diff --git a/src/modules/frost/tests_impl.h b/src/modules/frost/tests_impl.h index 0b03d956be..13f26f43d7 100644 --- a/src/modules/frost/tests_impl.h +++ b/src/modules/frost/tests_impl.h @@ -3096,6 +3096,11 @@ void test_secp256k1_frost_ietf_test_vector(void) { int result, i; secp256k1_scalar secret; shamir_coefficients *coefficients; + unsigned char binding_seed[32] = {0}; + unsigned char hiding_seed[32] = {0}; + secp256k1_frost_signature_share signature_share[3]; + secp256k1_frost_nonce *nonces[3]; + secp256k1_frost_nonce_commitment signing_commitments[3]; /* Step 1. initialization */ sign_ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); @@ -3131,59 +3136,23 @@ void test_secp256k1_frost_ietf_test_vector(void) { CHECK(result == 0); } - secp256k1_frost_vss_commitments_destroy(vss_commitments); - secp256k1_context_destroy(sign_ctx); -/* + /* TODO: implement vss_verify */ - byte_t participant_private_keys[3 * ecc_frost_ristretto255_sha512_POINTSIZE]; - byte_t group_public_key[ecc_frost_ristretto255_sha512_PUBLICKEYSIZE]; - byte_t vss_commitment[2 * ecc_frost_ristretto255_sha512_ELEMENTSIZE]; - byte_t polynomial_coefficients[2 * ecc_frost_ristretto255_sha512_SCALARSIZE]; - ecc_frost_ristretto255_sha512_trusted_dealer_keygen_with_coefficients( - participant_private_keys, - group_public_key, - vss_commitment, - polynomial_coefficients, - _group_secret_key, - _MAX_PARTICIPANTS, _MIN_PARTICIPANTS, - _share_polynomial_coefficients - ); + /* Round one: commitment; participants: (1, 3) */ - char value_hex[65]; - - ecc_bin2hex(value_hex, group_public_key, 32); - assert_string_equal(value_hex, ecc_json_string(json, "inputs.group_public_key")); - ecc_bin2hex(value_hex, &participant_private_keys[0 * 64 + 32], 32); - assert_string_equal(value_hex, ecc_json_string(json, "inputs.participants.1.participant_share")); - ecc_bin2hex(value_hex, &participant_private_keys[1 * 64 + 32], 32); - assert_string_equal(value_hex, ecc_json_string(json, "inputs.participants.2.participant_share")); - ecc_bin2hex(value_hex, &participant_private_keys[2 * 64 + 32], 32); - assert_string_equal(value_hex, ecc_json_string(json, "inputs.participants.3.participant_share")); + /* Step 2: prepare signature commitments */ + for (i = 0; i < IETF_FROST_MAX_PARTICIPANTS; i++) { + nonces[i] = secp256k1_frost_nonce_create(sign_ctx, &keypairs[i], + binding_seed, hiding_seed); + memcpy(&signing_commitments[i], &(nonces[i]->commitments), sizeof(secp256k1_frost_nonce_commitment)); + } - // validation - byte_t recovered_key[ecc_frost_ristretto255_sha512_SECRETKEYSIZE]; - ecc_frost_ristretto255_sha512_secret_share_combine( - recovered_key, - participant_private_keys, MAX_PARTICIPANTS - ); - assert_memory_equal(group_secret_key, recovered_key, ecc_frost_ristretto255_sha512_SECRETKEYSIZE); - byte_t PK[ecc_frost_ristretto255_sha512_PUBLICKEYSIZE]; - byte_t participant_public_keys[3 * ecc_frost_ristretto255_sha512_PUBLICKEYSIZE]; - ecc_frost_ristretto255_sha512_derive_group_info( - PK, - participant_public_keys, - MAX_PARTICIPANTS, - MIN_PARTICIPANTS, - vss_commitment - ); - assert_memory_equal(group_public_key, PK, ecc_frost_ristretto255_sha512_PUBLICKEYSIZE); - assert_int_equal(ecc_frost_ristretto255_sha512_vss_verify(&participant_private_keys[0 * ecc_frost_ristretto255_sha512_POINTSIZE], vss_commitment, MIN_PARTICIPANTS), 1); - assert_int_equal(ecc_frost_ristretto255_sha512_vss_verify(&participant_private_keys[1 * ecc_frost_ristretto255_sha512_POINTSIZE], vss_commitment, MIN_PARTICIPANTS), 1); - assert_int_equal(ecc_frost_ristretto255_sha512_vss_verify(&participant_private_keys[2 * ecc_frost_ristretto255_sha512_POINTSIZE], vss_commitment, MIN_PARTICIPANTS), 1); + /* Cleanup */ + secp256k1_frost_vss_commitments_destroy(vss_commitments); + secp256k1_context_destroy(sign_ctx); - // Round one: commitment - // (1,3) +/* byte_t hiding_nonce_randomness_1[ecc_frost_ristretto255_sha512_SCALARSIZE]; byte_t binding_nonce_randomness_1[ecc_frost_ristretto255_sha512_SCALARSIZE]; ecc_hex2bin(hiding_nonce_randomness_1, ecc_json_string(json, "round_one_outputs.participants.1.hiding_nonce_randomness"), 64); diff --git a/tools/tests_frost_ietf_generate.py b/tools/tests_frost_ietf_generate.py index 50364d4c39..da5c851807 100755 --- a/tools/tests_frost_ietf_generate.py +++ b/tools/tests_frost_ietf_generate.py @@ -64,3 +64,26 @@ def to_c_array(x): print(f"{to_c_array(i)},") print("};\n") +print("\n") +print("/* Section: round_one.signer_outputs */") + +signer_outputs = doc['round_one']['signer_outputs'] +len_hnr = int(len(signer_outputs['participant_1']['hiding_nonce_randomness'])/2) +len_hn = int(len(signer_outputs['participant_1']['hiding_nonce'])/2) +len_bnr = int(len(signer_outputs['participant_1']['binding_nonce_randomness'])/2) +len_bn = int(len(signer_outputs['participant_1']['binding_nonce'])/2) +len_hnc = int(len(signer_outputs['participant_1']['hiding_nonce_commitment'])/2) +len_bnc = int(len(signer_outputs['participant_1']['binding_nonce_commitment'])/2) +len_bfi = int(len(signer_outputs['participant_1']['binding_factor_input'])/2) +len_bf = int(len(signer_outputs['participant_1']['binding_factor'])/2) + +print(f"#define IETF_FROST_HIDING_NONCE_RANDOMNESS_SIZE {str(len_hnr)}") +print(f"#define IETF_FROST_HIDING_NONCE_SIZE {str(len_hn)}") +print(f"#define IETF_FROST_BINDING_NONCE_RANDOMNESS_SIZE {str(len_bnr)}") +print(f"#define IETF_FROST_BINDING_NONCE_SIZE {str(len_bn)}") +print(f"#define IETF_FROST_HIDING_NONCE_COMMITMENT_SIZE {str(len_hnc)}") +print(f"#define IETF_FROST_BINDING_NONCE_COMMITMENT_SIZE {str(len_bnc)}") +print(f"#define IETF_FROST_BINDING_FACTOR_INPUT_SIZE {str(len_bfi)}") +print(f"#define IETF_FROST_BINDING_FACTOR_SIZE {str(len_bf)}") + +