Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Eddsa Verify Tests #64

Open
AmitShah opened this issue Mar 15, 2024 · 8 comments
Open

Eddsa Verify Tests #64

AmitShah opened this issue Mar 15, 2024 · 8 comments

Comments

@AmitShah
Copy link

Hello, I was hoping to test this for an eddsa use case. Do we have complete tests for FCL_eddsa? I see FCL_eddsa.t.sol is incomplete ?
@rdubois-crypto
Copy link
Owner

eddsa is unfinished, only because of SHA512 incomplete implementation (it only deals with small blocks now).

The elliptic computations part of the protocol are working. I will push a complete version in April.

@AmitShah
Copy link
Author

I tried to update the test to work as follow:

       uint256[2] memory kpub = [
            43933056957747458452560886832567536073542840507013052263144963060608791330050,
            16962727616734173323702303146057009569815335830970791807500022961899349823996
        ];
        buffer[0] = 0x6291d657deec2402; //Rs
        buffer[1] = 0x4827e69c3abe01a3;
        buffer[2] = 0x0ce548a284743a44;
        buffer[3] = 0x5e3680d7db5ac3ac;
        buffer[4] = 0xfc51cd8e6218a1a3; //public y value, swapped
        buffer[5] = 0x8da47ed00230f058;
        buffer[6] = 0x0816ed13ba3303ac;
        buffer[7] = 0x5deb911548908025;
        buffer[8] = 0xaf82800000000000; //msg+padd
        buffer[15] = 0x210; //end of padding, 66bytes=0x210 bits
        //second half of signature
        uint256 s = 0x18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a;
        bool flag =  EDDSA.Verify(kpub,buffer,s);

but it is producing flag = false. Can you provide any feedback if something is passed incorrectly ?

@rdubois-crypto
Copy link
Owner

I will push something in April. If you have some reference for test vectors adressing the elliptic part, i'm interested to validate SHA512 and ecc part separately, the only reference i found is:
https://crypto.stackexchange.com/questions/99798/test-vectors-points-for-ed25519

@AmitShah
Copy link
Author

AmitShah commented Apr 4, 2024
edited
Loading

I cant find seperate test vectors for each phase either but just the entire eddsa scheme:

https://asecuritysite.com/signatures/eddsa4

@AmitShah
Copy link
Author

Hello @rdubois-crypto is there anything I can help with to move this work ahead ? Appreciate your efforts

@rdubois-crypto
Copy link
Owner

Hi Amit.

You will find a more advanced implementation on https://github.com/get-smooth/crypto-lib. The point multiplication is proven effective, and some tests vectors are successfull in the experimental branch. A more complete SHA512 must be pushed now to handle long vectors.

@AmitShah
Copy link
Author

AmitShah commented May 16, 2024
edited
Loading

Hi @rdubois-crypto thank you so much for your feedback , I will look through the lib. Assuming this is your eth address crypt0grapher.eth, sending you coffee / beer on polygon

@rdubois-crypto
Copy link
Owner

rdubois-crypto commented May 27, 2024
edited
Loading

Hi @AmitShah , Ed25519 is now tested OK against the test vectors of RFC8032 here:

https://github.com/get-smooth/crypto-lib/blob/8da911292d7816b4ac7afc10c819be2fe37aeaf4/test/libSCL_rip6565.t.sol#L112

Would gladly hear about the use cases you are projecting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AmitShah @rdubois-crypto