Skip to content

Commit 4ad49c8

Browse files
sipasipa
committed
Add extra modular inverse tests
1 parent 58a3e7c commit 4ad49c8

File tree

1 file changed

+84
-0
lines changed

1 file changed

+84
-0
lines changed

src/tests.c

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1730,6 +1730,89 @@ void run_sqrt(void) {
17301730
}
17311731
}
17321732

1733+
/***** INVERSE TESTS *****/
1734+
1735+
static const secp256k1_scalar scalar_minus_one = SECP256K1_SCALAR_CONST(
1736+
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE,
1737+
0xBAAEDCE6, 0xAF48A03B, 0xBFD25E8C, 0xD0364140
1738+
);
1739+
1740+
static const secp256k1_fe fe_minus_one = SECP256K1_FE_CONST(
1741+
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
1742+
0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFC2E
1743+
);
1744+
1745+
/* These tests rely on the identity:
1746+
*
1747+
* 1/(1/x - 1) + 1 = -1/(x-1) for x!=0 and x!=1
1748+
*/
1749+
1750+
void test_inverse_scalar(unsigned char* b32, int var)
1751+
{
1752+
secp256k1_scalar l, r;
1753+
1754+
secp256k1_scalar_set_b32(&l, b32, NULL);
1755+
if (secp256k1_scalar_is_zero(&l)) return;
1756+
secp256k1_scalar_add(&r, &l, &scalar_minus_one);
1757+
if (secp256k1_scalar_is_zero(&r)) return;
1758+
if (var) {
1759+
secp256k1_scalar_inverse_var(&l, &l);
1760+
secp256k1_scalar_inverse_var(&r, &r);
1761+
} else {
1762+
secp256k1_scalar_inverse(&l, &l);
1763+
secp256k1_scalar_inverse(&r, &r);
1764+
}
1765+
secp256k1_scalar_add(&l, &scalar_minus_one, &l);
1766+
if (var) {
1767+
secp256k1_scalar_inverse_var(&l, &l);
1768+
} else {
1769+
secp256k1_scalar_inverse(&l, &l);
1770+
}
1771+
secp256k1_scalar_add(&l, &l, &secp256k1_scalar_one);
1772+
secp256k1_scalar_add(&l, &r, &l);
1773+
CHECK(secp256k1_scalar_is_zero(&l));
1774+
}
1775+
1776+
void test_inverse_field(unsigned char* b32, int var)
1777+
{
1778+
secp256k1_fe l, r;
1779+
1780+
secp256k1_fe_set_b32(&l, b32);
1781+
if (secp256k1_fe_normalizes_to_zero_var(&l)) return;
1782+
r = l;
1783+
secp256k1_fe_add(&r, &fe_minus_one);
1784+
if (secp256k1_fe_normalizes_to_zero_var(&r)) return;
1785+
if (var) {
1786+
secp256k1_fe_inv_var(&l, &l);
1787+
secp256k1_fe_inv_var(&r, &r);
1788+
} else {
1789+
secp256k1_fe_inv(&l, &l);
1790+
secp256k1_fe_inv(&r, &r);
1791+
}
1792+
secp256k1_fe_add(&l, &fe_minus_one);
1793+
if (var) {
1794+
secp256k1_fe_inv_var(&l, &l);
1795+
} else {
1796+
secp256k1_fe_inv(&l, &l);
1797+
}
1798+
secp256k1_fe_add(&l, &secp256k1_fe_one);
1799+
secp256k1_fe_add(&l, &r);
1800+
CHECK(secp256k1_fe_normalizes_to_zero_var(&l));
1801+
}
1802+
1803+
void run_inverse_tests(void)
1804+
{
1805+
int i;
1806+
for (i = 0; i < 100 * count; ++i) {
1807+
unsigned char b32[32];
1808+
secp256k1_testrand256_test(b32);
1809+
test_inverse_scalar(b32, 0);
1810+
test_inverse_scalar(b32, 1);
1811+
test_inverse_field(b32, 0);
1812+
test_inverse_field(b32, 1);
1813+
}
1814+
}
1815+
17331816
/***** GROUP TESTS *****/
17341817

17351818
void ge_equals_ge(const secp256k1_ge *a, const secp256k1_ge *b) {
@@ -5213,6 +5296,7 @@ int main(int argc, char **argv) {
52135296
run_rand_int();
52145297

52155298
run_ctz_tests();
5299+
run_inverse_tests();
52165300

52175301
run_sha256_tests();
52185302
run_hmac_sha256_tests();

0 commit comments

Comments
 (0)