Squashed 'src/secp256k1/' changes from ff4714e641..0129b77767

0129b77767 Merge ElementsProject#113: Upstream PRs  ElementsProject#849 ElementsProject#851
e1756dfddc Merge commits '3a106966 8f0c6f15 ' into temp-merge-851
7093e633b8 Merge pull request ElementsProject#106 from apoelstra/2020-11-reduce-test-rounds
29f9a7dc62 reduce test rounds for rangeproof and surjectionproof
8f0c6f1545 Merge ElementsProject#851: make test count iteration configurable by environment variable
f4fa8d226a forbid a test iteration of 0 or less
3a106966aa Merge ElementsProject#849: Convert Sage code to Python 3 (as used by Sage >= 9)
13c88efed0 Convert Sage code to Python 3 (as used by Sage >= 9)
0ce4554881 make test count iteration configurable by environment variable

git-subtree-dir: src/secp256k1
git-subtree-split: 0129b77767ea001e5693e39ac6deecea0c461817

Author: apoelstra

src/secp256k1/sage/group_prover.sage

@@ -65,7 +65,7 @@ class fastfrac:
     return self.top in I and self.bot not in I
 
   def reduce(self,assumeZero):
-    zero = self.R.ideal(map(numerator, assumeZero))
+    zero = self.R.ideal(list(map(numerator, assumeZero)))
     return fastfrac(self.R, zero.reduce(self.top)) / fastfrac(self.R, zero.reduce(self.bot))
 
   def __add__(self,other):
@@ -100,14 +100,19 @@ class fastfrac:
     """Multiply something else with a fraction."""
     return self.__mul__(other)
 
-  def __div__(self,other):
+  def __truediv__(self,other):
     """Divide two fractions."""
     if parent(other) == ZZ:
       return fastfrac(self.R,self.top,self.bot * other)
     if other.__class__ == fastfrac:
       return fastfrac(self.R,self.top * other.bot,self.bot * other.top)
     return NotImplemented
 
+  # Compatibility wrapper for Sage versions based on Python 2
+  def __div__(self,other):
+     """Divide two fractions."""
+     return self.__truediv__(other)
+
   def __pow__(self,other):
     """Compute a power of a fraction."""
     if parent(other) == ZZ:
@@ -175,7 +180,7 @@ class constraints:
 
 def conflicts(R, con):
   """Check whether any of the passed non-zero assumptions is implied by the zero assumptions"""
-  zero = R.ideal(map(numerator, con.zero))
+  zero = R.ideal(list(map(numerator, con.zero)))
   if 1 in zero:
     return True
   # First a cheap check whether any of the individual nonzero terms conflict on
@@ -195,7 +200,7 @@ def conflicts(R, con):
 
 def get_nonzero_set(R, assume):
   """Calculate a simple set of nonzero expressions"""
-  zero = R.ideal(map(numerator, assume.zero))
+  zero = R.ideal(list(map(numerator, assume.zero)))
   nonzero = set()
   for nz in map(numerator, assume.nonzero):
     for (f,n) in nz.factor():
@@ -208,7 +213,7 @@ def get_nonzero_set(R, assume):
 
 def prove_nonzero(R, exprs, assume):
   """Check whether an expression is provably nonzero, given assumptions"""
-  zero = R.ideal(map(numerator, assume.zero))
+  zero = R.ideal(list(map(numerator, assume.zero)))
   nonzero = get_nonzero_set(R, assume)
   expl = set()
   ok = True
@@ -250,7 +255,7 @@ def prove_zero(R, exprs, assume):
   r, e = prove_nonzero(R, dict(map(lambda x: (fastfrac(R, x.bot, 1), exprs[x]), exprs)), assume)
   if not r:
     return (False, map(lambda x: "Possibly zero denominator: %s" % x, e))
-  zero = R.ideal(map(numerator, assume.zero))
+  zero = R.ideal(list(map(numerator, assume.zero)))
   nonzero = prod(x for x in assume.nonzero)
   expl = []
   for expr in exprs:
@@ -265,8 +270,8 @@ def describe_extra(R, assume, assumeExtra):
   """Describe what assumptions are added, given existing assumptions"""
   zerox = assume.zero.copy()
   zerox.update(assumeExtra.zero)
-  zero = R.ideal(map(numerator, assume.zero))
-  zeroextra = R.ideal(map(numerator, zerox))
+  zero = R.ideal(list(map(numerator, assume.zero)))
+  zeroextra = R.ideal(list(map(numerator, zerox)))
   nonzero = get_nonzero_set(R, assume)
   ret = set()
   # Iterate over the extra zero expressions

src/secp256k1/sage/weierstrass_prover.sage

@@ -175,24 +175,24 @@ laws_jacobian_weierstrass = {
 def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p):
   """Verify an implementation of addition of Jacobian points on a Weierstrass curve, by executing and validating the result for every possible addition in a prime field"""
   F = Integers(p)
-  print "Formula %s on Z%i:" % (name, p)
+  print("Formula %s on Z%i:" % (name, p))
   points = []
-  for x in xrange(0, p):
-    for y in xrange(0, p):
+  for x in range(0, p):
+    for y in range(0, p):
       point = affinepoint(F(x), F(y))
       r, e = concrete_verify(on_weierstrass_curve(A, B, point))
       if r:
         points.append(point)
 
-  for za in xrange(1, p):
-    for zb in xrange(1, p):
+  for za in range(1, p):
+    for zb in range(1, p):
       for pa in points:
         for pb in points:
-          for ia in xrange(2):
-            for ib in xrange(2):
+          for ia in range(2):
+            for ib in range(2):
               pA = jacobianpoint(pa.x * F(za)^2, pa.y * F(za)^3, F(za), ia)
               pB = jacobianpoint(pb.x * F(zb)^2, pb.y * F(zb)^3, F(zb), ib)
-              for branch in xrange(0, branches):
+              for branch in range(0, branches):
                 assumeAssert, assumeBranch, pC = formula(branch, pA, pB)
                 pC.X = F(pC.X)
                 pC.Y = F(pC.Y)
@@ -206,13 +206,13 @@ def check_exhaustive_jacobian_weierstrass(name, A, B, branches, formula, p):
                     r, e = concrete_verify(assumeLaw)
                     if r:
                       if match:
-                        print "  multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity)
+                        print("  multiple branches for (%s,%s,%s,%s) + (%s,%s,%s,%s)" % (pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity))
                       else:
                         match = True
                       r, e = concrete_verify(require)
                       if not r:
-                        print "  failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e)
-  print
+                        print("  failure in branch %i for (%s,%s,%s,%s) + (%s,%s,%s,%s) = (%s,%s,%s,%s): %s" % (branch, pA.X, pA.Y, pA.Z, pA.Infinity, pB.X, pB.Y, pB.Z, pB.Infinity, pC.X, pC.Y, pC.Z, pC.Infinity, e))
+  print()
 
 
 def check_symbolic_function(R, assumeAssert, assumeBranch, f, A, B, pa, pb, pA, pB, pC):
@@ -242,9 +242,9 @@ def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula):
   for key in laws_jacobian_weierstrass:
     res[key] = []
 
-  print ("Formula " + name + ":")
+  print("Formula " + name + ":")
   count = 0
-  for branch in xrange(branches):
+  for branch in range(branches):
     assumeFormula, assumeBranch, pC = formula(branch, pA, pB)
     pC.X = lift(pC.X)
     pC.Y = lift(pC.Y)
@@ -255,10 +255,10 @@ def check_symbolic_jacobian_weierstrass(name, A, B, branches, formula):
       res[key].append((check_symbolic_function(R, assumeFormula, assumeBranch, laws_jacobian_weierstrass[key], A, B, pa, pb, pA, pB, pC), branch))
 
   for key in res:
-    print "  %s:" % key
+    print("  %s:" % key)
     val = res[key]
     for x in val:
       if x[0] is not None:
-        print "    branch %i: %s" % (x[1], x[0])
+        print("    branch %i: %s" % (x[1], x[0]))
 
-  print
+  print()

src/secp256k1/src/modules/rangeproof/tests_impl.h

@@ -498,7 +498,7 @@ static void test_rangeproof(void) {
         CHECK(maxv >= v);
     }
     memcpy(&commit2, &commit, sizeof(commit));
-    for (i = 0; i < (size_t) 2*count; i++) {
+    for (i = 0; i < (size_t) count; i++) {
         int exp;
         int min_bits;
         v = secp256k1_testrandi64(0, UINT64_MAX >> (secp256k1_testrand32()&63));
@@ -532,11 +532,11 @@ static void test_rangeproof(void) {
         CHECK(secp256k1_rangeproof_rewind(ctx, blindout, &vout, NULL, NULL, commit.data, &minv, &maxv, &commit, proof, len, NULL, 0, secp256k1_generator_h));
         memcpy(&commit2, &commit, sizeof(commit));
     }
-    for (j = 0; j < 5; j++) {
+    for (j = 0; j < 3; j++) {
         for (i = 0; i < 96; i++) {
             secp256k1_testrand256(&proof[i * 32]);
         }
-        for (k = 0; k < 128; k++) {
+        for (k = 0; k < 128; k += 3) {
             len = k;
             CHECK(!secp256k1_rangeproof_verify(ctx, &minv, &maxv, &commit2, proof, len, NULL, 0, secp256k1_generator_h));
         }
@@ -696,10 +696,10 @@ void run_rangeproof_tests(void) {
     test_api();
     test_rangeproof_fixed_vectors();
     test_pedersen_commitment_fixed_vector();
-    for (i = 0; i < 10*count; i++) {
+    for (i = 0; i < count / 2 + 1; i++) {
         test_pedersen();
     }
-    for (i = 0; i < 10*count; i++) {
+    for (i = 0; i < count / 2 + 1; i++) {
         test_borromean();
     }
     test_rangeproof();

src/secp256k1/src/modules/surjection/tests_impl.h

@@ -667,10 +667,7 @@ void test_fixed_vectors(void) {
 }
 
 void run_surjection_tests(void) {
-    int i;
-    for (i = 0; i < count; i++) {
-        test_surjectionproof_api();
-    }
+    test_surjectionproof_api();
     test_fixed_vectors();
 
     test_input_selection(0);

src/secp256k1/src/tests.c

@@ -5802,6 +5802,15 @@ int main(int argc, char **argv) {
     /* find iteration count */
     if (argc > 1) {
         count = strtol(argv[1], NULL, 0);
+    } else {
+        const char* env = getenv("SECP256K1_TEST_ITERS");
+        if (env) {
+            count = strtol(env, NULL, 0);
+        }
+    }
+    if (count <= 0) {
+        fputs("An iteration count of 0 or less is not allowed.\n", stderr);
+        return EXIT_FAILURE;
     }
     printf("test count = %i\n", count);