From 5246c177b7891f7479767ffcec803087eee9c412 Mon Sep 17 00:00:00 2001 From: David Nevado Date: Fri, 3 May 2024 10:25:07 +0200 Subject: [PATCH] Fix subgroup check in Pluto's G2. (#155) * fix: Pluto G2 torsion_free Also added test for Bn and Pluto curves. * chore: move new test to test_suite * fix: cofactor comment --- src/bn256/curve.rs | 2 ++ src/pluto_eris/curve.rs | 9 ++++++--- src/tests/curve.rs | 16 ++++++++++++++++ 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/bn256/curve.rs b/src/bn256/curve.rs index 5989c9f6..da4ae1a8 100644 --- a/src/bn256/curve.rs +++ b/src/bn256/curve.rs @@ -201,6 +201,8 @@ impl G1 { mod test { use super::*; use group::UncompressedEncoding; + + crate::curve_testing_suite!(G2, "clear_cofactor"); crate::curve_testing_suite!(G1, G2); crate::curve_testing_suite!(G1, "hash_to_curve"); crate::curve_testing_suite!(G1, "endo_consistency"); diff --git a/src/pluto_eris/curve.rs b/src/pluto_eris/curve.rs index 7cd68205..0cfd806b 100644 --- a/src/pluto_eris/curve.rs +++ b/src/pluto_eris/curve.rs @@ -196,16 +196,17 @@ impl CofactorGroup for G2 { } fn into_subgroup(self) -> CtOption { + // TODO: Handle the case where the point is already in the subgroup. CtOption::new(self.clear_cofactor(), 1.into()) } fn is_torsion_free(&self) -> Choice { - // group order = p + // group order = q let e: [u8; 56] = [ 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x01, 0x30, 0xe0, 0x00, 0x0d, 0x7f, 0x70, 0xe4, 0xa8, 0x03, 0xca, 0x76, 0xf4, 0x39, 0x26, 0x6f, 0x44, 0x3f, 0x9a, 0x5c, - 0xda, 0x8a, 0x6c, 0x7b, 0xe4, 0xa7, 0xa5, 0xfe, 0x8f, 0xad, 0xff, 0xd6, 0xa2, 0xa7, - 0xe8, 0xc3, 0x00, 0x06, 0xb9, 0x45, 0x9f, 0xff, 0xfc, 0xd3, 0x00, 0x00, 0x00, 0x01, + 0x7a, 0x8a, 0x6c, 0x7b, 0xe4, 0xa7, 0x75, 0xfe, 0x8e, 0x17, 0x7f, 0xd6, 0x9c, 0xa7, + 0xe8, 0x5d, 0x60, 0x05, 0x0a, 0xf4, 0x1f, 0xff, 0xfc, 0xd3, 0x00, 0x00, 0x00, 0x01, ]; // self * GROUP_ORDER; let mut acc = G2::identity(); @@ -244,6 +245,8 @@ new_curve_impl!( mod test { use super::*; use group::UncompressedEncoding; + + crate::curve_testing_suite!(G2, "clear_cofactor"); crate::curve_testing_suite!(G1, Eris, G2); crate::curve_testing_suite!(G1, Eris, "hash_to_curve"); crate::curve_testing_suite!(G1, Eris, "endo_consistency"); diff --git a/src/tests/curve.rs b/src/tests/curve.rs index b89863cf..898c141e 100644 --- a/src/tests/curve.rs +++ b/src/tests/curve.rs @@ -399,6 +399,22 @@ macro_rules! curve_testing_suite { } }; + ($($curve: ident),*, "clear_cofactor") => { + #[test] + fn test_cofactor_clearing() { + use rand_core::OsRng; + $( + for _ in 0..50 { + let point = $curve::random(OsRng); + assert!(bool::from(point.is_on_curve())); + use group::cofactor::CofactorGroup; + assert!(bool::from(point.is_torsion_free())); + } + + )* + } + }; + ($($curve: ident),*, "endo_consistency") => { #[test] fn test_endo_consistency() {