diff --git a/README.md b/README.md index 78eb7003..43ec4a3a 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,7 @@ including - SM4 - VMAC - X25519, X448 +- BLS-12-381 - ML-KEM (Kyber) - ML-DSA (CRYSTALS-Dilithium) diff --git a/schemas/bls_aggregate_verify_schema.json b/schemas/bls_aggregate_verify_schema.json new file mode 100644 index 00000000..75394050 --- /dev/null +++ b/schemas/bls_aggregate_verify_schema.json @@ -0,0 +1,109 @@ +{ + "type": "object", + "definitions": { + "BlsAggregateVerifyTestGroup": { + "type": "object", + "properties": { + "type": { + "enum": [ + "BlsAggregateVerify" + ] + }, + "source": { + "$ref": "common.json#/definitions/Source" + }, + "ciphersuite": { + "type": "string", + "description": "The BLS ciphersuite identifier" + }, + "tests": { + "type": "array", + "items": { + "$ref": "#/definitions/BlsAggregateVerifyTestVector" + } + } + }, + "required": ["type", "source", "ciphersuite", "tests"], + "additionalProperties": false + }, + "BlsAggregateVerifyTestVector": { + "type": "object", + "properties": { + "tcId": { + "type": "integer", + "description": "Identifier of the test case" + }, + "comment": { + "type": "string", + "description": "A brief description of the test case" + }, + "pubkeys": { + "type": "array", + "items": { + "type": "string", + "format": "HexBytes" + }, + "description": "The compressed public keys" + }, + "messages": { + "type": "array", + "items": { + "type": "string", + "format": "HexBytes" + }, + "description": "The messages that were signed" + }, + "sig": { + "type": "string", + "format": "HexBytes", + "description": "The aggregated BLS signature in compressed form" + }, + "result": { + "$ref": "common.json#/definitions/Result" + }, + "flags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of flags" + } + }, + "additionalProperties": false, + "required": ["tcId", "comment", "pubkeys", "messages", "sig", "result", "flags"] + } + }, + "properties": { + "algorithm": { + "type": "string", + "description": "The primitive tested in the test file" + }, + "header": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Additional documentation" + }, + "notes": { + "$ref": "common.json#/definitions/Notes" + }, + "numberOfTests": { + "type": "integer", + "description": "The number of test vectors in this test" + }, + "schema": { + "enum": [ + "bls_aggregate_verify_schema.json" + ] + }, + "testGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/BlsAggregateVerifyTestGroup" + } + } + }, + "required": ["algorithm", "header", "notes", "numberOfTests", "schema", "testGroups"], + "additionalProperties": false +} diff --git a/schemas/bls_hash_to_g2_schema.json b/schemas/bls_hash_to_g2_schema.json new file mode 100644 index 00000000..452839d3 --- /dev/null +++ b/schemas/bls_hash_to_g2_schema.json @@ -0,0 +1,98 @@ +{ + "type": "object", + "definitions": { + "BlsHashToG2TestGroup": { + "type": "object", + "properties": { + "type": { + "enum": [ + "BlsHashToG2" + ] + }, + "source": { + "$ref": "common.json#/definitions/Source" + }, + "dst": { + "type": "string", + "description": "The domain separation tag used for hash_to_curve" + }, + "tests": { + "type": "array", + "items": { + "$ref": "#/definitions/BlsHashToG2TestVector" + } + } + }, + "required": ["type", "source", "dst", "tests"], + "additionalProperties": false + }, + "BlsHashToG2TestVector": { + "type": "object", + "properties": { + "tcId": { + "type": "integer", + "description": "Identifier of the test case" + }, + "comment": { + "type": "string", + "description": "A brief description of the test case" + }, + "msg": { + "type": "string", + "format": "HexBytes", + "description": "The input message" + }, + "expected": { + "type": "string", + "format": "HexBytes", + "description": "The expected hash-to-curve output point in compressed form" + }, + "result": { + "$ref": "common.json#/definitions/Result" + }, + "flags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of flags" + } + }, + "additionalProperties": false, + "required": ["tcId", "comment", "msg", "expected", "result", "flags"] + } + }, + "properties": { + "algorithm": { + "type": "string", + "description": "The primitive tested in the test file" + }, + "header": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Additional documentation" + }, + "notes": { + "$ref": "common.json#/definitions/Notes" + }, + "numberOfTests": { + "type": "integer", + "description": "The number of test vectors in this test" + }, + "schema": { + "enum": [ + "bls_hash_to_g2_schema.json" + ] + }, + "testGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/BlsHashToG2TestGroup" + } + } + }, + "required": ["algorithm", "header", "notes", "numberOfTests", "schema", "testGroups"], + "additionalProperties": false +} diff --git a/schemas/bls_sig_verify_schema.json b/schemas/bls_sig_verify_schema.json new file mode 100644 index 00000000..2c8024cb --- /dev/null +++ b/schemas/bls_sig_verify_schema.json @@ -0,0 +1,87 @@ +{ + "type": "object", + "definitions": { + "BlsSigVerifyTestGroup": { + "type": "object", + "properties": { + "type": { + "enum": [ + "BlsSigVerify" + ] + }, + "source": { + "$ref": "common.json#/definitions/Source" + }, + "ciphersuite": { + "type": "string", + "description": "The BLS ciphersuite identifier, e.g. BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_" + }, + "publicKey": { + "$ref": "#/definitions/BlsPublicKey" + }, + "tests": { + "type": "array", + "items": { + "$ref": "signatures_common.json#/definitions/SignatureTestVector" + } + } + }, + "required": ["type", "source", "ciphersuite", "publicKey", "tests"], + "additionalProperties": false + }, + "BlsPublicKey": { + "type": "object", + "properties": { + "pk": { + "type": "string", + "format": "HexBytes", + "description": "The compressed public key" + }, + "group": { + "type": "string", + "enum": ["G1", "G2"], + "description": "The group the public key belongs to" + }, + "keySize": { + "type": "integer", + "description": "The size of the public key in bytes" + } + }, + "required": ["pk", "group", "keySize"], + "additionalProperties": false + } + }, + "properties": { + "algorithm": { + "type": "string", + "description": "The primitive tested in the test file" + }, + "header": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Additional documentation" + }, + "notes": { + "$ref": "common.json#/definitions/Notes" + }, + "numberOfTests": { + "type": "integer", + "description": "The number of test vectors in this test" + }, + "schema": { + "enum": [ + "bls_sig_verify_schema.json" + ] + }, + "testGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/BlsSigVerifyTestGroup" + } + } + }, + "required": ["algorithm", "header", "notes", "numberOfTests", "schema", "testGroups"], + "additionalProperties": false +} diff --git a/testvectors_v1/bls_hash_to_g2_test.json b/testvectors_v1/bls_hash_to_g2_test.json new file mode 100644 index 00000000..38292373 --- /dev/null +++ b/testvectors_v1/bls_hash_to_g2_test.json @@ -0,0 +1,371 @@ +{ + "algorithm": "BLS", + "schema": "bls_hash_to_g2_schema.json", + "numberOfTests": 34, + "header": [ + "Test vectors for hash_to_G2 on BLS12-381.", + "Uses the BLS12381G2_XMD:SHA-256_SSWU_RO_ suite", + "from draft-irtf-cfrg-hash-to-curve." + ], + "notes": { + "HashToG2": { + "bugType": "BASIC", + "description": "A hash-to-curve test vector.", + "links": [ + "https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/" + ] + } + }, + "testGroups": [ + { + "type": "BlsHashToG2", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "dst": "QUUX-V01-CS02-with-BLS12381G2_XMD:SHA-256_SSWU_RO_", + "tests": [ + { + "tcId": 1, + "comment": "empty message", + "msg": "", + "expected": "a5cb8437535e20ecffaef7752baddf98034139c38452458baeefab379ba13dff5bf5dd71b72418717047f5b0f37da03d0141ebfbdca40eb85b87142e130ab689c673cf60f1a3e98d69335266f30d9b8d4ac44c1038e9dcdd5393faf5c41fb78a", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 2, + "comment": "single byte 0x00", + "msg": "00", + "expected": "a8d9abe7d2e69300aa47c207ca99ffd18ee6c13ef7186dccd41d871c5f099890249ce3d0525309897d76400331c27ac00077696ca06f7db3c5693eab4d20f1eb2adc60919aee3bb3f41fd8900f36241492fbfc3d723042c513bea61f171cfbcc", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 3, + "comment": "single byte 0x01", + "msg": "01", + "expected": "81667757d2128db29309550983cce108293d84b8474fa3ef7f9eb5839ecddacc94226fc796c0a4436b358de4408ef56303fadcd8d5739050732dec0aecbaccbb3a0b16b635ba01ad9b3a52672f354246ede1575cb1ad2969309b2761fb4577ef", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 4, + "comment": "single byte 0x7f", + "msg": "7f", + "expected": "a939516a7205ca8065c20e3fd67e2771bbf72175e23c3d2a28fd9d2185c67bbf8f4f8a0480259ae0fa7239ab28c9ac06072f5d18cd25c2acc995857567b5e38e9e050813db2bc941729864d024b7992c71ceb620caa73f1a30048e696c74dbf9", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 5, + "comment": "single byte 0x80", + "msg": "80", + "expected": "835f0ffbf2d19ac16e8a8fce1476568cd83204a2787e2ca2889eca88db556e9433be13e7bcf2cf84d0c60eafd03d5d990d3ad4a4ce3dfcaf1d1ed70aedb71a35423010fac6eb5544c5367174e95568b1295a1ec70abb581ce97b614c1c0fde30", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 6, + "comment": "single byte 0xff", + "msg": "ff", + "expected": "a17a35cf52471eda4c2b2687114afd0561fe7962b84489de03c4229102236cd0b33ef9b13f2af0a18270656420bf84ba0296c092c39ff3a66400bb1c30ef84a3b8b719bec78deb20c8c3ae5177d284812bcb9857ab2ab0ee1492e5188d184b6b", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 7, + "comment": "ascii 'abc'", + "msg": "616263", + "expected": "939cddbccdc5e91b9623efd38c49f81a6f83f175e80b06fc374de9eb4b41dfe4ca3a230ed250fbe3a2acf73a41177fd802c2d18e033b960562aae3cab37a27ce00d80ccd5ba4b7fe0e7a210245129dbec7780ccc7954725f4168aff2787776e6", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 8, + "comment": "ascii 'abcdef0123456789'", + "msg": "61626364656630313233343536373839", + "expected": "990d119345b94fbd15497bcba94ecf7db2cbfd1e1fe7da034d26cbba169fb3968288b3fafb265f9ebd380512a71c3f2c121982811d2491fde9ba7ed31ef9ca474f0e1501297f68c298e9f4c0028add35aea8bb83d53c08cfc007c1e005723cd0", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 9, + "comment": "ascii 'test'", + "msg": "74657374", + "expected": "b53a7c3920a7c5eaba55dbc30d891d2556ba7950b1789caf49c4ee93c6ee29a67801534d58bf663a4e019bbab87d10d11709c63671be73b036ddf0e51f13f29183624134bcabcc469ae393773d09d63a67cb9149ee3ade05f8fb8261f14da9e3", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 10, + "comment": "ascii 'BLS12-381'", + "msg": "424c5331322d333831", + "expected": "a96e14f22cccbfe0a6e0c8dfbcf50a67e6055630d7321da95e1830f9638ac29fc04f4fe7c71684a209e0a088da074630148bb262fd93101b601af0d18e0e019d6e4e6627549a0b47654aca83c4966b292fb93cebdbffa9cafa2173119dab8750", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 11, + "comment": "ascii long string", + "msg": "54686520717569636b2062726f776e20666f78206a756d7073206f76657220746865206c617a7920646f67", + "expected": "85a3c604ea4a5f6d9ac9d6c39475cb27b4c0dc461738bcdf929c7b88feb7a9a6529c5ac9574cf7ac09677375a2823d14194b6092d3b7eb4182419c14df433af5ac6d3dbb60354b06ccd2e364a3f90547bd17469f6aba721811636918d25bb22d", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 12, + "comment": "2-byte message", + "msg": "8e59", + "expected": "8912e6fdf8682fbdbdbf0d659b519344df87259468240a7c40e6fde1962d6cf9a8513ec48d244aeaafbe58d87bbafbbd08edc90cf9001b38583532d41425168e005b0c5af6bf4cbe5e46a8dbe03f89e7b2df90f3210a99f3fece1b4e7527e23d", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 13, + "comment": "4-byte message", + "msg": "5a2f3d74", + "expected": "b42e76454a1cf7322547130ae6d29745f9ddcd4345caba433c210ac6838544350e16e3545ad3afaf11a1b97cbf3207f00be8d83e41503a7f00cc73f2f31e2ddcf6801e43f7eb4460831d02899a264a626f5e6ffc8a08cee296ed78dbff0e1ec2", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 14, + "comment": "8-byte message", + "msg": "a9eed55ec5167e3a", + "expected": "81997f8cfd6dd425d547e6c12362aa4b427574966319e5a260bf860194722d12fbbf84b7d65574dc3cc4eb26f790552e128b1eacb93715bb2e0dbaf30291b2907c5e0796c1c4071857b8f1aeb1818a505d042667af4d7ad0383d3d4381276132", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 15, + "comment": "16-byte message", + "msg": "aa54dc9b3bbf9283bcb5fc33be3fd281", + "expected": "a63986e6f07fb8ee35cc2b4565b770cde5691f7ac81998d73a7571dbff2783d880550cafc518039f1da57109c8087f9b13b66852592a7a5fdaa6193506854e80fcac5fa0a79fb5640d8dc9ab427717cf0c3b0b9668289d886aa0000d6a698864", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 16, + "comment": "32-byte message", + "msg": "185b4280f2af0c7be085b7e89a350e86f65c0cca550f3ff10a420b0c2857ddc1", + "expected": "88abb81fc7221f8ccad98516fd28a5068cbb0fb24bd0884b41ee6a72f53559fa1288043a9f0dc5b5226bb8679540ac8416ab624fe58a53839a311ed31d79580aa1c9b850a5157f3d31d99a464b4d9a6755b9968d93b48a068519d7760e19c7f2", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 17, + "comment": "64-byte message", + "msg": "0128793cb89dc776b404104fe7e0d1393fc73ff6f0c1f36994596ef6ef9e8938a4e42bba4933e7108e7a7b79679c79653d9ef2eaadc786d0cf72e51f5f0caca6", + "expected": "93b7c1350c6c5bed4d3e5da809ab30919234ecd292c7d5fe87d7a609a90174c6b267151d5460be4a72e2505ee26d4c8902eb670743de186821c6bfd07ee97ae53e4639a91f3982707b6a9b819cf6626f5ba106b9dd19824199255ed3653c110a", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 18, + "comment": "128-byte message", + "msg": "bc1e93ae44bdfa6b11230546cf3d4de9a79098737a3adda9568a0fe4c007a05fdb5156e8acd41c018ead720c7866fc2cca7e644c5f7f8eb04e6a37e9be502a08920cec23be0c0e20788fc7f7c4fbfbd3e5c481c23b12fe4c4377784e7c30c4b573568200ccc5a836324c1b5422103bee1c09209bbe0dc65aaee31fa1b939f438", + "expected": "8e4f17fc8469ab574a910f6075cefa5882dc85e4b6f000d270a2a673f68823afce2d31aacf4939b0a3d1a70b121959c70a96d1dbd4fd0dcc6df8d773219cda3494c0bb4551d4137809bb827c6e3dda427ab0119cd7136931a3ce518630d0d64a", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 19, + "comment": "256-byte message", + "msg": "22d49e13ba75c4a8e630666d7986dbc60f61b3ea0b3545800421b8b67493728ba46f0db78aae5edf1dd4873227acfb2f468d7e2822396e9deaac008b7df03cedd2ced20c8c7703f0c2f85a7e8934c70e9e85256594c33a2b7377f849543a6b3c61aa092b9aae9ed4a1685bf61ae5137e2e2f872c115bf245008aa2dcb81512537b160e5ac975d1f59d2bd321991f6d234a24264c650d7980fe2f0fed9d7cf8d60b533b344e83f4a242f4592348e6af57da3fb9abbab210215ebedb8570b2f23c0cc4334a76aa52fb6a50e9da279525f198eeee2a684d1c82e0d76e165fb14e67b7011d293d1970988d00da27b4991ef55696686ddeb7a67349a49fecd2661a2f", + "expected": "95296d563e6c1f02d073b82001713477f15cc05b260b5ec845a7df0bbc9fa27509c1fa5347968b8bac908f6e23aacccb0ed0dead5f41342e236ee5a85ce69a44eec66040acd6d11bcc04d8241fb82ac2fe2f26882551ff9735f69ec0346d1398", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 20, + "comment": "512-byte message", + "msg": "f6ddf2dd63d8f3eba7a4697225575f9b52dd408e6fa9797ee2e64525d33cc5f78d1b3857cce2bf2286b50a8dacb83f89530eef32f606fd19bf4a32140de199a4545f3ada8a1bc0311a6f62f8d65f591e993ab7c76a38e5483eb90c4026cfc34b152ddf7f94d237e41948d6bd60d27416913d4645ea2d315a899d9c1936ec662bda70af79db1ed7d2cab7733d11c69b09af87e1636a0867db37a837fb7977e16f4bc461dfe92c832d850f7ff7cd6eb5379e4a4a2bf542ec89fcb0ea48c1d21e533b06f902dfa2c29f9cda384322e9182fdafeafe012fc7b216e4f7048e6d43ce10f2b9c33e862b92da6e61d3e54ac9af5f8507497641bc3c6239ce49a2e55f8f947ad7f1542fab83421bcb01853ce93e4ad5b2a525df1884155de8e28c25060f2a73f00fe9a7dc9f10eaade0a21cf0fabbb0fde7469cb2f039aff0386bd706eb2e0d50ebbf89f3d3065db9e542548d0b6ad74fbf9e851756f143a101b31ca977cf3374e713c2fe1cb78a52686c70196d2acc917eab4d9533c05d2fe4b51d25e19869ff5d0f3490c4e2f11d0c4c5311cadb95899d2b24abbc17ecb42f12d4eb46dd782936eda6df829d39227c130408580f47029f5a32457f7a57d59d33139ab17e2a875e5d994168ef257a7042ed4504c83c3320b5ed2e8c32a3eb6f058343c9346e8597856e4f2194c4171096853f786063678024061e3b85db5d3baba4c82a6", + "expected": "a1a748816732149f31846d22c84607d39cb15ffd63edd2a8ff1da1716e5815dc12f6fb1507f7ae939b93a1abd7692c2b0830113cedb6930b2fb4b69dd355aad875afbad101c7dcbf916d7040731272ebee3a6261f27dd5df59103b416404c270", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 21, + "comment": "1024-byte message", + "msg": "493384c31a59bd05ba7cbf2d80ddacd338005839c7521b16f3fc4120ca450b9fa8e0a6a1fcafedf3923fb9b5bde841f8e0966a684cb600aac87dc13dbb7036c6acd8391b8eda64bc037426b820db66c5494842ed729e1386d405c771bb3f77c794a0525fd2db3c1c137dac35739165e95933c6bd1ab5aec3b1becbfac28df823ede520e4cd73fcd9f2105fab04905cb12775d1ecd7f062cc996126dda65fd5700cf43324ee737bd630e1c31950876c4da88e49fea7bfb637e2e0d34d90f38c9badd4efbec8db08703f7b3ab9a6a6503d5428ed60120beea02c8f70def195002abd323c0d2a35a5b27b9e7cc8b7f33dec1a274bc381bdbf2ac1833dea814ac3424a6715622ec48e68c7dcaca129708420f0945e7a0507e3b9b6a4c581ff9e31e8d9320338dc8af2b8f02b3f630ae274e59d58c1b89e78d15b4202889f8af9ca50237dc952ca05e4a690e6bb15e956652e1621709d3651a08758e80e550e19d4ad72c85e85e72ad33443841d1b404e242522bef2b0505b1d92fba1a66f86d3840c285931603ae4a7bc6e8fc8eccad138b433cc5a8aaffc7797d9f6961c1b72423c873630ca8b1420c8a738b54b26771583e508ee1b7563e28f1040fdf5e3e8035f85f600852d888b2fdc09679a4f26c53864c4bea4981b170e433ec78b8c04bfd6dc4af8e0a91f5a1db2fd5336100d42ba835605ef57e6f6247ebe8faa166b61156eae95263179e693bde9456e2b07cab7b3745db98685bb34e520afdedad58766c86679370e1c96d5105ea9f3554febb4ab0b3e620ac44e1cf6a61c98984675bacef6d0179c91911d9db40cf0f38180d1869c7f0ab3adbd415b64a075616bfdaf619be48af7f3575b0318158e33bbec0daecb0225d70341c63184a5e7604beecd05c860ef5f3e4eafd1b5576358c7cb64a393c27e173a8f70392fcd845c0198e48d6ce7e86413b97b0bffaeb7f881378c84ca23a3689e9bf5cd6faa718b9d3ea9243767c0f7b280f60dbd76708748d25d924bb31a3bdc4b3ceda8042928474ab31e85a88b1895f50a1ea2e9cb1ce8b6e74bae36d0d10cebf47fd8dafa96e67d4fafb67bf363d2bc270542d7e03182b909a4b7ac3ce6e7b0c8749037d661b7a2778ba23326948ff6fbaf1fda56852b13dc8eb6c78b43fdbdc365813c9a88567aa9e7e8186897b077c9ba736ed38cd63390e219ba52d45cbb53a1da9e8d3ab6c4ca389cfeadce4215851e0805cae5e68ced43c016ea92daad0effc999142d65a3c640b103deb0cabb31f271e8afcad5308c25c681ff67309991b25a55e15c2218efe16de58c83fce01f56f444b6dbc22faf05fd0a1e3a059b12641a55bcd0cc2faa54e34f0ace3cd3de79ea8aeabfafc3616816e7b81b14447c98b32cfc430b55fab7c4acedffe398baccb595cefb60fc7d80780f58888f2cce00b5bf053d5e253d", + "expected": "a4d662538c048f646730266f3ad09a919ff2602d726a04f32d3de9bee46a0dd11b863960ff476fa10cb9f5126c6df9fb06eabcd3691f61b501a9c0ab3f950651813dac30ab5137bf4a5817e4d60d7669e40bab529dcecd807193ac186d4b709d", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 22, + "comment": "all-zero 32 bytes", + "msg": "0000000000000000000000000000000000000000000000000000000000000000", + "expected": "a9396a508cf258775e19a775932b277a38f8278c7420552608bd942c7297251bb79cf0e15394894c733ab3b93c372cd5040ccf30e251b101922ce08372aa4b3f0874c97a65ab245031ff1889fdcc88332bce64573ccb2ae6d13d61b8492f2da1", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 23, + "comment": "all-0xff 32 bytes", + "msg": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "expected": "b61bf940b1abc48a50b781a323991a3a7fbdbc4952ed3a240a08221b4ab037172a2e47ee6e454e9d2f9489e4b08fbbb9077efbe142e9d9d4907eca90f5b1f0b9e930f12659d6546cafe32ecaadfc5b34d9b76f3767732776821edef177a6a354", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 24, + "comment": "alternating 0xaa 32 bytes", + "msg": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "expected": "a72fa6658cff5bcd49004876b0a3882c6e5257280a2d4f8aaaaf126f6acc5aa556e65c42e912f27416c599b00e8979e7159bcf972a000df169755f37102336afb3d88dbecbbe15087bc590308a8fcc2eff5e63238d0f6efa5bc2694ccf0064ae", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 25, + "comment": "counter message 0", + "msg": "30", + "expected": "865068a44f432d33f864331794af9a6950a8bba88b4daade0e2e4cc72b03733071c7eef37ca85563ba625b86c409f24d02f6c998d2ea17decf9d2e8b1ba5b14b03ef6ccc355dbdfcea5ebc31161f3d74f478c569e32edae14d69983ae172e83e", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 26, + "comment": "counter message 1", + "msg": "31", + "expected": "91888841db4d272f8b8c60e22de0d2c227872dda708fa9107ff04849c919100e287daa900e805fb64a5ab07b8ed2feb4043de14c67b7f2b62142afc9a141e29c898f8ce32397099b4e4c639dd4095b83f26bf8a38d9b76a69872f5bd3cb78a9f", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 27, + "comment": "counter message 2", + "msg": "32", + "expected": "86bfcfe762d3a9d71c5d4a0210cee0684c583cb3061be92be4eb7f9f15bf3ff21871b31f22e557ae1ece86f4754584230dd9084eebb62d06edaaf6d8339c2597a2a194961b4d64f7f096a1338c96070293f447d24e3b92153a4e83917b0c74f2", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 28, + "comment": "counter message 3", + "msg": "33", + "expected": "91c0840e18415a71012210160139d89d77452c3aa069a097c604ddd0b06993a1543d7072efbbfd9224ec7f27f458bdb70f476988822b996efa7fe6ee1c63a682d8c1618713b6f61b1a04454f488745054e62baf850be8bfb7914963c7f70780b", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 29, + "comment": "counter message 4", + "msg": "34", + "expected": "a30bfb01e2c45cc1f8ac659fbdb57bcae82e8abbad00cf14d8570fa6e583dc8c343a3984ceaa4dea2b232a2e2d23328609233e0410d8945a79ba22b9d732803ccf005488b0e062938b72e0dc040c81734a12c75d364073308d8254b5834a545b", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 30, + "comment": "counter message 5", + "msg": "35", + "expected": "a1f9e226d84dac75742d695b9e81887129183090e838a515d0b716d62af8c5f2ea0e054df5669f38d088911dcb7070bd0037b757906feca8d2264f842a22c6b89f86f09fc487d9ba5e7e282ce1a3d8922e72cf96e899fcf81027880a39556679", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 31, + "comment": "counter message 6", + "msg": "36", + "expected": "8217f7b95f5264e1549a2792bb131c1b863b751884d9ddaaf7b9e1c02d96487fb89ab3115fe2c4bbe918b8b073e717f50ed1ca73af95341043d2f183b782471428002d7247a1282d6b9c81f304544a8775329dc10414c5824f89d3f06ce34816", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 32, + "comment": "counter message 7", + "msg": "37", + "expected": "a84f2e253248ae25b326f2b913f99124d458237e85d4382930f958895e61add3108a6729a7de7f9cf927746939cd1d420075b0632345f814540d2aa0eca419edf8f01a2b6df51633167fc824cef32f8ec70edca2d6c90aca86397982755b8e84", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 33, + "comment": "counter message 8", + "msg": "38", + "expected": "a5c612ea0172b3501f2ff5567105ac61ab3248edc9df8d660ed240896dbc2a26d1737343f4285d3f3d1f870de3b73a5917e4002641a354617e096bdb54fbbd462eefba69e1197d02adab84aed2f44fb09fb907e19ca01933e2c2c88916b19949", + "result": "valid", + "flags": [ + "HashToG2" + ] + }, + { + "tcId": 34, + "comment": "counter message 9", + "msg": "39", + "expected": "88c434a14deb3207506167ececd343ad7fde21e8ad014728adc843810199f88bed6757763c82811fbdbe4e192eaae8af0cfd74fa172842c2ea488d5d41361c67499b79951def7fb15ea4b6ba7c5b564232c6dcf4c18efa93c95ddc6d39cd3c11", + "result": "valid", + "flags": [ + "HashToG2" + ] + } + ] + } + ] +} diff --git a/testvectors_v1/bls_sig_g2_aggregate_verify_test.json b/testvectors_v1/bls_sig_g2_aggregate_verify_test.json new file mode 100644 index 00000000..c80624a0 --- /dev/null +++ b/testvectors_v1/bls_sig_g2_aggregate_verify_test.json @@ -0,0 +1,401 @@ +{ + "algorithm": "BLS", + "schema": "bls_aggregate_verify_schema.json", + "numberOfTests": 19, + "header": [ + "Test vectors for BLS aggregate signature verification", + "using the min-pk variant (public keys in G1, sigs in G2).", + "AggregateVerify checks multiple (PK, message) pairs", + "against a single aggregate signature.", + "See draft-irtf-cfrg-bls-signature-06, Section 3.3.4." + ], + "notes": { + "EmptyAggregate": { + "bugType": "EDGE_CASE", + "description": "An aggregate with zero signers.", + "effect": "The spec says AggregateVerify with n=0 returns INVALID.", + "links": [ + "https://datatracker.ietf.org/doc/draft-irtf-cfrg-bls-signature/" + ] + }, + "IdentityPoint": { + "bugType": "EDGE_CASE", + "description": "The identity point appears in the aggregate.", + "effect": "Identity points as signatures or keys must be rejected." + }, + "InvalidFlags": { + "bugType": "AUTH_BYPASS", + "description": "The aggregate signature has incorrect flag bits." + }, + "MismatchedCount": { + "bugType": "AUTH_BYPASS", + "description": "The number of public keys and messages does not match.", + "effect": "Implementations must reject when counts differ." + }, + "NotInSubgroup": { + "bugType": "AUTH_BYPASS", + "description": "A point in the aggregate is on the curve but not in the subgroup.", + "effect": "Accepting wrong-subgroup points enables rogue-key attacks." + }, + "NotOnCurve": { + "bugType": "AUTH_BYPASS", + "description": "A point in the aggregate is not on the curve.", + "effect": "Accepting points not on the curve can lead to forgery." + }, + "TruncatedSignature": { + "bugType": "AUTH_BYPASS", + "description": "The aggregate signature has been truncated." + }, + "ValidAggregate": { + "bugType": "BASIC", + "description": "A valid aggregate signature." + }, + "WrongKey": { + "bugType": "AUTH_BYPASS", + "description": "One of the public keys does not match the corresponding signer." + }, + "WrongMessage": { + "bugType": "AUTH_BYPASS", + "description": "One of the individual signatures was over a wrong message." + } + }, + "testGroups": [ + { + "type": "BlsAggregateVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "tests": [ + { + "tcId": 1, + "comment": "valid aggregate of 3 signatures", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28", + "8761d17dcade7eee617ad92775d7925c502571427f705a7696471f45d74b7d09eb25e5c18cd703dcf97f2b3ee9031a88" + ], + "messages": [ + "8489c433fa44a7d279106de6513747da82e0d2b9b822f61374028002c69df357", + "85983873aa35e9c74d68903852fe70650fb3adabc6e672e1452cea6af6b292f9", + "75d6f563b2b6926a0bd56b382f12f05b2db6526b3dd647924ce6d273af9583ec" + ], + "sig": "a5122955c85f5cba46a7802964d74cb9304d5ff73658cf58940f096782d9eee8a296760212cb25e64cf5f2ea7612ccc1130fe52c01edba642b1c16aec655a2849f819fd160531dde63a1d3429bbf072857c04fbcfdcd2ad0191ef6ea9fdea513", + "result": "valid", + "flags": [ + "ValidAggregate" + ] + }, + { + "tcId": 2, + "comment": "valid aggregate of 1 signature", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166" + ], + "messages": [ + "d500134708d0d44609afb87a37c1e239a5672aba35b5b180d3d8c80ed2e405e0" + ], + "sig": "a582387f7ee2b4990b04d3202308fbf3ab40e02d8ef0fe06e9e6fc5484201dcccac05db4a0907773404aff117d4b94931134bdf082a24db5e512dad974732c01a543232b83b951f7d07aef4dcf5fbc7c27a0b90c3491f4323fab3b6b7783ec08", + "result": "valid", + "flags": [ + "ValidAggregate" + ] + }, + { + "tcId": 3, + "comment": "valid aggregate of 5 signatures", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28", + "8761d17dcade7eee617ad92775d7925c502571427f705a7696471f45d74b7d09eb25e5c18cd703dcf97f2b3ee9031a88", + "abd1eeb22b802f853e743e96ef517d3617d3f8b4316d63cf702956b3cb759654ce1f822dd13c9b2ed8be6025d35c09c7", + "98888259262d10708b6464e26c4bac999dea189e91c26f979f9421085d8c9af1be5b2c3141805958809367d94927b0ee" + ], + "messages": [ + "c097afa0aee9493ce593c0078320dc48a7fd16bf5ff6e942f443d2ae31d99709", + "1a2084426a66bd29a2c3149cfbd681f32b8e37d9df19e327ead114f439635c86", + "bfe504f400b56c9e9d2304c4a0086bfdd5e142025a256f492ecc589a38e9a913", + "b555e1a19d1e5dc082b32244c976fee91376f2cbe3b0d4b9c89fa0cc223ad847", + "641b19034eea6e5f2c449f2431156ccfe79d9d6c070598079c1f39c9263bdfb4" + ], + "sig": "8855a532a63b024344926ea29a7c0eadfbb7f100e146af83b70bf471a7e8211eb14de274aac2597e74aa0679e1086b3715db07740d485ead7bcb3fc60ff97eb2b030bdc0decbf55c2ac7a5dea384b2470fdb6794b6ff733898445cea8aa73a13", + "result": "valid", + "flags": [ + "ValidAggregate" + ] + }, + { + "tcId": 4, + "comment": "aggregate with one wrong message", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28", + "8761d17dcade7eee617ad92775d7925c502571427f705a7696471f45d74b7d09eb25e5c18cd703dcf97f2b3ee9031a88" + ], + "messages": [ + "56233089b53bb6c737a2873039c089ea3ca37feda1e7b0f7a24ef0f9b4152f6a", + "8ef50607162fbe2625548b487f94d80020342e837253fe7738f4cfde41229a16", + "658879ba2bc16ff26399895adbe8a4b4e88adf87a626355ff5fac49d98e2b968" + ], + "sig": "a79729563b3e97a04150f19634307309f972a00bc742f134b9ccb0339d36a65467fd6259424386a4e308df066fd5de6a078f8c9336d9f2b606e0b4965b4c26b440dd51512e0ff098c36dabcef0639116b38180b8a34113e0d1c4a005cee4cceb", + "result": "invalid", + "flags": [ + "WrongMessage" + ] + }, + { + "tcId": 5, + "comment": "mismatched pubkey and message count", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28" + ], + "messages": [ + "79618030148ddcfbf1ecdee3bac0444fd443a1bfd9b17d84315a31dac40a6bf1" + ], + "sig": "93c27e6bece0c6f86accbf47acce8abe1f5e7e1142ca5b0c3c201a93e50a006e4239c51462e0c0ae83dbc0ec80165525049032f9f8273e3c9ecc08dc22661acb9e2c5b57e02b712df7589f2c14e5c76a8dabbf293b73a1a8e467b5340a5b0b29", + "result": "invalid", + "flags": [ + "MismatchedCount" + ] + }, + { + "tcId": 6, + "comment": "empty aggregate (no signers)", + "pubkeys": [], + "messages": [], + "sig": "c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "EmptyAggregate" + ] + }, + { + "tcId": 7, + "comment": "identity point as aggregate signature", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166" + ], + "messages": [ + "47f6088129f8e0f40dab31b1b489b35a8547e8e8e041429cacdf8cf0fba04f05" + ], + "sig": "c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "IdentityPoint" + ] + }, + { + "tcId": 8, + "comment": "identity public key in aggregate", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + ], + "messages": [ + "5078aa2b3d8512508d6217b3e0e8131ee5e185ed963aca0f28f33bad44915216", + "194016d37e9250a6abfacf1259d14e9d8f67f30adcbc6797d59032ff5f40adcb" + ], + "sig": "9453a1ae27d5d796bb6c2e1edf538a0929268caa7ca39961041530376143f3233ca7e0e236f3f1f7b05b665aba47082108b39c589b3d95bfef2aaad894711233b0192e39a7aa019cfab9d11f4596c2e311b1e0d4d7ca58b35c5fd3d44dfc2987", + "result": "invalid", + "flags": [ + "IdentityPoint" + ] + }, + { + "tcId": 9, + "comment": "valid aggregate of 2 signatures", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28" + ], + "messages": [ + "471a23ccf1f3d2e18652ec28938a7c60e0020ccbb36844222f15416d135d20a6", + "b4b14b8868da9c5092a5a87b57e0e1f6559aaef72cf880be248a1d8a20f8745c" + ], + "sig": "870b43f339a83e85b9ca36171df5bebf4bc470b016e9af1b5fd45dbeed17a5aeb7050d8ca746a2500580e836de28032904e45fff0caa138b64443358c36ee35f235fb1647014dc6fffb3ae0e9a0e68966cb44f4664313348e135aaac030e2e44", + "result": "valid", + "flags": [ + "ValidAggregate" + ] + }, + { + "tcId": 10, + "comment": "valid aggregate of 4 signatures", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28", + "8761d17dcade7eee617ad92775d7925c502571427f705a7696471f45d74b7d09eb25e5c18cd703dcf97f2b3ee9031a88", + "abd1eeb22b802f853e743e96ef517d3617d3f8b4316d63cf702956b3cb759654ce1f822dd13c9b2ed8be6025d35c09c7" + ], + "messages": [ + "89e46729c71a257787a6da201688fd1df7384232dd22d5e3f5e49b4ff7ce402a", + "4c21fe8abc8fed83c88533179b0947c91c8467d0aa4dd880f09e759f43a41789", + "5f5fee8593e26d4c47a27a1a1832162227cbcdbd065b1f29e2c35f8d783dad19", + "4fe88aaa90aef88733e9d5689ca744105972b03e36db79b3cdd5b90396ba6974" + ], + "sig": "87ff7459abaa62d9e5fdf4bcb55bcb8c5259985b6998016d15fab547f36df6fc3c178c50dff1f5a909643355dda4b19712525f58d362e66e482dc3b01868316ca7382a10db7b641560bbcde2c21c3deb521df4ed8fbd8a68f808293f9a191e05", + "result": "valid", + "flags": [ + "ValidAggregate" + ] + }, + { + "tcId": 11, + "comment": "valid aggregate with one empty message", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28", + "8761d17dcade7eee617ad92775d7925c502571427f705a7696471f45d74b7d09eb25e5c18cd703dcf97f2b3ee9031a88" + ], + "messages": [ + "f134e797d12a7e28306de70f10d8e9f60366380a2127c807935f10498c77f22d", + "3f6924f05454646cd33d903784c6847da4511af6ed61b93a77bfef0875b5570e", + "" + ], + "sig": "b6a149b65aafde0efc67a6777f6d70dd58513ed77d52790b966902fed52f025d201eddae3045b9420dcd7a3eff2d0614038f3325cd47ffc80207c66f7a99894212b3fa2f9fbe69a6ec48cbcca66db0630c53c7296ca75fa1dfce79ec28a29470", + "result": "valid", + "flags": [ + "ValidAggregate" + ] + }, + { + "tcId": 12, + "comment": "aggregate with wrong key at position 0", + "pubkeys": [ + "98888259262d10708b6464e26c4bac999dea189e91c26f979f9421085d8c9af1be5b2c3141805958809367d94927b0ee", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28", + "8761d17dcade7eee617ad92775d7925c502571427f705a7696471f45d74b7d09eb25e5c18cd703dcf97f2b3ee9031a88" + ], + "messages": [ + "83945cf4bf485b04bad955d307cb3e82ac891d7ef1603c00addfed25113c9e31", + "b6c2a3a9e91128c7d652590be31246331ca77c2f393c9465ef3272cbb62f2845", + "116e9dfde19b58ad02c3ae4e9f8cc85cf926516f2e6021c297c06f015cf53c53" + ], + "sig": "acf2e4051e8adceb53cc57f0e8956ad919840cec0384311a4da12b56681e6608fbc5eed7e6a7ad2b3db2a997950271d910dc56480285b129415e8a7ad8fce1e9a1fbdc58352e25648911fa65476fd880fbab1c8e6673de3fa488c654707ea1c5", + "result": "invalid", + "flags": [ + "WrongKey" + ] + }, + { + "tcId": 13, + "comment": "aggregate with wrong key at position 1", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "98888259262d10708b6464e26c4bac999dea189e91c26f979f9421085d8c9af1be5b2c3141805958809367d94927b0ee", + "8761d17dcade7eee617ad92775d7925c502571427f705a7696471f45d74b7d09eb25e5c18cd703dcf97f2b3ee9031a88" + ], + "messages": [ + "4027c1f86d93e90c867c14d51080b87ccecc0ea0716c878fd1b87fe72dcb73d5", + "bf228b7d006874fdd47be7f5341ca437bd8ee261d99259a5401780bc3db2497c", + "aba086f97f764e83c26c1e3a761df295a32f7030d0c50ded82f7876d4b560f1b" + ], + "sig": "a4f26d95c302ddb2a68b63013ed09751c4e295ec6575477514d08a023071d6de8fdeaaa3ac4593e1f4acec32cfc48ab50f45f58005dfaee7eafbde01d87aca89d479abe68b5f456d550af390bde1fd9895c25131f7e56d4bea1583b2488427db", + "result": "invalid", + "flags": [ + "WrongKey" + ] + }, + { + "tcId": 14, + "comment": "more messages than pubkeys", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166" + ], + "messages": [ + "cc63358b34719f2ebe7766cb22a943d3ffc512379a129cb56b1b7329c9054862", + "5883974c97fe22b9f47242ca0ad0c7c770e029fea2d1d895c704175441efb7cb" + ], + "sig": "91ae46d44332f78103308984bd3efb419c65ef3285c2a858ffceb2172067f7622055f99ba5ecab4a0c0ce6a1b9eecd19113cb9f7f006e635764c8b46e77e6404407d18196f89fe4f6445bb719080ffb31b9acfa48d2afab73926ad1d2cb60ea5", + "result": "invalid", + "flags": [ + "MismatchedCount" + ] + }, + { + "tcId": 15, + "comment": "aggregate sig that is not on the twist curve", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166" + ], + "messages": [ + "73add243efcd56c7e6a971a3922910dc556b7c3c3502e407e446c9507356d08e" + ], + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + }, + { + "tcId": 16, + "comment": "truncated aggregate signature (48 bytes)", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166" + ], + "messages": [ + "fb57b45b0304b1c962c593cd0e245a83133caf3ae4b42051bb12009e9c362960" + ], + "sig": "883f7e412e994c10809a36551912207a72631967f58120b82a910cecdb4235490359a491a3dae32ed10577de78135b32", + "result": "invalid", + "flags": [ + "TruncatedSignature" + ] + }, + { + "tcId": 17, + "comment": "not-on-curve public key in aggregate", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001" + ], + "messages": [ + "74327bfbc189e23f5fbf45cb9c05cdb8ad057879ba48322d3e35c20e8f4d570f", + "761df242620141a81484e9028cd8561d564cf37561b2b61922c7ea283231266d" + ], + "sig": "ac42c832cfcf6dfd5ddacbf6be4f056db800d547b58a763c66cdf31905ec3103b3d28aba9e00bfd5778bacae5dbae82b18e2cbc3d8d1bad3a001bb0db7be5899327a9ece7f87f571cd483e10017caad2ade86ef9e04af74c34d1570d7c44df11", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + }, + { + "tcId": 18, + "comment": "wrong-subgroup public key in aggregate", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004" + ], + "messages": [ + "2e1954767a0ebd1a357934d6c80ec2c8706d19b87581269987f20607eea8782e", + "1c24b7aa7bff0ae14b1b3796453acf41b4eed3641b545a44675dbb1509b6473f" + ], + "sig": "b610971992f97691b74d933c907cf4505a5034594c3d753ed3e6ed8c3b9047f04c7a4425c4e9d14baaf6ac235b17192a0fdd611a16cc7b3a7db0b967039b0f78469e719ec33a89b4f42e06c849fedcef657b15f1c7ea5bbb2bbffab04a37d9e9", + "result": "invalid", + "flags": [ + "NotInSubgroup" + ] + }, + { + "tcId": 19, + "comment": "aggregate sig with compression flag cleared", + "pubkeys": [ + "8c8952f3238b417adceb667320f14a91ca01b7c23a77d48eeabd7ece4237e0ece219b58ca1cf752672a29976284b1166", + "84a0ee1d905f6bb760ad0af7d6fd17184505e782209c6bd8e1854d4cd294fa977a7c1c2347c04f7f7b754b2d89a20e28" + ], + "messages": [ + "b6a2b92cc0be49d573b50f2376921f2b9f3334e0d90df28fcd3417aa6f3a33a2", + "32ee4ba619075fe457e5358c5ce0286f2d26419ea7b627057d53ffbb08b7ea17" + ], + "sig": "26c9c498d7f6bd79ae35210a5a4a6b9d50f6f9ca0b3c6e61275b6d9e0a20a84309d24cf0ed49cc8aa5fda7ad09acca200b7398cb5ded17a190e8484ccc04cdc9a1aa7a483bfdf1a9516f3fe6fef4ad7ca23c20a28753292582465a055f0ad068", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + } + ] + } + ] +} diff --git a/testvectors_v1/bls_sig_g2_basic_verify_test.json b/testvectors_v1/bls_sig_g2_basic_verify_test.json new file mode 100644 index 00000000..f7e08bba --- /dev/null +++ b/testvectors_v1/bls_sig_g2_basic_verify_test.json @@ -0,0 +1,1245 @@ +{ + "algorithm": "BLS", + "schema": "bls_sig_verify_schema.json", + "numberOfTests": 88, + "header": [ + "Test vectors for BLS signature verification using the", + "min-pk variant (public keys in G1, signatures in G2)", + "with the Basic scheme (NUL DST).", + "See draft-irtf-cfrg-bls-signature-06 for specification." + ], + "notes": { + "MinimalInput": { + "bugType": "EDGE_CASE", + "description": "The test vector tests an edge case input." + }, + "EmptyMessage": { + "bugType": "EDGE_CASE", + "description": "The message is empty. Valid BLS signatures support empty messages." + }, + "FieldBoundary": { + "bugType": "EDGE_CASE", + "description": "The x-coordinate is near the field modulus, exercising boundary arithmetic.", + "effect": "Implementations with carry propagation bugs may mishandle values near the modulus." + }, + "IdentityPoint": { + "bugType": "EDGE_CASE", + "description": "The signature or public key is the identity (point at infinity).", + "effect": "The identity point as a signature or key is always invalid per the BLS spec." + }, + "InvalidEncoding": { + "bugType": "AUTH_BYPASS", + "description": "The serialized point has an invalid encoding.", + "effect": "Accepting invalid encodings may enable various attacks." + }, + "InvalidFlags": { + "bugType": "AUTH_BYPASS", + "description": "The serialized point has valid coordinates but incorrect flag bits.", + "effect": "Accepting points with wrong flags can bypass validation or produce incorrect points." + }, + "InvalidSignature": { + "bugType": "AUTH_BYPASS", + "description": "The signature is not a valid point or does not verify.", + "effect": "Accepting such signatures allows forgery." + }, + "LargeMessage": { + "bugType": "EDGE_CASE", + "description": "The message is large. Ensures hash-to-curve handles arbitrary length input." + }, + "NotInSubgroup": { + "bugType": "AUTH_BYPASS", + "description": "The signature point is on the curve but not in the prime-order subgroup.", + "effect": "Accepting points not in the subgroup enables rogue-key and other attacks.", + "links": [ + "https://eprint.iacr.org/2021/323" + ] + }, + "NotOnCurve": { + "bugType": "AUTH_BYPASS", + "description": "The signature point is not on the curve.", + "effect": "Accepting points not on the curve can lead to forgery or subgroup attacks." + }, + "SignatureMalleability": { + "bugType": "SIGNATURE_MALLEABILITY", + "description": "A modified signature that is mathematically related to a valid one.", + "effect": "Signature malleability can break protocols that assume signature uniqueness." + }, + "TruncatedSignature": { + "bugType": "AUTH_BYPASS", + "description": "The signature has been truncated.", + "effect": "Accepting truncated signatures likely means signatures can be forged." + }, + "Valid": { + "bugType": "BASIC", + "description": "The test vector contains a valid BLS signature." + }, + "WrongKey": { + "bugType": "AUTH_BYPASS", + "description": "The signature was computed with a different key.", + "effect": "Accepting such signatures means authentication is broken." + }, + "WrongMessage": { + "bugType": "AUTH_BYPASS", + "description": "The signature was computed over a different message.", + "effect": "Accepting such signatures means message integrity is broken." + } + }, + "testGroups": [ + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "a8dcb1a12da6c3bc426b2cf5fc40600470d256876c6eb610af1c883b866353435c784b76a7598ce79c055b4ca27d7d55", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 1, + "comment": "valid signature", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 2, + "comment": "valid signature over empty message", + "msg": "", + "sig": "98884b163752581da9a0e6f0e1ccf63ab60fda6d052a28c3f4aec1d93993a2478dc5ec5178af9d818d4e0a2c6a31337308a6afe2f86e12a47a1277dc9dd42ecf3944ce0a92a484c0c8920ed995f7b5e052d7124b873f6263a076d61bf0dcdbd2", + "result": "valid", + "flags": [ + "Valid", + "EmptyMessage" + ] + }, + { + "tcId": 3, + "comment": "valid signature over 1024-byte message", + "msg": "179f4c737782e5f79d8d027dc090f2ad3b6fb3738f829df5e65ddc5eff000e34068b5514ead86891b8c48e5d7b1c72fc0ec859659d1057128bde4407d73c3475f805196ac6609885a58b0bf3ccdca7844ad3ae50efb6d60f7072eff99c895c1383be2c429cf760d8fd94b1937e536443aa272619a15cdb15ef05e993da11e31c561b948e3e342f9939a26c63574949cce9e9d35f2e7f9c9774528e0901446a653dd199ac1f8540eeefc9f9a7f063b803446de37309243ba10fef3ba4aff28f1201702fcb155d72dfb7dcc8a35f306e4038811a87dad6db8def7a41c7c11ea94e7cf6e6a97424f3201a62b59162efa77cf5d00c23be3a2b3dc39331cbcf82b103433498204ba53043d91eb48f5304e5cb528927633929492895ad7bb8eb0483fe45b21f1cdbe442ad60a5745d4104c8016d9fdf02622ecffdd943b32c1a43f39d7b7f6d0cae256bf8c44f2c91c4ac946c1ae74c269bbcb08a39cd402a06014a0688d011bf56334f0b30a6a4d017c25b0e6a3ed93a8f065e3681db7803def6248a707d7b9ab2249a8f89b92fb13a35979c4fad00608a1c771df80d750736aa3dad1f882dadfe512a00bac0ef063c86d21c2be7c097bb76407da031d91c5a172060e10f6a4b03e1cc49f0304e838c5899aedbca3f1d1bdc5ca6a196579a4df41b6b77ed7284b8ec6021593d62a993094028dc8b15aa35cdde5e6768f08f192000850a0ac0666ddc41112aed14ff8c25169a49892e4a61c5d349b4b23dcaec2d37c84052a72fd7622c392eb8ac84d9627f56b7f132baa49db05d59d611f32612c9763164e583f8bf6777bdc52a9c50723252cb57eec992cd683fc87ce06c3bdb04ab0c675bc3a981b44e173c4a00bbf8ae86763b44a042f42936690d05a3d025f6629abf53c413f79717fb1038f42051f33253cae318aa0a36266dcec006ee6faa90a16817c7c122a11ca8040141e4de2e8780cdd81c63d4609a73a9ba8c90999a56db572a5d8e1c4f3d1251c4586fbf5acb8708280ca8def6bb4fd9c428946f74efc96f587d524b7695480dfaafe497c105554b4da1045584d574e84664edfe6f7df97537342f75bbcd276110e0f3d22345f2ed7dc98aa97e51006692c3f11b38180b785544a8d3a58a267d559cfa5b6d6f4a5ada8205b2ef1cb36f7f6ea282b0fc4d9e9ba6de97bdcac00f6874e2cd8ebf463d88a3bd24fd2a0aef91fa1e017575866477396ec311415d7c0b337120a6563534ca95edf3a94afb93f536053ff7f33995581f8484a18adcde6b46a7992763017ac2b5f2e2f5715bae3c533714ef6eb2c0d7923e1502fa76995f84b282dcc577ed8fb38371addbeae92e07422fe4b757928d2f4fb3e090411779d14eeba70494b491b963ed52d0198a55a34f934acb4802a2db30436d80757e8bfe5e2c0bc49dcad0e399ca686fa2be1530592144e0", + "sig": "8e86e4e399364b0cb55ddcb9584b4fc7454cbc939f3c6e44f30f39982824b8c534961c848ef3aa6abee5f05b4ff8d3d2067da1698c4f2e6f0dc961e247fdcd48063f83ff72a6e51bcc1e9b214aeb387116aac2308aabdee96c7f84a4be87d484", + "result": "valid", + "flags": [ + "Valid", + "LargeMessage" + ] + }, + { + "tcId": 4, + "comment": "signature for a different message", + "msg": "8d82f84bf32f563e9663ee83eac01a9a65ba0cf3ab70f35cfe017d6bf7133205", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "WrongMessage" + ] + }, + { + "tcId": 5, + "comment": "identity point as signature", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "IdentityPoint" + ] + }, + { + "tcId": 6, + "comment": "truncated signature", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa55", + "result": "invalid", + "flags": [ + "TruncatedSignature" + ] + }, + { + "tcId": 7, + "comment": "signature with extra trailing bytes", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa00001", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + }, + { + "tcId": 8, + "comment": "all-zero signature bytes (invalid encoding)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + }, + { + "tcId": 9, + "comment": "negated valid signature (flipped sign bit)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "ab980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "SignatureMalleability" + ] + }, + { + "tcId": 10, + "comment": "x-coordinate >= field prime", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "bfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + }, + { + "tcId": 11, + "comment": "valid signature but wrong public key", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "ac238e4e2aead949bb49717257391dd9343b0bf003482fde406d6e6530bab202095fabaea423e5c549fbaf2035bb9fd313fcfc6b8a64c0904c5395cd1cf2b1c0545a72fb5be33346999ecd827435e11694c04b54c01bf0f22ce8192338eeefdc", + "result": "invalid", + "flags": [ + "WrongKey" + ] + }, + { + "tcId": 12, + "comment": "valid signature #2", + "msg": "5dbcdf926e66d3495916191378e2aa8c876248d073bdf52433b09e8294e35299c906a3f580ff3528181fee1d20349bbe", + "sig": "ae1a6f672f812182bbc623372d48fa9c489335a9362b4d96f692299d9af4c0b15fe355a6fde61d4979cc7de291d37101144f61066f118babfd956df46dda15545e0a0d8ed8a7bb83d98f4cc55cef00d454c869746bd363d64568f1089cd848e3", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 13, + "comment": "valid signature #3", + "msg": "ffb4aed9ff410cc5f49a47f860a8e9e6a9dd63a1f7192dd802a817ce998495afe46b50fcbc35e2fb61eed29158710f58", + "sig": "8243cb6470f72994427160fb9003cf2c8cd905b479573a3f6427ed64d1c04df12f3d481843fc3e6219842b9fb64d641919d3b4340f2d5c65a618adf68c2187a7439dbf04ccd27a30b010e0cec25b23927a1254e7a050717172d05ab7bc482302", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 14, + "comment": "valid signature #4", + "msg": "c8e7fdbb75595ab337854a8dc66966bac6a1896a60a655ca7656069b60b72ee92cd2b1383438c0c51735e9ea00f0b55b", + "sig": "8d27554476d91937a5bf6a3c9a91b0bb77e962ed894aac5aaa7428d5a894666138d12eb66519a483d138ca57e2d64cc10cb89630285eacaff617d0b16998e673d34864ba648b381ffa157ed9bfc5f84896b15b77ab074f683b226cfaedaaaf88", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 15, + "comment": "valid signature on single byte 0x00", + "msg": "00", + "sig": "8905418855499bc72cef1aa0d7d492a90572607185f2a84b5983987e0bd6590633deb589555f922339b45dcc4af74f9a1186961e2805f62d0f8c573ccd3619b25f03f0333d8098ede988b02f6579679f4a2bbe402d314d14e36c43b84fec20f6", + "result": "valid", + "flags": [ + "Valid", + "MinimalInput" + ] + }, + { + "tcId": 16, + "comment": "valid signature on single byte 0x01", + "msg": "01", + "sig": "a9bc7776165d57ba9edbbd84526e1e1143fbad54ea06a08ead7afe857b6f25ff04de357592ab90b7d71bf3c7667d8f2604840c58e6ed170cdc2a2d4ff99fb79ce8fb17b03ef9caa7b4a1614672afa4a86b430bedea6e56fb3d58830e9471bca1", + "result": "valid", + "flags": [ + "Valid", + "MinimalInput" + ] + }, + { + "tcId": 17, + "comment": "valid signature on single byte 0xff", + "msg": "ff", + "sig": "8d534f952a28a2a1c7c0fa3dbe8524ed432deae01e22429019d1d483348ff09f65d13c4738278a9a40b43226d26d6079053af876802de300629b6869304ef25aba434fa9a5f809d5a3470c9e901d6093966114e697f50fbf1ab3242763ab0d82", + "result": "valid", + "flags": [ + "Valid", + "MinimalInput" + ] + }, + { + "tcId": 18, + "comment": "valid signature on 2-byte message", + "msg": "f29c", + "sig": "a26c96ca7ba0717134f730aa5543d6447c55d231f3f3d27893aae6b7aa2787f0e6d2d8709cd88004278f86a99166320b095ff97e113277cfacc1aa60a25b2cf699a66d0bacd030386edeb1c508580f3f8af314cca07326463dc7ec019200eaad", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 19, + "comment": "valid signature on 4-byte message", + "msg": "33cf2379", + "sig": "b8aa1643fb671cbc4c656184db6ce2938c51ce9df1824e872db8a76f5df2e86fd7eecf106e6d4c2fa48b11915b3cc5631146b06d348815ee586dbf3330260c2177dc223b48c934f4f5c0e02654fb941eafab57d8a99bf262c448d93a328612de", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 20, + "comment": "valid signature on 8-byte message", + "msg": "ea4a9e46bb4af645", + "sig": "99497bec9568b30a045f21510afb9fd8fab10450102781875f2690332eb21e8974d1aa0085751c362eade39c1b0964170025e41d44d8a8384a207faaf4b98e1041717c934a84abcb73990450dc10b902ba2b529126b8fca9261c86c0fe314df1", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 21, + "comment": "valid signature on 16-byte message", + "msg": "4d41c4e878a4b1fb044de1517e76f542", + "sig": "b415d6b2c1fc36105a6bb0d7a4a390a08d2fea4f280875e17e43d0f12260ced32b912ea15ebdc67611ac600582460f8116e5a058804a7bb1b8da5b69ffeb22cf2439f861bfdb4108e8f0c641b12593a43c77e339ddc5b30106aefba1425d72d3", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 22, + "comment": "valid signature on 64-byte message", + "msg": "c69d962c1b4ce56669db4f3585796e09bcad2cb49191063be61173a300f90f88a8c5ad659f5b2053cac9e750ef7e1c8517f5f28f179b10faad05aec359ec2a51", + "sig": "b249ddc3852599b62a20189ab7f86a363cc9bb78fbfdef021cd7f6b3b2aadc4f56aefde391b5c9cfade043034b51271c06a1e7d7f305e8d36be908fec86e872b1ed1fea7cab299217f8e02360622e7915c51dde86d7deda5cbcd85ec137a59f5", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 23, + "comment": "valid signature on 128-byte message", + "msg": "deb90d7d68e15fa112414846777e8e907b93833bc8e9bb9799c2541b2dfc39511b1b2faa5ee4e8f33b4732a07a0711e860a301bf9778462f8a1d8543909154b828458647cf2e9efe50368eaae2e039584da73754f856ada4cc334349374153cd183341835f6954e736e1478116ba504981e34d7f112e947a00a30ac962b55fe7", + "sig": "a14c10be559b250f20abdae0b572ae4e84261e61c6c924dfe035a0b27a95ccab0b2be2644d2e87efc3763fb9a3b6f92414431acd2273487dc06da1f8a203096173ae4d8bdaaf019bec957fe327fbfcffc44579f0992c69bb3d475c6cd5468e65", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 24, + "comment": "valid signature on 256-byte message", + "msg": "305596508abadf728364a2c880688e3cdfec1e3edbf82d71e8b247828a77bc060e631df6689e2cde82bc580d6bef29f7e3eef04bbcb854c503c628098d62e31da94fbb879d6a87a76c5ffb1da5b68ae4b1795e6dbe5962e760df75afba38fb4ace349bbc671502b316d1faa2ab4229f33f00573b95ef0f01e40be161213e6ac48aaca983497a8862cbc68f0366a880751d27bcb0589825cd2287bfd445d6ab9a55185d531f62b324073c80694b861e7e32a99e28f651133e31d1ab202365c72b83c55d0eb342e8398c891e03ae87a487bd7ca2c0c77a85916dd28579c8ff6c046c30f1cec51a5a27ebedb15becc7581ab275f02116cdcf28308ff760948f9cfa", + "sig": "b6a91109706b3184d86974a02da9ee8788f112268861873a30a0aa9eb8ed702645a8f17c77af5cb65e92ce1aff077a100055a87457e888b7a255544d196ac45c4205d91d1f25210edb41711d89fed148f2b7f621836f21016c91604768132b6e", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 25, + "comment": "valid signature on 512-byte message", + "msg": "d60846965084ec899e3454a94cf698b280fa5b3a460bb9159a9b8390e6a09d2afadea1cd18da393a37dd4d8e7bea20a5edb74180985fb859b6846470db0474bfa6c85a404878ed37c164b4fa9ae5d4f3767237b94212c4e15aa4e546aa6c1ff19f771ae7d81e00b7b1d7367b4b1aef2934fb074cf59c4dc3782e06e48dab33de4e329d8a0bb868f94c82529cac1884b8054f942228fb758db0ac180e795ceb4713b353d7fd3dfe8fa872bd454db3df684782cdefe4259d9a367be080635b0fc643df0f3d8317a5dd0819219b9f40ebdf21755574a9c33d963e3a4c78efd9d98240cbf90aa2271c97d3b618fdf75790e797ef6cbab781b2f4e93f08de5726197436e2204e06fec10a7062307267a577fd9ed8c8de0f96b476a62478e43aa1afc0f707412b68e40a0a4c2946667120f8ebd132339a23c57f066d7a2685d0cfb839d92f3ba0eaec46ee3afd067b2a2b4ef5a3f4486b6fdcf2eedacc2d17aff9cc05480dc2c27422854846fc6d65af39a8ffdebdb6f5e00590e96af95ac0f30721fd8d51f26feb217acf7fd13b71d3b6a217cd3f7e59425f7d6bc0748cdfff90352e08c1d6318db0a2e2ecaccabdc404409cc0712112315f255f6e1d21777d49feae9ce33e3504e7d8b36b301e8bc38c4f4fc79b1ba42c931989e9e97b42da0a04758bcbf99fef3225085cce3db3216f4ef7aafd7c52a3c7f43e1f938a5ed3a3f1e5", + "sig": "b65213a19a813fdd2a4159434bcd141c08628c50a55d99db5864e568614b36d0f332150d14c6b87d1e36ae1879dacd2d0e59a2403ddc55d2654975092788a7d10fec3648b29f02c97a38dc4f194b04dd0ed7fdeed79f89b131b6f53bf8a54120", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 26, + "comment": "valid signature on all-zero 32-byte message", + "msg": "0000000000000000000000000000000000000000000000000000000000000000", + "sig": "b3dcf1a909e96dba65db97f6c34ca1968f98fe94a0dcee4cd865b3062712b8d689f04c1fb38203f0c336cddc167703410bcc56819820e86000ccf530f2deb2f4333552fae2242787e94af2f346433ede9c4bf00ec44b3edeb419a906c312b380", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 27, + "comment": "valid signature on all-0xff 32-byte message", + "msg": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "sig": "ad26174f36ceff12cb5b63079407c935a5a7ebd71468db0cb15f6b3ea2f660da4e47cef6bc124b5d649976a71b8a79dc0ad60832ac33f6c0ef7b9589d9dc50f28c435d71638dc298f5004cb51265dfe19cc728860eae1ca5c393fde4212fc87a", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 28, + "comment": "valid signature on alternating 0xaa pattern", + "msg": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "sig": "a403baae70245c2df9a2bc93cabf553c11cb17a1205e938b900e71aee1b0506616cc7e8e627b4b49fa4ff0b4655881d104ae0886763409dcbac7006a20201902d68e15252006ceec62c1238d21797fbd59876781b622d216a5b7997d1cc0af75", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 29, + "comment": "valid signature on alternating 0x55 pattern", + "msg": "5555555555555555555555555555555555555555555555555555555555555555", + "sig": "b3525e5ff142901263f928eeac05120c218b70a0924157ef85c27724e074ade855e384c1d1a91cc78376c0a9f5498a8e0040aa410d6a44bc7c27421fd991caba743f6bd539f2fc581b3722eff2ebf434384bcd595c4abfc848053dd6770bf411", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 30, + "comment": "valid signature on ASCII text message", + "msg": "424c5331322d33383120577963686570726f6f66207465737420766563746f72", + "sig": "852b56df6acd3ec3ce69725ec5f4fc843d2db471d9faad2beaf83cb8e2b346ec236c3e392050f4bf813d071935560e9d099989f7c745842f367d2967f43f8086ff748c205ffb7663bb32f714e413f2ca28f7b85c75bfedeff5e48e22d76bf633", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 31, + "comment": "valid signature on single byte 0x80", + "msg": "80", + "sig": "ac39a4adc0958291854ed1c6e85962747ad234768eccd90178742a976a8237e4f0c727b204e057ee27f42855b3059863151ea199267fb684081e11ca90343ebd911da31ff83259505f418dcc494ca960143d28a782ab9eb6abcbcb43551fea32", + "result": "valid", + "flags": [ + "Valid", + "MinimalInput" + ] + }, + { + "tcId": 32, + "comment": "valid signature on message equal to field prime bytes", + "msg": "1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab", + "sig": "8e0bf8f5a5b622055815dc8883a3951a92a2b982954d6f356772e3d2c86956c3472af8ac5681d8c5a1c1aa8d2c3adab40207f9e280b91411e48991bdc8fe13bf7098a727825a8c7a5af07f57344f620c93b10982cbb9171cf87405ee78965c98", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 33, + "comment": "valid signature (random) #5", + "msg": "00f5428b1c6aa6b9306aa9546576a44c1dd40a179f193df2db1b8354d82fd1fa", + "sig": "89dbbe29ea2cd11999143dd0b2c25deb3b28f21611cde21055a2237f9ecee5c3ac4f1a9915b6d2e012a5b8aa10f301a002cac86e7071d1c352c2f6363f1beb4a7cc589b9b70f6f1d3694c8269750414a93a4533361b30580c229fe6e8d0f757c", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 34, + "comment": "valid signature (random) #6", + "msg": "c3fce67b21f8cf40ffc527266cdf286d3d99c709a5ed7677dcd2a20f65dd2464", + "sig": "a0c60bb63dec51e50bc36389b68b48a40f6038f4099f0a88e2f5756c77ed46a2ef238e4c5184f48799df009f4af721980e612a01f9b329a6250f9a2a9f9e6465496e44c325b7bb32ee875e28041bd6103d8f551aa68624d29e745017d304e8e9", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 35, + "comment": "valid signature (random) #7", + "msg": "1bc300f8b47eec6bf31ed6134d28e96baec951526eb915777e315e9b0ac72624", + "sig": "ad57ab22b74d74c02a6ebbb5774e4de0be3eb304ba7e36c5253e3397d82cc8cf6429449e9eb1c5524439fbfc472090d312cae11e587dfc3ef3018e92c6d12422a64940211ebd42062f5a515b55170446069f9a0b24e39577f5b09e00cdd65685", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 36, + "comment": "valid signature (random) #8", + "msg": "fee98b98f05b6591222e757a0e48ab4dffa44808cd2e381fe4ca8d54064d63a3", + "sig": "b11123bb5d11a73ff68140c293795df26e81067ff5787e7d86ca20f0b8306228b838f1436a0ee531bf2c88d696f8c1df108881989e2ed02791fe45365bbc0eabe9d30731bbb7363f93eff3510b52c91313a585d06b0e133f19a39571527aab0b", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 37, + "comment": "valid signature (random) #9", + "msg": "dd7f8bced01940c8c6b887d5ab14ad0eb5ced28acea37a3054e3411676477649", + "sig": "879100ff333de45fa944ccfc5bd09b908fbc58cecd18bc4990bf6dbb986581edb2b0684fef20d3c850bd0be38e1fa1da02044f67f905968325c20808a5313d01d891467fbb704f409d4b479e9ce5e17a072501cc900da816ea627faf20897615", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 38, + "comment": "valid G2 point but compression flag cleared", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "0b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + }, + { + "tcId": 39, + "comment": "valid G2 point but infinity flag set", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "cb980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + }, + { + "tcId": 40, + "comment": "G2 identity point with sort flag set", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + }, + { + "tcId": 41, + "comment": "G2 identity with compression flag cleared", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + }, + { + "tcId": 42, + "comment": "valid G2 point with infinity and sort flags set", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "eb980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + }, + { + "tcId": 43, + "comment": "compressed flag but uncompressed-length encoding", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + }, + { + "tcId": 44, + "comment": "G2 point not on the twist curve", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + }, + { + "tcId": 45, + "comment": "G2 point on curve but not in prime-order subgroup", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002", + "result": "invalid", + "flags": [ + "NotInSubgroup" + ] + }, + { + "tcId": 46, + "comment": "G2 x-coordinate near field modulus boundary", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaaa", + "result": "invalid", + "flags": [ + "FieldBoundary" + ] + }, + { + "tcId": 47, + "comment": "valid sig with bit flip at byte 1", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b990ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 48, + "comment": "valid sig with bit flip at byte 10", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477816a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 49, + "comment": "valid sig with bit flip at byte 24", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79401b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 50, + "comment": "valid sig with bit flip at byte 47", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5407e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 51, + "comment": "valid sig with bit flip at byte 48", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5506e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 52, + "comment": "valid sig with bit flip at byte 72", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa392367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 53, + "comment": "valid sig with bit flip at byte 95", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa1", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 54, + "comment": "signature truncated to 1 bytes", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b", + "result": "invalid", + "flags": [ + "TruncatedSignature" + ] + }, + { + "tcId": 55, + "comment": "signature truncated to 47 bytes", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa", + "result": "invalid", + "flags": [ + "TruncatedSignature" + ] + }, + { + "tcId": 56, + "comment": "signature truncated to 48 bytes", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa55", + "result": "invalid", + "flags": [ + "TruncatedSignature" + ] + }, + { + "tcId": 57, + "comment": "signature truncated to 95 bytes", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38f", + "result": "invalid", + "flags": [ + "TruncatedSignature" + ] + }, + { + "tcId": 58, + "comment": "empty signature (0 bytes)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + }, + { + "tcId": 59, + "comment": "valid sig verified against 1-bit-flipped message", + "msg": "ac2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "WrongMessage" + ] + }, + { + "tcId": 60, + "comment": "valid sig verified against last-bit-flipped message", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa17d8", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "WrongMessage" + ] + }, + { + "tcId": 61, + "comment": "valid sig but message has extra null byte appended", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa175800", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "WrongMessage" + ] + }, + { + "tcId": 62, + "comment": "valid sig but message has last byte removed", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa17", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "WrongMessage" + ] + }, + { + "tcId": 63, + "comment": "signature with all bytes 0x80", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + }, + { + "tcId": 64, + "comment": "G2 sig with c1 coordinate >= field prime", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "80ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + }, + { + "tcId": 65, + "comment": "valid sig from wrong key #2", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "b4025f565247f99b2300b2aa3e0b588bc78fc7fd1edc696b4a9cf64960ed0419c2c2f6b468f6f7a73582cbbfc5b72f0708f32fc044c268c4b173d67736d18e7b2953d1123a2aa38f7a1ac183c6f63ac96e67a43efcf520d10e1a33faf28cf054", + "result": "invalid", + "flags": [ + "WrongKey" + ] + }, + { + "tcId": 66, + "comment": "valid sig from wrong key #3", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8d023a432fbf71ff36ebdcbbe5830a4bd57c8627b6f63cad4e59c1cd53471e4ba63395ab8e1a7174218c4726ab9037e716605d7792b599edcb06c8a902ae71b7eeecc68e11589197fc30eb37bd16fd660c5522c61acfed93aaa11da7b67579db", + "result": "invalid", + "flags": [ + "WrongKey" + ] + }, + { + "tcId": 67, + "comment": "valid sig from wrong key #4", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "a182ccfea918306c6756d095d8487b894f38a2b7b5a42a25a409f671dc3e889f50e87934e517e052bbe617ce932545f816c9ac6f774312af7bf8c616442f0d74af5b031cc4da050b382ccb4dfa4be3b05ed070d284d190658c4be10a6918e709", + "result": "invalid", + "flags": [ + "WrongKey" + ] + }, + { + "tcId": 68, + "comment": "G2 point not on curve (x_c0=3)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + }, + { + "tcId": 69, + "comment": "G2 point not on curve (x_c0=6)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + }, + { + "tcId": 70, + "comment": "G2 point not on curve (x_c0=8)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + }, + { + "tcId": 71, + "comment": "G2 point not on curve (x_c0=9)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 72, + "comment": "identity public key must be rejected", + "msg": "abfed47990a2569cb0ddd8d812b20b3967cde426b0ba04dc3511eb0daf743ce8", + "sig": "b949c4155d02741a5b5d9984a7fb6c6e38df877596bc885406f4c0b4c77712a1258b296c0fd7475344b050744fcc2cef0450fc3b4b36c26d95fe4b69ec69dd1398c98aacbd91c876bdda847360b7ee359c99f96fa5ff85f66250d004f0b362fe", + "result": "invalid", + "flags": [ + "IdentityPoint" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "28dcb1a12da6c3bc426b2cf5fc40600470d256876c6eb610af1c883b866353435c784b76a7598ce79c055b4ca27d7d55", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 73, + "comment": "valid G1 public key but compression flag cleared", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "e8dcb1a12da6c3bc426b2cf5fc40600470d256876c6eb610af1c883b866353435c784b76a7598ce79c055b4ca27d7d55", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 74, + "comment": "valid G1 public key but infinity flag set", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 75, + "comment": "G1 identity public key with sort flag set", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 76, + "comment": "G1 identity with compression flag cleared", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "e8dcb1a12da6c3bc426b2cf5fc40600470d256876c6eb610af1c883b866353435c784b76a7598ce79c055b4ca27d7d55", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 77, + "comment": "valid G1 public key with infinity and sort flags set", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 78, + "comment": "G1 public key not on the curve", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 79, + "comment": "G1 public key on curve but not in subgroup", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "NotInSubgroup" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "801a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 80, + "comment": "G1 public key with x near field modulus", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "FieldBoundary" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 81, + "comment": "G1 PK not on curve (x=2)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 82, + "comment": "G1 PK not on curve (x=3)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "801a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 83, + "comment": "G1 PK near field modulus (p-2)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "FieldBoundary" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "801a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 84, + "comment": "G1 PK near field modulus (p-4)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "FieldBoundary" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "bfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 85, + "comment": "G1 PK with x-coordinate >= field prime", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 86, + "comment": "G1 PK all-zero bytes (no compression flag)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 87, + "comment": "G1 PK truncated to 47 bytes", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + } + ] + }, + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_", + "publicKey": { + "pk": "a8dcb1a12da6c3bc426b2cf5fc40600470d256876c6eb610af1c883b866353435c784b76a7598ce79c055b4ca27d7d5500", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 88, + "comment": "G1 PK with extra trailing byte (49 bytes)", + "msg": "ad2ff745a3f65d38a7bfece6e92457ee5e2edb6f5c851f43d3d0b79140aa1758", + "sig": "8b980ac2804743ca9477806a19faeb22c34372665d0248b79501b5ceed5f76cfabd9119a5a17d199c0d3a268a3bfaa5507e7579caf0eff0ad49f66de9e02b109b809a007f11a8afa382367814f52b254894ad71c5f7aa5df02f63eff51b38fa0", + "result": "invalid", + "flags": [ + "InvalidEncoding" + ] + } + ] + } + ] +} diff --git a/testvectors_v1/bls_sig_g2_pop_verify_test.json b/testvectors_v1/bls_sig_g2_pop_verify_test.json new file mode 100644 index 00000000..491255de --- /dev/null +++ b/testvectors_v1/bls_sig_g2_pop_verify_test.json @@ -0,0 +1,369 @@ +{ + "algorithm": "BLS", + "schema": "bls_sig_verify_schema.json", + "numberOfTests": 26, + "header": [ + "Test vectors for BLS signature verification using the", + "min-pk variant (public keys in G1, signatures in G2)", + "with the Proof of Possession scheme (POP DST).", + "See draft-irtf-cfrg-bls-signature-06." + ], + "notes": { + "EmptyMessage": { + "bugType": "EDGE_CASE", + "description": "The message is empty. Valid BLS signatures support empty messages." + }, + "FieldBoundary": { + "bugType": "EDGE_CASE", + "description": "The x-coordinate is near the field modulus, exercising boundary arithmetic.", + "effect": "Implementations with carry propagation bugs may mishandle values near the modulus." + }, + "IdentityPoint": { + "bugType": "EDGE_CASE", + "description": "The signature or public key is the identity (point at infinity).", + "effect": "The identity point as a signature or key is always invalid per the BLS spec." + }, + "InvalidEncoding": { + "bugType": "AUTH_BYPASS", + "description": "The serialized point has an invalid encoding.", + "effect": "Accepting invalid encodings may enable various attacks." + }, + "InvalidFlags": { + "bugType": "AUTH_BYPASS", + "description": "The serialized point has valid coordinates but incorrect flag bits.", + "effect": "Accepting points with wrong flags can bypass validation or produce incorrect points." + }, + "InvalidSignature": { + "bugType": "AUTH_BYPASS", + "description": "The signature is not a valid point or does not verify.", + "effect": "Accepting such signatures allows forgery." + }, + "LargeMessage": { + "bugType": "EDGE_CASE", + "description": "The message is large. Ensures hash-to-curve handles arbitrary length input." + }, + "NotInSubgroup": { + "bugType": "AUTH_BYPASS", + "description": "The signature point is on the curve but not in the prime-order subgroup.", + "effect": "Accepting points not in the subgroup enables rogue-key and other attacks.", + "links": [ + "https://eprint.iacr.org/2021/323" + ] + }, + "NotOnCurve": { + "bugType": "AUTH_BYPASS", + "description": "The signature point is not on the curve.", + "effect": "Accepting points not on the curve can lead to forgery or subgroup attacks." + }, + "SignatureMalleability": { + "bugType": "SIGNATURE_MALLEABILITY", + "description": "A modified signature that is mathematically related to a valid one.", + "effect": "Signature malleability can break protocols that assume signature uniqueness." + }, + "TruncatedSignature": { + "bugType": "AUTH_BYPASS", + "description": "The signature has been truncated.", + "effect": "Accepting truncated signatures likely means signatures can be forged." + }, + "Valid": { + "bugType": "BASIC", + "description": "The test vector contains a valid BLS signature." + }, + "WrongDST": { + "bugType": "AUTH_BYPASS", + "description": "The signature was produced with a different domain separation tag.", + "effect": "Accepting signatures with wrong DST enables cross-protocol attacks.", + "links": [ + "https://datatracker.ietf.org/doc/draft-irtf-cfrg-bls-signature/" + ] + }, + "WrongKey": { + "bugType": "AUTH_BYPASS", + "description": "The signature was computed with a different key.", + "effect": "Accepting such signatures means authentication is broken." + }, + "WrongMessage": { + "bugType": "AUTH_BYPASS", + "description": "The signature was computed over a different message.", + "effect": "Accepting such signatures means message integrity is broken." + } + }, + "testGroups": [ + { + "type": "BlsSigVerify", + "source": { + "name": "github/trailofbits/bls", + "version": "0.1" + }, + "ciphersuite": "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_", + "publicKey": { + "pk": "8f62f546d9ace47b11df8d0cf2911ff7cff8d3c247a6a46a6b37cd42c5c19785f0ae24477a6b261b047b20b2993ebac4", + "group": "G1", + "keySize": 48 + }, + "tests": [ + { + "tcId": 1, + "comment": "valid POP-scheme signature #1", + "msg": "810c3298362cdfa76d0f618d2c3443e6670a0dd4384cb3983782047f7b86e3b5", + "sig": "a6bfda26f1f60ecfa65e9a57ae4bef304305be0bb3eca352c80032932a15928c0ac3abf7b676fefd0ca2a9af231f189c0f612e0fb494da9d6bbbb10984616c91e59b1f8850f3975e1e603d9bd10e0b2c47705bf4da99a7e17ad3d344aa3e27c5", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 2, + "comment": "valid POP-scheme signature #2", + "msg": "e383b40bb784f366cb0a3811b4cd91b6bc237332f5ed3e2a26b11cd4dfef8403", + "sig": "a1eedf60cc7155526dc8ab6536263ab19d02d8bc8b2ad9826e8805aa99ee5383ec6587bb2857f271e31251ab5d4c167c11dfd66020e3a66323b879bfcb5af29d24ac831db7cacb383b2bd9943382eb9ea0c14ab32936b635fa5bda56046ebe65", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 3, + "comment": "valid POP-scheme signature #3", + "msg": "61a205b34191722cda38361fce229b2643158b052b099686168e1f6c1899a574", + "sig": "abf8d6c045b3bf848714ce650428051e42f1c2495ade7639159a8b49cbed91cc2ab982b73045d329085e0793df6ee23d0b12495b8282f005947c4f90b7e9bf14a2699f5a6b2b4d6a4b7ea0ea6f72c146b559a25cb3caf1f9642de25ff7d8dc6c", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 4, + "comment": "valid POP-scheme signature #4", + "msg": "5aba82ac51804c6f0b8cb43295e322c3aac8fb9fb75bda8d61b128ff260d66b1", + "sig": "a84c7a65806fd0f62c039f0b4f751cd73c0b4b29fdbf3dd8a045296c8b667c3304feda945bf1c04727bf172db059d3790db89bc8dbe9be6534c34edc3a62b3fb6e528976c7824a0420d8bf6227577901547c232554df6d973b4327c0046b334c", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 5, + "comment": "valid POP-scheme signature #5", + "msg": "bc09c93d06da9a0e8548c32a8f2c84f1d6aaa7c790905d5bb884055ba300a571", + "sig": "aff12777cc8adf3d010b66cbdccf504587d29f1daca4885292bd69d3bc865f9fdf5ebfdc69c9e5a1659e7900f87fb20d0c0a137400ae66dd7226c5bb5285416ea8a86b496d7ebefa08a4e812a10a5515d238e70779d0a7a51cac091fcf3a7599", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 6, + "comment": "valid POP-scheme signature on empty message", + "msg": "", + "sig": "90d7cf6fb5506e43d0982e0ccd1d51e6245785cd90c25dae748981fe18eb7f066e54bbb91ea1c85ed3e3732229568f361429a9842f2fdf4d2db8ca2602e869e882ac3aca4ff43db09be997de5c969a3e34a8011385eb3a7e6b7a1d09050e9ad3", + "result": "valid", + "flags": [ + "Valid", + "EmptyMessage" + ] + }, + { + "tcId": 7, + "comment": "signature from Basic scheme, verified under POP scheme", + "msg": "47776e8527239ab0662e22398230ef32805ae1abe4f7276f1953a91ac1a322d6", + "sig": "81b38e45131516c072fac9aedb9c128195979666688b2e8c85fc92868a53685cc256c702b49ff0888de5bc51b5836fc9075b39f0f42a8bd8c4273c15da193b4e96c6195aef69421c5d9caa2b5bad6fb0374a6123bbfa043bf65e40fae7dd6b2d", + "result": "invalid", + "flags": [ + "WrongDST" + ] + }, + { + "tcId": 8, + "comment": "identity point as POP-scheme signature", + "msg": "47776e8527239ab0662e22398230ef32805ae1abe4f7276f1953a91ac1a322d6", + "sig": "c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid", + "flags": [ + "IdentityPoint" + ] + }, + { + "tcId": 9, + "comment": "POP-scheme signature with wrong key", + "msg": "47776e8527239ab0662e22398230ef32805ae1abe4f7276f1953a91ac1a322d6", + "sig": "a80c0d2ff6c982268d2b8e4512ef29d8a595415d4ba0a2dbaf2efbaeb240003381c1eff88fa590ecc861ca124680281114eca7d77614e94df8a192cdbdbc8279d66f20134d9e8f06848219d6b137296d8806c351f2d2ab54144ce12fd4c74025", + "result": "invalid", + "flags": [ + "WrongKey" + ] + }, + { + "tcId": 10, + "comment": "valid POP sig on 1-byte message", + "msg": "09", + "sig": "9449dc1faf1c9caf2201e1313022364bef6ecbb9766b6e37fc7bc551024855e0d59d2a7076679c5ee97315618dfc3a6d02c7626f0fbf0ce8d8ce01ff95c84d546d701af197b75370d372686facf80048ab6e3fd40ec357ff434ecb6de55f523e", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 11, + "comment": "valid POP sig on 2-byte message", + "msg": "04a6", + "sig": "8cb953a82c040f890e1f472c17756a36732f620249d842168f51b343034158ff85cded9f23c074e5dae4ce817aebe7a1004c5cabf250c7f518568fb7988c6ea395328be4686ac428196cd993b31d9b542ef621428558b89322c98e28c5d12f08", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 12, + "comment": "valid POP sig on 8-byte message", + "msg": "ce135beff2b669e7", + "sig": "b192fac7817dd68950cd782206e39ba3dd980e5d19312145d97a4306b23401df54e3d804115bc7d34369df12ef72d62a0aa31543cd88f89521105322ca6e063b63e0dce8487f3d22cf22107a59afb3cbff8a23497df2bf43c678198f69585e25", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 13, + "comment": "valid POP sig on 64-byte message", + "msg": "86ac086bf0a30985dc40292c6332ab27f362963564927d6aa4b62527adbe3eb19fadc57d779251a808d7ec873e29efebae494110afb217a47a2ade8a9c30eb36", + "sig": "a00ab419a5d70ccfbb520a5f2bed129231dd5e47047ece37d019814c0b78bb300d69f8b37c9ae6f02dfe0471985647300ceedd45c83452d9b1342b0b16a7f0af30b852a34349144dbdc43337385470552a3cb4116ee145987662e8539801be56", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 14, + "comment": "valid POP sig on 256-byte message", + "msg": "0dc401f0cc2906a03da896b47b531423249610039cc39c712884fba9a9b26c051ad5e2bd36e5057ca2b81c43b880f294f135c989b600d6b0b3c949e3064b8daa95c9f88046322bef81a334ebbbdded825ec2292f10a718e12548b5d5a2138453c16914273852d50cc8ed421331d0fedfddc78a5300164cabfc90cc46955b10a7afc626595f2ce73eac59e0493503252132ddc8e871bf8c0822e89b6913057b665f0dc861d6f40d86e37f5dc6c16f37634626e8c311ce067d9f684b9c57cfdbe887b7d032e654eb0de1e7fbcc424ff81b79921e51856f5a94a649b6d8a2e182ef167bce3acd32b23e793918d66209de1f48c3283bd573f9e8aececb38dde5fa0b", + "sig": "8f96c2eda060fdce13700f047b43be5e5f0b6733bb8643aad0dbd9e55e2fde9e10ba806a8c04b43d5543cfba168f7ed009534fc329b84729cb0c36f81c47260f13df131b2cce30c661b9405a97e152d6a337248a19fc9f73c1d4619132fd7015", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 15, + "comment": "valid POP sig on 1024-byte message", + "msg": "33bf854d76e3dcf5bd3eb7f92231990066806561b870a932592221a5d33c03dac879aad883db5f912e238c1476e61794d7d09b533f43179eb3ce98c4b1c7e27fc12679b0f1c10daae9ff7ce21b894f0d261badad64c9e737a706969bb6c615fe372c53dfec331a4ad71386dffb542f5833b1ee1789db58894e595f6fed69071dadff62b09716a251d70526525d237b7dc0486b9bb31aae93902da54f54c1b758b715ff8b933abb2bbf7ec229cac42e7a8c6d747a1de0be4a8dbe196b4c093262f273aada99bb76ce0e30c5a655dcd4378c885d41795dc270340482ab337172319eaa8250d2e05105799e7126f2f58a9cb0b99ea532c91b154f17729cb722482f50fa60c07c71651d2d72ce88df79c57cf8f91d51567b8aab09182da9af8c191fac6fec5604c2f58673824e85d87f63f73d5eaf0e6a01460347544a39d3b598b7429d4e12e690eb20759f56d6eda0b390c802362862086588d5c88a191307bf5cd1270c7ad76b6924df3dba12eecbe93a95472fefa388a543ced3bd309268594a2d156e25fc8e58fa426b9d18f0e0fef953768919b16dc6551a21e92d9debce1047b9c9b2cedf092f37c518612d4244161ae0451033ab1be0737453653c4e18efe4a095accdf3ed8737cfd14b3c4ae90f297cc7abf1e567725fdb775a02668484fdb3e1bd6d609b6fca144eb7af5992a40e6692f4105ee873ed1407842c6d5beaaa791b7499404fff94adde340bef858f5539bd728e83ee0586780f2657bb624c34c92c03a642886c9204e56ff9a7a892b2cac071c65e569ccf2a5bf1665a6e7a720b997d411d40bf3c602aad42b1d4e17a6ad92385df799aef41d833bbe8ace7504e4fad0c3efe22c68dc1ac4aac0725dd3788c4ea819dc34701e38e4ff2a5b2b33f20b3cb031ad4675be73316aafd311bc869ae69142c0bc9da2f4fdfd360bf1fcd267bdabf17b055960404b7edf8f52bf4662e7cb516b035ce60cf2843417b426dc032434ef6f3f3fa544fb96ca74ba0d3b81e88267c3be0963fbfb44368960f8c2d5ec293363e78862ed47e7de344cc694e95d71cf42c9c6f64a37967b149ba0ef2262ecb8aa7f1b03ed1495ae8e8581ef43955588adcbdae182a3e3e5178020013572e0452fd354c1f64032cf2eed4920aa56069b2bd7014b019e16cd8463d351b92511763d03a40514de6f1f61f3311b0cc465d328fd6affde2d08be124dbdb2a5695ebfda60cbec9b8ad8064a4e16d9fa62996e9073bf336713963ccb394c98d8c87e00711469586bb0db3e9e210634e8ab511066228b294bae8ae613fcf69db503e5534a2ab1fb11cf0936329c156f589833f47ed78dfaf170b7649ca1c376f3e99e6daf6eef0e14f9a127dd6c2725d64bae891c5c6b02ae6b713b7d5610ff8b5ade021bfa67eae30a0b33cbc0c98a5decb88e8516061b4ccc04d8e2a", + "sig": "a3d089c27b88bd7036ba1fb84fb9ae59fc2f7b6ac43aedac0f8209a11aa467d100c8b4652da210b33a81fe8a8f98c6e207bdea6f96f222139a0f4be5c5e96dfed179884dc556dd40ec89266b566b100b78c07dd4b636275ac9bc5850e00373d0", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 16, + "comment": "valid POP sig on all-zero 32-byte message", + "msg": "0000000000000000000000000000000000000000000000000000000000000000", + "sig": "a403c889825acdd5e3b55a6e1de7dd8073c27cf24b3200223f5f2a003da32a28658951b87578baabe2a8df0d2bd87ed5068c75532c663c9f55fa48a9933b5160b7ed71f8000f57d0296b3f2e868f5888d5b200bebd430d0ef522e6d22fafa52e", + "result": "valid", + "flags": [ + "Valid" + ] + }, + { + "tcId": 17, + "comment": "negated POP-scheme signature (flipped sign bit)", + "msg": "fd961b1c74e14c2bf1b5d192e6bd7dcc2a001e25d24aacfe1c45157b20614acc", + "sig": "8a29197e6247865eff470a67096c9320ded4ddf0799d333020e5aa6d0b5ebec970aab337e6a0b94ede18f39f04ff1928125db3c3978e6c41504cddc774b704fa810028541e89961dd65d3731bb98b0b7c2f8d0e915a14b6d16af94dc3edc39e0", + "result": "invalid", + "flags": [ + "SignatureMalleability" + ] + }, + { + "tcId": 18, + "comment": "truncated POP-scheme signature", + "msg": "89edcbc22c42dfc1ac8ff95575274e7bf5c9ac043d9577b1d8ada721cb87b0f0", + "sig": "a1d9ae5bb436809dcd8ed3afee3873d150920ab9a140a9939b3e5a2f8342611a2bf4a289af4a271a8f8b3c00f1d8ba06", + "result": "invalid", + "flags": [ + "TruncatedSignature" + ] + }, + { + "tcId": 19, + "comment": "POP: G2 signature not on the twist curve", + "msg": "47776e8527239ab0662e22398230ef32805ae1abe4f7276f1953a91ac1a322d6", + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid", + "flags": [ + "NotOnCurve" + ] + }, + { + "tcId": 20, + "comment": "POP: G2 signature on curve but wrong subgroup", + "msg": "47776e8527239ab0662e22398230ef32805ae1abe4f7276f1953a91ac1a322d6", + "sig": "800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002", + "result": "invalid", + "flags": [ + "NotInSubgroup" + ] + }, + { + "tcId": 21, + "comment": "POP sig with compression flag cleared", + "msg": "a1b54f7806fcd87cd2bfcc5f727310e7add0292cf0398a51e441c57ebb42dba1", + "sig": "36774f429179d2c9494f2310f8dc1f7780b2356ef624e102c3c358c11e95c1f7a3999d66ce42a7b19b641aa5959d06d01625e2922f1b2eb68a019cb37ed9f3118f8298ff845e3b2a4d775a2cfc966be8495e7d39436d1041f50bb1ab54b3a64a", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + }, + { + "tcId": 22, + "comment": "POP sig with infinity flag set on non-identity", + "msg": "984e854a0c965dc73cb4e309d1551a375e994db8d983f1831e1ce421730fcd99", + "sig": "e9edad8d8540c654110cede090af12904fc7b8ae8ada27f43eb42039df60758296d8b519feb2b81a7cf424704adb903a0341ced3c9f6e9b4cdb2ad45b18d580a923c54c04748683ab225cc32cd080e72fd1ee016c41a748413518f0bd33f73e2", + "result": "invalid", + "flags": [ + "InvalidFlags" + ] + }, + { + "tcId": 23, + "comment": "signature from AUG scheme, verified under POP scheme", + "msg": "6e0d7146e8b1027c0c20633019e1f67e7e543a54ebdd7cd73ba186ec157c2d5c", + "sig": "abec48a6e00c76725d53d4fea4b2be12e7fdf6b484cbf3d38ae6e1b418a0be0844c4bc0ae56aa7b469dab7481a5ce33c1846fe5c71ef49d467703aae244fbe1da615462905a466108f3301c70fc0566c6413c99e39646d52343da8a4da930cf2", + "result": "invalid", + "flags": [ + "WrongDST" + ] + }, + { + "tcId": 24, + "comment": "POP sig with bit flip at byte 1", + "msg": "eeaae090a8f5d142c2525fd76cbd90dca9a88d612fb7ef23e383536d059c7ab4", + "sig": "8d7a6016413326e5fe6a2775e6e893d03e05e249f66353a8f37af622d4f966a8aaf0465bfe5fe53d3a0193f79199d5ae1797d2d74965b0ca05b02efa39900ffacb9cfd3ea1482a3041b4eba80094adf410c4c004ed6800cd6e4f477c6731a4ca", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 25, + "comment": "POP sig with bit flip at byte 48", + "msg": "eeaae090a8f5d142c2525fd76cbd90dca9a88d612fb7ef23e383536d059c7ab4", + "sig": "8d7b6016413326e5fe6a2775e6e893d03e05e249f66353a8f37af622d4f966a8aaf0465bfe5fe53d3a0193f79199d5ae1697d2d74965b0ca05b02efa39900ffacb9cfd3ea1482a3041b4eba80094adf410c4c004ed6800cd6e4f477c6731a4ca", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + }, + { + "tcId": 26, + "comment": "POP sig with bit flip at byte 95", + "msg": "eeaae090a8f5d142c2525fd76cbd90dca9a88d612fb7ef23e383536d059c7ab4", + "sig": "8d7b6016413326e5fe6a2775e6e893d03e05e249f66353a8f37af622d4f966a8aaf0465bfe5fe53d3a0193f79199d5ae1797d2d74965b0ca05b02efa39900ffacb9cfd3ea1482a3041b4eba80094adf410c4c004ed6800cd6e4f477c6731a4cb", + "result": "invalid", + "flags": [ + "InvalidSignature" + ] + } + ] + } + ] +}