metacraft-labs
diff --git a/‎crates/bad_encrypted_share_prove/src/main.rs‎
Lines changed: 29 additions & 16 deletions b/‎crates/bad_encrypted_share_prove/src/main.rs‎
Lines changed: 29 additions & 16 deletions
diff --git a/‎crates/bad_parial_key_prove/src/main.rs‎
Lines changed: 2 additions & 4 deletions b/‎crates/bad_parial_key_prove/src/main.rs‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎crates/bad_share_exchange_prove/src/main.rs‎
Lines changed: 4 additions & 7 deletions b/‎crates/bad_share_exchange_prove/src/main.rs‎
Lines changed: 4 additions & 7 deletions
diff --git a/‎crates/dkg/src/crypto/bls_common.rs‎
Lines changed: 66 additions & 0 deletions b/‎crates/dkg/src/crypto/bls_common.rs‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎crates/dkg/src/crypto/bls_keys.rs‎
Lines changed: 18 additions & 0 deletions b/‎crates/dkg/src/crypto/bls_keys.rs‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎crates/dkg/src/crypto/secp256k1_keys.rs‎
Lines changed: 61 additions & 0 deletions b/‎crates/dkg/src/crypto/secp256k1_keys.rs‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎crates/dkg/src/verification.rs‎
Lines changed: 116 additions & 0 deletions b/‎crates/dkg/src/verification.rs‎
Lines changed: 116 additions & 0 deletions
@@ -311,18 +311,23 @@ where
         );
     }
 
-    let mut keys = data.receiver_base_pubkeys.clone();
-    keys.sort();
-
-    if Setup::DkgSecretKey::from_bytes(&data.receiver_encr_seckey)
-        .expect("Invalid seckey")
-        .to_public_key()
-        .to_bytes()
-        != keys[keys.len() - 1]
-    {
-        panic!("Invalid seckey");
+    let mut ordered_receiver_base_pubkeys = data.receiver_base_pubkeys.clone();
+    ordered_receiver_base_pubkeys.sort();
+
+    let receiver_sk =
+        Setup::DkgSecretKey::from_bytes(&data.receiver_encr_seckey).expect("Invalid seckey");
+    let receiver_pk_bytes = receiver_sk.to_public_key().to_bytes();
+    if receiver_pk_bytes != ordered_receiver_base_pubkeys[ordered_receiver_base_pubkeys.len() - 1] {
+        panic!("Invalid encryption key");
     };
 
+    let mut ordered_sender_base_pubkeys = data.sender_base_pubkeys.clone();
+    ordered_sender_base_pubkeys.sort();
+    if data.sender_encr_pubkey != ordered_sender_base_pubkeys[ordered_sender_base_pubkeys.len() - 1]
+    {
+        panic!("Invalid encryption key");
+    }
+
     if data.base_hashes.len() != data.settings.n as usize {
         panic!("The number of verification hashes does not match the number of keys\n");
     }
@@ -346,15 +351,19 @@ where
         decrypted,
         data.settings,
         data.sender_base_pubkeys,
-        data.base_hashes,
+        data.base_hashes.clone(),
         receiver_commitment_hash,
         sender_commitment_hash,
     ) {
         Ok(data) => data,
         Err(e) => {
             println!("Error: {}", e);
-            sp1_zkvm::io::commit(&sender_commitment_hash);
-            sp1_zkvm::io::commit(&receiver_commitment_hash);
+            for h in data.base_hashes.iter() {
+                println!("Verification hash: {}, {}", h, e);
+                sp1_zkvm::io::commit(h);
+            }
+            sp1_zkvm::io::commit(&receiver_pk_bytes);
+            sp1_zkvm::io::commit(&data.sender_encr_pubkey);
             sp1_zkvm::io::commit(&data.encrypted_message);
             return;
         }
@@ -383,9 +392,13 @@ where
                 receiver_commitment_hash,
             );
 
-            sp1_zkvm::io::commit(&sender_commitment_hash);
-            sp1_zkvm::io::commit(&receiver_commitment_hash);
-            sp1_zkvm::io::commit(&encrypted_bytes);
+            for h in data.base_hashes.iter() {
+                println!("Verification hash: {}, {}", h, e);
+                sp1_zkvm::io::commit(h);
+            }
+            sp1_zkvm::io::commit(&receiver_pk_bytes);
+            sp1_zkvm::io::commit(&data.sender_encr_pubkey);
+            sp1_zkvm::io::commit(&data.encrypted_message);
         }
     }
     panic!("The seed exchange commitment is valid");
 
@@ -30,16 +30,14 @@ where
                     VerificationErrors::SlashableError(e) => {
                         for h in data.generations.iter() {
                             println!("Verification hash: {}, {}", h.base_hash.to_hex(), e);
-                            sp1_zkvm::io::commit(h.base_hash.as_ref());
+                            sp1_zkvm::io::commit(&h.base_hash);
                         }
 
                         println!(
                             "Perpetrator public key: {}",
                             data.bad_partial.commitment.pubkey.to_hex()
                         );
-                        for byte in data.bad_partial.commitment.pubkey.as_arr().iter() {
-                            sp1_zkvm::io::commit(&byte);
-                        }
+                        sp1_zkvm::io::commit(&data.bad_partial.commitment.pubkey);
                         return;
                     }
                     VerificationErrors::UnslashableError(e) => {
 
@@ -58,18 +58,15 @@ where
                         println!("Slashable error seed exchange commitment: {}", err);
 
                         for h in data.verification_hashes.iter() {
-                            println!("Verification hash: {}", h.to_hex());
-                            sp1_zkvm::io::commit(h.as_ref());
+                            println!("Verification hash: {}", h);
+                            sp1_zkvm::io::commit(&h);
                         }
 
                         println!(
                             "Perpetrator public key: {}",
-                            data.seeds_exchange_commitment.commitment.pubkey.to_hex()
+                            data.seeds_exchange_commitment.commitment.pubkey
                         );
-                        for byte in data.seeds_exchange_commitment.commitment.pubkey.as_arr() {
-                            sp1_zkvm::io::commit(&byte);
-                        }
-
+                        sp1_zkvm::io::commit(&data.seeds_exchange_commitment.commitment.pubkey);
                         return;
                     }
                     VerificationErrors::UnslashableError(err) => {
 
@@ -114,3 +114,69 @@ pub fn to_g1_affine(pubkey: &BLSPubkeyRaw) -> G1Affine {
 pub fn to_g1_projection(pubkey: &BLSPubkeyRaw) -> G1Projective {
     G1Projective::from(to_g1_affine(pubkey))
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_hash_message_to_g2_deterministic() {
+        let msg = b"hello";
+        let p1 = G2Affine::from(hash_message_to_g2(msg));
+        let p2 = G2Affine::from(hash_message_to_g2(msg));
+        assert_eq!(p1, p2);
+
+        let p3 = G2Affine::from(hash_message_to_g2(b"world"));
+        assert_ne!(p1, p3);
+    }
+
+    #[test]
+    fn test_bls_verify_precomputed_hash() {
+        // Sample values taken from other tests
+        let data = hex::decode("2f901d5cec8722e44afd59e94d0a56bf1506a72a0a60709920aad714d1a2ece0")
+            .unwrap();
+        let pk: BLSPubkeyRaw = hex::decode(
+            "90346f9c5f3c09d96ea02acd0220daa8459f03866ed938c798e3716e42c7e033c9a7ef66a10f83af06d5c00b508c6d0f",
+        )
+        .unwrap()
+        .try_into()
+        .unwrap();
+        let sig: BLSSignatureRaw = hex::decode("a9c08eff13742f78f1e5929888f223b5b5b12b4836b5417c5a135cf24f4e2a4c66a6cdef91be3098b7e7a6a63903b61302e3cf2b8653101da245cf01a8d82b25debe7b18a3a2eb1778f8628fd2c59c8687f6e048a31250fbc2804c20043b8443")
+            .unwrap()
+            .try_into()
+            .unwrap();
+
+        let pk = G1Affine::from_compressed(&pk).into_option().unwrap();
+        let sig = G2Affine::from_compressed(&sig).into_option().unwrap();
+        let hashed = G2Affine::from(hash_message_to_g2(&data));
+
+        assert!(bls_verify_precomputed_hash(&pk, &sig, &hashed));
+
+        // wrong signature should fail
+        let mut wrong_sig = sig;
+        wrong_sig = G2Affine::from(hash_message_to_g2(b"bad"));
+        assert!(!bls_verify_precomputed_hash(&pk, &wrong_sig, &hashed));
+    }
+
+    #[test]
+    fn test_to_g1_affine_slow_errors() {
+        let invalid: BLSPubkeyRaw = [0u8; BLS_PUBKEY_SIZE].into();
+        assert!(to_g1_affine_slow(&invalid).is_err());
+
+        let valid_bytes: BLSPubkeyRaw = hex::decode(
+            "90346f9c5f3c09d96ea02acd0220daa8459f03866ed938c798e3716e42c7e033c9a7ef66a10f83af06d5c00b508c6d0f",
+        )
+        .unwrap()
+        .try_into()
+        .unwrap();
+        let slow = to_g1_affine_slow(&valid_bytes).unwrap();
+        let fast = to_g1_affine(&valid_bytes);
+        assert_eq!(slow, fast);
+    }
+
+    #[test]
+    fn test_to_g2_affine_slow_errors() {
+        let invalid: BLSSignatureRaw = [0u8; BLS_SIGNATURE_SIZE].into();
+        assert!(to_g2_affine_slow(&invalid).is_err());
+    }
+}
@@ -222,6 +222,24 @@ mod tests {
 
     use super::*;
 
+    #[test]
+    fn test_bls_public_key_from_bytes_error() {
+        let invalid: BLSPubkeyRaw = [0u8; BLS_PUBKEY_SIZE].into();
+        assert!(BlsPublicKey::from_bytes(&invalid).is_err());
+    }
+
+    #[test]
+    fn test_bls_secret_key_from_bytes_error() {
+        let invalid: BLSSecretRaw = [0xffu8; BLS_SECRET_SIZE].into();
+        assert!(BlsSecretKey::from_bytes(&invalid).is_err());
+    }
+
+    #[test]
+    fn test_bls_signature_from_bytes_error() {
+        let invalid: BLSSignatureRaw = [0u8; BLS_SIGNATURE_SIZE].into();
+        assert!(BlsSignature::from_bytes(&invalid).is_err());
+    }
+
     #[test]
     fn test_bls_id_from_u32() {
         let mut bytes: [u8; 32] = [
 
@@ -182,3 +182,64 @@ impl CryptoKeys for Secp256k1Crypto {
         msg.to_vec()
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::crypto::traits::ByteConvertible;
+    use crate::*;
+    #[test]
+    fn test_secp256k1_public_key_from_bytes_error() {
+        let invalid: SECP256K1PubkeyRaw = [0u8; SECP256K1_PUBKEY_SIZE].into();
+        assert!(Secp256k1PublicKey::from_bytes(&invalid).is_err());
+    }
+
+    #[test]
+    fn test_secp256k1_secret_key_from_bytes_error() {
+        let invalid: SECP256K1SecretRaw = [0u8; SECP256K1_SECRET_SIZE].into();
+        assert!(Secp256k1SecretKey::from_bytes(&invalid).is_err());
+    }
+
+    #[test]
+    fn test_verify_signature_invalid_message_len() {
+        let sk_bytes: [u8; 32] = [1u8; 32];
+        let sk = Secp256k1SecretKey::from_bytes(&crate::types::SECP256K1SecretRaw::from(sk_bytes))
+            .unwrap();
+        let pk = sk.to_public_key();
+
+        let secp = secp256k1::Secp256k1::new();
+        let msg = [2u8; 32];
+        let m = secp256k1::Message::from_digest_slice(&msg).unwrap();
+        let sig = secp.sign_ecdsa(&m, &sk.secret);
+        let sig = Secp256k1Signature { sig };
+
+        // message that's not 32 bytes should fail
+        let bad_msg = [1u8; 31];
+        assert!(!pk.verify_signature(&bad_msg, &sig));
+    }
+
+    #[test]
+    fn test_secp256k1_roundtrip_and_sign() {
+        let sk_bytes: [u8; 32] = [1u8; 32];
+        let raw_sk = crate::types::SECP256K1SecretRaw::from(sk_bytes);
+        let sk = Secp256k1SecretKey::from_bytes(&raw_sk).unwrap();
+        let pk = sk.to_public_key();
+
+        let raw_pk = pk.to_bytes();
+        let decoded_pk = Secp256k1PublicKey::from_bytes(&raw_pk).unwrap();
+        assert_eq!(decoded_pk.to_bytes(), raw_pk);
+
+        // sign a hashed message
+        let msg = [2u8; 32];
+        let secp = secp256k1::Secp256k1::new();
+        let m = secp256k1::Message::from_digest_slice(&msg).unwrap();
+        let sig = secp.sign_ecdsa(&m, &sk.secret);
+        let sig = Secp256k1Signature { sig };
+
+        assert!(pk.verify_signature(&msg, &sig));
+
+        // wrong message fails
+        let bad_msg = [3u8; 32];
+        assert!(!pk.verify_signature(&bad_msg, &sig));
+    }
+}
@@ -549,3 +549,119 @@ where
     let expected_key = evaluate_polynomial::<Setup::Curve>(&computed_keys, perpetrator_id);
     Setup::Point::from_bytes(&expected_key.to_bytes()).expect("Invalid pubkey")
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::crypto::*;
+
+    #[test]
+    fn test_get_index_in_commitments() {
+        let mut hashes = vec![
+            SHA256Raw::from([1u8; 32]),
+            SHA256Raw::from([2u8; 32]),
+            SHA256Raw::from([0u8; 32]),
+        ];
+        let dst = SHA256Raw::from([2u8; 32]);
+        let index = get_index_in_commitments(&hashes, &dst).unwrap();
+        assert_eq!(index, 2);
+        hashes.sort();
+        assert_eq!(hashes[index as usize], dst);
+    }
+
+    #[test]
+    fn test_initial_commitment_hash_roundtrip() {
+        type Setup = BlsDkgWithSecp256kCommitment;
+
+        let settings = GenerateSettings {
+            n: 2,
+            k: 1,
+            gen_id: DkgGenId::from([1u8; 16]),
+        };
+
+        let pk = <Setup as DkgSetupTypes<Setup>>::Point::identity().to_bytes();
+        let base_pubkeys = vec![pk.clone(), pk];
+
+        let hash = compute_initial_commitment_hash::<Setup>(&settings, &base_pubkeys);
+        let commitment = InitialCommitment::<Setup> {
+            hash,
+            settings: settings.clone(),
+            base_pubkeys: base_pubkeys.clone(),
+        };
+
+        assert!(verify_initial_commitment_hash::<Setup>(&commitment));
+
+        let mut bad = commitment.clone();
+        bad.base_pubkeys[0].as_mut()[0] ^= 1;
+        assert!(!verify_initial_commitment_hash::<Setup>(&bad));
+    }
+
+    #[test]
+    fn test_get_index_in_commitments_not_found() {
+        let hashes = vec![
+            SHA256Raw::from([1u8; 32]),
+            SHA256Raw::from([2u8; 32]),
+            SHA256Raw::from([3u8; 32]),
+        ];
+        let dst = SHA256Raw::from([9u8; 32]);
+        assert!(get_index_in_commitments(&hashes, &dst).is_err());
+    }
+
+    fn dummy_generation(msg: &str) -> Generation<BlsDkgWithSecp256kCommitment> {
+        Generation {
+            verification_vector: vec![<BlsDkgWithSecp256kCommitment as DkgSetupTypes<
+                BlsDkgWithSecp256kCommitment,
+            >>::Point::identity()
+            .to_bytes()],
+            base_hash: SHA256Raw::from([0u8; 32]),
+            partial_pubkey: <BlsDkgWithSecp256kCommitment as DkgSetupTypes<
+                BlsDkgWithSecp256kCommitment,
+            >>::Point::identity()
+            .to_bytes(),
+            message_cleartext: msg.to_string(),
+            message_signature: BLSSignatureRaw([0u8; BLS_SIGNATURE_SIZE]),
+        }
+    }
+
+    #[test]
+    fn test_verify_generation_hashes_empty() {
+        type Setup = BlsDkgWithSecp256kCommitment;
+        let settings = GenerateSettings {
+            n: 1,
+            k: 1,
+            gen_id: DkgGenId::from([0u8; 16]),
+        };
+        assert!(verify_generation_hashes::<Setup>(&[], &settings).is_err());
+    }
+
+    #[test]
+    fn test_verify_generation_hashes_message_mismatch() {
+        type Setup = BlsDkgWithSecp256kCommitment;
+        let settings = GenerateSettings {
+            n: 2,
+            k: 1,
+            gen_id: DkgGenId::from([0u8; 16]),
+        };
+        let g1 = dummy_generation("hello");
+        let mut g2 = dummy_generation("hello");
+        g2.message_cleartext = "world".to_string();
+        let gens = vec![g1, g2];
+        assert!(verify_generation_hashes::<Setup>(&gens, &settings).is_err());
+    }
+
+    #[test]
+    fn test_verify_generations_wrong_n() {
+        type Setup = BlsDkgWithSecp256kCommitment;
+        let settings = GenerateSettings {
+            n: 2,
+            k: 1,
+            gen_id: DkgGenId::from([0u8; 16]),
+        };
+        let g = dummy_generation("hello");
+        let agg_key = <Setup as DkgSetupTypes<Setup>>::DkgPubkey::from_bytes(
+            &<Setup as DkgSetupTypes<Setup>>::Point::identity().to_bytes(),
+        )
+        .unwrap();
+        assert!(verify_generations::<Setup>(&[g], &settings, &agg_key).is_err());
+    }
+}