Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
ecdsa_tests_data.hpp
Go to the documentation of this file.
1#include <array>
2#include <cstdint>
3#include <stdexcept>
4#include <string>
5#include <vector>
6
7#include "barretenberg/ecc/curves/secp256k1/secp256k1.hpp"
8#include "barretenberg/ecc/curves/secp256r1/secp256r1.hpp"
9
10namespace bb::stdlib {
11
12using namespace bb;
13using namespace bb::curve;
14
15template <class Curve> struct WycherproofTest {
16 using Fr = Curve::ScalarField;
17 using Fq = Curve::BaseField;
18
19 // Public Key
20 Fq x;
21 Fq y;
22
23 // Data
24 std::vector<uint8_t> message;
25 Fr r;
26 Fr s;
27 bool is_valid_signature;
28 bool is_circuit_satisfied;
29 std::string comment;
30 std::string failure_msg;
31};
32
33using WycherproofSecp256k1 = WycherproofTest<bb::curve::SECP256K1>;
34using WycherproofSecp256r1 = WycherproofTest<bb::curve::SECP256R1>;
35
40const std::vector<WycherproofSecp256k1> secp256k1_tests{
41 // Arithmetic error tests
42 WycherproofSecp256k1{
43 .x = WycherproofSecp256k1::Fq("0x02ef4d6d6cfd5a94f1d7784226e3e2a6c0a436c55839619f38fb4472b5f9ee77"),
44 .y = WycherproofSecp256k1::Fq("0x7eb4acd4eebda5cd72875ffd2a2f26229c2dc6b46500919a432c86739f3ae866"),
45 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
46 .r = WycherproofSecp256k1::Fr("0x0000000000000000000000000000000000000000000000000000000000000101"),
47 .s = WycherproofSecp256k1::Fr("0xc58b162c58b162c58b162c58b162c58a1b242973853e16db75c8a1a71da4d39d"),
48 .is_valid_signature = false,
49 .is_circuit_satisfied = true,
50 .comment = "Arithmetic error, s is larger than (n+1)/2",
51 },
52 WycherproofSecp256k1{
53 .x = WycherproofSecp256k1::Fq("0xd6ef20be66c893f741a9bf90d9b74675d1c2a31296397acb3ef174fd0b300c65"),
54 .y = WycherproofSecp256k1::Fq("0x4a0c95478ca00399162d7f0f2dc89efdc2b28a30fbabe285857295a4b0c4e265"),
55 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
56 .r = WycherproofSecp256k1::Fr("0x00000000000000000000000000000000000000062522bbd3ecbe7c39e93e7c26"),
57 .s = WycherproofSecp256k1::Fr("0x783266e90f43dafe5cd9b3b0be86de22f9de83677d0f50713a468ec72fcf5d57"),
58 .is_valid_signature = true,
59 .is_circuit_satisfied = true,
60 .comment = "Arithmetic error, r component is small",
61 },
62 // Point duplication tests
63 WycherproofSecp256k1{
64 .x = WycherproofSecp256k1::Fq("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
65 .y = WycherproofSecp256k1::Fq("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"),
66 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
67 .r = WycherproofSecp256k1::Fr("0xbb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023"),
68 .s = WycherproofSecp256k1::Fr("0x2492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952"),
69 .is_valid_signature = false,
70 .is_circuit_satisfied = true,
71 .comment = "Point duplication, public key shares x-coordinates with generator",
72 },
73 // Edge case public key tests
74 WycherproofSecp256k1{
75 .x = WycherproofSecp256k1::Fq("0x6e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff"),
76 .y = WycherproofSecp256k1::Fq("0x00000001060492d5a5673e0f25d8d50fb7e58c49d86d46d4216955e0aa3d40e1"),
77 .message = { 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65 },
78 .r = WycherproofSecp256k1::Fr("0x6d6a4f556ccce154e7fb9f19e76c3deca13d59cc2aeb4ecad968aab2ded45965"),
79 .s = WycherproofSecp256k1::Fr("0x53b9fa74803ede0fc4441bf683d56c564d3e274e09ccf47390badd1471c05fb7"),
80 .is_valid_signature = true,
81 .is_circuit_satisfied = true,
82 .comment = "Edge case public key, y coordinate is small",
83 },
84 // Modular inverse edge case
85 WycherproofSecp256k1{
86 .x = WycherproofSecp256k1::Fq("0x9171fec3ca20806bc084f12f0760911b60990bd80e5b2a71ca03a048b20f837e"),
87 .y = WycherproofSecp256k1::Fq("0x634fd17863761b2958d2be4e149f8d3d7abbdc18be03f451ab6c17fa0a1f8330"),
88 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
89 .r = WycherproofSecp256k1::Fr("0x55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c1"),
90 .s = WycherproofSecp256k1::Fr("0x2736d76e412246e097148e2bf62915614eb7c428913a58eb5e9cd4674a9423de"),
91 .is_valid_signature = true,
92 .is_circuit_satisfied = true,
93 .comment = "Modular inverse edge case",
94 },
95};
96
101const std::vector<WycherproofSecp256r1> secp256r1_tests{
102 // Arithmetic error test
103 WycherproofSecp256r1{
104 .x = WycherproofSecp256r1::Fq("0x8d3c2c2c3b765ba8289e6ac3812572a25bf75df62d87ab7330c3bdbad9ebfa5c"),
105 .y = WycherproofSecp256r1::Fq("0x4c6845442d66935b238578d43aec54f7caa1621d1af241d4632e0b780c423f5d"),
106 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
107 .r = WycherproofSecp256r1::Fr("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
108 .s = WycherproofSecp256r1::Fr("0x16a4502e2781e11ac82cbc9d1edd8c981584d13e18411e2f6e0478c34416e3bb"),
109 .is_valid_signature = true,
110 .is_circuit_satisfied = true,
111 .comment = "Arithmetic error",
112 },
113 // Point duplication test
114 WycherproofSecp256r1{
115 .x = WycherproofSecp256r1::Fq("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
116 .y = WycherproofSecp256r1::Fq("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"),
117 .message = { 0x31, 0x32, 0x33, 0x34, 0x30, 0x30 },
118 .r = WycherproofSecp256r1::Fr("0xbb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023"),
119 .s = WycherproofSecp256r1::Fr("0x249249246db6db6ddb6db6db6db6db6dad4591868595a8ee6bf5f864ff7be0c2"),
120 .is_valid_signature = false,
121 .is_circuit_satisfied =
122 false, // When the public key is equal to ±G, the circuit fails because of the generation of lookup tables
123 .comment = "Point duplication, public key shares x-coordinates with generator",
124 },
125 // Edge case public key test
126 WycherproofSecp256r1{
127 .x = WycherproofSecp256r1::Fq("0x4f337ccfd67726a805e4f1600ae2849df3807eca117380239fbd816900000000"),
128 .y = WycherproofSecp256r1::Fq("0xed9dea124cc8c396416411e988c30f427eb504af43a3146cd5df7ea60666d685"),
129 .message = { 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65 },
130 .r = WycherproofSecp256r1::Fr("0x0fe774355c04d060f76d79fd7a772e421463489221bf0a33add0be9b1979110b"),
131 .s = WycherproofSecp256r1::Fr("0x500dcba1c69a8fbd43fa4f57f743ce124ca8b91a1f325f3fac6181175df55737"),
132 .is_valid_signature = true,
133 .is_circuit_satisfied = true,
134 .comment = "Edge case public key, x-coordinate has many trailing zeros",
135 },
136 // Edge case public key test
137 WycherproofSecp256r1{
138 .x = WycherproofSecp256r1::Fq("0x2927b10512bae3eddcfe467828128bad2903269919f7086069c8c4df6c732838"),
139 .y = WycherproofSecp256r1::Fq("0xc7787964eaac00e5921fb1498a60f4606766b3d9685001558d1a974e7341513e"),
140 .message = { 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65 },
141 .r = WycherproofSecp256r1::Fr("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
142 .s = WycherproofSecp256r1::Fr("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550"),
143 .is_valid_signature = false,
144 .is_circuit_satisfied = true,
145 .comment = "Signature with special case values r=n and s=n - 1",
146 },
147};
148} // namespace bb::stdlib
bb::stdlib::secp256k1_tests
const std::vector< WycherproofSecp256k1 > secp256k1_tests
Test for Secp256k1 ECDSA signatures taken from the Wycherproof project.
Definition ecdsa_tests_data.hpp:40
bb::stdlib::secp256r1_tests
const std::vector< WycherproofSecp256r1 > secp256r1_tests
Test for Secp256r1 ECDSA signatures taken from the Wycherproof project.
Definition ecdsa_tests_data.hpp:101
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::stdlib::WycherproofTest::message
std::vector< uint8_t > message
Definition ecdsa_tests_data.hpp:24