Add test for check if h is identity in the verify_partial_blind_signature

This commit is contained in:
aniampio
2024-08-08 16:47:17 +01:00
parent 7722a7080c
commit 6ea746e7f3
2 changed files with 42 additions and 3 deletions
@@ -40,6 +40,9 @@ pub enum CompactEcashError {
#[error("issuance verification failed")]
IssuanceVerification,
#[error("verification of partial blind signature failed")]
PartialBlindSignatureVerification,
#[error("trying to spend more than what's available. Spending : {spending}, available : {remaining}")]
SpendExceedsAllowance { spending: u64, remaining: u64 },
@@ -493,7 +493,12 @@ pub fn verify_partial_blind_signature(
if num_private_attributes + public_attributes.len() > partial_verification_key.beta_g2.len() {
return false;
}
// Note: This check is useful if someone uses the code of those functions
// to verify Pointcheval-Sanders signatures in a context different for their use
// in zk-nyms
if bool::from(blind_sig.h.is_identity()){
return false;
}
// TODO: we're losing some memory here due to extra allocation,
// but worst-case scenario (given SANE amount of attributes), it's just few kb at most
let c_neg = blind_sig.c.to_affine().neg();
@@ -553,8 +558,10 @@ pub fn verify_partial_blind_signature(
#[cfg(test)]
mod tests {
use crate::ecash_group_parameters;
use crate::scheme::keygen::SecretKeyUser;
use super::generate_non_identity_h;
use crate::scheme::keygen::{SecretKeyUser, VerificationKeyAuth};
use super::{generate_non_identity_h, verify_partial_blind_signature};
use crate::common_types::{BlindedSignature};
use bls12_381::{G1Projective};
#[test]
fn test_generate_non_identity_h() {
@@ -572,4 +579,33 @@ mod tests {
// Ensure that the joined_commitment_hash is not the identity element
assert!(!bool::from(joined_commitment_hash.is_identity()), "Joined commitment hash should not be the identity element");
}
#[test]
fn test_verify_partial_blind_signature_blind_sig_identity() {
let params = ecash_group_parameters();
let private_attribute_commitments = vec![params.gen1() * params.random_scalar()];
let public_attributes = vec![];
// Create a blinded signature with h being the identity element
let blind_sig = BlindedSignature {
h: G1Projective::identity(),
c: params.gen1() * params.random_scalar(),
};
// Create a mock partial verification key
let partial_verification_key = VerificationKeyAuth {
alpha: params.gen2() * params.random_scalar(),
beta_g1: vec![params.gen1() * params.random_scalar()],
beta_g2: vec![params.gen2() * params.random_scalar()],
};
// Test with identity h, expecting false
assert!(
!verify_partial_blind_signature(
&private_attribute_commitments,
&public_attributes,
&blind_sig,
&partial_verification_key
),
"Expected verification to return false for identity h in blind signature"
);
}
}