errors improved, tests added

Author: curiecrypt

mithril-stm/benches/schnorr_sig.rs

@@ -46,7 +46,7 @@ fn sign_and_verify(c: &mut Criterion, nr_sigs: usize) {
     let mut sigs = Vec::new();
     for _ in 0..nr_sigs {
         let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
-        let vk = SchnorrVerificationKey::from(sk.clone());
+        let vk = SchnorrVerificationKey::new_from_signing_key(sk.clone()).unwrap();
         let sig = sk.sign(&msg, &mut rng_sig).unwrap();
         sigs.push(sig);
         mvks.push(vk);

mithril-stm/src/signature_scheme/schnorr_signature/error.rs

@@ -13,11 +13,31 @@ pub enum SchnorrSignatureError {
     #[error("Invalid bytes")]
     SerializationError,
 
+    /// This error occurs when the serialization of the signing key bytes failed
+    #[error("Invalid scalar field element bytes")]
+    ScalarFieldElementSerializationError,
+
+    /// This error occurs when the serialization of the projective point bytes failed
+    #[error("Invalid projective point bytes")]
+    ProjectivePointSerializationError,
+
+    /// This error occurs when the serialization of the prime order projective point bytes failed
+    #[error("Invalid prime order projective point bytes")]
+    PrimeOrderProjectivePointSerializationError,
+
     /// This error occurs when the random scalar fails to generate during the signature
     #[error("Failed generation of the signature's random scalar")]
     RandomScalarGenerationError,
 
+    /// This error occurs when signing key is zero or one.
+    #[error("The signing key is invalid.")]
+    InvalidSigningKey,
+
     /// Given point is not on the curve
     #[error("Given point is not on the curve")]
     PointIsNotOnCurve(Box<PrimeOrderProjectivePoint>),
+
+    /// Given point is not prime order
+    #[error("Given point is not prime order")]
+    PointIsNotPrimeOrder(Box<PrimeOrderProjectivePoint>),
 }

mithril-stm/src/signature_scheme/schnorr_signature/jubjub_wrapper/curve_points.rs

@@ -9,7 +9,7 @@ use super::{BaseFieldElement, ScalarFieldElement};
 use crate::{StmResult, signature_scheme::SchnorrSignatureError};
 
 #[derive(Clone)]
-pub struct AffinePoint(JubjubAffinePoint);
+pub(crate) struct AffinePoint(JubjubAffinePoint);
 
 impl AffinePoint {
     pub(crate) fn from_projective_point(projective_point: ProjectivePoint) -> Self {
@@ -34,7 +34,7 @@ impl AffinePoint {
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub struct ProjectivePoint(pub(crate) JubjubExtended);
+pub(crate) struct ProjectivePoint(pub(crate) JubjubExtended);
 
 impl ProjectivePoint {
     pub(crate) fn hash_to_projective_point(input: &[u8]) -> Self {
@@ -60,7 +60,9 @@ impl ProjectivePoint {
 
         match JubjubExtended::from_bytes(&projective_point_bytes).into_option() {
             Some(projective_point) => Ok(Self(projective_point)),
-            None => Err(anyhow!(SchnorrSignatureError::SerializationError)),
+            None => Err(anyhow!(
+                SchnorrSignatureError::ProjectivePointSerializationError
+            )),
         }
     }
 
@@ -69,10 +71,14 @@ impl ProjectivePoint {
     ) -> Self {
         ProjectivePoint(JubjubExtended::from(prime_order_projective_point.0))
     }
+
+    pub(crate) fn is_prime_order(self) -> bool {
+        self.0.is_prime_order().into()
+    }
 }
 
 #[derive(Debug, Clone, Copy, Default, PartialEq, Eq)]
-pub struct PrimeOrderProjectivePoint(pub(crate) JubjubSubgroup);
+pub(crate) struct PrimeOrderProjectivePoint(pub(crate) JubjubSubgroup);
 
 impl PrimeOrderProjectivePoint {
     pub(crate) fn create_generator() -> Self {
@@ -98,7 +104,9 @@ impl PrimeOrderProjectivePoint {
 
         match JubjubSubgroup::from_bytes(&prime_order_projective_point_bytes).into_option() {
             Some(prime_order_projective_point) => Ok(Self(prime_order_projective_point)),
-            None => Err(anyhow!(SchnorrSignatureError::SerializationError)),
+            None => Err(anyhow!(
+                SchnorrSignatureError::PrimeOrderProjectivePointSerializationError
+            )),
         }
     }
 }

mithril-stm/src/signature_scheme/schnorr_signature/jubjub_wrapper/field_elements.rs

@@ -6,7 +6,7 @@ use rand_core::{CryptoRng, RngCore};
 use crate::{StmResult, signature_scheme::SchnorrSignatureError};
 
 #[derive(Debug, Clone, PartialEq, Eq)]
-pub struct BaseFieldElement(pub(crate) JubjubBase);
+pub(crate) struct BaseFieldElement(pub(crate) JubjubBase);
 
 impl BaseFieldElement {
     pub(crate) fn add(&self, other: &Self) -> Self {
@@ -31,7 +31,7 @@ impl BaseFieldElement {
 }
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub struct ScalarFieldElement(pub(crate) JubjubScalar);
+pub(crate) struct ScalarFieldElement(pub(crate) JubjubScalar);
 
 impl ScalarFieldElement {
     pub(crate) fn new_random_scalar(rng: &mut (impl RngCore + CryptoRng)) -> Self {
@@ -45,6 +45,13 @@ impl ScalarFieldElement {
         false
     }
 
+    pub(crate) fn is_one(&self) -> bool {
+        if self.0 == JubjubScalar::one() {
+            return true;
+        }
+        false
+    }
+
     pub(crate) fn new_random_nonzero_scalar(
         rng: &mut (impl RngCore + CryptoRng),
     ) -> StmResult<Self> {
@@ -71,12 +78,17 @@ impl ScalarFieldElement {
 
     pub(crate) fn from_bytes(bytes: &[u8]) -> StmResult<Self> {
         let mut scalar_bytes = [0u8; 32];
-        scalar_bytes
-            .copy_from_slice(bytes.get(..32).ok_or(SchnorrSignatureError::SerializationError)?);
+        scalar_bytes.copy_from_slice(
+            bytes
+                .get(..32)
+                .ok_or(SchnorrSignatureError::ScalarFieldElementSerializationError)?,
+        );
 
         match JubjubScalar::from_bytes(&scalar_bytes).into_option() {
             Some(scalar_field_element) => Ok(Self(scalar_field_element)),
-            None => Err(anyhow!(SchnorrSignatureError::SerializationError)),
+            None => Err(anyhow!(
+                SchnorrSignatureError::ScalarFieldElementSerializationError
+            )),
         }
     }
 }

mithril-stm/src/signature_scheme/schnorr_signature/jubjub_wrapper/mod.rs

@@ -2,6 +2,6 @@ mod curve_points;
 mod field_elements;
 mod poseidon_digest;
 
-pub use curve_points::*;
-pub use field_elements::*;
+pub(crate) use curve_points::*;
+pub(crate) use field_elements::*;
 pub(crate) use poseidon_digest::*;

mithril-stm/src/signature_scheme/schnorr_signature/mod.rs

@@ -6,8 +6,159 @@ mod utils;
 mod verification_key;
 
 pub use error::*;
-pub use jubjub_wrapper::*;
+pub(crate) use jubjub_wrapper::*;
 pub use signature::*;
 pub use signing_key::*;
 pub(crate) use utils::*;
 pub use verification_key::*;
+
+#[cfg(test)]
+mod tests {
+    use proptest::prelude::*;
+    use rand_chacha::ChaCha20Rng;
+    use rand_core::SeedableRng;
+
+    use crate::{SchnorrSignature, signature_scheme::SchnorrSignatureError};
+
+    use super::{SchnorrSigningKey, SchnorrVerificationKey};
+
+    proptest! {
+            #![proptest_config(ProptestConfig::with_cases(10))]
+
+            #[test]
+            fn valid_signing_verification(
+                msg in prop::collection::vec(any::<u8>(), 1..128),
+                seed in any::<[u8;32]>(),
+            ) {
+                let sk_result = SchnorrSigningKey::generate(&mut ChaCha20Rng::from_seed(seed));
+                assert!(sk_result.is_ok(), "Secret ket generation failed");
+                let sk = sk_result.unwrap();
+
+                let vk = SchnorrVerificationKey::new_from_signing_key(sk.clone()).unwrap();
+
+                let sig_result = sk.sign(&msg, &mut ChaCha20Rng::from_seed(seed));
+                assert!(sig_result.is_ok(), "Signature generation failed");
+
+                let sig = sig_result.unwrap();
+
+                assert!(sig.verify(&msg, &vk).is_ok(), "Verification failed.");
+            }
+
+            #[test]
+            fn invalid_signature(msg in prop::collection::vec(any::<u8>(), 1..128), seed in any::<[u8;32]>()) {
+                let mut rng = ChaCha20Rng::from_seed(seed);
+                let sk1 = SchnorrSigningKey::generate(&mut rng).unwrap();
+                let vk1 = SchnorrVerificationKey::new_from_signing_key(sk1).unwrap();
+                let sk2 = SchnorrSigningKey::generate(&mut rng).unwrap();
+                let fake_sig = sk2.sign(&msg, &mut rng).unwrap();
+
+                let error = fake_sig.verify(&msg, &vk1).expect_err("Fake signature should not be verified");
+
+                assert!(
+                    matches!(
+                        error.downcast_ref::<SchnorrSignatureError>(),
+                        Some(SchnorrSignatureError::SignatureInvalid(_))
+                    ),
+                    "Unexpected error: {error:?}"
+                );
+            }
+
+            #[test]
+            fn signing_key_to_from_bytes(seed in any::<[u8;32]>()) {
+                let mut rng = ChaCha20Rng::from_seed(seed);
+                let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+
+                let mut sk_bytes = sk.to_bytes();
+                let recovered_sk = SchnorrSigningKey::from_bytes(&sk_bytes).unwrap();
+                assert_eq!(sk.0, recovered_sk.0, "Recovered signing key does not match with the original!");
+
+                sk_bytes[31] |= 0xff;
+
+                let result = SchnorrSigningKey::from_bytes(&sk_bytes).expect_err("From bytes conversion of signing key should fail");
+
+                assert!(
+                    matches!(
+                        result.downcast_ref::<SchnorrSignatureError>(),
+                        Some(SchnorrSignatureError::ScalarFieldElementSerializationError)
+                    ),
+                    "Unexpected error: {result:?}"
+                );
+            }
+
+            #[test]
+            fn verification_key_to_from_bytes(seed in any::<[u8;32]>()) {
+                let mut rng = ChaCha20Rng::from_seed(seed);
+                let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+                let vk = SchnorrVerificationKey::new_from_signing_key(sk.clone()).unwrap();
+
+                let mut vk_bytes = vk.to_bytes();
+                let recovered_vk = SchnorrVerificationKey::from_bytes(&vk_bytes).unwrap();
+                assert_eq!(vk.0, recovered_vk.0, "Recovered verification key does not match with the original!");
+
+                vk_bytes[31] |= 0xff;
+
+                let result = SchnorrVerificationKey::from_bytes(&vk_bytes).expect_err("From bytes conversion of verification key should fail");
+
+                assert!(
+                    matches!(
+                        result.downcast_ref::<SchnorrSignatureError>(),
+                        Some(SchnorrSignatureError::PrimeOrderProjectivePointSerializationError)
+                    ),
+                    "Unexpected error: {result:?}"
+                );
+            }
+
+            #[test]
+            fn signature_to_from_bytes(msg in prop::collection::vec(any::<u8>(), 1..128), seed in any::<[u8;32]>()) {
+                let mut rng = ChaCha20Rng::from_seed(seed);
+
+                let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+                let signature = sk.sign(&msg, &mut ChaCha20Rng::from_seed(seed)).unwrap();
+
+                let signature_bytes = signature.to_bytes();
+                let recovered_signature = SchnorrSignature::from_bytes(&signature_bytes).unwrap();
+                assert_eq!(signature, recovered_signature, "Recovered signature does not match with the original!");
+
+                // Test invalid `sigma`
+                let mut corrupted_bytes = signature_bytes.clone();
+                corrupted_bytes[31] |= 0xff;
+
+                let result = SchnorrSignature::from_bytes(&corrupted_bytes).expect_err("From bytes conversion of signature should fail");
+
+                assert!(
+                    matches!(
+                        result.downcast_ref::<SchnorrSignatureError>(),
+                        Some(SchnorrSignatureError::ProjectivePointSerializationError)
+                    ),
+                    "Unexpected error: {result:?}"
+                );
+
+                // Test invalid `signature`
+                let mut corrupted_bytes = signature_bytes.clone();
+                corrupted_bytes[63] |= 0xff;
+
+                let result = SchnorrSignature::from_bytes(&corrupted_bytes).expect_err("From bytes conversion should fail");
+
+                assert!(
+                    matches!(
+                        result.downcast_ref::<SchnorrSignatureError>(),
+                        Some(SchnorrSignatureError::ScalarFieldElementSerializationError)
+                    ),
+                    "Unexpected error: {result:?}"
+                );
+                // Test invalid `challenge`
+                let mut corrupted_bytes = signature_bytes.clone();
+                corrupted_bytes[95] |= 0xff;
+
+                let result = SchnorrSignature::from_bytes(&corrupted_bytes).expect_err("From bytes conversion should fail");
+
+                assert!(
+                    matches!(
+                        result.downcast_ref::<SchnorrSignatureError>(),
+                        Some(SchnorrSignatureError::ScalarFieldElementSerializationError)
+                    ),
+                    "Unexpected error: {result:?}"
+                );
+            }
+    }
+}