Add test for aggnonce = inf

jonasnick · May 25, 2022 · 742e7bf · 742e7bf
1 parent e87ffd8
commit 742e7bf
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 1 deletion.
diff --git a/bip-musig2.mediawiki b/bip-musig2.mediawiki
@@ -550,7 +550,7 @@ A change in the <code>MAJOR</code> version indicates that the specification is i
 The <code>MINOR</code> version is incremented whenever the inputs or the output of an algorithm changes in a backward-compatible way or new backward-compatible functionality is added.
 The <code>PATCH</code> version is incremented for other changes that are noteworthy (bug fixes, test vectors, important clarifications, etc.).
 
-* '''0.3.0''' (2022-05-24): Allow the output of NonceAgg to be infinity
+* '''0.3.0''' (2022-05-24): Allow the output of NonceAgg to be infinity and add test vector
 * '''0.2.0''' (2022-05-19): Change order of arguments in ''NonceGen'' hash function
 * '''0.1.0''' (2022-05-19): Publication of draft BIP on the bitcoin-dev mailing list
 

diff --git a/bip-musig2/reference.py b/bip-musig2/reference.py
@@ -407,6 +407,36 @@ def test_sign_vectors():
     session_ctx = SessionContext(aggnonce, [X[0], X[1], pk], [], [], msg)
     assert sign(secnonce, sk, session_ctx) == expected[2]
 
+def test_inf_aggnonce():
+    X = bytes.fromhex('F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9',)
+
+    secnonce = bytes.fromhex(
+        '508B81A611F100A6B2B6B29656590898AF488BCF2E1F55CF22E5CFB84421FE61' +
+        'FA27FD49B1D50085B481285E1CA205D55C82CC1B31FF5CD54A489829355901F7')
+
+    # First element corresponds to secnonce
+    pubnonces = fromhex_all([
+        '0337C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA' +
+        '0287BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480',
+        '0237C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA' +
+        '0387BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480'
+    ])
+
+    aggnonce = (0).to_bytes(66, "big")
+    assert nonce_agg(pubnonces) == aggnonce
+
+    sk  = bytes.fromhex('7FB9E0E687ADA1EEBF7ECFE2F21E73EBDB51A7D450948DFE8D76D7F2D1007671')
+    msg = bytes.fromhex('F95466D086770E689964664219266FE5ED215C92AE20BAB5C9D79ADDDDF3C0CF')
+
+    expected = bytes.fromhex("C91F7C71744153D618891EC5851F379D20F8EC47EC43A909DF64DC8D4C242375")
+
+    pk = bytes_from_point(point_mul(G, int_from_bytes(sk)))
+
+    session_ctx = SessionContext(aggnonce, [pk, X], [], [], msg)
+    assert sign(secnonce, sk, session_ctx) == expected
+    assert partial_sig_verify(expected, pubnonces, [pk, X], [], [], msg, 0)
+    assert not  partial_sig_agg([expected, expected], session_ctx)
+
 def test_tweak_vectors():
     X = fromhex_all([
         'F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9',
@@ -514,5 +544,6 @@ def test_sign_and_verify_random(iters):
 if __name__ == '__main__':
     test_key_agg_vectors()
     test_sign_vectors()
+    test_inf_aggnonce()
     test_tweak_vectors()
     test_sign_and_verify_random(4)