NextGraph
/
threshold_crypto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mocktography (#49)

Browse Source 
Added mocktography (feature `use-insecure-test-only-mock-crypto) and factored out CI execution script.
master
Marc Brinkmann 7 years ago committed by GitHub
parent 90f63e34e9
commit d133bb6d79
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 1177 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      .travis.yml
  2. 4
      README.md
  3. 16
      ci.sh
  4. 25
      src/lib.rs
  5. 322
      src/mock/mod.rs
  6. 815
      src/mock/ms8.rs
  7. 2
      src/serde_impl.rs

13
.travis.yml
Unescape View File

@ -11,15 +11,4 @@ addons:
before_install:
- rustup component add --toolchain=${TRAVIS_RUST_VERSION} rustfmt-preview clippy-preview
- cargo deadlinks --version || cargo install cargo-deadlinks
env:
global:
- RUST_BACKTRACE=1
# Enables additional cpu-specific optimizations.
- RUSTFLAGS="-D warnings -C target-cpu=native"
script:
- cargo clippy --tests --examples --benches -- --deny clippy
- cargo fmt -- --check
- cargo test --release
- cargo test --all-features --release
- cargo doc
- cargo deadlinks --dir target/doc/threshold_crypto/
script: ./ci.sh

4
README.md
Unescape View File

@ -106,6 +106,10 @@ $ RUSTFLAGS="-C target_cpu=native" cargo bench
We use the [`criterion`](https://crates.io/crates/criterion) benchmarking library.
### Mock cryptography
To speed up automatic tests of crates depending on `threshold_crypto`, the `use-insecure-test-only-mock-crypto` feature is available. **Activating this feature will effectively disable encryption and should only be used during tests!**. Essentially, the underlying elliptic curves will be replaced by small finite fields, yielding a 10-200X speed-up in execution. The resulting ciphers can be trivially broken in a number of ways and should never be used in production.
## License
Licensed under either of:

16
ci.sh
Unescape View File

@ -0,0 +1,16 @@
#!/bin/sh
set -xe
export RUST_BACKTRACE=1
# Enables additional cpu-specific optimizations.
export RUSTFLAGS="-D warnings -C target-cpu=native"
cargo clippy --tests --examples --benches -- --deny clippy
cargo clippy --all-features --tests --examples --benches -- --deny clippy
cargo fmt -- --check
cargo test --release
cargo test --all-features --release
cargo doc
cargo deadlinks --dir target/doc/threshold_crypto/

25
src/lib.rs
Unescape View File

@ -1,6 +1,15 @@
// Clippy warns that it's dangerous to derive `PartialEq` and explicitly implement `Hash`, but the
// `pairing::bls12_381` types don't implement `Hash`, so we can't derive it.
#![cfg_attr(feature = "cargo-clippy", allow(derive_hash_xor_eq))]
// When using the mocktography, the resulting field elements become wrapped `u32`s, suddenly
// triggering pass-by-reference warnings. They are conditionally disabled for this reason:
#![cfg_attr(
all(
feature = "cargo-clippy",
feature = "use-insecure-test-only-mock-crypto"
),
allow(trivially_copy_pass_by_ref)
)]
#[cfg(test)]
extern crate bincode;
@ -46,15 +55,17 @@ use into_fr::IntoFr;
use poly::{Commitment, Poly};
use secret::{clear_fr, ContainsSecret, MemRange, FR_SIZE};
// #[cfg(not(feature = "use-insecure-test-only-mock-crypto"))]
#[cfg(not(feature = "use-insecure-test-only-mock-crypto"))]
pub use pairing::bls12_381::{Bls12 as PEngine, Fr, G1Affine, G2Affine, G1, G2};
// TODO: Add mock cryptography for tests.
// #[cfg(feature = "use-insecure-test-only-mock-crypto")]
// pub use pairing::mock::{
// Mersenne8 as Fr, Mocktography as PEngine, Ms8Affine as G1Affine, Ms8Affine as G2Affine,
// Ms8Projective as G1, Ms8Projective as G2,
// };
#[cfg(feature = "use-insecure-test-only-mock-crypto")]
mod mock;
#[cfg(feature = "use-insecure-test-only-mock-crypto")]
pub use mock::{
Mersenne8 as Fr, Mocktography as PEngine, Ms8Affine as G1Affine, Ms8Affine as G2Affine,
Ms8Projective as G1, Ms8Projective as G2,
};
/// Wrapper for a byte array, whose `Debug` implementation outputs shortened hexadecimal strings.
pub struct HexBytes<'a>(pub &'a [u8]);

322
src/mock/mod.rs
Unescape View File

@ -0,0 +1,322 @@
//! Mock cryptography implementation of a `pairing` engine.
//!
//! Affectionately known as *mocktography*, the `mock` module implements a valid `pairing::Engine`
//! on top of simpler cryptographic primitives; instead of elliptic curves, a simple finite field of
//! Mersenne prime order is used. The resulting engine is trivially breakable (the key space is
//! smaller than 2^31), but should not produce accidental collisions at an unacceptable rate.
//!
//! As a result, all "cryptographic" operations can be carried out much faster. This module is
//! intended to be used during unit-tests of applications that build on top of `threshold_crypto`;
//! enabling this in production code of any application will immediately break its cryptographic
//! security.
pub mod ms8;
use std::{fmt, mem, slice};
use pairing::{EncodedPoint, Field, GroupDecodingError, PrimeField};
use rand;
use super::{CurveAffine, CurveProjective, Engine};
pub use self::ms8::Mersenne8;
/// A `pairing` Engine based on `Mersenne8` prime fields.
#[derive(Clone, Debug)]
pub struct Mocktography;
/// Affine type for `Mersenne8`.
#[derive(Copy, Clone, Debug, Default, Eq, Ord, PartialEq, PartialOrd)]
pub struct Ms8Affine(Mersenne8);
/// Projective type for `Mersenne8`.
#[derive(Copy, Clone, Debug, Default, Eq, Ord, PartialEq, PartialOrd)]
pub struct Ms8Projective(Mersenne8);
impl fmt::Display for Ms8Affine {
#[inline]
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
fmt::Display::fmt(&self.0, f)
}
}
impl fmt::Display for Ms8Projective {
#[inline]
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
fmt::Display::fmt(&self.0, f)
}
}
impl rand::Rand for Ms8Affine {
#[inline]
fn rand<R: rand::Rng>(rng: &mut R) -> Self {
Ms8Affine(rng.gen())
}
}
impl rand::Rand for Ms8Projective {
#[inline]
fn rand<R: rand::Rng>(rng: &mut R) -> Self {
Ms8Projective(rng.gen())
}
}
impl From<Ms8Projective> for Ms8Affine {
fn from(Ms8Projective(x): Ms8Projective) -> Ms8Affine {
Ms8Affine(x)
}
}
impl From<Ms8Affine> for Ms8Projective {
fn from(Ms8Affine(x): Ms8Affine) -> Ms8Projective {
Ms8Projective(x)
}
}
impl Engine for Mocktography {
type G1 = Ms8Projective;
type G1Affine = Ms8Affine;
type G2 = Ms8Projective;
type G2Affine = Ms8Affine;
type Fq = Mersenne8;
type Fqe = Mersenne8;
type Fqk = Mersenne8;
// In newer versions of pairing, this must be moved to `ScalarEngine`:
type Fr = Mersenne8;
fn miller_loop<'a, I>(_i: I) -> Self::Fqk
where
I: IntoIterator<
Item = &'a (
&'a <Self::G1Affine as CurveAffine>::Prepared,
&'a <Self::G2Affine as CurveAffine>::Prepared,
),
>,
{
// Unused?
unimplemented!()
}
fn final_exponentiation(_: &Self::Fqk) -> Option<Self::Fqk> {
// Unused?
unimplemented!()
}
fn pairing<G1, G2>(p: G1, q: G2) -> Self::Fqk
where
G1: Into<Self::G1Affine>,
G2: Into<Self::G2Affine>,
{
p.into().0 * q.into().0
}
}
impl AsRef<[u64]> for Mersenne8 {
#[inline]
fn as_ref(&self) -> &[u64] {
panic!("Not supported: AsRef<[u64]>")
}
}
impl AsRef<[u8]> for Mersenne8 {
#[inline]
fn as_ref(&self) -> &[u8] {
unsafe { slice::from_raw_parts(&self.0 as *const u32 as *const u8, 4) }
}
}
impl AsMut<[u64]> for Mersenne8 {
#[inline]
fn as_mut(&mut self) -> &mut [u64] {
panic!("Not supported: AsMut<[u64]>")
}
}
impl AsMut<[u8]> for Mersenne8 {
#[inline]
fn as_mut(&mut self) -> &mut [u8] {
unsafe { slice::from_raw_parts_mut(&mut self.0 as *mut u32 as *mut u8, 4) }
}
}
impl AsRef<[u8]> for Ms8Affine {
#[inline]
fn as_ref(&self) -> &[u8] {
self.0.as_ref()
}
}
impl AsMut<[u8]> for Ms8Affine {
#[inline]
fn as_mut(&mut self) -> &mut [u8] {
self.0.as_mut()
}
}
impl CurveAffine for Ms8Affine {
type Engine = Mocktography;
type Scalar = Mersenne8;
type Base = Mersenne8;
type Projective = Ms8Projective;
type Prepared = Ms8Affine;
type Uncompressed = Ms8Affine;
type Compressed = Ms8Affine;
type Pair = Ms8Affine;
type PairingResult = Mersenne8;
fn zero() -> Self {
Ms8Affine(Mersenne8::zero())
}
fn one() -> Self {
Ms8Affine(Mersenne8::one())
}
fn is_zero(&self) -> bool {
self.0.is_zero()
}
fn negate(&mut self) {
self.0.negate();
}
fn mul<S: Into<<Self::Scalar as PrimeField>::Repr>>(&self, other: S) -> Self::Projective {
// FIXME: Is this correct?
let s = other.into();
Ms8Projective(self.0 * s)
}
fn prepare(&self) -> Self::Prepared {
*self
}
fn pairing_with(&self, other: &Self::Pair) -> Self::PairingResult {
// This is the actual implementation of e: G_1 x G_2 -> G_T.
// We have chosen e(P, Q) = PQ.
self.0 * other.0
}
fn into_projective(&self) -> Self::Projective {
Ms8Projective(self.0)
}
}
impl CurveProjective for Ms8Projective {
type Engine = Mocktography;
type Scalar = Mersenne8;
type Base = Mersenne8;
type Affine = Ms8Affine;
fn zero() -> Self {
Ms8Projective(Mersenne8::zero())
}
fn one() -> Self {
Ms8Projective(Mersenne8::one())
}
fn is_zero(&self) -> bool {
self.0.is_zero()
}
fn batch_normalization(_v: &mut [Self]) {
// We just assume all values as already normalized. See `is_normalized()`.
}
fn is_normalized(&self) -> bool {
true
}
fn double(&mut self) {
self.0.double()
}
fn add_assign(&mut self, other: &Self) {
self.0.add_assign(&other.0);
}
fn add_assign_mixed(&mut self, other: &Self::Affine) {
self.0.add_assign(&other.0);
}
fn negate(&mut self) {
self.0.negate();
}
fn mul_assign<S: Into<<Self::Scalar as PrimeField>::Repr>>(&mut self, other: S) {
self.0 *= other.into();
}
fn into_affine(&self) -> Self::Affine {
Ms8Affine(self.0)
}
fn recommended_wnaf_for_scalar(_scalar: <Self::Scalar as PrimeField>::Repr) -> usize {
2
}
fn recommended_wnaf_for_num_scalars(_num_scalars: usize) -> usize {
2
}
}
impl EncodedPoint for Ms8Affine {
type Affine = Ms8Affine;
fn empty() -> Self {
// FIXME: Ensure we are not violating any assumptions here.
Self::default()
}
fn size() -> usize {
mem::size_of::<Self>()
}
fn into_affine(&self) -> Result<Self::Affine, GroupDecodingError> {
Ok(*self)
}
fn into_affine_unchecked(&self) -> Result<Self::Affine, GroupDecodingError> {
Ok(*self)
}
fn from_affine(affine: Self::Affine) -> Self {
affine
}
}
#[cfg(test)]
mod test {
// There are copy & pasted results of calculations from external programs in these tests.
#![cfg_attr(feature = "cargo-clippy", allow(unreadable_literal))]
use super::{Mersenne8, Mocktography, Ms8Affine};
use Engine;
#[test]
fn example_pairings() {
let pqs: Vec<(u32, u32, u32)> = vec![
(0, 0, 0),
(123, 0, 0),
(1, 1, 1),
(123, 1, 123),
(4, 5, 20),
(123456789, 987654321, 2137109934),
(456789123, 456789123, 1405297315),
];
for (p, q, res) in pqs {
let p = Ms8Affine(p.into());
let q = Ms8Affine(q.into());
println!("P, Q: {}, {}", p, q);
println!("Checking e({}, {}) = {}", p, q, res);
assert_eq!(Mocktography::pairing(p, q), Mersenne8::new(res));
// Our pairing is bilinear.
println!("Checking e({}, {}) = {}", q, p, res);
assert_eq!(Mocktography::pairing(q, p), Mersenne8::new(res));
}
}
}

815
src/mock/ms8.rs
Unescape View File

@ -0,0 +1,815 @@
//! Eigth Mersenne prime field
//!
//! The eighth [Mersenne Prime](https://en.wikipedia.org/wiki/Mersenne_prime) (`MS8 := 2^31-1) can
//! be used to construct a finite field supporting addition and multiplication. This module provides
//! a wrapper type around `u32` to implement this functionality.
//!
//! The resulting type also implements the `Field`, `PrimeField` and `SqrtField` traits. For
//! convenience, `PrimeFieldRepr` is also implemented.
use std::io::{self, Read, Write};
use std::{fmt, mem, ops};
use byteorder::{BigEndian, ByteOrder};
use pairing::{
Field, LegendreSymbol, PrimeField, PrimeFieldDecodingError, PrimeFieldRepr, SqrtField,
};
use rand;
/// Modular exponentiation
///
/// Warning: Only tested using bases and exponents `< MS8`.
#[inline]
fn modular_pow(base: u32, mut exp: u32, modulus: u32) -> u32 {
// Source: https://en.wikipedia.org/wiki/Modular_exponentiation#Right-to-left_binary_method
if modulus == 1 {
return 0;
}
// Need to use 64 bits to ensure the assert from Schneier's algorithm:
// (modulus - 1) * (modulus - 1) does not overflow base
let mut result: u64 = 1;
let md: u64 = u64::from(modulus);
let mut base = u64::from(base) % md;
while exp > 0 {
if exp % 2 == 1 {
result = (result * base) % md;
}
exp >>= 1;
base = (base * base) % md;
}
result as u32
}
/// Eigth Mersenne prime, aka `i32::MAX`.
pub const MS8: u32 = 0x7fff_ffff;
/// Eighth Mersenne prime field element
///
/// Finite field of order `2^31-1`.
#[derive(Copy, Clone, Debug, Default, Eq, Ord, PartialEq, PartialOrd)]
pub struct Mersenne8(pub u32);
// We opt to implement the same variants the standard library implements as well:
//
// FooAssign: `lhs .= rhs, lhs .= &rhs`.
// Foo: `lhs . rhs, &lhs . rhs, &lhs . &rhs, lhs . &rhs`
macro_rules! generate_op_impls {
($t:ty, $op_name:ident, $op_name_assign:ident, $op_method:ident, $op_method_assign:ident) => {
// Supplied by caller: `lhs .= rhs`
// `lhs . rhs`
impl ops::$op_name for $t {
type Output = Self;
#[inline]
fn $op_method(mut self, rhs: $t) -> Self {
self.$op_method_assign(&rhs);
self
}
}
// lhs .= &rhs
impl<'a> ops::$op_name_assign<&'a $t> for $t {
#[inline]
fn $op_method_assign(&mut self, rhs: &'a $t) {
ops::$op_name_assign::$op_method_assign(self, *rhs)
}
}
// `&lhs . rhs`
impl<'a> ops::$op_name<$t> for &'a $t {
type Output = $t;
#[inline]
fn $op_method(self, other: $t) -> Self::Output {
let mut tmp = *self;
tmp.$op_method_assign(&other);
tmp
}
}
// `&lhs . &rhs`
impl<'a, 'b> ops::$op_name<&'b $t> for &'a $t {
type Output = $t;
#[inline]
fn $op_method(self, other: &'b $t) -> Self::Output {
let mut tmp = *self;
tmp.$op_method_assign(other);
tmp
}
}
// `lhs . &rhs`
impl<'a> ops::$op_name<&'a $t> for $t {
type Output = $t;
#[inline]
fn $op_method(mut self, other: &'a $t) -> Self::Output {
self.$op_method_assign(other);
self
}
}
};
}
impl ops::SubAssign<Mersenne8> for Mersenne8 {
#[inline]
fn sub_assign(&mut self, rhs: Mersenne8) {
// Since `self.0` is < 2^31-1, `self.0 + 2^31-1` is still smaller than `u32::MAX`.
self.0 = (self.0 + MS8 - rhs.0) % MS8;
}
}
generate_op_impls!(Mersenne8, Sub, SubAssign, sub, sub_assign);
impl ops::AddAssign<Mersenne8> for Mersenne8 {
#[inline]
fn add_assign(&mut self, rhs: Mersenne8) {
self.0 = (self.0 + rhs.0) % MS8;
}
}
generate_op_impls!(Mersenne8, Add, AddAssign, add, add_assign);
impl ops::MulAssign for Mersenne8 {
#[inline]
fn mul_assign(&mut self, rhs: Mersenne8) {
// Usually, Schrage's method would be a good way to implement the multiplication;
// however, since we will mostly be running the code on 64-bit machines and
// `(2^31-1)^2 < 2^64`, we can cheat and do this fairly fast in 64 bits.
self.0 = (u64::from(self.0) * u64::from(rhs.0) % u64::from(MS8)) as u32;
}
}
generate_op_impls!(Mersenne8, Mul, MulAssign, mul, mul_assign);
impl Mersenne8 {
#[inline]
pub fn new(v: u32) -> Mersenne8 {
Mersenne8(v % MS8)
}
#[inline]
pub fn pow(self, exp: u32) -> Mersenne8 {
Mersenne8(modular_pow(self.0, exp, MS8))
}
}
impl From<u32> for Mersenne8 {
#[inline]
fn from(v: u32) -> Mersenne8 {
Mersenne8::new(v)
}
}
impl From<u64> for Mersenne8 {
#[inline]
fn from(v: u64) -> Mersenne8 {
Mersenne8((v % u64::from(MS8)) as u32)
}
}
impl From<Mersenne8> for u32 {
fn from(v: Mersenne8) -> u32 {
v.0
}
}
impl PartialEq<u32> for Mersenne8 {
fn eq(&self, other: &u32) -> bool {
self.0 == *other
}
}
impl fmt::Display for Mersenne8 {
#[inline]
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
fmt::Display::fmt(&self.0, f)
}
}
impl rand::Rand for Mersenne8 {
#[inline]
fn rand<R: rand::Rng>(rng: &mut R) -> Self {
Mersenne8::from(<u32 as rand::Rand>::rand(rng))
}
}
impl Field for Mersenne8 {
#[inline]
fn zero() -> Self {
Mersenne8(0)
}
#[inline]
fn one() -> Self {
Mersenne8(1)
}
#[inline]
fn is_zero(&self) -> bool {
self.0 == 0
}
#[inline]
fn square(&mut self) {
self.0 = (*self * *self).0;
}
#[inline]
fn double(&mut self) {
// MS8 fits at least twice into a single u32.
self.0 = (self.0 * 2) % MS8;
}
#[inline]
fn negate(&mut self) {
self.0 = (Self::zero() - *self).0;
}
#[inline]
fn add_assign(&mut self, other: &Self) {
*self += other;
}
#[inline]
fn sub_assign(&mut self, other: &Self) {
*self -= other;
}
#[inline]
fn mul_assign(&mut self, other: &Self) {
*self *= other;
}
#[inline]
fn inverse(&self) -> Option<Self> {
let (d, _s, t) = ext_euclid(MS8, self.0);
// MS8 is prime, so the gcd should always be 1, unless the number itself is 0.
if d != 1 {
debug_assert_eq!(d, MS8);
return None;
}
Some(Mersenne8::new(
((t + i64::from(MS8)) % i64::from(MS8)) as u32,
))
}
#[inline]
fn frobenius_map(&mut self, _power: usize) {
// Does nothing, the frobenius endomorphism is the identity function in every finite field
// of prime order.
}
}
impl PrimeField for Mersenne8 {
type Repr = Self;
const NUM_BITS: u32 = 32;
const CAPACITY: u32 = 30;
// Not actually used.
const S: u32 = 0;
#[inline]
fn from_repr(v: Self::Repr) -> Result<Self, PrimeFieldDecodingError> {
Ok(v)
}
#[inline]
fn into_repr(&self) -> Self::Repr {
*self
}
#[inline]
fn char() -> Self::Repr {
// Awkward. We cannot return the characteristic itself, since it's not an element of field,
// but equal to its order. Instead, we panic.
//
// Note: The return type of this function should probably be `usize`.
panic!("Cannot return characteristic of Mersenne8 as an element of Mersenne8.");
}
#[inline]
fn multiplicative_generator() -> Self {
// Any element of a finite field of prime order is a generator, but 3 is the smallest one
// that is a quadratic non-residue.
Mersenne8::new(3)
}
#[inline]
fn root_of_unity() -> Self {
// Still unclear what's supposed to be implemented here, missing at least an `n`?.
unimplemented!()
}
}
impl SqrtField for Mersenne8 {
fn legendre(&self) -> LegendreSymbol {
// Uses Euler's criterion: `(a/p) === a^((p-1)/2).
let exp = (MS8 - 1) / 2;
match (*self).pow(exp).0 {
1 => LegendreSymbol::QuadraticResidue,
n if n == MS8 - 1 => LegendreSymbol::QuadraticNonResidue,
0 => LegendreSymbol::Zero,
_ => panic!("Euler's criteria did not return correct Legendre symbol"),
}
}
fn sqrt(&self) -> Option<Self> {
unimplemented!() // FIXME, could use Tonelli-Shanks algorithm
}
}
impl PrimeFieldRepr for Mersenne8 {
#[inline]
fn sub_noborrow(&mut self, other: &Self) {
*self -= other;
}
#[inline]
fn add_nocarry(&mut self, other: &Self) {
*self += other;
}
#[inline]
fn num_bits(&self) -> u32 {
8 * mem::size_of::<Self>() as u32
}
#[inline]
fn is_zero(&self) -> bool {
self.0 == 0
}
#[inline]
fn is_odd(&self) -> bool {
self.0 % 2 == 1
}
// #[inline]
fn is_even(&self) -> bool {
!self.is_odd()
}
#[inline]
fn div2(&mut self) {
self.shr(1);
}
#[inline]
fn shr(&mut self, amt: u32) {
self.0 >>= amt;
}
#[inline]
fn mul2(&mut self) {
*self *= Mersenne8::new(2);
}
#[inline]
fn shl(&mut self, amt: u32) {
// FIXME: is this correct?
self.0 <<= amt;
self.0 %= MS8;
}
fn write_be<W: Write>(&self, mut writer: W) -> io::Result<()> {
let mut buf = [0u8; 4];
BigEndian::write_u32(&mut buf, self.0);
writer.write_all(&buf)?;
Ok(())
}
fn read_be<R: Read>(&mut self, mut reader: R) -> io::Result<()> {
let mut buf = [0u8; 4];
reader.read_exact(&mut buf)?;
self.0 = BigEndian::read_u32(&buf);
Ok(())
}
}
/// Extended Euclidean algorithm
///
/// Returns the `gcd(a,b)`, as well as the
/// [Bézout coefficients](https://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity) `s` and `t` (with
/// `sa + tb = gcd(a,b)`).
///
/// The function will neither panic nor overflow; however passing in `0` as either `a` or `b`
/// will not give useful results for `s` and `t`.
///
/// Note: A non-recurring implementation will probably be faster, but the recursion is simpler
/// to write.
#[inline]
fn ext_euclid(a: u32, b: u32) -> (u32, i64, i64) {
// Bézout coefficients (`s` and `t`) are bound by `|s| <= |b/d|` and `|t| <= |a/d|`
// (`d` being `gdc(a,b)`). (See https://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity)
//
// FIXME: Find out of there are any larger than i32::MAX. For now, we are using an `i64` to
// avoid problems, at the expense of some runtime performance on 32 bit systems.
if b == 0 {
return (a, 1, 0);
}
let res = ext_euclid(b, a % b);
let s = res.2;
let t = res.1 - i64::from(a / b) * res.2;
(res.0, s, t)
}
#[cfg(test)]
mod tests {
// There are copy & pasted results of calculations from external programs in these tests.
#![cfg_attr(feature = "cargo-clippy", allow(unreadable_literal))]
#![cfg_attr(feature = "cargo-clippy", allow(op_ref))]
// We test a few mathematical identities, including `c - c = 0`. Clippy complains about these
// otherwise unusual expressions, so the lint is disabled.
#![cfg_attr(feature = "cargo-clippy", allow(eq_op))]
use super::{ext_euclid, modular_pow, Mersenne8};
use pairing::Field;
#[test]
fn ext_euclid_simple() {
assert_eq!(ext_euclid(56, 15), (1, -4, 15));
assert_eq!(ext_euclid(128, 44), (4, -1, 3));
assert_eq!(ext_euclid(44, 128), (4, 3, -1));
assert_eq!(ext_euclid(7, 0), (7, 1, 0));
assert_eq!(ext_euclid(0, 7), (7, 0, 1));
}
#[test]
fn modular_pow_simple() {
assert_eq!(modular_pow(2, 8, 1024), 256);
let mods: &[u64] = &[2, 7, 256, 32000, 4294967295];
for exp in 0..20u32 {
for base in 2..8u64 {
for &m in mods {
assert_eq!(
modular_pow(base as u32, exp, m as u32),
(base.pow(exp) % m) as u32
)
}
}
}
}
#[test]
fn construction() {
let a: Mersenne8 = 0u32.into();
let b: Mersenne8 = 1u32.into();
let c: Mersenne8 = 2147483649u32.into();
let d: Mersenne8 = 1099511627776u64.into();
assert_eq!(a, 0);
assert_eq!(b, 1);
assert_eq!(c, 2);
assert_eq!(d, 512);
assert_eq!(a, Mersenne8::new(0));
assert_eq!(b, Mersenne8::new(1));
assert_eq!(c, Mersenne8::new(2));
assert_eq!(d, Mersenne8::new(512));
}
#[test]
fn addition() {
let a = Mersenne8::new(0);
let b = Mersenne8::new(1);
let c = Mersenne8::new(127);
let d = Mersenne8::new(1073741824);
let e = Mersenne8::new(2147483646);
// lhs . rhs
assert_eq!(a + b, Mersenne8::new(1));
assert_eq!(c + c, Mersenne8::new(254));
assert_eq!(d + c, Mersenne8::new(1073741951));
assert_eq!(d + e, Mersenne8::new(3221225470));
assert_eq!(d + e, 1073741823);
assert_eq!(e + e, Mersenne8::new(4294967292));
// &lhs . rhs
assert_eq!(a + &b, Mersenne8::new(1));
assert_eq!(c + &c, Mersenne8::new(254));
assert_eq!(d + &c, Mersenne8::new(1073741951));
assert_eq!(d + &e, Mersenne8::new(3221225470));
assert_eq!(e + &e, Mersenne8::new(4294967292));
// lhs . &rhs
assert_eq!(&a + b, Mersenne8::new(1));
assert_eq!(&c + c, Mersenne8::new(254));
assert_eq!(&d + c, Mersenne8::new(1073741951));
assert_eq!(&d + e, Mersenne8::new(3221225470));
assert_eq!(&e + e, Mersenne8::new(4294967292));
// &lhs . &rhs
assert_eq!(&a + &b, Mersenne8::new(1));
assert_eq!(&c + &c, Mersenne8::new(254));
assert_eq!(&d + &c, Mersenne8::new(1073741951));
assert_eq!(&d + &e, Mersenne8::new(3221225470));
assert_eq!(&e + &e, Mersenne8::new(4294967292));
// lhs .= rhs
let mut x = Mersenne8::new(8);
assert_eq!(x, Mersenne8::new(8));
x += a;
assert_eq!(x, Mersenne8::new(8));
x += b;
assert_eq!(x, Mersenne8::new(9));
x += c;
assert_eq!(x, Mersenne8::new(136));
x += d;
assert_eq!(x, Mersenne8::new(1073741960));
x += e;
assert_eq!(x, Mersenne8::new(1073741959));
// lhs .= &rhs
let mut y = Mersenne8::new(8);
assert_eq!(y, Mersenne8::new(8));
y += &a;
assert_eq!(y, Mersenne8::new(8));
y += &b;
assert_eq!(y, Mersenne8::new(9));
y += &c;
assert_eq!(y, Mersenne8::new(136));
y += &d;
assert_eq!(y, Mersenne8::new(1073741960));
y += &e;
assert_eq!(y, Mersenne8::new(1073741959));
}
#[test]
fn subtraction() {
let a = Mersenne8::new(0);
let b = Mersenne8::new(1);
let c = Mersenne8::new(127);
let d = Mersenne8::new(1073741824);
let e = Mersenne8::new(2147483646);
// lhs . rhs
assert_eq!(a - b, Mersenne8::new(2147483646));
assert_eq!(c - c, Mersenne8::new(0));
assert_eq!(d - c, Mersenne8::new(1073741697));
assert_eq!(d - e, Mersenne8::new(1073741825));
// &lhs . rhs
assert_eq!(&a - b, Mersenne8::new(2147483646));
assert_eq!(&c - c, Mersenne8::new(0));
assert_eq!(&d - c, Mersenne8::new(1073741697));
assert_eq!(&d - e, Mersenne8::new(1073741825));
// lhs . &rhs
assert_eq!(a - &b, Mersenne8::new(2147483646));
assert_eq!(c - &c, Mersenne8::new(0));
assert_eq!(d - &c, Mersenne8::new(1073741697));
assert_eq!(d - &e, Mersenne8::new(1073741825));
// &lhs . &rhs
assert_eq!(&a - &b, Mersenne8::new(2147483646));
assert_eq!(&c - &c, Mersenne8::new(0));
assert_eq!(&d - &c, Mersenne8::new(1073741697));
assert_eq!(&d - &e, Mersenne8::new(1073741825));
// lhs .= rhs
let mut x = Mersenne8::new(17);
assert_eq!(x, Mersenne8::new(17));
x -= a;
assert_eq!(x, Mersenne8::new(17));
x -= b;
assert_eq!(x, Mersenne8::new(16));
x -= c;
assert_eq!(x, Mersenne8::new(2147483536));
x -= d;
assert_eq!(x, Mersenne8::new(1073741712));
x -= e;
assert_eq!(x, Mersenne8::new(1073741713));
// lhs .= &rhs
let mut y = Mersenne8::new(17);
assert_eq!(y, Mersenne8::new(17));
y -= &a;
assert_eq!(y, Mersenne8::new(17));
y -= &b;
assert_eq!(y, Mersenne8::new(16));
y -= &c;
assert_eq!(y, Mersenne8::new(2147483536));
y -= &d;
assert_eq!(y, Mersenne8::new(1073741712));
y -= &e;
assert_eq!(y, Mersenne8::new(1073741713));
}
#[test]
fn multiplication() {
let a = Mersenne8::new(0);
let b = Mersenne8::new(1);
let c = Mersenne8::new(127);
let d = Mersenne8::new(1073741824);
let e = Mersenne8::new(384792341);
// lhs . rhs
assert_eq!(a * a, Mersenne8::new(0));
assert_eq!(a * b, Mersenne8::new(0));
assert_eq!(b * b, Mersenne8::new(1));
assert_eq!(c * c, Mersenne8::new(16129));
assert_eq!(d * c, Mersenne8::new(1073741887));
assert_eq!(d * e, Mersenne8::new(1266137994));
// &lhs . rhs
assert_eq!(&a * a, Mersenne8::new(0));
assert_eq!(&a * b, Mersenne8::new(0));
assert_eq!(&b * b, Mersenne8::new(1));
assert_eq!(&c * c, Mersenne8::new(16129));
assert_eq!(&d * c, Mersenne8::new(1073741887));
assert_eq!(&d * e, Mersenne8::new(1266137994));
// lhs . &rhs
assert_eq!(a * &a, Mersenne8::new(0));
assert_eq!(a * &b, Mersenne8::new(0));
assert_eq!(b * &b, Mersenne8::new(1));
assert_eq!(c * &c, Mersenne8::new(16129));
assert_eq!(d * &c, Mersenne8::new(1073741887));
assert_eq!(d * &e, Mersenne8::new(1266137994));
// &lhs . &rhs
assert_eq!(&a * &a, Mersenne8::new(0));
assert_eq!(&a * &b, Mersenne8::new(0));
assert_eq!(&b * &b, Mersenne8::new(1));
assert_eq!(&c * &c, Mersenne8::new(16129));
assert_eq!(&d * &c, Mersenne8::new(1073741887));
assert_eq!(&d * &e, Mersenne8::new(1266137994));
// lhs .= rhs
let mut x = Mersenne8::new(17);
x *= b;
assert_eq!(x, Mersenne8::new(17));
x *= c;
assert_eq!(x, Mersenne8::new(2159));
x *= d;
assert_eq!(x, Mersenne8::new(1073742903));
x *= e;
assert_eq!(x, Mersenne8::new(1992730062));
// // lhs .= &rhs
let mut y = Mersenne8::new(17);
y *= &b;
assert_eq!(y, Mersenne8::new(17));
y *= &c;
assert_eq!(y, Mersenne8::new(2159));
y *= &d;
assert_eq!(y, Mersenne8::new(1073742903));
y *= &e;
assert_eq!(y, Mersenne8::new(1992730062));
}
#[test]
fn square() {
let a = Mersenne8::new(7);
let b = Mersenne8::new(1073729479);
let mut a_sq = a;
a_sq.square();
assert_eq!(a_sq, a * a);
assert_eq!(a_sq, 49);
let mut b_sq = b;
b_sq.square();
assert_eq!(b_sq, b * b);
assert_eq!(b_sq, 689257592);
}
#[test]
fn double() {
let mut a = Mersenne8::new(0);
let mut b = Mersenne8::new(1);
let mut c = Mersenne8::new(9);
let mut d = Mersenne8::new(2147483646);
a.double();
b.double();
c.double();
d.double();
assert_eq!(a, 0);
assert_eq!(b, 2);
assert_eq!(c, 18);
assert_eq!(d, 2147483645);
}
#[test]
fn negate() {
let mut a = Mersenne8::new(0);
let mut b = Mersenne8::new(1);
let mut c = Mersenne8::new(9);
let mut d = Mersenne8::new(17);
let mut e = Mersenne8::new(16441);
let mut f = Mersenne8::new(1073754169);
a.negate();
b.negate();
c.negate();
d.negate();
e.negate();
f.negate();
assert_eq!(a, 0);
assert_eq!(b, 2147483646);
assert_eq!(c, 2147483638);
assert_eq!(d, 2147483630);
assert_eq!(e, 2147467206);
assert_eq!(f, 1073729478);
}
#[test]
fn inverse() {
let a = Mersenne8::new(0);
let b = Mersenne8::new(1);
let c = Mersenne8::new(2);
let d = Mersenne8::new(1234);
let e = Mersenne8::new(1073741823);
let f = Mersenne8::new(46341);
let g = Mersenne8::new(2147483646);
let h = Mersenne8::new(923042);
assert_eq!(a.inverse(), None);
assert_eq!(b.inverse(), Some(Mersenne8::new(1)));
assert_eq!(c.inverse(), Some(Mersenne8::new(1073741824)));
assert_eq!(d.inverse(), Some(Mersenne8::new(158363867)));
assert_eq!(e.inverse(), Some(Mersenne8::new(2147483645)));
assert_eq!(f.inverse(), Some(Mersenne8::new(2147020238)));
assert_eq!(g.inverse(), Some(Mersenne8::new(2147483646)));
assert_eq!(h.inverse(), Some(Mersenne8::new(1271194309)));
assert_eq!(b.inverse().unwrap().inverse().unwrap(), b);
assert_eq!(c.inverse().unwrap().inverse().unwrap(), c);
assert_eq!(d.inverse().unwrap().inverse().unwrap(), d);
assert_eq!(e.inverse().unwrap().inverse().unwrap(), e);
assert_eq!(f.inverse().unwrap().inverse().unwrap(), f);
assert_eq!(g.inverse().unwrap().inverse().unwrap(), g);
assert_eq!(g.inverse().unwrap().inverse().unwrap(), g);
assert_eq!(h.inverse().unwrap().inverse().unwrap(), h);
}
#[test]
fn frobenius_map() {
let a = Mersenne8::new(0);
let b = Mersenne8::new(1);
let c = Mersenne8::new(2);
let d = Mersenne8::new(1234);
let e = Mersenne8::new(1073741823);
let f = Mersenne8::new(46341);
let g = Mersenne8::new(2147483646);
let h = Mersenne8::new(923042);
let mut a_fm = a;
let mut b_fm = b;
let mut c_fm = c;
let mut d_fm = d;
let mut e_fm = e;
let mut f_fm = f;
let mut g_fm = g;
let mut h_fm = h;
a_fm.frobenius_map(1);
a_fm.frobenius_map(2);
a_fm.frobenius_map(3);
b_fm.frobenius_map(1);
b_fm.frobenius_map(2);
b_fm.frobenius_map(3);
c_fm.frobenius_map(1);
c_fm.frobenius_map(2);
c_fm.frobenius_map(3);
d_fm.frobenius_map(1);
d_fm.frobenius_map(2);
d_fm.frobenius_map(3);
e_fm.frobenius_map(1);
e_fm.frobenius_map(2);
e_fm.frobenius_map(3);
f_fm.frobenius_map(1);
f_fm.frobenius_map(2);
f_fm.frobenius_map(3);
g_fm.frobenius_map(1);
g_fm.frobenius_map(2);
g_fm.frobenius_map(3);
h_fm.frobenius_map(1);
h_fm.frobenius_map(2);
h_fm.frobenius_map(3);
assert_eq!(a_fm, a);
assert_eq!(b_fm, b);
assert_eq!(c_fm, c);
assert_eq!(d_fm, d);
assert_eq!(e_fm, e);
assert_eq!(f_fm, f);
assert_eq!(g_fm, g);
assert_eq!(h_fm, h);
}
}

2
src/serde_impl.rs
Unescape View File

@ -1,6 +1,6 @@
use std::borrow::Cow;
use pairing::bls12_381::G1;
use super::G1;
use serde::de::Error as DeserializeError;
use serde::{Deserialize, Deserializer, Serialize, Serializer};

Write Preview
Loading…
Cancel
Save