d7acd5d

Please sign in to comment.