Add initial skewed RNGs tests to finite fields

mratsim · Jun 20, 2020 · 7c845ce · 7c845ce
1 parent b0cc9e6
commit 7c845ce
Show file tree

Hide file tree

Showing 4 changed files with 98 additions and 19 deletions.
diff --git a/helpers/prng_unsafe.nim b/helpers/prng_unsafe.nim
@@ -169,7 +169,7 @@ func random_highHammingWeight[T](rng: var RngState, a: var T, C: static Curve) =
   ## to have a higher probability of triggering carries
   when T is BigInt:
     var reduced, unreduced{.noInit.}: T
-    rng.random_word_highHammingWeight(unreduced)
+    rng.random_highHammingWeight(unreduced)
 
     # Note: a simple modulo will be biaised but it's simple and "fast"
     reduced.reduce(unreduced, C.Mod)

diff --git a/tests/t_finite_fields_mulsquare.nim b/tests/t_finite_fields_mulsquare.nim
@@ -115,15 +115,47 @@ proc randomCurve(C: static Curve) =
 
   doAssert bool(r_mul == r_sqr)
 
+proc randomHighHammingWeight(C: static Curve) =
+  let a = rng.random_highHammingWeight(Fp[C])
+
+  var r_mul, r_sqr: Fp[C]
+
+  r_mul.prod(a, a)
+  r_sqr.square(a)
+
+  doAssert bool(r_mul == r_sqr)
+
+proc random_long01Seq(C: static Curve) =
+  let a = rng.random_long01Seq(Fp[C])
+
+  var r_mul, r_sqr: Fp[C]
+
+  r_mul.prod(a, a)
+  r_sqr.square(a)
+
+  doAssert bool(r_mul == r_sqr)
+
 suite "Random Modular Squaring is consistent with Modular Multiplication" & " [" & $WordBitwidth & "-bit mode]":
   test "Random squaring mod P-224 [FastSquaring = " & $P224.canUseNoCarryMontySquare & "]":
     for _ in 0 ..< Iters:
       randomCurve(P224)
+    for _ in 0 ..< Iters:
+      randomHighHammingWeight(P224)
+    for _ in 0 ..< Iters:
+      random_long01Seq(P224)
 
   test "Random squaring mod P-256 [FastSquaring = " & $P256.canUseNoCarryMontySquare & "]":
     for _ in 0 ..< Iters:
       randomCurve(P256)
+    for _ in 0 ..< Iters:
+      randomHighHammingWeight(P256)
+    for _ in 0 ..< Iters:
+      random_long01Seq(P256)
 
   test "Random squaring mod BLS12_381 [FastSquaring = " & $BLS12_381.canUseNoCarryMontySquare & "]":
     for _ in 0 ..< Iters:
       randomCurve(BLS12_381)
+    for _ in 0 ..< Iters:
+      randomHighHammingWeight(BLS12_381)
+    for _ in 0 ..< Iters:
+      random_long01Seq(BLS12_381)
diff --git a/tests/t_finite_fields_powinv.nim b/tests/t_finite_fields_powinv.nim
@@ -170,6 +170,26 @@ proc main() =
           a2.double()
           check: bool(a == a2)
 
+        for _ in 0 ..< Iters:
+          let a = rng.randomHighHammingWeight(Fp[curve])
+          var a2 = a
+          a2.double()
+          a2.div2()
+          check: bool(a == a2)
+          a2.div2()
+          a2.double()
+          check: bool(a == a2)
+
+        for _ in 0 ..< Iters:
+          let a = rng.random_long01Seq(Fp[curve])
+          var a2 = a
+          a2.double()
+          a2.div2()
+          check: bool(a == a2)
+          a2.div2()
+          a2.double()
+          check: bool(a == a2)
+
     testRandomDiv2 P224
     testRandomDiv2 BN254_Nogami
     testRandomDiv2 BN254_Snarks
@@ -245,6 +265,22 @@ proc main() =
           r.prod(aInv, a)
           check: bool r.isOne()
 
+        for _ in 0 ..< Iters:
+          let a = rng.randomHighHammingWeight(Fp[curve])
+          aInv.inv(a)
+          r.prod(a, aInv)
+          check: bool r.isOne()
+          r.prod(aInv, a)
+          check: bool r.isOne()
+
+        for _ in 0 ..< Iters:
+          let a = rng.random_long01Seq(Fp[curve])
+          aInv.inv(a)
+          r.prod(a, aInv)
+          check: bool r.isOne()
+          r.prod(aInv, a)
+          check: bool r.isOne()
+
     testRandomInv P224
     testRandomInv BN254_Nogami
     testRandomInv BN254_Snarks

diff --git a/tests/t_finite_fields_sqrt.nim b/tests/t_finite_fields_sqrt.nim
@@ -83,27 +83,38 @@ proc exhaustiveCheck_p3mod4(C: static Curve, modulus: static int) =
           bool (a == a2) # a shouldn't be modified
 
 proc randomSqrtCheck_p3mod4(C: static Curve) =
+  template testImpl(a: untyped): untyped {.dirty.} =
+    var na{.noInit.}: Fp[C]
+    na.neg(a)
+
+    var a2 = a
+    var na2 = na
+    a2.square()
+    na2.square()
+    check:
+      bool a2 == na2
+      bool a2.isSquare()
+
+    var r, s = a2
+    r.sqrt()
+    let ok = s.sqrt_if_square()
+    check:
+      bool ok
+      bool(r == s)
+      bool(r == a or r == na)
+
   test "Random square root check for p ≡ 3 (mod 4) on " & $Curve(C):
     for _ in 0 ..< Iters:
       let a = rng.random_unsafe(Fp[C])
-      var na{.noInit.}: Fp[C]
-      na.neg(a)
-
-      var a2 = a
-      var na2 = na
-      a2.square()
-      na2.square()
-      check:
-        bool a2 == na2
-        bool a2.isSquare()
-
-      var r, s = a2
-      r.sqrt()
-      let ok = s.sqrt_if_square()
-      check:
-        bool ok
-        bool(r == s)
-        bool(r == a or r == na)
+      testImpl(a)
+
+    for _ in 0 ..< Iters:
+      let a = rng.randomHighHammingWeight(Fp[C])
+      testImpl(a)
+
+    for _ in 0 ..< Iters:
+      let a = rng.random_long01Seq(Fp[C])
+      testImpl(a)
 
 proc main() =
   suite "Modular square root" & " [" & $WordBitwidth & "-bit mode]":