Jubjub deserialization added. Tests added. #3

Ilias Khairullin · Ilias Khairullin · commit a7087d6ddfb1 · 2021-11-15T11:15:42.000+03:00
diff --git a/include/nil/crypto3/marshalling/algebra/processing/curve_element.hpp b/include/nil/crypto3/marshalling/algebra/processing/curve_element.hpp
@@ -358,19 +358,67 @@ namespace nil {
                     }
                 };
 
-                // /// abst_J(LEOS2BSP_{256}(iter))
-                // /// See https://zips.z.cash/protocol/protocol.pdf#concretegrouphashjubjub
-                // template<std::size_t TSize, typename Endianness, typename G1GroupElement, typename TIter>
-                // typename std::enable_if<
-                //     std::is_same<
-                //         typename algebra::curves::jubjub::g1_type<algebra::curves::coordinates::affine,
-                //                                                   algebra::curves::forms::twisted_edwards>::value_type,
-                //         G1GroupElement>::value &&
-                //         std::is_same<std::uint8_t, typename std::iterator_traits<TIter>::value_type>::value &&
-                //         std::is_same<nil::marshalling::endian::little_endian, Endianness>::value,
-                //     G1GroupElement>::type
-                //     curve_element_read_data(TIter &iter) {
-                // }
+                template<std::size_t TSize>
+                struct curve_element_reader<
+                    TSize,
+                    nil::marshalling::endian::little_endian,
+                    typename algebra::curves::jubjub::template g1_type<algebra::curves::coordinates::affine,
+                                                                       algebra::curves::forms::twisted_edwards>> {
+                    using group_type =
+                        typename algebra::curves::jubjub::template g1_type<algebra::curves::coordinates::affine,
+                                                                           algebra::curves::forms::twisted_edwards>;
+                    using group_value_type = typename group_type::value_type;
+                    using coordinates = typename group_value_type::coordinates;
+                    using form = typename group_value_type::form;
+                    using endianness = nil::marshalling::endian::little_endian;
+
+                    /// abst_J(LEOS2BSP_{256}(iter))
+                    /// See https://zips.z.cash/protocol/protocol.pdf#concretegrouphashjubjub
+                    template<typename TIter>
+                    static typename std::enable_if<
+                        std::is_same<std::uint8_t, typename std::iterator_traits<TIter>::value_type>::value,
+                        nil::marshalling::status_type>::type
+                        process(group_value_type &point, TIter &iter) {
+                        using field_type = typename group_value_type::field_type;
+                        using integral_type = typename field_type::integral_type;
+                        const std::size_t chunk_number = TSize / 8 + (TSize % 8 != 0);
+
+                        integral_type int_v = read_data<TSize, integral_type, endianness>(iter);
+                        if (int_v >= group_value_type::field_type::modulus) {
+                            return nil::marshalling::status_type::invalid_msg_data;
+                        }
+                        field_type::value_type field_v(int_v);
+                        field_type::value_type vv = field_v.squared();
+                        field_type::value_type denominator = (field_type::value_type(group_type::params_type::a) -
+                                                              field_type::value_type(group_type::params_type::d) * vv);
+                        if (denominator.is_zero()) {
+                            return nil::marshalling::status_type::invalid_msg_data;
+                        }
+                        field_type::value_type fraction = (field_type::value_type::one() - vv) / denominator;
+
+                        // TODO: change logic of sqrt error handling
+                        field_type::value_type u;
+                        if (fraction.is_one()) {
+                            u = field_type::modulus - 1;
+                        } else if (fraction.is_zero()) {
+                            u = field_type::value_type::zero();
+                        } else {
+                            u = fraction.sqrt();
+                            if (u == field_type::value_type(field_type::modulus - 1)) {
+                                return nil::marshalling::status_type::invalid_msg_data;
+                            }
+                        }
+                        // TODO: above logic should be handled in sqrt
+
+                        if ((*(iter + chunk_number - 1) >> 7) == (static_cast<integral_type>(u.data) & 1)) {
+                            point = group_value_type(u, field_v);
+                        } else {
+                            point = group_value_type(-u, field_v);
+                        }
+
+                        return nil::marshalling::status_type::success;
+                    }
+                };
             }    // namespace processing
         }        // namespace marshalling
     }            // namespace crypto3
diff --git a/test/curve_element.cpp b/test/curve_element.cpp
@@ -32,13 +32,14 @@
 #include <iostream>
 #include <iomanip>
 
-#include <nil/crypto3/algebra/curves/curve25519.hpp>
 #include <nil/marshalling/status_type.hpp>
 #include <nil/marshalling/field_type.hpp>
 #include <nil/marshalling/endianness.hpp>
 
 #include <nil/crypto3/algebra/random_element.hpp>
+#include <nil/crypto3/algebra/curves/curve25519.hpp>
 #include <nil/crypto3/algebra/curves/bls12.hpp>
+#include <nil/crypto3/algebra/curves/jubjub.hpp>
 
 #include <nil/marshalling/algorithms/pack.hpp>
 #include <nil/marshalling/algorithms/unpack.hpp>
@@ -106,6 +107,54 @@ BOOST_AUTO_TEST_CASE(curve_element_bls12_381_g2) {
     std::cout << "BLS12-381 g2 group test finished" << std::endl;
 }
 
+BOOST_AUTO_TEST_CASE(curve_element_jubjub_g1) {
+    using curve_type = nil::crypto3::algebra::curves::jubjub;
+    using group_type = typename curve_type::template g1_type<nil::crypto3::algebra::curves::coordinates::affine, nil::crypto3::algebra::curves::forms::twisted_edwards>;
+    using group_value_type = typename group_type::value_type;
+    using field_type = typename group_value_type::field_type;
+    using field_value_type = typename field_type::value_type;
+    using integral_type = typename field_type::integral_type;
+
+    /// correct blobs
+    nil::marshalling::status_type status;
+    std::vector<std::uint8_t> blob = {0x5f, 0x50, 0xa1, 0xdc, 0x87, 0xd9, 0x9b, 0x13, 0xb3, 0x60, 0x2a, 0xe1, 0x25, 0xce, 0x0, 0x66, 0xe2, 0xab, 0x19, 0x8c, 0x92, 0x69, 0x94, 0x13, 0x13, 0x60, 0x57, 0xa8, 0x1, 0x21, 0x2, 0x41};
+    group_value_type expected = group_value_type(integral_type("34431432384332876907572759816814758423306059590054253468360681509944827160006"), integral_type("29404096654359671878917481308573927330727282437544669652502934947226949079135"));
+    group_value_type point = nil::marshalling::pack<nil::marshalling::option::little_endian, group_value_type>(blob, status);
+    BOOST_CHECK(point == expected);
+    BOOST_CHECK(status == nil::marshalling::status_type::success);
+
+    blob = {0x8c, 0x59, 0x25, 0x37, 0x5a, 0x98, 0xc9, 0xd0, 0x5d, 0xe5, 0xb4, 0xf5, 0xc4, 0x7, 0xad, 0x7f, 0x6c, 0xf0, 0xf7, 0x69, 0xbf, 0x80, 0xca, 0x2c, 0x91, 0x33, 0xcb, 0xc4, 0xd8, 0xa1, 0x3, 0x85};
+    expected = group_value_type(integral_type("51845316313984588131191635700847278221892447412874386787531559514756013022179"), integral_type("2267981809345781868602884763436767012634799368758626259799403354148032567692"));
+    point = nil::marshalling::pack<nil::marshalling::option::little_endian, group_value_type>(blob, status);
+    BOOST_CHECK(point == expected);
+    BOOST_CHECK(status == nil::marshalling::status_type::success);
+
+    blob = {0xa4, 0x13, 0x70, 0xbc, 0x2e, 0x20, 0x40, 0x11, 0x57, 0x60, 0xd5, 0x53, 0x91, 0xcb, 0x8d, 0x6, 0x23, 0x74, 0xc1, 0x4c, 0xca, 0xe2, 0xa5, 0xe, 0x5e, 0x66, 0x85, 0x24, 0x81, 0x4f, 0x7a, 0xbb};
+    expected = group_value_type(integral_type("25651767798190354528910599415746062172834836761677597036046682114031745402655"), integral_type("26902562127956316343893262683171938435197568407043214449144600616790024786852"));
+    point = nil::marshalling::pack<nil::marshalling::option::little_endian, group_value_type>(blob, status);
+    BOOST_CHECK(point == expected);
+    BOOST_CHECK(status == nil::marshalling::status_type::success);
+
+    blob = {0xfc, 0xc9, 0x8e, 0x93, 0xc, 0x7f, 0xc3, 0xfc, 0x89, 0xc4, 0x10, 0x66, 0x6, 0xd, 0x1, 0xeb, 0xf8, 0xc7, 0x82, 0x19, 0x16, 0xfd, 0x12, 0x5b, 0x87, 0x55, 0x69, 0xc4, 0x81, 0xd2, 0xdf, 0x5c};
+    expected = group_value_type(integral_type("40185837415754419626270588927415047095813982975230357263686068930519460729080"), integral_type("42008241830356574617713311689533669924455940847366394238316645523644983724540"));
+    point = nil::marshalling::pack<nil::marshalling::option::little_endian, group_value_type>(blob, status);
+    BOOST_CHECK(point == expected);
+    BOOST_CHECK(status == nil::marshalling::status_type::success);
+
+    /// incorrect blobs
+    blob = {0x8f, 0xcb, 0xae, 0xbb, 0x2b, 0x32, 0xa6, 0x98, 0xcb, 0x6, 0xba, 0x7f, 0xa7, 0xb7, 0xd9, 0x4b, 0x37, 0x60, 0x2a, 0x7e, 0xa6, 0x20, 0xdc, 0xe2, 0x92, 0xf8, 0x87, 0xca, 0x5, 0xf7, 0x73, 0x7a};
+    nil::marshalling::pack<nil::marshalling::option::little_endian, group_value_type>(blob, status);
+    BOOST_CHECK(status != nil::marshalling::status_type::success);
+
+    blob = {0x64, 0x43, 0x6c, 0xd4, 0x66, 0xa5, 0x8c, 0x71, 0x2f, 0x8c, 0x6b, 0xa7, 0x82, 0x5b, 0x55, 0xef, 0xb, 0x9f, 0x4a, 0x1e, 0xdc, 0x26, 0xa5, 0x55, 0xf9, 0x35, 0x4e, 0x3e, 0x95, 0xd9, 0xe1, 0x8};
+    nil::marshalling::pack<nil::marshalling::option::little_endian, group_value_type>(blob, status);
+    BOOST_CHECK(status != nil::marshalling::status_type::success);
+
+    blob = {0x0, 0xde, 0xe0, 0x91, 0xab, 0x96, 0xb2, 0x2, 0x28, 0xc0, 0x11, 0x5c, 0x1d, 0x1d, 0x21, 0xef, 0x9a, 0xfe, 0x63, 0x55, 0x3f, 0x2c, 0xad, 0xc3, 0xbd, 0x16, 0x4f, 0x8d, 0x92, 0x2f, 0x3, 0x20};
+    nil::marshalling::pack<nil::marshalling::option::little_endian, group_value_type>(blob, status);
+    BOOST_CHECK(status != nil::marshalling::status_type::success);
+}
+
 BOOST_AUTO_TEST_CASE(curve_element_curve25519_g1) {
     using curve_type = nil::crypto3::algebra::curves::curve25519;
     using group_type = typename curve_type::g1_type<>;
