diff --git a/shuffle/biffle_test.go b/shuffle/biffle_test.go index 18a34e916..c4150eaa6 100644 --- a/shuffle/biffle_test.go +++ b/shuffle/biffle_test.go @@ -23,7 +23,7 @@ func TestInvalidBiffle(t *testing.T) { func biffleTest(suite Suite, N int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) + h, c := setShuffleKeyPairs(rand, suite, 2) // ElGamal-encrypt all these keypairs with the "server" key var X, Y [2]kyber.Point @@ -31,15 +31,15 @@ func biffleTest(suite Suite, N int) { for i := 0; i < 2; i++ { r.Pick(rand) X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[i].Add(Y[i], c1[i]) // Encrypted client public key + Y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[i].Add(Y[i], c[i]) // Encrypted client public key } // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle - Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) + Xbar, Ybar, prover := Biffle(suite, nil, h, X, Y, rand) prf, err := proof.HashProve(suite, "Biffle", prover) if err != nil { panic("Biffle proof failed: " + err.Error()) @@ -47,7 +47,7 @@ func biffleTest(suite Suite, N int) { //fmt.Printf("proof:\n%s\n",hex.Dump(prf)) // Check it - verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) + verifier := BiffleVerifier(suite, nil, h, X, Y, Xbar, Ybar) err = proof.HashVerify(suite, "Biffle", verifier, prf) if err != nil { panic("Biffle verify failed: " + err.Error()) @@ -57,7 +57,7 @@ func biffleTest(suite Suite, N int) { func biffleInvalidTest(suite Suite) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, 2) + h, c := setShuffleKeyPairs(rand, suite, 2) // ElGamal-encrypt all these keypairs with the "server" key var X, Y [2]kyber.Point @@ -65,12 +65,12 @@ func biffleInvalidTest(suite Suite) { for i := 0; i < 2; i++ { r.Pick(rand) X[i] = suite.Point().Mul(r, nil) - Y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[i].Add(Y[i], c1[i]) // Encrypted client public key + Y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[i].Add(Y[i], c[i]) // Encrypted client public key } // Do a key-shuffle - Xbar, Ybar, prover := Biffle(suite, nil, h1, X, Y, rand) + Xbar, Ybar, prover := Biffle(suite, nil, h, X, Y, rand) prf, err := proof.HashProve(suite, "Biffle", prover) if err != nil { panic("Biffle proof failed: " + err.Error()) @@ -80,7 +80,7 @@ func biffleInvalidTest(suite Suite) { X[0], Y[0] = X[1], Y[1] // Check it - verifier := BiffleVerifier(suite, nil, h1, X, Y, Xbar, Ybar) + verifier := BiffleVerifier(suite, nil, h, X, Y, Xbar, Ybar) err = proof.HashVerify(suite, "Biffle", verifier, prf) if err == nil { panic("Biffle verify should have failed") diff --git a/shuffle/shuffle_test.go b/shuffle/shuffle_test.go index 51e96cb67..822f31e30 100644 --- a/shuffle/shuffle_test.go +++ b/shuffle/shuffle_test.go @@ -35,27 +35,27 @@ func TestInvalidShuffleSequence(t *testing.T) { sequenceInvalidShuffleTest(t, s, k, NQ) } -func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Scalar, kyber.Point, []kyber.Scalar, []kyber.Point) { +func setShuffleKeyPairs(rand cipher.Stream, suite Suite, k int) (kyber.Point, []kyber.Point) { // Create a "server" private/public keypair h0 := suite.Scalar().Pick(rand) h1 := suite.Point().Mul(h0, nil) // Create a set of ephemeral "client" keypairs to shuffle - c0 := make([]kyber.Scalar, k) c1 := make([]kyber.Point, k) for i := 0; i < k; i++ { - c0[i] = suite.Scalar().Pick(rand) - c1[i] = suite.Point().Mul(c0[i], nil) - + c0 := suite.Scalar().Pick(rand) + c1[i] = suite.Point().Mul(c0, nil) } - return h0, h1, c0, c1 + return h1, c1 } -func pairShuffleTest(suite Suite, k, n int) { - rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) +func elGamalEncryptPair( + rand cipher.Stream, + suite Suite, + c []kyber.Point, + h kyber.Point, k int) ([]kyber.Point, []kyber.Point) { // ElGamal-encrypt all these keypairs with the "server" key x := make([]kyber.Point, k) @@ -64,22 +64,29 @@ func pairShuffleTest(suite Suite, k, n int) { for i := 0; i < k; i++ { r.Pick(rand) x[i] = suite.Point().Mul(r, nil) - y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - y[i].Add(y[i], c1[i]) // Encrypted client public key + y[i] = suite.Point().Mul(r, h) // ElGamal blinding factor + y[i].Add(y[i], c[i]) // Encrypted client public key } + return x, y +} + +func pairShuffleTest(suite Suite, k, n int) { + rand := suite.RandomStream() + h, c := setShuffleKeyPairs(rand, suite, k) + x, y := elGamalEncryptPair(rand, suite, c, h, k) + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < n; i++ { - // Do a key-shuffle - Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) + Xbar, Ybar, prover := Shuffle(suite, nil, h, x, y, rand) prf, err := proof.HashProve(suite, "PairShuffle", prover) if err != nil { panic("Shuffle proof failed: " + err.Error()) } // Check it - verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) + verifier := Verifier(suite, nil, h, x, y, Xbar, Ybar) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { panic("Shuffle verify failed: " + err.Error()) @@ -89,21 +96,11 @@ func pairShuffleTest(suite Suite, k, n int) { func pairInvalidShuffleTest(t *testing.T, suite Suite, k int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - - // ElGamal-encrypt all these keypairs with the "server" key - x := make([]kyber.Point, k) - y := make([]kyber.Point, k) - r := suite.Scalar() // temporary - for i := 0; i < k; i++ { - r.Pick(rand) - x[i] = suite.Point().Mul(r, nil) - y[i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - y[i].Add(y[i], c1[i]) // Encrypted client public key - } + h, c := setShuffleKeyPairs(rand, suite, k) + x, y := elGamalEncryptPair(rand, suite, c, h, k) // Do a key-shuffle - Xbar, Ybar, prover := Shuffle(suite, nil, h1, x, y, rand) + Xbar, Ybar, prover := Shuffle(suite, nil, h, x, y, rand) // Corrupt the shuffle Xbar[1], Xbar[0] = Xbar[0], Xbar[1] @@ -112,15 +109,17 @@ func pairInvalidShuffleTest(t *testing.T, suite Suite, k int) { assert.Nil(t, err) // Check it - verifier := Verifier(suite, nil, h1, x, y, Xbar, Ybar) + verifier := Verifier(suite, nil, h, x, y, Xbar, Ybar) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) assert.Error(t, err) } -func sequenceShuffleTest(suite Suite, k, NQ, N int) { - rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - +func generateAndEncryptRandomSequences( + rand cipher.Stream, + suite Suite, + h kyber.Point, + c []kyber.Point, + k int) ([][]kyber.Point, [][]kyber.Point) { X := make([][]kyber.Point, NQ) Y := make([][]kyber.Point, NQ) @@ -144,16 +143,24 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { for i := 0; i < k; i++ { r.Pick(rand) X[j][i] = suite.Point().Mul(r, nil) - Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key + Y[j][i] = suite.Point().Mul(r, h) // ElGamal blinding factor + Y[j][i].Add(Y[j][i], c[i]) // Encrypted client public key } } + return X, Y +} + +func sequenceShuffleTest(suite Suite, k, NQ, N int) { + rand := suite.RandomStream() + h, c := setShuffleKeyPairs(rand, suite, k) + X, Y := generateAndEncryptRandomSequences(rand, suite, h, c, k) + // Repeat only the actual shuffle portion for benchmark purposes. for i := 0; i < N; i++ { // Do a key-shuffle - XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) + XX, YY, getProver := SequencesShuffle(suite, nil, h, X, Y, rand) e := make([]kyber.Scalar, NQ) for j := 0; j < NQ; j++ { @@ -173,7 +180,7 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) // Check it - verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) + verifier := Verifier(suite, nil, h, XXUp, YYUp, XXDown, YYDown) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) if err != nil { @@ -184,38 +191,11 @@ func sequenceShuffleTest(suite Suite, k, NQ, N int) { func sequenceInvalidShuffleTest(t *testing.T, suite Suite, k, NQ int) { rand := suite.RandomStream() - _, h1, _, c1 := setShuffleKeyPairs(rand, suite, k) - - X := make([][]kyber.Point, NQ) - Y := make([][]kyber.Point, NQ) - - // generate random sequences - for i := 0; i < NQ; i++ { - xs := make([]kyber.Point, k) - ys := make([]kyber.Point, k) - - for j := 0; j < k; j++ { - xs[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) - ys[j] = suite.Point().Mul(suite.Scalar().Pick(suite.RandomStream()), nil) - } - - X[i] = xs - Y[i] = ys - } - - // ElGamal-encrypt all these keypairs with the "server" key - r := suite.Scalar() // temporary - for j := 0; j < NQ; j++ { - for i := 0; i < k; i++ { - r.Pick(rand) - X[j][i] = suite.Point().Mul(r, nil) - Y[j][i] = suite.Point().Mul(r, h1) // ElGamal blinding factor - Y[j][i].Add(Y[j][i], c1[i]) // Encrypted client public key - } - } + h, c := setShuffleKeyPairs(rand, suite, k) + X, Y := generateAndEncryptRandomSequences(rand, suite, h, c, k) // Do a key-shuffle - XX, YY, getProver := SequencesShuffle(suite, nil, h1, X, Y, rand) + XX, YY, getProver := SequencesShuffle(suite, nil, h, X, Y, rand) // Corrupt original inputs X[0][0], Y[0][0] = X[0][1], Y[0][1] @@ -234,7 +214,7 @@ func sequenceInvalidShuffleTest(t *testing.T, suite Suite, k, NQ int) { XXUp, YYUp, XXDown, YYDown := GetSequenceVerifiable(suite, X, Y, XX, YY, e) // Check it - verifier := Verifier(suite, nil, h1, XXUp, YYUp, XXDown, YYDown) + verifier := Verifier(suite, nil, h, XXUp, YYUp, XXDown, YYDown) err = proof.HashVerify(suite, "PairShuffle", verifier, prf) assert.Error(t, err) diff --git a/sign/bls/bls_test.go b/sign/bls/bls_test.go index 926542ea2..35c214064 100644 --- a/sign/bls/bls_test.go +++ b/sign/bls/bls_test.go @@ -8,25 +8,27 @@ import ( "go.dedis.ch/kyber/v3" "go.dedis.ch/kyber/v3/pairing/bn256" "go.dedis.ch/kyber/v3/util/random" + "go.dedis.ch/kyber/v3/xof/blake2xb" ) func TestBLS(t *testing.T) { + suite := bn256.NewSuite() msg := []byte("Hello Boneh-Lynn-Shacham") - BLSRoutine(t, msg) + BLSRoutine(t, msg, suite) } func FuzzBLS(f *testing.F) { + suite := bn256.NewSuite() f.Fuzz(func(t *testing.T, msg []byte) { if len(msg) < 1 || len(msg) > 1000 { t.Skip("msg must have byte length between 1 and 1000") } - BLSRoutine(t, msg) + BLSRoutine(t, msg, suite) }) } -func BLSRoutine(t *testing.T, msg []byte) { - suite := bn256.NewSuite() - private, public := NewKeyPair(suite, random.New()) +func BLSRoutine(t *testing.T, msg []byte, suite *bn256.Suite) { + private, public := NewKeyPair(suite, blake2xb.New(msg)) sig, err := Sign(suite, private, msg) require.Nil(t, err) err = Verify(suite, public, msg, sig) diff --git a/sign/tbls/tbls_test.go b/sign/tbls/tbls_test.go index b818e9a83..191efa8a9 100644 --- a/sign/tbls/tbls_test.go +++ b/sign/tbls/tbls_test.go @@ -1,22 +1,20 @@ package tbls import ( - "bytes" - "crypto/rand" "testing" "github.com/stretchr/testify/require" "go.dedis.ch/kyber/v3/pairing/bn256" "go.dedis.ch/kyber/v3/share" "go.dedis.ch/kyber/v3/sign/bls" - "go.dedis.ch/kyber/v3/util/random" + "go.dedis.ch/kyber/v3/xof/blake2xb" ) func TestTBLS(test *testing.T) { - BLSRoutine(test, []byte("Hello threshold Boneh-Lynn-Shacham"), 10) + TBLSRoutine(test, []byte("Hello threshold Boneh-Lynn-Shacham"), 10) } -func FuzzBLS(f *testing.F) { +func FuzzTBLS(f *testing.F) { f.Fuzz(func(t *testing.T, msg []byte, n int) { if (n < 1) || (n > 100) { t.Skip("n must be between 1 and 100") @@ -24,17 +22,16 @@ func FuzzBLS(f *testing.F) { if (len(msg) < 1) || (len(msg) > 1000) { t.Skip("msg must have byte length between 1 and 1000") } - BLSRoutine(t, msg, n) + TBLSRoutine(t, msg, n) }) } -func BLSRoutine(test *testing.T, msg []byte, n int) { +func TBLSRoutine(test *testing.T, msg []byte, n int) { suite := bn256.NewSuite() th := n/2 + 1 - r := bytes.NewReader(msg) - stream := random.New(r, rand.Reader) - + // Use a deterministic seed for the random stream + stream := blake2xb.New(msg) secret := suite.G1().Scalar().Pick(stream) priPoly := share.NewPriPoly(suite.G2(), th, secret, stream) pubPoly := priPoly.Commit(suite.G2().Point().Base())