-
Notifications
You must be signed in to change notification settings - Fork 2
/
SchnorrSpec.scala
181 lines (161 loc) · 5.73 KB
/
SchnorrSpec.scala
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
package kiosk.schnorr
import kiosk.ergo.{DhtData, KioskBox, KioskCollByte, KioskGroupElement}
import kiosk.tx.TxUtil
import org.ergoplatform.appkit.{BlockchainContext, ConstantsBuilder, HttpClientTesting, InputBox, _}
import org.scalatest.{Matchers, PropSpec}
import org.scalatestplus.scalacheck.ScalaCheckDrivenPropertyChecks
import scorex.crypto.hash.{Blake2b256, Sha256}
import sigmastate.basics.SecP256K1
import sigmastate.eval._
import sigmastate.interpreter.CryptoConstants
import special.sigma.GroupElement
import java.security.SecureRandom
class SchnorrSpec extends PropSpec with Matchers with ScalaCheckDrivenPropertyChecks with HttpClientTesting {
val changeAddress = "9gQqZyxyjAptMbfW1Gydm3qaap11zd6X9DrABwgEE9eRdRvd27p"
val minStorageRent = 1000000L
val dummyNanoErgs = 10000000000000L
val dummyScript = "sigmaProp(true)"
val dummyTxId = "f9e5ce5aa0d95f5d54a7bc89c46730d9662397067250aa18a0039631c0f5b809"
val dummyIndex = 1.toShort
val g: GroupElement = CryptoConstants.dlogGroup.generator
val modulus = SecP256K1.order
val x = BigInt(Blake2b256("alice")) // secret
val Y = g.exp(x.bigInteger) // pubKey
val M = "hello world".getBytes("UTF16") // message
property("Valid signature") {
val ergoClient = createMockedErgoClient(MockData(Nil, Nil))
ergoClient.execute { implicit ctx: BlockchainContext =>
val fundingBox = ctx // for funding transactions
.newTxBuilder()
.outBoxBuilder
.value(dummyNanoErgs)
.contract(ctx.compileContract(ConstantsBuilder.empty(), dummyScript))
.build()
.convertToInputWith(dummyTxId, dummyIndex)
def getInputBox(boxToCreate: KioskBox): InputBox = {
TxUtil
.createTx(
Array(fundingBox),
Array[InputBox](),
Array(boxToCreate),
fee = 1000000L,
changeAddress,
Array[String](),
Array[DhtData](),
false
)
.getOutputsToSpend
.get(0)
}
def boxToCreate(pubKey: GroupElement, message: Array[Byte]): KioskBox = {
KioskBox(
Schnorr.address,
minStorageRent,
registers = Array(KioskGroupElement(pubKey), KioskCollByte(message)),
tokens = Array()
)
}
def sign(input: InputBox, M: Array[Byte], x: BigInt): InputBox = {
val nonceBytes = new Array[Byte](32)
SecureRandom.getInstanceStrong.nextBytes(nonceBytes)
val r = BigInt(nonceBytes)
val U = g.exp(r.bigInteger)
val c: BigInt = BigInt(Sha256(U.getEncoded.toArray ++ M))
val s = (r - c * x).mod(modulus).bigInteger
input.withContextVars(new ContextVar(0, ErgoValue.of(c.toByteArray)), new ContextVar(1, ErgoValue.of(s)))
}
def verify(signedBox: InputBox) = {
TxUtil.createTx(
Array(signedBox, fundingBox),
Array[InputBox](),
Array(
KioskBox(
changeAddress,
minStorageRent,
registers = Array(),
tokens = Array()
)
),
fee = 1000000L,
changeAddress,
Array[String](),
Array[DhtData](),
false
)
}
noException should be thrownBy {
val unsignedInput: InputBox = getInputBox(boxToCreate(Y, M))
val signedInput = sign(unsignedInput, M, x)
verify(signedInput)
}
}
}
property("Invalid signature") {
val ergoClient = createMockedErgoClient(MockData(Nil, Nil))
ergoClient.execute { implicit ctx: BlockchainContext =>
val fundingBox = ctx // for funding transactions
.newTxBuilder()
.outBoxBuilder
.value(dummyNanoErgs)
.contract(ctx.compileContract(ConstantsBuilder.empty(), dummyScript))
.build()
.convertToInputWith(dummyTxId, dummyIndex)
def getInputBox(boxToCreate: KioskBox): InputBox = {
TxUtil
.createTx(
Array(fundingBox),
Array[InputBox](),
Array(boxToCreate),
fee = 1000000L,
changeAddress,
Array[String](),
Array[DhtData](),
false
)
.getOutputsToSpend
.get(0)
}
def boxToCreate(pubKey: GroupElement, message: Array[Byte]): KioskBox = {
KioskBox(
Schnorr.address,
minStorageRent,
registers = Array(KioskGroupElement(pubKey), KioskCollByte(message)),
tokens = Array()
)
}
def sign(input: InputBox, M: Array[Byte], x: BigInt): InputBox = { // wrong sign method, outputs invalid signature
val nonceBytes = new Array[Byte](32)
SecureRandom.getInstanceStrong.nextBytes(nonceBytes)
val r = BigInt(nonceBytes)
val U = g.exp(r.bigInteger)
val c: BigInt = BigInt(Sha256(U.getEncoded.toArray ++ M))
val s = (r - c * x + 1).mod(modulus).bigInteger // add 1 to s, making signature invalid
input.withContextVars(new ContextVar(0, ErgoValue.of(c.toByteArray)), new ContextVar(1, ErgoValue.of(s)))
}
def verify(signedBox: InputBox) = {
TxUtil.createTx(
Array(signedBox, fundingBox),
Array[InputBox](),
Array(
KioskBox(
changeAddress,
minStorageRent,
registers = Array(),
tokens = Array()
)
),
fee = 1000000L,
changeAddress,
Array[String](),
Array[DhtData](),
false
)
}
the[Exception] thrownBy {
val unsignedInput: InputBox = getInputBox(boxToCreate(Y, M))
val signedInput = sign(unsignedInput, M, x)
verify(signedInput)
} should have message "Script reduced to false"
}
}
}