Test crypto primitives against an independent non-C++ implementation #813
Labels
A-crypto
Area: Cryptography
A-testing
Area: Tests and testing infrastructure
elliptic curves
special to Daira
special to Zooko
Comments
|
Great idea! Relatedly: generate test-vectors a.k.a. "Known Answer Tests" for each of them and bake the known answers into our test suite. |
|
Excellent idea 👍 |
|
The most valuable thing to have written in a separate language would certainly be the NoteEncryption stuff. |
|
I have most of this code re-implemented in JavaScript, and have ported some of the tests over. |
|
This is being done for Sapling in Python 3: https://github.com/zcash-hackworks/zcash-test-vectors |
str4d
added a commit
to str4d/zcash
that referenced
this issue
Oct 21, 2020
c6b6b8f1b Merge zcash#830: Rip out non-endomorphism code + dependencies c582abade Consistency improvements to the comments 63c6b7161 Reorder comments/function around scalar_split_lambda 2edc514c9 WNAF of lambda_split output has max size 129 4232e5b7d Rip out non-endomorphism code ebad8414b Check correctness of lambda split without -DVERIFY fe7fc1fda Make lambda constant accessible 9d2f2b44d Add tests to exercise lambda split near bounds 9aca2f7f0 Add secp256k1_split_lambda_verify acab934d2 Detailed comments for secp256k1_scalar_split_lambda 76ed922a5 Increase precision of g1 and g2 6173839c9 Switch to our own memcmp function 63150ab4d Merge zcash#827: Rename testrand functions to have test in name c5257aed0 Merge zcash#821: travis: Explicitly set --with-valgrind bb1f54280 Merge zcash#818: Add static assertion that uint32_t is unsigned int or wider a45c1fa63 Rename testrand functions to have test in name 5006895bd Merge zcash#808: Exhaustive test improvements + exhaustive schnorrsig tests 4eecb4d6e travis: VALGRIND->RUN_VALGRIND to avoid confusion with WITH_VALGRIND 66a765c77 travis: Explicitly set --with-valgrind d7838ba6a Merge zcash#813: Enable configuring Valgrind support 7ceb0b761 Merge zcash#819: Enable -Wundef warning 8b7dcdd95 Add exhaustive test for extrakeys and schnorrsig 08d7d8929 Make pubkey parsing test whether points are in the correct subgroup 87af00b51 Abstract out challenge computation in schnorrsig 63e1b2aa7 Disable output buffering in tests_exhaustive.c 39f67dd07 Support splitting exhaustive tests across cores e99b26fcd Give exhaustive_tests count and seed cmdline inputs 49e6630bc refactor: move RNG seeding to testrand b110c106f Change exhaustive test groups so they have a point with X=1 cec7b18a3 Select exhaustive lambda in function of order 78f6cdfaa Make the curve B constant a secp256k1_fe d7f39ae4b Delete gej_is_valid_var: unused outside tests 8bcd78cd7 Make secp256k1_scalar_b32 detect overflow in scalar_low c498366e5 Move exhaustive tests for recovery to module be3179154 Make group order purely compile-time in exhaustive tests e73ff3092 Enable -Wundef warning c0041b5cf Add static assertion that uint32_t is unsigned int or wider 4ad408faf Merge zcash#782: Check if variable=yes instead of if var is set in travis.sh 412bf874d configure: Allow specifying --with[out]-valgrind explicitly 34debf7a6 Modify .travis.yml to explictly pass no in env vars instead of setting to nothing a0e99fc12 Merge zcash#814: tests: Initialize random group elements fully 5738e8622 tests: Initialize random group elements fully c9939ba55 Merge zcash#812: travis: run bench_schnorrsig a51f2af62 travis: run bench_schnorrsig ef37761fe Change travis.sh to check if variables are equal to yes instead of not-empty. Before this, setting `VALGRIND=wat` was considered as true, and to make it evaluate as false you had to unset the variable `VALGRIND=` but not it checks if `VALGRIND=yes` and if it's not `yes` then it's evaluated to false git-subtree-dir: src/secp256k1 git-subtree-split: c6b6b8f1bb044d7d1aa065ebb674adde98a36a8e
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The correctness of our implementations of the crypto primitives are crucial for security, so let's write them twice, once in C++ and again in Python, so that automated tests can compare the two implementations. I'd include at least:
Bonus:
The text was updated successfully, but these errors were encountered: