From 8541b2bde4e7ab194dc0097c5b58e41af090a6bb Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Wed, 8 Aug 2018 12:15:16 +0300 Subject: [PATCH 01/29] pedersen_hash: prints hashes, adds comments --- zcash_primitives/src/pedersen_hash.rs | 16 ++++++++++++++++ zcash_proofs/src/circuit/pedersen_hash.rs | 1 + 2 files changed, 17 insertions(+) diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index 835e9c730e..f760a1f6d5 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -38,12 +38,14 @@ where let mut generators = params.pedersen_hash_exp_table().iter(); loop { + // acc is let mut acc = E::Fs::zero(); let mut cur = E::Fs::one(); let mut chunks_remaining = params.pedersen_hash_chunks_per_generator(); let mut encountered_bits = false; // Grab three bits from the input + // spec: iterate over chunks (a,b,c) while let Some(a) = bits.next() { encountered_bits = true; @@ -51,6 +53,7 @@ where let c = bits.next().unwrap_or(false); // Start computing this portion of the scalar + // tmp is enc(m_j) let mut tmp = cur; if a { tmp.add_assign(&cur); @@ -105,3 +108,16 @@ where result } + +#[cfg(test)] +mod test { + use crate::jubjub::*; + + #[test] + fn test_pedersen_hash_generators() { + let params = &JubjubBls12::new(); + for (i, generator) in params.pedersen_hash_generators().iter().enumerate() { + println!("generator {}, x={}, y={}", i, generator.to_xy().0, generator.to_xy().1) + } + } +} diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 409f30ec19..67d05c507f 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -26,6 +26,7 @@ where assert_eq!(personalization.len(), 6); let mut edwards_result = None; + //REVIEW: bit cloning let mut bits = personalization.iter().chain(bits.iter()).peekable(); let mut segment_generators = params.pedersen_circuit_generators().iter(); let boolean_false = Boolean::constant(false); From 414d651c9c0f12d48ba2f998ede156f38f8c719a Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Thu, 9 Aug 2018 16:20:39 +0300 Subject: [PATCH 02/29] pedersen_hash: adds tests for Daniel's vector --- zcash_primitives/src/pedersen_hash.rs | 4 ++++ zcash_proofs/src/circuit/pedersen_hash.rs | 26 +++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index f760a1f6d5..f49fcb70aa 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -5,6 +5,7 @@ use ff::{Field, PrimeField, PrimeFieldRepr}; pub enum Personalization { NoteCommitment, MerkleTree(usize), + Empty, } impl Personalization { @@ -16,6 +17,9 @@ impl Personalization { (0..6).map(|i| (num >> i) & 1 == 1).collect() } + Personalization::Empty => { + vec![true, true, true, false, false, false] + } } } } diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 67d05c507f..82703fa988 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -208,4 +208,30 @@ mod test { } } } + + #[test] + fn test_pedersen_hash_alternative() { + let params = &JubjubBls12::new(); + + let mut input: Vec = vec![true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, true, false, true, true, true, true, true, false, true, false, false, false, true, true, false, false, false, false, false, false, false, false, false, false, true, false, false, false, true, false, true, true, true, false, false, true, true, false, true, true, true, true, true, false, true, true, false, true, true, false, true, false, true, false, true, true, false, true, false, true, true, false, false, false, false, false, true, true, false, true, false, true, true, true, true, false, true, false, true, false, false, false, false, true, true, true, false, true, true, true, false, true, false, false, true, false, true, true, true, false, false, false, true, true]; + + let mut cs = TestConstraintSystem::::new(); + + let input_bools: Vec = input.iter().enumerate().map(|(i, b)| { + Boolean::from( + AllocatedBit::alloc(cs.namespace(|| format!("input {}", i)), Some(*b)).unwrap() + ) + }).collect(); + + let res = pedersen_hash( + cs.namespace(|| "pedersen hash"), + Personalization::Empty, + &input_bools, + params + ).unwrap(); + + assert!(cs.is_satisfied()); + println!("x={},y={}", res.get_x().get_value().unwrap(), res.get_y().get_value().unwrap()); + + } } From 15633ad434fe58f4b2a59d90e5ee0abacd1e3e11 Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Fri, 17 Aug 2018 18:34:54 +0300 Subject: [PATCH 03/29] pedersen hashes: example of size limit bug --- bellman/src/gadgets/lookup.rs | 1 + zcash_primitives/src/pedersen_hash.rs | 19 ++++++++++++++++--- zcash_proofs/src/circuit/pedersen_hash.rs | 8 ++++++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/bellman/src/gadgets/lookup.rs b/bellman/src/gadgets/lookup.rs index bbb1da6168..0c55801bdc 100644 --- a/bellman/src/gadgets/lookup.rs +++ b/bellman/src/gadgets/lookup.rs @@ -154,6 +154,7 @@ where Ok(tmp) })?; + let one = CS::one(); // Compute the coefficients for the lookup constraints diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index f49fcb70aa..11dc3879b7 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -18,7 +18,7 @@ impl Personalization { (0..6).map(|i| (num >> i) & 1 == 1).collect() } Personalization::Empty => { - vec![true, true, true, false, false, false] + vec![true, true, true, true, true, true] } } } @@ -115,13 +115,26 @@ where #[cfg(test)] mod test { - use crate::jubjub::*; + use crate::{ + jubjub::*, + pedersen_hash::{pedersen_hash, Personalization}, + }; + use pairing::bls12_381::{Bls12, Fr}; #[test] - fn test_pedersen_hash_generators() { + fn test_pedersen_hash_noncircuit() { let params = &JubjubBls12::new(); + /* for (i, generator) in params.pedersen_hash_generators().iter().enumerate() { println!("generator {}, x={}, y={}", i, generator.to_xy().0, generator.to_xy().1) } + */ + + let mut input: Vec = vec![]; + for i in 0..(63*3*4+1) { + input.push(true); + } + let p = pedersen_hash::(Personalization::Empty, input, ¶ms).to_xy(); + println!("hash = {}, {}", p.0, p.1); } } diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 82703fa988..7f43b1c7b8 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -41,6 +41,7 @@ where let b = bits.next().unwrap_or(&boolean_false); let c = bits.next().unwrap_or(&boolean_false); + let tmp = lookup3_xy_with_conditional_negation( cs.namespace(|| format!("segment {}, window {}", segment_i, window_i)), &[a.clone(), b.clone(), c.clone()], @@ -213,16 +214,19 @@ mod test { fn test_pedersen_hash_alternative() { let params = &JubjubBls12::new(); - let mut input: Vec = vec![true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, false, false, true, true, true, false, true, false, true, true, true, true, true, false, true, false, false, false, true, true, false, false, false, false, false, false, false, false, false, false, true, false, false, false, true, false, true, true, true, false, false, true, true, false, true, true, true, true, true, false, true, true, false, true, true, false, true, false, true, false, true, true, false, true, false, true, true, false, false, false, false, false, true, true, false, true, false, true, true, true, true, false, true, false, true, false, false, false, false, true, true, true, false, true, true, true, false, true, false, false, true, false, true, true, true, false, false, false, true, true]; + let mut input: Vec = vec![]; + for i in 0..(63*3*4+1) { + input.push(true); + } let mut cs = TestConstraintSystem::::new(); + let input_bools: Vec = input.iter().enumerate().map(|(i, b)| { Boolean::from( AllocatedBit::alloc(cs.namespace(|| format!("input {}", i)), Some(*b)).unwrap() ) }).collect(); - let res = pedersen_hash( cs.namespace(|| "pedersen hash"), Personalization::Empty, From 4835be05b0478a4c753fdbcd728502ff0ce74f7e Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Sun, 19 Aug 2018 10:04:33 +0300 Subject: [PATCH 04/29] pedersen_hash: show a tighter limit for hash sizes --- zcash_proofs/src/circuit/pedersen_hash.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 7f43b1c7b8..30ee06ee25 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -215,7 +215,7 @@ mod test { let params = &JubjubBls12::new(); let mut input: Vec = vec![]; - for i in 0..(63*3*4+1) { + for i in 0..(63*3*4-6+1) { input.push(true); } From 43496857c9b76f0e386d243eb3d0654ee7f0657e Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Tue, 4 Sep 2018 16:03:52 +0300 Subject: [PATCH 05/29] pedersen_hash: removes debug prints --- bellman/src/gadgets/lookup.rs | 1 - zcash_proofs/src/circuit/pedersen_hash.rs | 31 ----------------------- 2 files changed, 32 deletions(-) diff --git a/bellman/src/gadgets/lookup.rs b/bellman/src/gadgets/lookup.rs index 0c55801bdc..bbb1da6168 100644 --- a/bellman/src/gadgets/lookup.rs +++ b/bellman/src/gadgets/lookup.rs @@ -154,7 +154,6 @@ where Ok(tmp) })?; - let one = CS::one(); // Compute the coefficients for the lookup constraints diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 30ee06ee25..409f30ec19 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -26,7 +26,6 @@ where assert_eq!(personalization.len(), 6); let mut edwards_result = None; - //REVIEW: bit cloning let mut bits = personalization.iter().chain(bits.iter()).peekable(); let mut segment_generators = params.pedersen_circuit_generators().iter(); let boolean_false = Boolean::constant(false); @@ -41,7 +40,6 @@ where let b = bits.next().unwrap_or(&boolean_false); let c = bits.next().unwrap_or(&boolean_false); - let tmp = lookup3_xy_with_conditional_negation( cs.namespace(|| format!("segment {}, window {}", segment_i, window_i)), &[a.clone(), b.clone(), c.clone()], @@ -209,33 +207,4 @@ mod test { } } } - - #[test] - fn test_pedersen_hash_alternative() { - let params = &JubjubBls12::new(); - - let mut input: Vec = vec![]; - for i in 0..(63*3*4-6+1) { - input.push(true); - } - - let mut cs = TestConstraintSystem::::new(); - - - let input_bools: Vec = input.iter().enumerate().map(|(i, b)| { - Boolean::from( - AllocatedBit::alloc(cs.namespace(|| format!("input {}", i)), Some(*b)).unwrap() - ) - }).collect(); - let res = pedersen_hash( - cs.namespace(|| "pedersen hash"), - Personalization::Empty, - &input_bools, - params - ).unwrap(); - - assert!(cs.is_satisfied()); - println!("x={},y={}", res.get_x().get_value().unwrap(), res.get_y().get_value().unwrap()); - - } } From 7ee61c4f94912f549efca1af76fffeaaf66a5e9e Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Tue, 4 Sep 2018 16:28:41 +0300 Subject: [PATCH 06/29] pedersen_hash: adds test vectors for the circuit implementation --- zcash_primitives/src/pedersen_hash.rs | 33 -------------- zcash_proofs/src/circuit/pedersen_hash.rs | 53 +++++++++++++++++++++++ 2 files changed, 53 insertions(+), 33 deletions(-) diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index 11dc3879b7..835e9c730e 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -5,7 +5,6 @@ use ff::{Field, PrimeField, PrimeFieldRepr}; pub enum Personalization { NoteCommitment, MerkleTree(usize), - Empty, } impl Personalization { @@ -17,9 +16,6 @@ impl Personalization { (0..6).map(|i| (num >> i) & 1 == 1).collect() } - Personalization::Empty => { - vec![true, true, true, true, true, true] - } } } } @@ -42,14 +38,12 @@ where let mut generators = params.pedersen_hash_exp_table().iter(); loop { - // acc is let mut acc = E::Fs::zero(); let mut cur = E::Fs::one(); let mut chunks_remaining = params.pedersen_hash_chunks_per_generator(); let mut encountered_bits = false; // Grab three bits from the input - // spec: iterate over chunks (a,b,c) while let Some(a) = bits.next() { encountered_bits = true; @@ -57,7 +51,6 @@ where let c = bits.next().unwrap_or(false); // Start computing this portion of the scalar - // tmp is enc(m_j) let mut tmp = cur; if a { tmp.add_assign(&cur); @@ -112,29 +105,3 @@ where result } - -#[cfg(test)] -mod test { - use crate::{ - jubjub::*, - pedersen_hash::{pedersen_hash, Personalization}, - }; - use pairing::bls12_381::{Bls12, Fr}; - - #[test] - fn test_pedersen_hash_noncircuit() { - let params = &JubjubBls12::new(); - /* - for (i, generator) in params.pedersen_hash_generators().iter().enumerate() { - println!("generator {}, x={}, y={}", i, generator.to_xy().0, generator.to_xy().1) - } - */ - - let mut input: Vec = vec![]; - for i in 0..(63*3*4+1) { - input.push(true); - } - let p = pedersen_hash::(Personalization::Empty, input, ¶ms).to_xy(); - println!("hash = {}, {}", p.0, p.1); - } -} diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 409f30ec19..acaf7c91bb 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -207,4 +207,57 @@ mod test { } } } + + #[test] + fn test_pedersen_hash_external_test_vectors() { + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, + 0xbc, 0xe5, + ]); + let params = &JubjubBls12::new(); + + let expected_xs = [ + "28161926966428986673895580777285905189725480206811328272001879986576840909576", + "39669831794597628158501766225645040955899576179071014703006420393381978263045", + ]; + let expected_ys = [ + "26869991781071974894722407757894142583682396277979904369818887810555917099932", + "2112827187110048608327330788910224944044097981650120385961435904443901436107", + ]; + for length in 300..302 { + let mut input: Vec = (0..length).map(|_| rng.next_u32() % 2 != 0).collect(); + + let mut cs = TestConstraintSystem::::new(); + + let input_bools: Vec = input + .iter() + .enumerate() + .map(|(i, b)| { + Boolean::from( + AllocatedBit::alloc(cs.namespace(|| format!("input {}", i)), Some(*b)) + .unwrap(), + ) + }) + .collect(); + + let res = pedersen_hash( + cs.namespace(|| "pedersen hash"), + Personalization::MerkleTree(1), + &input_bools, + params, + ) + .unwrap(); + + assert!(cs.is_satisfied()); + + assert_eq!( + res.get_x().get_value().unwrap(), + Fr::from_str(expected_xs[length - 300]).unwrap() + ); + assert_eq!( + res.get_y().get_value().unwrap(), + Fr::from_str(expected_ys[length - 300]).unwrap() + ); + } + } } From 804f4cba6791dc27d2bf0d20fcc1824b5ee0f01a Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Wed, 24 Oct 2018 12:37:32 +0300 Subject: [PATCH 07/29] Add blake2s test vectors for varying sizes from go-jubjub --- bellman/src/gadgets/blake2s.rs | 74 ++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/bellman/src/gadgets/blake2s.rs b/bellman/src/gadgets/blake2s.rs index 672f139378..d074f2f6a0 100644 --- a/bellman/src/gadgets/blake2s.rs +++ b/bellman/src/gadgets/blake2s.rs @@ -554,4 +554,78 @@ mod test { } } } + + #[test] + fn test_blake2s_256_vars() { + let data: Vec = hex!("be9f9c485e670acce8b1516a378176161b20583637b6f1c536fbc1158a0a3296831df2920e57a442d5738f4be4dd6be89dd7913fc8b4d1c0a815646a4d674b77f7caf313bd880bf759fcac27037c48c2b2a20acd2fd5248e3be426c84a341c0a3c63eaf36e0d537d10b8db5c6e4c801832c41eb1a3ed602177acded8b4b803bd34339d99a18b71df399641cc8dfae2ad193fcd74b5913e704551777160d14c78f2e8d5c32716a8599c1080cb89a40ccd6ba596694a8b4a065d9f2d0667ef423ed2e418093caff884540858b4f4b62acd47edcea880523e1b1cda8eb225c128c2e9e83f14f6e7448c5733a195cac7d79a53dde5083172462c45b2f799e42af1c9").to_vec(); + assert_eq!(data.len(), 256); + + let mut cs = TestConstraintSystem::::new(); + + let mut input_bits = vec![]; + + for (byte_i, input_byte) in data.into_iter().enumerate() { + for bit_i in 0..8 { + let cs = cs.namespace(|| format!("input bit {} {}", byte_i, bit_i)); + + input_bits.push( + AllocatedBit::alloc(cs, Some((input_byte >> bit_i) & 1u8 == 1u8)) + .unwrap() + .into(), + ); + } + } + + let r = blake2s(&mut cs, &input_bits, b"12345678").unwrap(); + + assert!(cs.is_satisfied()); + + let expected = hex!("0af5695115ced92c8a0341e43869209636e9aa6472e4576f0f2b996cf812b30e"); + + let mut out = r.into_iter(); + for b in expected.into_iter() { + for i in 0..8 { + let c = out.next().unwrap().get_value().unwrap(); + + assert_eq!(c, (b >> i) & 1u8 == 1u8); + } + } + } + + #[test] + fn test_blake2s_700_vars() { + let data: Vec = hex!("5dcfe8bab4c758d2eb1ddb7ef337583e0df3e2c358e1755b7cd303a658de9a1227eed1d1114179a5c3c38d692ff2cf2d4e5c92a9516de750106774bbf9f7d063f707f4c9b6a02c0a77e4feb99e036c3ccaee7d1a31cb144093aa074bc9da608f8ff30b39c3c60e4a243cc0bbd406d1262a7d6607b31c60275c6bcc8b0ac49a06a4b629a98693c5f7640f3bca45e4977cfabc5b17f52838af3433b1fd407dbbdc131e8e4bd58bcee85bbab4b57b656c6a2ec6cf852525bc8423675e2bf29159139cd5df99db94719f3f7167230e0d5bd76f6d7891b656732cef9c3c0d48a5fa3d7a879988157b39015a85451b25af0301ca5e759ac35fea79dca38c673ec6db9f3885d9103e2dcb3304bd3d59b0b1d01babc97ef8a74d91b6ab6bf50f29eb5adf7250a28fd85db37bff0133193635da69caeefc72979cf3bef1d2896d847eea7e8a81e0927893dbd010feb6fb845d0399007d9a148a0596d86cd8f4192631f975c560f4de8da5f712c161342063af3c11029d93d6df7ff46db48343499de9ec4786cac059c4025ef418c9fe40132428ff8b91259d71d1709ff066add84ae944b45a817f60b4c1bf719e39ae23e9b413469db2310793e9137cf38741e5dd2a3c138a566dbde1950c00071b20ac457b46ba9b0a7ebdddcc212bd228d2a4c4146a970e54158477247c27871af1564b176576e9fd43bf63740bf77434bc4ea3b1a4b430e1a11714bf43160145578a575c3f78ddeaa48de97f73460f26f8df2b5d63e31800100d16bc27160fea5ced5a977ef541cfe8dadc7b3991ed1c0d4f16a3076bbfed96ba3e155113e794987af8abb133f06feefabc2ac32eb4d4d4ba1541ca08b9e518d2e74b7f946b0cbd2663d58c689359b9a565821acc619011233d1011963fa302cde34fc9c5ba2e03eeb2512f547391e940d56218e22ae325f2dfa38d4bae35744ee707aa5dc9c17674025d15390a08f5c452343546ef6da0f7").to_vec(); + assert_eq!(data.len(), 256); + + let mut cs = TestConstraintSystem::::new(); + + let mut input_bits = vec![]; + + for (byte_i, input_byte) in data.into_iter().enumerate() { + for bit_i in 0..8 { + let cs = cs.namespace(|| format!("input bit {} {}", byte_i, bit_i)); + + input_bits.push( + AllocatedBit::alloc(cs, Some((input_byte >> bit_i) & 1u8 == 1u8)) + .unwrap() + .into(), + ); + } + } + + let r = blake2s(&mut cs, &input_bits, b"12345678").unwrap(); + + assert!(cs.is_satisfied()); + + let expected = hex!("2ab8f0683167ba220eef19dccf4f9b1a8193cc09b35e0235842323950530f18a"); + + let mut out = r.into_iter(); + for b in expected.into_iter() { + for i in 0..8 { + let c = out.next().unwrap().get_value().unwrap(); + + assert_eq!(c, (b >> i) & 1u8 == 1u8); + } + } + } } From cc2a41d86c3f3a2b2a5f42228773c90dd0eeeda0 Mon Sep 17 00:00:00 2001 From: Taylor Hornby Date: Tue, 12 Mar 2019 13:46:01 -0600 Subject: [PATCH 08/29] Fix blake2s test data length assertion. --- bellman/src/gadgets/blake2s.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bellman/src/gadgets/blake2s.rs b/bellman/src/gadgets/blake2s.rs index d074f2f6a0..d89aac5a9c 100644 --- a/bellman/src/gadgets/blake2s.rs +++ b/bellman/src/gadgets/blake2s.rs @@ -595,7 +595,7 @@ mod test { #[test] fn test_blake2s_700_vars() { let data: Vec = hex!("5dcfe8bab4c758d2eb1ddb7ef337583e0df3e2c358e1755b7cd303a658de9a1227eed1d1114179a5c3c38d692ff2cf2d4e5c92a9516de750106774bbf9f7d063f707f4c9b6a02c0a77e4feb99e036c3ccaee7d1a31cb144093aa074bc9da608f8ff30b39c3c60e4a243cc0bbd406d1262a7d6607b31c60275c6bcc8b0ac49a06a4b629a98693c5f7640f3bca45e4977cfabc5b17f52838af3433b1fd407dbbdc131e8e4bd58bcee85bbab4b57b656c6a2ec6cf852525bc8423675e2bf29159139cd5df99db94719f3f7167230e0d5bd76f6d7891b656732cef9c3c0d48a5fa3d7a879988157b39015a85451b25af0301ca5e759ac35fea79dca38c673ec6db9f3885d9103e2dcb3304bd3d59b0b1d01babc97ef8a74d91b6ab6bf50f29eb5adf7250a28fd85db37bff0133193635da69caeefc72979cf3bef1d2896d847eea7e8a81e0927893dbd010feb6fb845d0399007d9a148a0596d86cd8f4192631f975c560f4de8da5f712c161342063af3c11029d93d6df7ff46db48343499de9ec4786cac059c4025ef418c9fe40132428ff8b91259d71d1709ff066add84ae944b45a817f60b4c1bf719e39ae23e9b413469db2310793e9137cf38741e5dd2a3c138a566dbde1950c00071b20ac457b46ba9b0a7ebdddcc212bd228d2a4c4146a970e54158477247c27871af1564b176576e9fd43bf63740bf77434bc4ea3b1a4b430e1a11714bf43160145578a575c3f78ddeaa48de97f73460f26f8df2b5d63e31800100d16bc27160fea5ced5a977ef541cfe8dadc7b3991ed1c0d4f16a3076bbfed96ba3e155113e794987af8abb133f06feefabc2ac32eb4d4d4ba1541ca08b9e518d2e74b7f946b0cbd2663d58c689359b9a565821acc619011233d1011963fa302cde34fc9c5ba2e03eeb2512f547391e940d56218e22ae325f2dfa38d4bae35744ee707aa5dc9c17674025d15390a08f5c452343546ef6da0f7").to_vec(); - assert_eq!(data.len(), 256); + assert_eq!(data.len(), 700); let mut cs = TestConstraintSystem::::new(); From abd03928b4ddd294e15fe1e383ea81e708dac09d Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Wed, 29 Aug 2018 20:13:43 +0300 Subject: [PATCH 09/29] adds test vectors for NoteCommit --- zcash_proofs/src/circuit/sapling.rs | 204 +++++++++++++++++++++++++++- 1 file changed, 203 insertions(+), 1 deletion(-) diff --git a/zcash_proofs/src/circuit/sapling.rs b/zcash_proofs/src/circuit/sapling.rs index 08e55e604f..d84a2a20bc 100644 --- a/zcash_proofs/src/circuit/sapling.rs +++ b/zcash_proofs/src/circuit/sapling.rs @@ -87,6 +87,7 @@ where &value_bits, params, )?; + println!("value: {}, {}", value.get_x().get_value().unwrap(), value.get_y().get_value().unwrap()); // Booleanize the randomness. This does not ensure // the bit representation is "in the field" because @@ -95,6 +96,8 @@ where cs.namespace(|| "rcv"), value_commitment.as_ref().map(|c| c.randomness), )?; + println!("rcv: {}", value_commitment.as_ref().unwrap().randomness); + println!("value: {}", value_commitment.as_ref().unwrap().value); // Compute the randomness in the exponent let rcv = ecc::fixed_base_multiplication( @@ -106,6 +109,7 @@ where // Compute the Pedersen commitment to the value let cv = value.add(cs.namespace(|| "computation of cv"), &rcv, params)?; + println!("cv: {}, {}", cv.get_x().get_value().unwrap(), cv.get_y().get_value().unwrap()); // Expose the commitment as an input to the circuit cv.inputize(cs.namespace(|| "commitment point"))?; @@ -270,7 +274,17 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { ¬e_contents, self.params, )?; - + println!("cm: {}, {}", cm.get_x().get_value().unwrap(), cm.get_y().get_value().unwrap()); + + let mut note_contents_print: Vec<&str> = vec![]; + for b in ¬e_contents { + if b.get_value().unwrap() { + note_contents_print.push("true"); + } else { + note_contents_print.push("false"); + } + } + println!("note_contents: {}", note_contents_print.join(", ")); { // Booleanize the randomness for the note commitment let rcm = boolean::field_into_boolean_vec_le( @@ -278,6 +292,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { self.commitment_randomness, )?; + println!("commitment_randomness: {}", &self.commitment_randomness.unwrap()); // Compute the note commitment randomness in the exponent let rcm = ecc::fixed_base_multiplication( cs.namespace(|| "computation of commitment randomness"), @@ -285,6 +300,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { &rcm, self.params, )?; + println!("rcm: {}, {}", rcm.get_x().get_value().unwrap(), rcm.get_y().get_value().unwrap()); // Randomize the note commitment. Pedersen hashes are not // themselves hiding commitments. @@ -293,6 +309,8 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { &rcm, self.params, )?; + + println!("cm: {}, {}", cm.get_x().get_value().unwrap(), cm.get_y().get_value().unwrap()); } // This will store (least significant bit first) @@ -682,6 +700,190 @@ fn test_input_circuit_with_bls12_381() { } } +#[test] +fn test_input_circuit_with_bls12_381_external_test_vectors() { + use bellman::gadgets::test::*; + use ff::{BitIterator, Field}; + use pairing::bls12_381::*; + use rand_core::{RngCore, SeedableRng}; + use rand_xorshift::XorShiftRng; + use zcash_primitives::{ + jubjub::{edwards, fs, JubjubBls12}, + pedersen_hash, + primitives::{Diversifier, Note, ProofGenerationKey}, + }; + + let params = &JubjubBls12::new(); + let rng = &mut XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x3d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, + 0xe5, + ]); + + let tree_depth = 32; + + let expected_cm_xs = vec![ + "43821661663052659750276289184181083197337192946256245809816728673021647664276", + "7220807656052227578299730541645543434083158611414003423211850718229633594616", + "13239753550660714843257636471668037031928211668773449453628093339627668081697", + "10900524635678389360790699587556574797582192824300145558807405770494079767974", + "1411013767457690636461779630023011774660680126764323588543800715293173598850", + "32334206652383066267661379202183359608706535021387905923603014648832344657662", + "20206750741605167608500278423400565295188703622528437817438897624149653579380", + "46716485782200334735478719487356079850582051575003452698983255860512578229998", + "31221372899739042781372142393132358519434268512685538373976981051223051220367", + "18269767207277008186871145355531741929166733260352590789136389380124992250945", + ]; + + let expected_cm_ys = vec![ + "27630722367128086497290371604583225252915685718989450292520883698391703910", + "23310648738313092772044712773481584369462075017189681529702825235349449805260", + "25709635353183537915646348052945798827495141780341329896098121888376871589480", + "10516315852014492141081718791576479298042117442649432716255936672048164184691", + "23970713991179488695004801139667700217127937225554773561645815034212389459772", + "3256052161046564597126736968199320852691566092694819239485673781545479548450", + "18887250722195819674378865377623103071236046274361890247643850134985809137409", + "36501156873031641173054592888886902104303750771545647842488588827138867116570", + "21927526310070011864833939629345235038589128172309792087590183778192091594775", + "32959334601512756708397683646222389414681003290313255304927423560477040775488", + ]; + + for i in 0..10 { + let value_commitment = ValueCommitment { + value: i, + randomness: fs::Fs::from_str(&(1000 * (i + 1)).to_string()).unwrap(), + }; + + let nsk = fs::Fs::random(rng); + let ak = edwards::Point::rand(rng, params).mul_by_cofactor(params); + + let proof_generation_key = ProofGenerationKey { + ak: ak.clone(), + nsk: nsk.clone(), + }; + + let viewing_key = proof_generation_key.to_viewing_key(params); + + let payment_address; + + loop { + let diversifier = { + let mut d = [0; 11]; + rng.fill_bytes(&mut d); + Diversifier(d) + }; + + if let Some(p) = viewing_key.to_payment_address(diversifier, params) { + payment_address = p; + break; + } + } + + let g_d = payment_address.diversifier().g_d(params).unwrap(); + let commitment_randomness = fs::Fs::random(rng); + let auth_path = vec![Some((Fr::random(rng), rng.next_u32() % 2 != 0)); tree_depth]; + let ar = fs::Fs::random(rng); + + { + let rk = viewing_key.rk(ar, params).to_xy(); + let expected_value_cm = value_commitment.cm(params).to_xy(); + assert_eq!( + expected_value_cm.0, + Fr::from_str(&expected_cm_xs[i as usize]).unwrap() + ); + assert_eq!( + expected_value_cm.1, + Fr::from_str(&expected_cm_ys[i as usize]).unwrap() + ); + let note = Note { + value: value_commitment.value, + g_d: g_d.clone(), + pk_d: payment_address.pk_d().clone(), + r: commitment_randomness.clone(), + }; + + let mut position = 0u64; + let cm: Fr = note.cm(params); + let mut cur = cm.clone(); + + for (i, val) in auth_path.clone().into_iter().enumerate() { + let (uncle, b) = val.unwrap(); + + let mut lhs = cur; + let mut rhs = uncle; + + if b { + ::std::mem::swap(&mut lhs, &mut rhs); + } + + let mut lhs: Vec = BitIterator::new(lhs.into_repr()).collect(); + let mut rhs: Vec = BitIterator::new(rhs.into_repr()).collect(); + + lhs.reverse(); + rhs.reverse(); + + cur = pedersen_hash::pedersen_hash::( + pedersen_hash::Personalization::MerkleTree(i), + lhs.into_iter() + .take(Fr::NUM_BITS as usize) + .chain(rhs.into_iter().take(Fr::NUM_BITS as usize)), + params, + ) + .to_xy() + .0; + + if b { + position |= 1 << i; + } + } + + let expected_nf = note.nf(&viewing_key, position, params); + let expected_nf = multipack::bytes_to_bits_le(&expected_nf); + let expected_nf = multipack::compute_multipacking::(&expected_nf); + assert_eq!(expected_nf.len(), 2); + + let mut cs = TestConstraintSystem::::new(); + + let instance = Spend { + params: params, + value_commitment: Some(value_commitment.clone()), + proof_generation_key: Some(proof_generation_key.clone()), + payment_address: Some(payment_address.clone()), + commitment_randomness: Some(commitment_randomness), + ar: Some(ar), + auth_path: auth_path.clone(), + anchor: Some(cur), + }; + + instance.synthesize(&mut cs).unwrap(); + + assert!(cs.is_satisfied()); + assert_eq!(cs.num_constraints(), 98777); + assert_eq!( + cs.hash(), + "d37c738e83df5d9b0bb6495ac96abf21bcb2697477e2c15c2c7916ff7a3b6a89" + ); + + assert_eq!(cs.get("randomization of note commitment/x3/num"), cm); + + assert_eq!(cs.num_inputs(), 8); + assert_eq!(cs.get_input(0, "ONE"), Fr::one()); + assert_eq!(cs.get_input(1, "rk/x/input variable"), rk.0); + assert_eq!(cs.get_input(2, "rk/y/input variable"), rk.1); + assert_eq!( + cs.get_input(3, "value commitment/commitment point/x/input variable"), + expected_value_cm.0 + ); + assert_eq!( + cs.get_input(4, "value commitment/commitment point/y/input variable"), + expected_value_cm.1 + ); + assert_eq!(cs.get_input(5, "anchor/input variable"), cur); + assert_eq!(cs.get_input(6, "pack nullifier/input 0"), expected_nf[0]); + assert_eq!(cs.get_input(7, "pack nullifier/input 1"), expected_nf[1]); + } + } +} + #[test] fn test_output_circuit_with_bls12_381() { use bellman::gadgets::test::*; From 2b92493a45092c578b008275b1b4e19e7ae5be6e Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Tue, 4 Sep 2018 16:01:56 +0300 Subject: [PATCH 10/29] input circuit: removes debug prints --- zcash_proofs/src/circuit/sapling.rs | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/zcash_proofs/src/circuit/sapling.rs b/zcash_proofs/src/circuit/sapling.rs index d84a2a20bc..7634c824eb 100644 --- a/zcash_proofs/src/circuit/sapling.rs +++ b/zcash_proofs/src/circuit/sapling.rs @@ -87,7 +87,6 @@ where &value_bits, params, )?; - println!("value: {}, {}", value.get_x().get_value().unwrap(), value.get_y().get_value().unwrap()); // Booleanize the randomness. This does not ensure // the bit representation is "in the field" because @@ -96,8 +95,6 @@ where cs.namespace(|| "rcv"), value_commitment.as_ref().map(|c| c.randomness), )?; - println!("rcv: {}", value_commitment.as_ref().unwrap().randomness); - println!("value: {}", value_commitment.as_ref().unwrap().value); // Compute the randomness in the exponent let rcv = ecc::fixed_base_multiplication( @@ -109,7 +106,6 @@ where // Compute the Pedersen commitment to the value let cv = value.add(cs.namespace(|| "computation of cv"), &rcv, params)?; - println!("cv: {}, {}", cv.get_x().get_value().unwrap(), cv.get_y().get_value().unwrap()); // Expose the commitment as an input to the circuit cv.inputize(cs.namespace(|| "commitment point"))?; @@ -274,17 +270,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { ¬e_contents, self.params, )?; - println!("cm: {}, {}", cm.get_x().get_value().unwrap(), cm.get_y().get_value().unwrap()); - - let mut note_contents_print: Vec<&str> = vec![]; - for b in ¬e_contents { - if b.get_value().unwrap() { - note_contents_print.push("true"); - } else { - note_contents_print.push("false"); - } - } - println!("note_contents: {}", note_contents_print.join(", ")); + { // Booleanize the randomness for the note commitment let rcm = boolean::field_into_boolean_vec_le( @@ -292,7 +278,6 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { self.commitment_randomness, )?; - println!("commitment_randomness: {}", &self.commitment_randomness.unwrap()); // Compute the note commitment randomness in the exponent let rcm = ecc::fixed_base_multiplication( cs.namespace(|| "computation of commitment randomness"), @@ -300,7 +285,6 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { &rcm, self.params, )?; - println!("rcm: {}, {}", rcm.get_x().get_value().unwrap(), rcm.get_y().get_value().unwrap()); // Randomize the note commitment. Pedersen hashes are not // themselves hiding commitments. @@ -309,8 +293,6 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { &rcm, self.params, )?; - - println!("cm: {}, {}", cm.get_x().get_value().unwrap(), cm.get_y().get_value().unwrap()); } // This will store (least significant bit first) From 2edcc12e8e2b2bca7ee40f7b996ea6e88fca75ea Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Tue, 28 Aug 2018 15:03:25 +0300 Subject: [PATCH 11/29] group_hash: adds test vectors generated by go-jubjub --- zcash_primitives/src/group_hash.rs | 92 ++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/zcash_primitives/src/group_hash.rs b/zcash_primitives/src/group_hash.rs index 8549c5e3e5..a4d0bb5af6 100644 --- a/zcash_primitives/src/group_hash.rs +++ b/zcash_primitives/src/group_hash.rs @@ -39,3 +39,95 @@ pub fn group_hash( Err(_) => None, } } + +#[cfg(test)] +mod test { + use ff::PrimeField; + use pairing::bls12_381::{Bls12, Fr}; + + use crate::{ + group_hash::group_hash, + jubjub::{edwards, JubjubBls12, JubjubEngine, PrimeOrder}, + }; + + #[test] + fn test_group_hash() { + fn find_group_hash( + m: &[u8], + personalization: &[u8; 8], + params: &E::Params, + ) -> edwards::Point { + let mut tag = m.to_vec(); + let i = tag.len(); + tag.push(0u8); + + loop { + let gh = group_hash(&tag, personalization, params); + + // We don't want to overflow and start reusing generators + assert!(tag[i] != u8::max_value()); + tag[i] += 1; + + if let Some(gh) = gh { + break gh; + } + } + } + let params = JubjubBls12::new(); + + let expected_points: Vec> = vec![]; + let domains = vec![ + hex!("0b4c693149060f99"), + hex!("982fc029ed2213e4"), + hex!("5a01101e28c6b466"), + hex!("a3716d31a988b6e6"), + ]; + let msgs = vec![ + hex!("076cb41a3d40719b258b9f2d959e6e26555950ba05cee053cda7fd1b7a3e94907906959d36e3462ab8c8ec070fa99dbc0bc6e5554e9a7c30ba875fa3b3269e0dbd30b63b19313dbe3a50279e7d5d4e3787ebc794bac60c683ca8e3220fcf8a2bccf061a02635b32a1e368e82b345ae5a1af5150b0c703892b8da35a070ddacf97faf529602ef4071908b7df09d66c55da5543d1669888d64ad17785e555d202e00a8005afb0d490c0807377d45227f4474e1aa527694b0b7a0b17608b09bd44c8d8aa9debfe7a7620cd60fc623bfe26ddfb91e9ae32138dc3a0585c42ca89a61c299f9fe79f0e0237d8ee8b4d30186b77a88bd6f0d20b753a496c3bf399e9ca1b62ade8e7dd662c5a19123f077066be5dfa90e5a06c2624046ddf11ce7e53cc3f88d8aa2834363c8d38dc612d58a980317448ef79ccebdcbcd9f03d31a13727e7bff883135b87072d164436b1da4b4f214601cef55a5c5721618c0c6dac59464084b9ef9620729e8f9c7ef2c2c806f2506ccf7b8f2edcb675f8be1c50b288c3653e8db78baa785f0a0c2e059fdd2cf0104b597cdb9b82d03c63c161085da637fbfe444d3e5f9b9143088f2be54c1d293ac03967299dafca5b3c4f5e3257fe9010325531c9cc1cd67b70afad697ad750d8488b977ad3d3882f2d0050a0e22aab95eb13e80ffac09003a4282ef27820636b17ed11bc29bfe9b1941a0d5534510483f4178b327b7297b95b98832313999bedd43018e27ffb9d69777a4d7aeb1e5702171317949cb2577b897b059a976ce944a750b77ab07cf6ed4c8f45559f46dedcea4d5082772ac11ade8d1a057ce584000ef0bf4aa0b5589c5cca54fb69cc67d486ac040480efe6e5a38b3cb82c2b78ad125ee6cee4261644f38bdc34bf4da4dc087a394c313ec839a8a4ba6bcbf1eeb4afc15fd46fb9900a4744943efefffc477f8ca897e683d7d9f007f6c73ca4b64eb4ffb253f0a6137fc2956c74b9e869527b3bc5819c3d6cf6523bcd7a44599fdd6baeca754bc55d9ff338e64399d6dcaf50df0f1c5873991eb83fb92d3ce9b2bdd133b24b9edae467371563167c9402adadbfeed5d3f571a9fb1d5090004213fb333484d15ed753fbaeacf16aeb9764a960c5b7b382d2d925050fd103a0bc1ae709cfff11e701cad99d82eb42a493ef2f32862ac07cbe2494b354511cdfc6417dfa647c967026552e39cb96282e40c4ad7c3d838b2edb0df0e9b98bb90280998ff8cafa456fafaa6a769ad47599bec3fe242211424369acca65ad5507f96881130262b407d0f5fdabfbdb1b97570dd3b397fce15234674a90812f7eb6ddc5cb21db5b64e25a8449e67a7ae09d2e438d1da8ff5e06ff417d5c0d432a2fe811ad216ccd46f71202b0bd045dc3664f8d2a4b78de8991191876c38959056c02764d1cabec14de12aa059dea10d0d20b75a7f"), + hex!("814d0b90d16d7d4c270913ab375291651ea130aa5608d5fc625a8daaf49d15ac3977f879126f19f651b8b167f5debf3e824efcf7fe27789025026e91db64f271ea2b3787448bddac9992d45b3419209bd4ec43dda893af5ce21939c3cfceef2b2b3bbb8bebe19cc3e5068c54ca4eb0c80152f0a9738f01a48f2b86503213a0ea50008d77a96842749bd3aa09368f641df231b8ea58a1ab76b311cc3c5f6341216407f0e3bb9e20efc50b8430ce3eb848c53441e1c22cd358042d4f7fc0bcb41a3b45edd30d52b0acb67ec67312fbbf47b3fa1716ab14caeab013c30a886070b9e8bce8e3c6d24e57e3e96e9ad044a7e2a6ea13a6a2dbffca1b81ba76075831b167ff423523429ffa42a03654329d86475642d1b1ed9f597d45147884a88844d33bec515a0b38d1e0351647c7c522bcdcf5c9286afda49431c2e156f4a8859d28b6e19eaabee2adf42acadfd9ae8ed6b1031c4d4c9feea5380db5e56ec036ff656c3eb59f11e58bffbbd988177bd2a0116ca2870e4d471f5c7f5c36463089118ed57073bc069eb209264640b3048a0204b4af3d714e64b502b4168514f86d0269346e78ea9d0d33926e3c784f3ea3dd07ad1bc188fad41880333786e821322d0c8be675fde29ea0a3f6ed30fc46c79447f4368ffc8268fba099b5b0ca7cb75995313a556c7ab339f0c03af811bae47f4806f2b6eacec66f15e4656cefe3df08887a625f14bf497d2f8bf99a68e7361193116a3bb1765d7e8e7bc4d4864c88dbfb818334b8cfb5dca3620e097e40756a1f7d28c7868d7dd65e49bc5155e26c8973d476e25fb1ea75e382f654bdfbe2bc45540f215a357fa29cd6238e8bd1085ce625f43f40eaa1d20bcf9772890725ca27b4d38c9870d91530f95a406d90b1b77c700d0d0296a1ded208507b7284fb4d2202c7fe9a20ef96700f7eb70e3eaad51bb95e215da42794fd17d0aae260cecccf99dcbde251f6c115acbee8a30745bffa43f572383112f45e97a3316edc96a8f6f9dfd55cc99f878e627a46ef65ac95f81eedb14106dcb0b2c6c53bb9034ead2338b28b20c09f2f17f202a7b6c1be3e8885f119e4f6599e05ddcd5b74a99af7c935228899de177a93438da57ce396782f65032ef40805ec01e7375b07dd71929fddb88995da03a879437f34534514d48b1ae5ba86e096d00951e7b96ad890ed85dd4a2f79214f7193ca02facb19d9d99ca1bca3ffd237abfd57c4d9b210115f5d62a092d36b100b1f84b17889bb59fd84d47e046ec646ee99a3c14c2ad9fd78628c76035ad126ea3ac0f7543d15f569d9de5467d54f3536105e7f9d0592d2e3a3b9175f252e6243fc1694231ea5159f865d2997eeb50241c4a7ab5e0d97ec760c40212116f3b1f139c48be3696c717329878dacdd7376c81ef8c077d2eac4d8516551cac435077d2359a24e624a1b26b8"), + hex!("6b94782eb58954430de33992f53f4ee00f99977a8cfa30eda3021673182e39b046594fc8df623e23a58bb136aa294feb4c4e7a692db5b537176eb0c521fde239eb6a5218fc82bcb7de114e05120b91a605beff13a9968564aefc15255bfb6ba2ebe37832ecf9168ac65dd01015df8b9372472c9cc5b4446b73467afdabdd25a629eec87ee0221a93f7bd88125f1178d427cb21c288a8d8c3cb4d1843a57d4637bdb1eeffa1dd8276ac680140e73657ed4a84563f5b09ddfb604bf4c2ddd6075db6b02d78c4cb02a4ce3aac20aa15e3a5d5b30669b343c5239c134f76de18185a6e0a66407c26023d3049adc74b0fdde0a9176cc3e2ccb9bf03ee306953a9ac1312c68c65a284110590c29dc8baff373ad49a40e3de8098c67dca210c26f768745bfa859b0a3fc5e88985d046abcb5e6155e0e23115ad062d10d1b73af0680f9a141e379bbd177bb0f9ea3bb5f01b8a5665bf0a9ea1266138bd688572a779c0b0a69e57f40dfb418d514f8ab058ba28eeb21cefa3634300e89d204c4236848f5dd11130ba13d83c10afebd4f822c26ae0ed7ea3bc3ac92817ae405c3cf886c81bdda07447cebb71a8bc3d26973afa57e0365b8fc8c0658131734ca29afa10eeb0895d3cd5f0b84a625f53f9f3dbfc5bfac233c7c7d3ac8829475076b14e5c57026c4a63bc9a347ec3fdbcc997cea4c273f923e01fa0781f847cea54a81a4ed14117a46b0894bf4816a46b1f7af963382eeb6f58ed35fa70572a7bb3f2bf97d8c549fc55d7bf562c2d8c4d4d748b7d062cb41b025309b5587a4b2a0cedc85280dce2f58dad0943ccd591b2ee7bb39378efa09cbdd975af07c33862f560d03e1621374cadf6cb05484a23a37d3c200bc3e1780ac65b02bab7db25fe89dae218d9e7dfb60473f9f5b21a007b714eef58129518d637bd581922a54629bef62a575a98d513d9abb90b023752439e20d897242fea3fabcf3fb7eae7604fd0dd1bd5653c41276660a15d39093e4c0862d48333b77b8bc3d64a5908614b3af7c815406b3ba21598cf0c70afe7b8a8ca668dfc8376e15a0ba0d9b9a79552993d2a24f3d0689964e7141d4255a19cc9450806d632a73b88a5768d0de18c20f2b00268ce5d3a8ca2231ce3d8924335f650cb98df84bb58073166848786de3d1823075259952389c50bced6c8921e7b019977d58c5a07e57eb21ef907a9dd465962bd52beb0cbad28b434ed7fecde21953b3fd260a90fd9ab7495c47cdaa4e73fb487a5239e03fb1e74e8cf6d691126813a6f5c16ae948da8cda292fd46e79f7551f8553b21249a5679a5f56dd4b08a136ce0fe8146bddc1d60e0a9a757e1a608749bcce4ac57cdc8fafff59860fd22f95f46f3ab50812a6b877f24941c2b8e1724e527ba9ad9331e004792d2b292a7edee983e6cc22445f4fd43e9f006ddea19fbe6269f29cd"), + hex!("883b1a34c0d0a8d9387cff427ab0b476b4c6f5a09e30be336aa2bc35f38ab4cc398673fae02ab727f069e887006ac3c0b891477c4a837456417c9e817c5ccdaf12b54eb90cc18a9c30673ed36bd7fba45269437c09feff9a1bcc2993533533227a535950c98cc77f00f4e77c34184b45d865942a3d72acce4922e9c284df5589d506404648c5c3bc7f217ca023b364e74d591d75c8a19e063b2b82c28e27ce5b2afede6699d6bf8d4931244aad739b285f410f1e95c6d5e9a34982908d1c7be5f0365dbf30a7d6dbb2821bf6d55c142a15bd561f3eb202da9b59f891584b35011f5cbe77cab38263b5773360d52e29b765a03c420c75ffa2c91e8edd4a9bba4035119bc3a088ec303a6344e4dafbd8d1889cc9b3d56ee08cff1530f1a1d9a77712006ebc9a3d80f5a69e17b0a0f65d97e53e7852ddd95760c68bba78d326a28eb07908c8e630dd6e42ab272e980774c5c51825c02ed8950fc85f5711c80d5fed1d72162a4bcaefbba33c09d09e0611ad5c2bb2949daa55861b5f6f8beea02ed392d09ab0489f89b3875fe7ae90c6ecf0bddb4b9fbce6dc1f97b12ee058f00cc9672c35702dac4afbd6776e1e222d2182358e91e8d4d20b99d5f2adbac7abad48c07afc94c212278812bfc5e76da0e1b97b850020bc1ba3c0bc0093d8acf4a594a8fc1dcea70c613fcc550b7654a08ed9f50a34c21626f2b599a15a097c85785bc93d5c5034edb3590f0c6aee3dcbeac5f15be5bf6f179246c347dce5040115dccff18fbcd9e9ab485d85e89dc0995aaebe4eb8796fb01b03fe5f5c6c903845a0fc02c69d2543684a33e4eefc7e0d5635192c82fdde5e7487df95595a442a6a71e98e09073cdf318f808fd916e0de7e9182855023f4844042764fef897ccb500d520651a262d27f46c16e38187da84a3d7f9c42bb65e1940a1f3b3c2eced613e141839d77851ef833f94d9a5ec073e1b12d0a2b59b8b90c5e560baceacebe569f8ded41a67d15cd7486f45aacc1fa4e50805485a698d2722ba8fbf87442e1a2e46cde49f1600f97ae3d6f67169141a40b0628c9994c115377db6c30d822381dede366f355c71ff8c38ae4f60da77bf40e3da97f77ba6756ae766a17896ead15d4367f43fd2a4c096feb3e23d4a061fed2422e9e424f1e81e890ecc9474bb5b7d8231447d5359efa8ce4d40698d329cd5d069f50050d26a0c613a4cc3d70774537af278643799bf5d336d71a19b83a5660ebc6fefa4664167c497478ec4e8b0954fc1a41948a84f5271c4c2ab93c6848fe5abd28fa68b47ff79ba1475a46d2ddbf5a07600ee4cf76bf85bccc53d5b5094f6728542951a63c71b251429e8bb4fc95cfbf283db2b0ad2d16bc2d8ba07b193249bc974eb5392b7e9c5a0e1056ef0208e6494abe61f37d64b543acf509926f7b9f1724ce39e7690bae4d918be3295fd2") + ]; + + let ys = vec![ + "8502599294297669157183582041043506286304348771153601905088214968423735432772", + "33965310400650966081486833884535323100804531882948083108992748314044766607474", + "15277426621450144245366093477629790944965634885834431068514786570163432982421", + "35526445498940553839675656924597924255939683458731864358252626115877434851278", + ]; + let xs = vec![ + "23479585783156774250942425515624703792585157520679515316930097097463607664576", + "30414851484511157010605445406157992259368652076831836832380699127755424334026", + "34566775937206506013251574661622220967552701387632591444790779184716709173668", + "32625571922270028001313966220069858825087579007581150636305043327525524456655", + ]; + for i in 0..domains.len() { + let domain = domains[i]; + let msg = msgs[i]; + + let gh: edwards::Point = find_group_hash(&msg, &domain, ¶ms); + + let p_sign_false = + edwards::Point::::get_for_y(Fr::from_str(ys[i]).unwrap(), false, ¶ms) + .unwrap(); + let p_sign_true = + edwards::Point::::get_for_y(Fr::from_str(ys[i]).unwrap(), true, ¶ms) + .unwrap(); + let is_one_of_xs = p_sign_false.to_xy().0 == Fr::from_str(xs[i]).unwrap() + || p_sign_true.to_xy().0 == Fr::from_str(xs[i]).unwrap(); + let is_y = p_sign_false.to_xy().1 == Fr::from_str(ys[i]).unwrap() + && p_sign_true.to_xy().1 == Fr::from_str(ys[i]).unwrap(); + assert!(is_one_of_xs && is_y); + } + + for m in 0..5 { + use byteorder::{LittleEndian, WriteBytesExt}; + let mut segment_number = [0u8; 4]; + (&mut segment_number[0..4]) + .write_u32::(m) + .unwrap(); + let p: edwards::Point = + find_group_hash(&segment_number, b"Zcash_PH", ¶ms); + } + } +} From 2ee7b108af3b6b1f4cbdca2219708e95bf2e952f Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Tue, 4 Sep 2018 15:52:08 +0300 Subject: [PATCH 12/29] blake2s: adds test vectors from go-jubjub --- bellman/src/gadgets/blake2s.rs | 67 ++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/bellman/src/gadgets/blake2s.rs b/bellman/src/gadgets/blake2s.rs index d89aac5a9c..1c52cfa852 100644 --- a/bellman/src/gadgets/blake2s.rs +++ b/bellman/src/gadgets/blake2s.rs @@ -628,4 +628,71 @@ mod test { } } } + + #[test] + fn test_blake2s_test_vectors() { + let mut rng = XorShiftRng::from_seed([ + 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, + 0xbc, 0xe5, + ]); + + let expecteds = [ + hex!("a1309e334376c8f36a736a4ab0e691ef931ee3ebdb9ea96187127136fea622a1"), + hex!("82fefff60f265cea255252f7c194a7f93965dffee0609ef74eb67f0d76cd41c6"), + ]; + for i in 0..2 { + let mut h = Blake2sParams::new() + .hash_length(32) + .personal(b"12345678") + .to_state(); + let input_len = 1024; + let data: Vec = (0..input_len).map(|_| rng.next_u32() as u8).collect(); + + h.update(&data); + + let hash_result = h.finalize(); + + let mut cs = TestConstraintSystem::::new(); + + let mut input_bits = vec![]; + + for (byte_i, input_byte) in data.into_iter().enumerate() { + for bit_i in 0..8 { + let cs = cs.namespace(|| format!("input bit {} {}", byte_i, bit_i)); + + input_bits.push( + AllocatedBit::alloc(cs, Some((input_byte >> bit_i) & 1u8 == 1u8)) + .unwrap() + .into(), + ); + } + } + + let r = blake2s(&mut cs, &input_bits, b"12345678").unwrap(); + + assert!(cs.is_satisfied()); + + let mut s = hash_result + .as_ref() + .iter() + .flat_map(|&byte| (0..8).map(move |i| (byte >> i) & 1u8 == 1u8)); + + for b in r { + match b { + Boolean::Is(b) => { + assert!(s.next().unwrap() == b.get_value().unwrap()); + } + Boolean::Not(b) => { + assert!(s.next().unwrap() != b.get_value().unwrap()); + } + Boolean::Constant(b) => { + assert!(input_len == 0); + assert!(s.next().unwrap() == b); + } + } + } + + assert_eq!(expecteds[i], hash_result.as_bytes()); + } + } } From f5dfe073556c050c8a32ba7f61b24868cc554ae0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Nicolas?= Date: Tue, 31 Jul 2018 10:32:31 +0200 Subject: [PATCH 13/29] A test vector for pedersen hash --- zcash_primitives/src/jubjub/edwards.rs | 1 + zcash_primitives/src/pedersen_hash.rs | 43 ++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/zcash_primitives/src/jubjub/edwards.rs b/zcash_primitives/src/jubjub/edwards.rs index 9ef50a20ef..9902d80fff 100644 --- a/zcash_primitives/src/jubjub/edwards.rs +++ b/zcash_primitives/src/jubjub/edwards.rs @@ -306,6 +306,7 @@ impl Point { } } + /// Convert to affine coordinates pub fn to_xy(&self) -> (E::Fr, E::Fr) { let zinv = self.z.inverse().unwrap(); diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index 835e9c730e..9daeedd1bf 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -105,3 +105,46 @@ where result } + +#[cfg(test)] +mod test { + + use pairing::bls12_381::{Bls12, Fr}; + use super::*; + + #[test] + fn test_pedersen_hash_points() { + + let params = &JubjubBls12::new(); + let bytes = b"Salut monde!"; + let num_bits = bytes.len() * 8; + let bits: Vec = (0..num_bits).map( + |i| ((bytes[i / 8] >> (7 - (i % 8))) & 1) == 1 + ).collect(); + + let xy = pedersen_hash::( + Personalization::NoteCommitment, + bits.clone().into_iter(), + params, + ).to_xy(); + + println!("bytes = {:?}", bytes); + let bits_int: Vec = bits.iter().map(|&i| i as u8).collect(); + println!("bits = {:?}", bits_int); + println!("x = {}", xy.0); + println!("y = {}", xy.1); + + // For bits=[] + //assert_eq!(xy.0.to_string(), "Fr(0x06b1187c11ca4fb4383b2e0d0dbbde3ad3617338b5029187ec65a5eaed5e4d0b)"); + //assert_eq!(xy.1.to_string(), "Fr(0x3ce70f536652f0dea496393a1e55c4e08b9d55508e16d11e5db40d4810cbc982)"); + + // For bits=[0] + // assert_eq!(xy.0.to_string(), "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)"); + // assert_eq!(xy.1.to_string(), "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)"); + + // For bits = "Salut monde!" in ASCII + assert_eq!(xy.0.to_string(), "Fr(0x676f78fa89da7c64502f790a99dfe177756867006809a6f174dcb427b345cd7c)"); + assert_eq!(xy.1.to_string(), "Fr(0x1a6994a999a0abf83afc6ec5fe0ee8c8336a171653218cbfdf269689d5cfd3aa)"); + + } +} \ No newline at end of file From 9080b4ccf3dc17bdb404a8cc3311dda5f6023175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Nicolas?= Date: Tue, 31 Jul 2018 21:42:53 +0200 Subject: [PATCH 14/29] Many test vectors for pedersen hash --- zcash_primitives/src/pedersen_hash.rs | 186 +++++++++++++++++++++----- 1 file changed, 155 insertions(+), 31 deletions(-) diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index 9daeedd1bf..fb396cccb3 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -109,42 +109,166 @@ where #[cfg(test)] mod test { - use pairing::bls12_381::{Bls12, Fr}; use super::*; + use pairing::bls12_381::Bls12; #[test] fn test_pedersen_hash_points() { + // Test vectors from https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_pedersen.py + struct TestVector<'a> { + personalization: Personalization, + input_bits: Vec, + hash_x: &'a str, + hash_y: &'a str, + } + + let test_vectors = vec![ + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x06b1187c11ca4fb4383b2e0d0dbbde3ad3617338b5029187ec65a5eaed5e4d0b)", + hash_y: "Fr(0x3ce70f536652f0dea496393a1e55c4e08b9d55508e16d11e5db40d4810cbc982)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 0], + hash_x: "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)", + hash_y: "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x4f8ce0e0a9e674b3ab9606a7d7aefba386e81583d81918127814cde41d209d97)", + hash_y: "Fr(0x312b5ab93b14c9b9af334fe1fe3c50fffb53fbd074fa40ca600febde7c97e346)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 0, 0], + hash_x: "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)", + hash_y: "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 0, 1], + hash_x: "Fr(0x21746acd049f2c54579d5bb9c106083b4bb48c8910a06565d1e39e46939ca497)", + hash_y: "Fr(0x2cb69ae2615cd02c6ad2d6e06c1a0c15d49d71051d2d702155fca07bbf2d574c)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 1, 0], + hash_x: "Fr(0x4f8ce0e0a9e674b3ab9606a7d7aefba386e81583d81918127814cde41d209d97)", + hash_y: "Fr(0x312b5ab93b14c9b9af334fe1fe3c50fffb53fbd074fa40ca600febde7c97e346)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x3e09bdeea175dd4acd2e106caf4a5194200af53ee3a5a71338c083093d83eba5)", + hash_y: "Fr(0x579f6f15508af07d0f1beb117beaffe99e115a7ee859d81ddaa91d1096a103df)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], + hash_x: "Fr(0x208d2e11ee496eb3b37257d1b4a77907e4b21d6c46d5487fb52d5a5239587ea0)", + hash_y: "Fr(0x1eeeb47b858257b9b69d009779e38c63332e20220eb474ef9af868274132181f)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x683ffae48988d517301ba81fb2c294c16a35ed1bba6411bd17312294843f37e0)", + hash_y: "Fr(0x40f7897b86747a5a857c8bd434ce3c1079efac22ed650d7345e5da31addacaff)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, + 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, + 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, + 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, + ], + hash_x: "Fr(0x676f78fa89da7c64502f790a99dfe177756867006809a6f174dcb427b345cd7c)", + hash_y: "Fr(0x1a6994a999a0abf83afc6ec5fe0ee8c8336a171653218cbfdf269689d5cfd3aa)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1], + hash_x: "Fr(0x61f8e2cb8e945631677b450d5e5669bc6b5f2ec69b321ac550dbe74525d7ac9a)", + hash_y: "Fr(0x4e11951ab9c9400ee38a18bd98cdb9453f1f67141ee9d9bf0c1c157d4fb34f9a)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 0], + hash_x: "Fr(0x27fa1e296c37dde8448483ce5485c2604d1d830e53812246299773a02ecd519c)", + hash_y: "Fr(0x08e499113675202cb42b4b681a31430814edebd72c5bb3bc3bfedf91fb0605df)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 1], + hash_x: "Fr(0x52112dd7a4293d049bb011683244a0f957e6ba95e1d1cf2fb6654d449a6d3fbc)", + hash_y: "Fr(0x2ae14ecd81bb5b4489d2d64b5d2eb92a684087b28dd9a4950ecdb78c014e178c)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 0, 0], + hash_x: "Fr(0x27fa1e296c37dde8448483ce5485c2604d1d830e53812246299773a02ecd519c)", + hash_y: "Fr(0x08e499113675202cb42b4b681a31430814edebd72c5bb3bc3bfedf91fb0605df)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 0, 1], + hash_x: "Fr(0x5b4032d49431e7bfa085e2bb49bfc060909272a66287b063784f1d11b28a60e9)", + hash_y: "Fr(0x4627da49652efea2637595426add6ad682a0c8821d423f04c26ef5788d35f7e3)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 1, 0], + hash_x: "Fr(0x52112dd7a4293d049bb011683244a0f957e6ba95e1d1cf2fb6654d449a6d3fbc)", + hash_y: "Fr(0x2ae14ecd81bb5b4489d2d64b5d2eb92a684087b28dd9a4950ecdb78c014e178c)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 1, 1], + hash_x: "Fr(0x099e74a82c9c1858ac40db1a85959b1362d82fdd6efb99a443829f83003b0190)", + hash_y: "Fr(0x0f76f53d026574ad77ab4c6cd2428b9d94d158a9fc0469aae47c7535ff107881)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], + hash_x: "Fr(0x240da48e40637664bcf3582708491d19e28a50787ea40b0a336d61735782d10a)", + hash_y: "Fr(0x6e630ddf6e43ad5568c925a4935e8e099230af4b2e19fab7d92b7e953b4986c3)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x06a477addbbfdf2934e34bdf6e071cd1276beaed801cd1b660ddcceb161ca8c7)", + hash_y: "Fr(0x355d39425378e57f393b30423cbde3ff69198ebac2ccbbafb92e25613352b0e8)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![ + 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, + 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, + 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, + 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, + ], + hash_x: "Fr(0x094a624c5aac3569ad85428bb939d391bb5766ff87c389eb4d84d42aeaabb906)", + hash_y: "Fr(0x2cf51a8699edc64b73aa962464d4eadf038821900f9409350dc3ea2ccf12e054)", + }, + ]; + // End test vectors let params = &JubjubBls12::new(); - let bytes = b"Salut monde!"; - let num_bits = bytes.len() * 8; - let bits: Vec = (0..num_bits).map( - |i| ((bytes[i / 8] >> (7 - (i % 8))) & 1) == 1 - ).collect(); - - let xy = pedersen_hash::( - Personalization::NoteCommitment, - bits.clone().into_iter(), - params, - ).to_xy(); - - println!("bytes = {:?}", bytes); - let bits_int: Vec = bits.iter().map(|&i| i as u8).collect(); - println!("bits = {:?}", bits_int); - println!("x = {}", xy.0); - println!("y = {}", xy.1); - - // For bits=[] - //assert_eq!(xy.0.to_string(), "Fr(0x06b1187c11ca4fb4383b2e0d0dbbde3ad3617338b5029187ec65a5eaed5e4d0b)"); - //assert_eq!(xy.1.to_string(), "Fr(0x3ce70f536652f0dea496393a1e55c4e08b9d55508e16d11e5db40d4810cbc982)"); - - // For bits=[0] - // assert_eq!(xy.0.to_string(), "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)"); - // assert_eq!(xy.1.to_string(), "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)"); - - // For bits = "Salut monde!" in ASCII - assert_eq!(xy.0.to_string(), "Fr(0x676f78fa89da7c64502f790a99dfe177756867006809a6f174dcb427b345cd7c)"); - assert_eq!(xy.1.to_string(), "Fr(0x1a6994a999a0abf83afc6ec5fe0ee8c8336a171653218cbfdf269689d5cfd3aa)"); + let v = &test_vectors[0]; + let input_bools: Vec = v.input_bits.iter().map(|&i| i == 1).collect(); + + // The 6 bits prefix is handled separately + assert_eq!(v.personalization.get_bits(), &input_bools[..6]); + + let (x, y) = + pedersen_hash::(v.personalization, input_bools.into_iter().skip(6), params) + .to_xy(); + + assert_eq!(x.to_string(), v.hash_x); + assert_eq!(y.to_string(), v.hash_y); } -} \ No newline at end of file +} From be18eb240c4253cadc31a8714fa4f02e569eaab0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Nicolas?= Date: Sun, 19 Aug 2018 11:01:07 +0200 Subject: [PATCH 15/29] Move test vectors into own module --- zcash_primitives/src/pedersen_hash.rs | 152 ++---------------- zcash_primitives/src/test_vectors.rs | 1 + .../src/test_vectors/pedersen_hash_vectors.rs | 138 ++++++++++++++++ 3 files changed, 149 insertions(+), 142 deletions(-) create mode 100644 zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index fb396cccb3..10cad94be3 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -107,154 +107,22 @@ where } #[cfg(test)] -mod test { +pub mod test { use super::*; + use crate::test_vectors::pedersen_hash_vectors; use pairing::bls12_381::Bls12; + pub struct TestVector<'a> { + pub personalization: Personalization, + pub input_bits: Vec, + pub hash_x: &'a str, + pub hash_y: &'a str, + } + #[test] fn test_pedersen_hash_points() { - // Test vectors from https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_pedersen.py - struct TestVector<'a> { - personalization: Personalization, - input_bits: Vec, - hash_x: &'a str, - hash_y: &'a str, - } - - let test_vectors = vec![ - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1], - hash_x: "Fr(0x06b1187c11ca4fb4383b2e0d0dbbde3ad3617338b5029187ec65a5eaed5e4d0b)", - hash_y: "Fr(0x3ce70f536652f0dea496393a1e55c4e08b9d55508e16d11e5db40d4810cbc982)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 0], - hash_x: "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)", - hash_y: "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 1], - hash_x: "Fr(0x4f8ce0e0a9e674b3ab9606a7d7aefba386e81583d81918127814cde41d209d97)", - hash_y: "Fr(0x312b5ab93b14c9b9af334fe1fe3c50fffb53fbd074fa40ca600febde7c97e346)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 0, 0], - hash_x: "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)", - hash_y: "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 0, 1], - hash_x: "Fr(0x21746acd049f2c54579d5bb9c106083b4bb48c8910a06565d1e39e46939ca497)", - hash_y: "Fr(0x2cb69ae2615cd02c6ad2d6e06c1a0c15d49d71051d2d702155fca07bbf2d574c)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 1, 0], - hash_x: "Fr(0x4f8ce0e0a9e674b3ab9606a7d7aefba386e81583d81918127814cde41d209d97)", - hash_y: "Fr(0x312b5ab93b14c9b9af334fe1fe3c50fffb53fbd074fa40ca600febde7c97e346)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 1, 1], - hash_x: "Fr(0x3e09bdeea175dd4acd2e106caf4a5194200af53ee3a5a71338c083093d83eba5)", - hash_y: "Fr(0x579f6f15508af07d0f1beb117beaffe99e115a7ee859d81ddaa91d1096a103df)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], - hash_x: "Fr(0x208d2e11ee496eb3b37257d1b4a77907e4b21d6c46d5487fb52d5a5239587ea0)", - hash_y: "Fr(0x1eeeb47b858257b9b69d009779e38c63332e20220eb474ef9af868274132181f)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], - hash_x: "Fr(0x683ffae48988d517301ba81fb2c294c16a35ed1bba6411bd17312294843f37e0)", - hash_y: "Fr(0x40f7897b86747a5a857c8bd434ce3c1079efac22ed650d7345e5da31addacaff)", - }, - TestVector { - personalization: Personalization::NoteCommitment, - input_bits: vec![ - 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, - 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, - 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, - 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, - ], - hash_x: "Fr(0x676f78fa89da7c64502f790a99dfe177756867006809a6f174dcb427b345cd7c)", - hash_y: "Fr(0x1a6994a999a0abf83afc6ec5fe0ee8c8336a171653218cbfdf269689d5cfd3aa)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1], - hash_x: "Fr(0x61f8e2cb8e945631677b450d5e5669bc6b5f2ec69b321ac550dbe74525d7ac9a)", - hash_y: "Fr(0x4e11951ab9c9400ee38a18bd98cdb9453f1f67141ee9d9bf0c1c157d4fb34f9a)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 0], - hash_x: "Fr(0x27fa1e296c37dde8448483ce5485c2604d1d830e53812246299773a02ecd519c)", - hash_y: "Fr(0x08e499113675202cb42b4b681a31430814edebd72c5bb3bc3bfedf91fb0605df)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 1], - hash_x: "Fr(0x52112dd7a4293d049bb011683244a0f957e6ba95e1d1cf2fb6654d449a6d3fbc)", - hash_y: "Fr(0x2ae14ecd81bb5b4489d2d64b5d2eb92a684087b28dd9a4950ecdb78c014e178c)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 0, 0], - hash_x: "Fr(0x27fa1e296c37dde8448483ce5485c2604d1d830e53812246299773a02ecd519c)", - hash_y: "Fr(0x08e499113675202cb42b4b681a31430814edebd72c5bb3bc3bfedf91fb0605df)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 0, 1], - hash_x: "Fr(0x5b4032d49431e7bfa085e2bb49bfc060909272a66287b063784f1d11b28a60e9)", - hash_y: "Fr(0x4627da49652efea2637595426add6ad682a0c8821d423f04c26ef5788d35f7e3)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 1, 0], - hash_x: "Fr(0x52112dd7a4293d049bb011683244a0f957e6ba95e1d1cf2fb6654d449a6d3fbc)", - hash_y: "Fr(0x2ae14ecd81bb5b4489d2d64b5d2eb92a684087b28dd9a4950ecdb78c014e178c)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 1, 1], - hash_x: "Fr(0x099e74a82c9c1858ac40db1a85959b1362d82fdd6efb99a443829f83003b0190)", - hash_y: "Fr(0x0f76f53d026574ad77ab4c6cd2428b9d94d158a9fc0469aae47c7535ff107881)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], - hash_x: "Fr(0x240da48e40637664bcf3582708491d19e28a50787ea40b0a336d61735782d10a)", - hash_y: "Fr(0x6e630ddf6e43ad5568c925a4935e8e099230af4b2e19fab7d92b7e953b4986c3)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], - hash_x: "Fr(0x06a477addbbfdf2934e34bdf6e071cd1276beaed801cd1b660ddcceb161ca8c7)", - hash_y: "Fr(0x355d39425378e57f393b30423cbde3ff69198ebac2ccbbafb92e25613352b0e8)", - }, - TestVector { - personalization: Personalization::MerkleTree(34), - input_bits: vec![ - 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, - 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, - 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, - 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, - ], - hash_x: "Fr(0x094a624c5aac3569ad85428bb939d391bb5766ff87c389eb4d84d42aeaabb906)", - hash_y: "Fr(0x2cf51a8699edc64b73aa962464d4eadf038821900f9409350dc3ea2ccf12e054)", - }, - ]; - // End test vectors + let test_vectors = pedersen_hash_vectors::get_vectors(); let params = &JubjubBls12::new(); diff --git a/zcash_primitives/src/test_vectors.rs b/zcash_primitives/src/test_vectors.rs index 403fbc962f..1347b2dd89 100644 --- a/zcash_primitives/src/test_vectors.rs +++ b/zcash_primitives/src/test_vectors.rs @@ -1 +1,2 @@ pub(crate) mod note_encryption; +pub(crate) mod pedersen_hash_vectors; diff --git a/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs b/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs new file mode 100644 index 0000000000..a3f26d1abd --- /dev/null +++ b/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs @@ -0,0 +1,138 @@ +//! Test vectors from https://github.com/zcash-hackworks/zcash-test-vectors/blob/master/sapling_pedersen.py + +use crate::pedersen_hash::{test::TestVector, Personalization}; + +pub fn get_vectors<'a>() -> Vec> { + return vec![ + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x06b1187c11ca4fb4383b2e0d0dbbde3ad3617338b5029187ec65a5eaed5e4d0b)", + hash_y: "Fr(0x3ce70f536652f0dea496393a1e55c4e08b9d55508e16d11e5db40d4810cbc982)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 0], + hash_x: "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)", + hash_y: "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x4f8ce0e0a9e674b3ab9606a7d7aefba386e81583d81918127814cde41d209d97)", + hash_y: "Fr(0x312b5ab93b14c9b9af334fe1fe3c50fffb53fbd074fa40ca600febde7c97e346)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 0, 0], + hash_x: "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)", + hash_y: "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 0, 1], + hash_x: "Fr(0x21746acd049f2c54579d5bb9c106083b4bb48c8910a06565d1e39e46939ca497)", + hash_y: "Fr(0x2cb69ae2615cd02c6ad2d6e06c1a0c15d49d71051d2d702155fca07bbf2d574c)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 1, 0], + hash_x: "Fr(0x4f8ce0e0a9e674b3ab9606a7d7aefba386e81583d81918127814cde41d209d97)", + hash_y: "Fr(0x312b5ab93b14c9b9af334fe1fe3c50fffb53fbd074fa40ca600febde7c97e346)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x3e09bdeea175dd4acd2e106caf4a5194200af53ee3a5a71338c083093d83eba5)", + hash_y: "Fr(0x579f6f15508af07d0f1beb117beaffe99e115a7ee859d81ddaa91d1096a103df)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], + hash_x: "Fr(0x208d2e11ee496eb3b37257d1b4a77907e4b21d6c46d5487fb52d5a5239587ea0)", + hash_y: "Fr(0x1eeeb47b858257b9b69d009779e38c63332e20220eb474ef9af868274132181f)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x683ffae48988d517301ba81fb2c294c16a35ed1bba6411bd17312294843f37e0)", + hash_y: "Fr(0x40f7897b86747a5a857c8bd434ce3c1079efac22ed650d7345e5da31addacaff)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, + 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, + 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, + 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, + ], + hash_x: "Fr(0x676f78fa89da7c64502f790a99dfe177756867006809a6f174dcb427b345cd7c)", + hash_y: "Fr(0x1a6994a999a0abf83afc6ec5fe0ee8c8336a171653218cbfdf269689d5cfd3aa)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1], + hash_x: "Fr(0x61f8e2cb8e945631677b450d5e5669bc6b5f2ec69b321ac550dbe74525d7ac9a)", + hash_y: "Fr(0x4e11951ab9c9400ee38a18bd98cdb9453f1f67141ee9d9bf0c1c157d4fb34f9a)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 0], + hash_x: "Fr(0x27fa1e296c37dde8448483ce5485c2604d1d830e53812246299773a02ecd519c)", + hash_y: "Fr(0x08e499113675202cb42b4b681a31430814edebd72c5bb3bc3bfedf91fb0605df)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 1], + hash_x: "Fr(0x52112dd7a4293d049bb011683244a0f957e6ba95e1d1cf2fb6654d449a6d3fbc)", + hash_y: "Fr(0x2ae14ecd81bb5b4489d2d64b5d2eb92a684087b28dd9a4950ecdb78c014e178c)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 0, 0], + hash_x: "Fr(0x27fa1e296c37dde8448483ce5485c2604d1d830e53812246299773a02ecd519c)", + hash_y: "Fr(0x08e499113675202cb42b4b681a31430814edebd72c5bb3bc3bfedf91fb0605df)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 0, 1], + hash_x: "Fr(0x5b4032d49431e7bfa085e2bb49bfc060909272a66287b063784f1d11b28a60e9)", + hash_y: "Fr(0x4627da49652efea2637595426add6ad682a0c8821d423f04c26ef5788d35f7e3)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 1, 0], + hash_x: "Fr(0x52112dd7a4293d049bb011683244a0f957e6ba95e1d1cf2fb6654d449a6d3fbc)", + hash_y: "Fr(0x2ae14ecd81bb5b4489d2d64b5d2eb92a684087b28dd9a4950ecdb78c014e178c)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 1, 1], + hash_x: "Fr(0x099e74a82c9c1858ac40db1a85959b1362d82fdd6efb99a443829f83003b0190)", + hash_y: "Fr(0x0f76f53d026574ad77ab4c6cd2428b9d94d158a9fc0469aae47c7535ff107881)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], + hash_x: "Fr(0x240da48e40637664bcf3582708491d19e28a50787ea40b0a336d61735782d10a)", + hash_y: "Fr(0x6e630ddf6e43ad5568c925a4935e8e099230af4b2e19fab7d92b7e953b4986c3)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], + hash_x: "Fr(0x06a477addbbfdf2934e34bdf6e071cd1276beaed801cd1b660ddcceb161ca8c7)", + hash_y: "Fr(0x355d39425378e57f393b30423cbde3ff69198ebac2ccbbafb92e25613352b0e8)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![ + 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, + 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, + 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, + 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, + ], + hash_x: "Fr(0x094a624c5aac3569ad85428bb939d391bb5766ff87c389eb4d84d42aeaabb906)", + hash_y: "Fr(0x2cf51a8699edc64b73aa962464d4eadf038821900f9409350dc3ea2ccf12e054)", + }, + ]; +} From 6240c02208160305eb9646effa03a6fea3c35133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Nicolas?= Date: Sun, 19 Aug 2018 11:46:09 +0200 Subject: [PATCH 16/29] Long and random PH test vectors --- .../src/test_vectors/pedersen_hash_vectors.rs | 620 ++++++++++++++++-- 1 file changed, 572 insertions(+), 48 deletions(-) diff --git a/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs b/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs index a3f26d1abd..71257d2e7e 100644 --- a/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs +++ b/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs @@ -24,50 +24,421 @@ pub fn get_vectors<'a>() -> Vec> { }, TestVector { personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 0, 0], - hash_x: "Fr(0x2fc3bc454c337f71d4f04f86304262fcbfc9ecd808716b92fc42cbe6827f7f1a)", - hash_y: "Fr(0x46d0d25bf1a654eedc6a9b1e5af398925113959feac31b7a2c036ff9b9ec0638)", + input_bits: vec![1, 1, 1, 1, 1, 1, 1, 0, 0], + hash_x: "Fr(0x4f8ce0e0a9e674b3ab9606a7d7aefba386e81583d81918127814cde41d209d97)", + hash_y: "Fr(0x312b5ab93b14c9b9af334fe1fe3c50fffb53fbd074fa40ca600febde7c97e346)", }, TestVector { personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 0, 1], - hash_x: "Fr(0x21746acd049f2c54579d5bb9c106083b4bb48c8910a06565d1e39e46939ca497)", - hash_y: "Fr(0x2cb69ae2615cd02c6ad2d6e06c1a0c15d49d71051d2d702155fca07bbf2d574c)", + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, + 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, + 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, + 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, + 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, + 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, + 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, + ], + hash_x: "Fr(0x5ce85ce655a750ceb89fcfbb0ef974b322cd0344a230f9550f06ea55c395e340)", + hash_y: "Fr(0x6e14f97c466476f1b5b6f9e826c8137ef13bae064cb41fc484605aec62ec2cfc)", }, TestVector { personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 1, 0], - hash_x: "Fr(0x4f8ce0e0a9e674b3ab9606a7d7aefba386e81583d81918127814cde41d209d97)", - hash_y: "Fr(0x312b5ab93b14c9b9af334fe1fe3c50fffb53fbd074fa40ca600febde7c97e346)", + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, + 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, + 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, + 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, + 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, + 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, + 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, + ], + hash_x: "Fr(0x6568d917fcc1b7febfb1336ea4021dd337ec7084c258091a02bd4199a815912b)", + hash_y: "Fr(0x48258fccd2757b055c292a523223a27e7fcc5a2ff692dd9edb0a4b5376940323)", }, TestVector { personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 1, 1], - hash_x: "Fr(0x3e09bdeea175dd4acd2e106caf4a5194200af53ee3a5a71338c083093d83eba5)", - hash_y: "Fr(0x579f6f15508af07d0f1beb117beaffe99e115a7ee859d81ddaa91d1096a103df)", + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, + 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, + 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, + 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, + 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, + 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, + 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, + ], + hash_x: "Fr(0x3e24e4059b86d329a6f1e23e85b8a32e147d859cb21ae8b0649243ff658126f3)", + hash_y: "Fr(0x2b206c45c931876dc9d7611387b179dc6bba896be80cd3b5643fb235c32e3111)", }, TestVector { personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], - hash_x: "Fr(0x208d2e11ee496eb3b37257d1b4a77907e4b21d6c46d5487fb52d5a5239587ea0)", - hash_y: "Fr(0x1eeeb47b858257b9b69d009779e38c63332e20220eb474ef9af868274132181f)", + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, + 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, + 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, + 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, + 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, + 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, + 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, + 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, + 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, + 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, + 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, + 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, + 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, + 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, + 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, + 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, + 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, + 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, + 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, + 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, + 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, + 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, + 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, + 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, + 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, + 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, + 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, + 0, 0, 0, 1, 1, 1, + ], + hash_x: "Fr(0x280a1b1ec18d1128fac0d436264fb09c04d1aa77d6eaf7d269ed49df8b773ff5)", + hash_y: "Fr(0x54b896d6ce31684bb35fad5f9ba0de176ee7ef0749bacc2c7a2d61ba7caca439)", }, TestVector { personalization: Personalization::NoteCommitment, - input_bits: vec![1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], - hash_x: "Fr(0x683ffae48988d517301ba81fb2c294c16a35ed1bba6411bd17312294843f37e0)", - hash_y: "Fr(0x40f7897b86747a5a857c8bd434ce3c1079efac22ed650d7345e5da31addacaff)", + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, + 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, + 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, + 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, + 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, + 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, + 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, + 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, + 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, + 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, + 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, + 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, + 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, + 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, + 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, + 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, + 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, + 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, + 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, + 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, + 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, + 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, + 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, + 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, + 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, + 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, + 0, 1, 0, 1, 1, 1, 0, + ], + hash_x: "Fr(0x303815867ef8b94e102fe4e7d4fa0cce6478c6c85101921a729ad75565fc2b13)", + hash_y: "Fr(0x19cc4fe8cb4ca16904e88b1dbf8cbc6267b77be76e5047faa1a9d606639133af)", }, TestVector { personalization: Personalization::NoteCommitment, input_bits: vec![ - 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, - 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, - 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, - 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, + 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, + 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, + 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, + 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, + 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, + 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, + 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, + 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, + 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, + 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, + 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, + 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, + 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, + 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, + 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, + 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, + 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, + 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, + 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, + 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, + 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, + 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, + 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, + 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, + 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, + 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, + 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, + 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, + 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, + 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, + 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, + 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, + 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, + 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, + ], + hash_x: "Fr(0x062312368a4f766464598f35eae99e214d829c1da358ef7c039261d80ccb02b1)", + hash_y: "Fr(0x0b37e1f3f27fe80b441ab9acc571fd80b13cc55cd313303ea1867ebdd50f4cbc)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, + 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, + 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, + 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, + 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, + 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, + 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, + 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, + 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, + 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, + 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, + 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, + 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, + 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, + 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, + 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, + 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, + 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, + 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, + 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, + 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, + 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, + 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, + 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, + 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, + 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, + 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, + 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, + 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, + 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, + 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, + 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, + 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, + 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, + ], + hash_x: "Fr(0x29d229be31c56829ade7ba291737b261492ea9faea749ed12983056da472b8e8)", + hash_y: "Fr(0x3ec896a7882f1c4b025e4ed4fdecc5acad5444a2ab9f9f819bf3182eb2a64cab)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![0, 0, 0, 0, 0, 0], + hash_x: "Fr(0x62454a957289b3930d10f3def0d512cfe0ef3de06421321221af3558de9d481d)", + hash_y: "Fr(0x0279f0aebfb66e53ff69fba16b6608dbf4319b944432f45c6e69a3dbd1f7b330)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![0, 0, 0, 0, 0, 0, 0], + hash_x: "Fr(0x283c7880f35179e201161402d9c4556b255917dbbf0142ae60519787d36d4dea)", + hash_y: "Fr(0x648224408b4b83297cd0feb4cdc4eeb224237734931145432793bcd414228dc4)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![0, 0, 0, 0, 0, 0, 1], + hash_x: "Fr(0x1f1086b287636a20063c9614db2de66bb7d49242e88060956a5e5845057f6f5d)", + hash_y: "Fr(0x6b1b395421dde74d53341caa9e01f39d7a3138efb9b57fc0381f98f4868df622)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![0, 0, 0, 0, 0, 0, 1, 0, 0], + hash_x: "Fr(0x1f1086b287636a20063c9614db2de66bb7d49242e88060956a5e5845057f6f5d)", + hash_y: "Fr(0x6b1b395421dde74d53341caa9e01f39d7a3138efb9b57fc0381f98f4868df622)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![ + 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, + 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, + 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, + 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, + 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, + 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, + 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, + ], + hash_x: "Fr(0x6e7f0c07ff2090b5ce4663efe13fbfd796b359758ef1e05b4db851d6f71ec5aa)", + hash_y: "Fr(0x46bc33c3d186d2359d823b181cf53b38eeb92c4082ba089bbc5c8a1b98752b94)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![ + 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, + 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, + 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, + 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, + 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, + 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, + 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, + ], + hash_x: "Fr(0x67a2d1c5b4a3431240aad380b20327f3fa8b083a04a57d5f2a31bb298f22ccfb)", + hash_y: "Fr(0x2fa884df36b11b05f272b696388fe9e0ebabe90e5a0620409b178ab1360063dd)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![ + 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, + 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, + 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, + 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, + 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, + 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, + 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, + ], + hash_x: "Fr(0x3b5d11aed8cf8164802c33e51f1314e1533140f85762253ecf6f9b1523543cac)", + hash_y: "Fr(0x6aa1e56a5f8e2ecafa1d1279ed074c672758572b88e44ca577574ffa4e058412)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![ + 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, + 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, + 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, + 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, + 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, + 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, + 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, + 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, + 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, + 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, + 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, + 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, + 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, + 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, + 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, + 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, + 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, + 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, + 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, + 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, + 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, + 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, + 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, + 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 0, 1, + ], + hash_x: "Fr(0x412e6566869ad80f541ef8630bd8cb2a8202ccc4d2af91faf28d03cb3cc42170)", + hash_y: "Fr(0x3131b52e438fa966a2a12eacfc87e0eba6a12672062f13d66b70f128831dc620)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![ + 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, + 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, + 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, + 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, + 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, + 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, + 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, + 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, + 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, + 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, + 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, + 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, + 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, + 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, + 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, + 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, + 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, + 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, + 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, + 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, + 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, + 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, + 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, + 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, + 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, + 1, 1, 1, 1, 0, 0, 0, ], - hash_x: "Fr(0x676f78fa89da7c64502f790a99dfe177756867006809a6f174dcb427b345cd7c)", - hash_y: "Fr(0x1a6994a999a0abf83afc6ec5fe0ee8c8336a171653218cbfdf269689d5cfd3aa)", + hash_x: "Fr(0x428293380576357c01c0f5d660a04820a5f684414efe47a63200807da8c36563)", + hash_y: "Fr(0x1d162de79b89d3816755cd3d70c9951e3d8abb93f53d5ba10d365248c07c42ab)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![ + 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, + 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, + 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, + 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, + 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, + 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, + 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, + 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, + 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, + 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, + 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, + 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, + 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, + 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, + 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, + 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, + 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, + 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, + 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, + 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, + 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, + 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, + 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, + 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, + 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, + 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, + 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, + 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, + 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, + 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, + 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, + 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, + 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, + ], + hash_x: "Fr(0x5752e8edbad2077a2129ee6bcf63b263742654cbd2e388b171faa7353db36558)", + hash_y: "Fr(0x45ce194558c09e4f32d173fb7e90c9733f8f7b987ea366f9e1d12e082a5491ce)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![ + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, + 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, + 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, + 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, + 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, + 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, + 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, + 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, + 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, + 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, + 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, + 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, + 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, + 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, + 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, + 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, + 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, + 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, + 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, + 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, + 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, + 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, + 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, + 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, + 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, + 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, + 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, + 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, + 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, + 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, + 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, + ], + hash_x: "Fr(0x177126f3b82b213429c2dd000f30f6d2e241ceb5bd176cceee47cfdb7820a519)", + hash_y: "Fr(0x3806eb24915fbe76b7e9a05de9a81aeb416cf83e482b7384b2dea23ce352e570)", }, TestVector { personalization: Personalization::MerkleTree(34), @@ -89,50 +460,203 @@ pub fn get_vectors<'a>() -> Vec> { }, TestVector { personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 0, 0], - hash_x: "Fr(0x27fa1e296c37dde8448483ce5485c2604d1d830e53812246299773a02ecd519c)", - hash_y: "Fr(0x08e499113675202cb42b4b681a31430814edebd72c5bb3bc3bfedf91fb0605df)", + input_bits: vec![0, 1, 0, 0, 0, 1, 1, 0, 0], + hash_x: "Fr(0x52112dd7a4293d049bb011683244a0f957e6ba95e1d1cf2fb6654d449a6d3fbc)", + hash_y: "Fr(0x2ae14ecd81bb5b4489d2d64b5d2eb92a684087b28dd9a4950ecdb78c014e178c)", }, TestVector { personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 0, 1], - hash_x: "Fr(0x5b4032d49431e7bfa085e2bb49bfc060909272a66287b063784f1d11b28a60e9)", - hash_y: "Fr(0x4627da49652efea2637595426add6ad682a0c8821d423f04c26ef5788d35f7e3)", + input_bits: vec![ + 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, + 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, + 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, + 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, + 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, + 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, + 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, + ], + hash_x: "Fr(0x45a4a919352ae421a5ecee9e58916fdd20421bc4073dac1eb9d4a9788517b242)", + hash_y: "Fr(0x3e87b326f98ef71c09c8d91c5c69b35589d1c63931fc7eb70a9fbf7d7ecd7743)", }, TestVector { personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 1, 0], - hash_x: "Fr(0x52112dd7a4293d049bb011683244a0f957e6ba95e1d1cf2fb6654d449a6d3fbc)", - hash_y: "Fr(0x2ae14ecd81bb5b4489d2d64b5d2eb92a684087b28dd9a4950ecdb78c014e178c)", + input_bits: vec![ + 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, + 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, + 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, + 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, + 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, + 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, + 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, + ], + hash_x: "Fr(0x4e6616fef2cc0121158ed0ff99fe5c74a16a530b55ed3029c17f4504be2d63bc)", + hash_y: "Fr(0x0e616bad2c6f53425cd0a58a72fb0cd6c7c10eff8de2b9e6751ca200794cc681)", }, TestVector { personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 1, 1], - hash_x: "Fr(0x099e74a82c9c1858ac40db1a85959b1362d82fdd6efb99a443829f83003b0190)", - hash_y: "Fr(0x0f76f53d026574ad77ab4c6cd2428b9d94d158a9fc0469aae47c7535ff107881)", + input_bits: vec![ + 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, + 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, + 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, + 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, + 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, + 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, + 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, + ], + hash_x: "Fr(0x361e51a064b99826b60eca3fc7c963c4bd0c242a60984ee73ae1d0f0a91a93ed)", + hash_y: "Fr(0x1eec42669df04008c4106da4959d7150172d7bb29038b2b4a3e129333491a615)", }, TestVector { personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], - hash_x: "Fr(0x240da48e40637664bcf3582708491d19e28a50787ea40b0a336d61735782d10a)", - hash_y: "Fr(0x6e630ddf6e43ad5568c925a4935e8e099230af4b2e19fab7d92b7e953b4986c3)", + input_bits: vec![ + 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, + 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, + 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, + 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, + 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, + 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, + 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, + 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, + 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, + 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, + 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, + 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, + 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, + 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, + 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, + 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, + 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, + 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, + 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, + 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, + 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, + 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, + 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, + 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, + 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, + 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, + 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, + 0, 0, 0, 1, 0, 1, + ], + hash_x: "Fr(0x4628b5c298b1bda5a72d27dfc66ed52381356ed9d06d80049d883cc6a86ba060)", + hash_y: "Fr(0x55dbbbe29a40a7e6c1d3863b1ce55521a655bea49a5ec4aa5af4fcdc6d07b572)", }, TestVector { personalization: Personalization::MerkleTree(34), - input_bits: vec![0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1], - hash_x: "Fr(0x06a477addbbfdf2934e34bdf6e071cd1276beaed801cd1b660ddcceb161ca8c7)", - hash_y: "Fr(0x355d39425378e57f393b30423cbde3ff69198ebac2ccbbafb92e25613352b0e8)", + input_bits: vec![ + 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, + 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, + 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, + 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, + 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, + 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, + 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, + 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, + 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, + 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, + 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, + 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, + 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, + 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, + 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, + 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, + 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, + 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, + 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, + 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, + 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, + 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, + 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, + 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, + 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, + 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, + 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, + 1, 1, 0, 0, 0, 0, 1, + ], + hash_x: "Fr(0x269951d9add5b838019b9f99332eee5923cede7a911e94dff8fbcdceaa94c040)", + hash_y: "Fr(0x62a5a3daf3a4cd436016829ba132ce983004597539eb3f5b33e0da09aa095c3f)", + }, + TestVector { + personalization: Personalization::MerkleTree(34), + input_bits: vec![ + 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, + 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, + 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, + 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, + 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, + 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, + 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, + 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, + 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, + 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, + 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, + 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, + 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, + 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, + 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, + 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, + 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, + 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, + 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, + 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, + 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, + 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, + 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, + 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, + 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, + 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, + 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, + 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, + 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, + 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, + 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, + 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, + 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, + ], + hash_x: "Fr(0x5ba09bdafc6846319e8b88baa2c1577ee40df4b54a2d58ae2ed079a7f9218e05)", + hash_y: "Fr(0x4616a8e8a4e7a74a4b30d12fd3316ede03116b0e051708487c4848d7e89593fe)", }, TestVector { personalization: Personalization::MerkleTree(34), input_bits: vec![ - 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, - 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, - 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, - 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, + 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, + 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, + 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, + 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, + 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, + 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, + 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, + 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, + 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, + 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, + 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, + 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, + 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, + 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, + 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, + 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, + 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, + 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, + 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, + 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, + 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, + 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, + 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, + 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, + 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, + 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, + 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, + 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, + 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, + 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, + 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, + 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, + 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, ], - hash_x: "Fr(0x094a624c5aac3569ad85428bb939d391bb5766ff87c389eb4d84d42aeaabb906)", - hash_y: "Fr(0x2cf51a8699edc64b73aa962464d4eadf038821900f9409350dc3ea2ccf12e054)", + hash_x: "Fr(0x62f7ad8abd0c927d482f4954f65883cbdf4da7dfdefbee0fc4a74cb188827184)", + hash_y: "Fr(0x00b2056a5556b91df4ff76e31e608ddc6c5a543e4ea7708568e470ea3be900a5)", }, ]; } From 68ba93f5fd67d85c1ef7687ed5d3259725422f59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Nicolas?= Date: Sun, 19 Aug 2018 13:39:57 +0200 Subject: [PATCH 17/29] PH test vectors for edge-cases --- .../src/test_vectors/pedersen_hash_vectors.rs | 209 +++++++++++------- 1 file changed, 131 insertions(+), 78 deletions(-) diff --git a/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs b/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs index 71257d2e7e..ba4f2a83eb 100644 --- a/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs +++ b/zcash_primitives/src/test_vectors/pedersen_hash_vectors.rs @@ -36,11 +36,11 @@ pub fn get_vectors<'a>() -> Vec> { 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, - 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, - 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, + 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, + 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, ], - hash_x: "Fr(0x5ce85ce655a750ceb89fcfbb0ef974b322cd0344a230f9550f06ea55c395e340)", - hash_y: "Fr(0x6e14f97c466476f1b5b6f9e826c8137ef13bae064cb41fc484605aec62ec2cfc)", + hash_x: "Fr(0x599ab788360ae8c6d5bb7618aec37056d6227408d857fdc394078a3d7afdfe0f)", + hash_y: "Fr(0x4320c373da670e28d168f4ffd72b43208e8c815f40841682c57a3ee1d005a527)", }, TestVector { personalization: Personalization::NoteCommitment, @@ -50,11 +50,11 @@ pub fn get_vectors<'a>() -> Vec> { 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, - 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, - 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, + 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, + 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, ], - hash_x: "Fr(0x6568d917fcc1b7febfb1336ea4021dd337ec7084c258091a02bd4199a815912b)", - hash_y: "Fr(0x48258fccd2757b055c292a523223a27e7fcc5a2ff692dd9edb0a4b5376940323)", + hash_x: "Fr(0x2da510317620f5dfdce1f31db6019f947eedcf02ff2972cff597a5c3ad21f5dd)", + hash_y: "Fr(0x198789969c0c33e6c359b9da4a51771f4d50863f36beef90436944fe568399f2)", }, TestVector { personalization: Personalization::NoteCommitment, @@ -64,11 +64,11 @@ pub fn get_vectors<'a>() -> Vec> { 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, - 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, - 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, + 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, + 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, ], - hash_x: "Fr(0x3e24e4059b86d329a6f1e23e85b8a32e147d859cb21ae8b0649243ff658126f3)", - hash_y: "Fr(0x2b206c45c931876dc9d7611387b179dc6bba896be80cd3b5643fb235c32e3111)", + hash_x: "Fr(0x601247c7e640992d193dfb51df6ed93446687a7f2bcd0e4a598e6feb1ef20c40)", + hash_y: "Fr(0x371931733b73e7b95c2cad55a6cebd15c83619f697c64283e54e5ef61442a743)", }, TestVector { personalization: Personalization::NoteCommitment, @@ -99,11 +99,10 @@ pub fn get_vectors<'a>() -> Vec> { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, - 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, - 0, 0, 0, 1, 1, 1, + 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, ], - hash_x: "Fr(0x280a1b1ec18d1128fac0d436264fb09c04d1aa77d6eaf7d269ed49df8b773ff5)", - hash_y: "Fr(0x54b896d6ce31684bb35fad5f9ba0de176ee7ef0749bacc2c7a2d61ba7caca439)", + hash_x: "Fr(0x314192ecb1f2d8806a8108704c875a25d9fb7e444f9f373919adedebe8f2ae27)", + hash_y: "Fr(0x6b12b32f1372ad574799dee9eb591d961b704bf611f55fcc71f7e82cd3330b74)", }, TestVector { personalization: Personalization::NoteCommitment, @@ -134,11 +133,11 @@ pub fn get_vectors<'a>() -> Vec> { 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, - 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, - 0, 1, 0, 1, 1, 1, 0, + 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, + 0, ], - hash_x: "Fr(0x303815867ef8b94e102fe4e7d4fa0cce6478c6c85101921a729ad75565fc2b13)", - hash_y: "Fr(0x19cc4fe8cb4ca16904e88b1dbf8cbc6267b77be76e5047faa1a9d606639133af)", + hash_x: "Fr(0x0666c2bce7f362a2b807d212e9a577f116891a932affd7addec39fbf372c494e)", + hash_y: "Fr(0x6758bccfaf2e47c07756b96edea23aa8d10c33b38220bd1c411af612eeec18ab)", }, TestVector { personalization: Personalization::NoteCommitment, @@ -176,10 +175,10 @@ pub fn get_vectors<'a>() -> Vec> { 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, - 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, + 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, ], - hash_x: "Fr(0x062312368a4f766464598f35eae99e214d829c1da358ef7c039261d80ccb02b1)", - hash_y: "Fr(0x0b37e1f3f27fe80b441ab9acc571fd80b13cc55cd313303ea1867ebdd50f4cbc)", + hash_x: "Fr(0x130afe02b99375484efb0998f5331d2178e1d00e803049bb0769099420624f5f)", + hash_y: "Fr(0x5e2fc6970554ffe358652aa7968ac4fcf3de0c830e6ea492e01a38fafb68cd71)", }, TestVector { personalization: Personalization::NoteCommitment, @@ -217,10 +216,10 @@ pub fn get_vectors<'a>() -> Vec> { 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, - 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, + 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, ], - hash_x: "Fr(0x29d229be31c56829ade7ba291737b261492ea9faea749ed12983056da472b8e8)", - hash_y: "Fr(0x3ec896a7882f1c4b025e4ed4fdecc5acad5444a2ab9f9f819bf3182eb2a64cab)", + hash_x: "Fr(0x67914ebd539961b70f468fa23d4cb42133693a8ac57cd35a1e6369fe34fbedf7)", + hash_y: "Fr(0x44770870c0f0cfe59a10df95d6c21e6f1514a2f464b66377599438c126052d9f)", }, TestVector { personalization: Personalization::MerkleTree(0), @@ -254,11 +253,11 @@ pub fn get_vectors<'a>() -> Vec> { 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, - 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, - 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, + 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, + 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, ], - hash_x: "Fr(0x6e7f0c07ff2090b5ce4663efe13fbfd796b359758ef1e05b4db851d6f71ec5aa)", - hash_y: "Fr(0x46bc33c3d186d2359d823b181cf53b38eeb92c4082ba089bbc5c8a1b98752b94)", + hash_x: "Fr(0x20d2b1b0551efe511755d564f8da4f5bf285fd6051331fa5f129ad95b318f6cd)", + hash_y: "Fr(0x2834d96950de67ae80e85545f8333c6e14b5cf5be7325dac768f401e6edd9544)", }, TestVector { personalization: Personalization::MerkleTree(0), @@ -268,11 +267,11 @@ pub fn get_vectors<'a>() -> Vec> { 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, - 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, - 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, + 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, + 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, ], - hash_x: "Fr(0x67a2d1c5b4a3431240aad380b20327f3fa8b083a04a57d5f2a31bb298f22ccfb)", - hash_y: "Fr(0x2fa884df36b11b05f272b696388fe9e0ebabe90e5a0620409b178ab1360063dd)", + hash_x: "Fr(0x01f4850a0f40e07186fee1f0a276f52fb12cffe05c18eb2aa18170330a93c555)", + hash_y: "Fr(0x19b0807358e7c8cba9168815ec54c4cd76997c34c592607d172151c48d5377cb)", }, TestVector { personalization: Personalization::MerkleTree(0), @@ -282,11 +281,11 @@ pub fn get_vectors<'a>() -> Vec> { 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, - 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, - 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, + 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, + 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, ], - hash_x: "Fr(0x3b5d11aed8cf8164802c33e51f1314e1533140f85762253ecf6f9b1523543cac)", - hash_y: "Fr(0x6aa1e56a5f8e2ecafa1d1279ed074c672758572b88e44ca577574ffa4e058412)", + hash_x: "Fr(0x26dd81a3ffa37452c6a932d41eb4f2e0fedd531e9af8c2a7935b91dff653879d)", + hash_y: "Fr(0x2fc7aebb729ef5cabf0fb3f883bc2eb2603093850b0ec19c1a3c08b653e7f27f)", }, TestVector { personalization: Personalization::MerkleTree(0), @@ -317,11 +316,10 @@ pub fn get_vectors<'a>() -> Vec> { 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, - 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, - 0, 1, 1, 0, 0, 1, + 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, ], - hash_x: "Fr(0x412e6566869ad80f541ef8630bd8cb2a8202ccc4d2af91faf28d03cb3cc42170)", - hash_y: "Fr(0x3131b52e438fa966a2a12eacfc87e0eba6a12672062f13d66b70f128831dc620)", + hash_x: "Fr(0x1111740552773b00aa6a2334575aa94102cfbd084290a430c90eb56d6db65b85)", + hash_y: "Fr(0x6560c44b11683c20030626f89456f78a53ae8a89f565956a98ffc554b48fbb1a)", }, TestVector { personalization: Personalization::MerkleTree(0), @@ -352,11 +350,11 @@ pub fn get_vectors<'a>() -> Vec> { 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, - 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, - 1, 1, 1, 1, 0, 0, 0, + 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, + 0, ], - hash_x: "Fr(0x428293380576357c01c0f5d660a04820a5f684414efe47a63200807da8c36563)", - hash_y: "Fr(0x1d162de79b89d3816755cd3d70c9951e3d8abb93f53d5ba10d365248c07c42ab)", + hash_x: "Fr(0x429349ea9b5f8163bcda3014b3e15554df5173353fd73f315a49360c97265f68)", + hash_y: "Fr(0x188774bb6de41eba669be5d368942783f937acf2f418385fc5c78479b0a405ee)", }, TestVector { personalization: Personalization::MerkleTree(0), @@ -394,10 +392,10 @@ pub fn get_vectors<'a>() -> Vec> { 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, - 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, + 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, ], - hash_x: "Fr(0x5752e8edbad2077a2129ee6bcf63b263742654cbd2e388b171faa7353db36558)", - hash_y: "Fr(0x45ce194558c09e4f32d173fb7e90c9733f8f7b987ea366f9e1d12e082a5491ce)", + hash_x: "Fr(0x00e827f3ed136f3c91c61c97ab9b7cca0ea53c20e47abb5e226ede297bdd5f37)", + hash_y: "Fr(0x315cc00a54972df6a19f650d3fab5f2ad0fb07397bacb6944568618f2aa76bf6)", }, TestVector { personalization: Personalization::MerkleTree(0), @@ -435,10 +433,10 @@ pub fn get_vectors<'a>() -> Vec> { 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, - 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, + 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, ], - hash_x: "Fr(0x177126f3b82b213429c2dd000f30f6d2e241ceb5bd176cceee47cfdb7820a519)", - hash_y: "Fr(0x3806eb24915fbe76b7e9a05de9a81aeb416cf83e482b7384b2dea23ce352e570)", + hash_x: "Fr(0x3ee50557c4aa9158c4bb9d5961208e6c62f55c73ad7c7695a0eba0bcb6d83d05)", + hash_y: "Fr(0x1b1a2be6e47688828aeadf2d37db298eac0c2736c2722b227871fdeeee29de33)", }, TestVector { personalization: Personalization::MerkleTree(34), @@ -472,11 +470,11 @@ pub fn get_vectors<'a>() -> Vec> { 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, - 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, - 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, + 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, + 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, ], - hash_x: "Fr(0x45a4a919352ae421a5ecee9e58916fdd20421bc4073dac1eb9d4a9788517b242)", - hash_y: "Fr(0x3e87b326f98ef71c09c8d91c5c69b35589d1c63931fc7eb70a9fbf7d7ecd7743)", + hash_x: "Fr(0x544a0b44c35dca64ee806d1af70b7c44134e5d86efed413947657ffd71adf9b2)", + hash_y: "Fr(0x5ddc5dbf12abbbc5561defd3782a32f450b3c398f52ff4629677e59e86e3ab31)", }, TestVector { personalization: Personalization::MerkleTree(34), @@ -486,11 +484,11 @@ pub fn get_vectors<'a>() -> Vec> { 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, - 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, - 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, + 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, + 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, ], - hash_x: "Fr(0x4e6616fef2cc0121158ed0ff99fe5c74a16a530b55ed3029c17f4504be2d63bc)", - hash_y: "Fr(0x0e616bad2c6f53425cd0a58a72fb0cd6c7c10eff8de2b9e6751ca200794cc681)", + hash_x: "Fr(0x6cb6490ccb0ca9ccd657146f58a7b800bc4fb2556ee37861227ee8fda724acfb)", + hash_y: "Fr(0x05c6fe100926f5cc441e54e72f024b6b12c907f2ec5680335057896411984c9f)", }, TestVector { personalization: Personalization::MerkleTree(34), @@ -500,11 +498,11 @@ pub fn get_vectors<'a>() -> Vec> { 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, - 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, - 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, + 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, + 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, ], - hash_x: "Fr(0x361e51a064b99826b60eca3fc7c963c4bd0c242a60984ee73ae1d0f0a91a93ed)", - hash_y: "Fr(0x1eec42669df04008c4106da4959d7150172d7bb29038b2b4a3e129333491a615)", + hash_x: "Fr(0x40901e2175cb7f06a00c676d54d90e59fd448f11cbbc5eb517f9fea74b795ce2)", + hash_y: "Fr(0x42d512891f91087310c9bc630c8d0ecc014596f884fd6df55dada8195ed726de)", }, TestVector { personalization: Personalization::MerkleTree(34), @@ -535,11 +533,10 @@ pub fn get_vectors<'a>() -> Vec> { 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, - 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, - 0, 0, 0, 1, 0, 1, + 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, ], - hash_x: "Fr(0x4628b5c298b1bda5a72d27dfc66ed52381356ed9d06d80049d883cc6a86ba060)", - hash_y: "Fr(0x55dbbbe29a40a7e6c1d3863b1ce55521a655bea49a5ec4aa5af4fcdc6d07b572)", + hash_x: "Fr(0x66a433542419f1a086ed0663b0e8df2ece9a04065f147896976baba1a916b6dc)", + hash_y: "Fr(0x203bd3672522e1d3c86fa6b9f3b58f20199a4216adfd40982add13a856f6f3de)", }, TestVector { personalization: Personalization::MerkleTree(34), @@ -570,11 +567,11 @@ pub fn get_vectors<'a>() -> Vec> { 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, - 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, - 1, 1, 0, 0, 0, 0, 1, + 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, + 1, ], - hash_x: "Fr(0x269951d9add5b838019b9f99332eee5923cede7a911e94dff8fbcdceaa94c040)", - hash_y: "Fr(0x62a5a3daf3a4cd436016829ba132ce983004597539eb3f5b33e0da09aa095c3f)", + hash_x: "Fr(0x119db3b38086c1a3c6c6f53c529ee62d9311d69c2d8aeeafa6e172e650d3afda)", + hash_y: "Fr(0x72287540be7d2b0f58f5c73eaa53c55bea6b79dd79873b4e47cc11787bb9a15d)", }, TestVector { personalization: Personalization::MerkleTree(34), @@ -612,10 +609,10 @@ pub fn get_vectors<'a>() -> Vec> { 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, - 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, + 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, ], - hash_x: "Fr(0x5ba09bdafc6846319e8b88baa2c1577ee40df4b54a2d58ae2ed079a7f9218e05)", - hash_y: "Fr(0x4616a8e8a4e7a74a4b30d12fd3316ede03116b0e051708487c4848d7e89593fe)", + hash_x: "Fr(0x446efdcf89b70ba2b03427a0893008181d0fc4e76b84b1a500d7ee523c8e3666)", + hash_y: "Fr(0x125ee0048efb0372b92c3c15d51a7c5c77a712054cc4fdd0774563da46ec7289)", }, TestVector { personalization: Personalization::MerkleTree(34), @@ -653,10 +650,66 @@ pub fn get_vectors<'a>() -> Vec> { 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, - 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, + 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, ], - hash_x: "Fr(0x62f7ad8abd0c927d482f4954f65883cbdf4da7dfdefbee0fc4a74cb188827184)", - hash_y: "Fr(0x00b2056a5556b91df4ff76e31e608ddc6c5a543e4ea7708568e470ea3be900a5)", + hash_x: "Fr(0x72723bf0573bcb4b72d4184cfeb707d9556b7f705f56a4652707a36f2edf10f7)", + hash_y: "Fr(0x3a7f0999a6a1393bd49fc82302e7352e01176fbebb0192bf5e6ef39eb8c585ad)", + }, + TestVector { + personalization: Personalization::MerkleTree(27), + input_bits: vec![ + 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, + 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, + 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, + 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, + 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, + 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, + 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, + ], + hash_x: "Fr(0x414f6ba05f6b92da1f9051950769e1083d05615def32b016ae424309828a11f4)", + hash_y: "Fr(0x471d2109656afcb96d0609b371b132b97efcf72c6051064dd19fdc004799bfa9)", + }, + TestVector { + personalization: Personalization::MerkleTree(36), + input_bits: vec![ + 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, + 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, + 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, + 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, + 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, + 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, + 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, + ], + hash_x: "Fr(0x62d6fe1e373225a5695f3115aed8265c59e2d6275ceef6bbc53fde3fc6594024)", + hash_y: "Fr(0x407275be7d5a4c48204c8d83f5b211d09a2f285d4f0f87a928d4de9a6338e1d1)", + }, + TestVector { + personalization: Personalization::MerkleTree(0), + input_bits: vec![ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + ], + hash_x: "Fr(0x1116a934f26b57a2c9daa6f25ac9b1a8f9dacddba30f65433ac021bf39a6bfdd)", + hash_y: "Fr(0x407275be7d5a4c48204c8d83f5b211d09a2f285d4f0f87a928d4de9a6338e1d1)", + }, + TestVector { + personalization: Personalization::NoteCommitment, + input_bits: vec![ + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + ], + hash_x: "Fr(0x329e3bb2ca31ea6e13a986730237f6fd16b842a510cbabe851bdbcf57d75ee0d)", + hash_y: "Fr(0x471d2109656afcb96d0609b371b132b97efcf72c6051064dd19fdc004799bfa9)", }, ]; } From bb0a769162033b4a5f01bd1dce75abd657df1a37 Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Thu, 9 Aug 2018 09:36:36 +0300 Subject: [PATCH 18/29] ecc: tests for assert_not_small_order --- zcash_proofs/src/circuit/ecc.rs | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/zcash_proofs/src/circuit/ecc.rs b/zcash_proofs/src/circuit/ecc.rs index fa4913aa32..6a6855e654 100644 --- a/zcash_proofs/src/circuit/ecc.rs +++ b/zcash_proofs/src/circuit/ecc.rs @@ -1096,4 +1096,30 @@ mod test { assert_eq!(cs.which_is_unsatisfied(), Some("addition/evaluate lambda")); } } + + #[test] + fn test_assert_not_small_order() { + let params = &JubjubBls12::new(); + + let check_small_order_from_strs = |x, y| { + let mut cs = TestConstraintSystem::::new(); + + //let (x,y) = (Fr::from_str("14080418777298869350588389379361252092475090129841789940098060767181937064268").unwrap(), Fr::from_str("4408371274642418797323679050836535851651768103477128764103246588657558662748").unwrap()); + let (x, y) = (Fr::from_str(x).unwrap(), Fr::from_str(y).unwrap()); + let p = edwards::Point::::get_for_y(y, false, params).unwrap(); + assert_eq!(x, p.to_xy().0); + + let p = EdwardsPoint::witness(&mut cs, Some(p), params).unwrap(); + assert!(cs.is_satisfied()); + assert!(p.assert_not_small_order(&mut cs, params).is_err()); + }; + + // zero has low order + check_small_order_from_strs("0", "1"); + // generator for the small order subgroup + check_small_order_from_strs( + "948411088638444611740115537621561973758360269817276634325562542866802143934", + "19260245455242183936012133194672327304390353749328020389743628630787497879844", + ); + } } From ace929c5ba9470886d00ada7f4aa7f944d54ac0f Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Thu, 9 Aug 2018 15:32:17 +0300 Subject: [PATCH 19/29] ecc: test_assert_not_small_order also tests for the generators --- zcash_proofs/src/circuit/ecc.rs | 38 +++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/zcash_proofs/src/circuit/ecc.rs b/zcash_proofs/src/circuit/ecc.rs index 6a6855e654..9e33c4720f 100644 --- a/zcash_proofs/src/circuit/ecc.rs +++ b/zcash_proofs/src/circuit/ecc.rs @@ -1101,25 +1101,49 @@ mod test { fn test_assert_not_small_order() { let params = &JubjubBls12::new(); - let check_small_order_from_strs = |x, y| { + let check_small_order_from_p = |p: edwards::Point, is_small_order| { let mut cs = TestConstraintSystem::::new(); + let p = EdwardsPoint::witness(&mut cs, Some(p), params).unwrap(); + assert!(cs.is_satisfied()); + assert!(p.assert_not_small_order(&mut cs, params).is_err() == is_small_order); + }; + + let check_small_order_from_strs = |x, y| { //let (x,y) = (Fr::from_str("14080418777298869350588389379361252092475090129841789940098060767181937064268").unwrap(), Fr::from_str("4408371274642418797323679050836535851651768103477128764103246588657558662748").unwrap()); let (x, y) = (Fr::from_str(x).unwrap(), Fr::from_str(y).unwrap()); let p = edwards::Point::::get_for_y(y, false, params).unwrap(); assert_eq!(x, p.to_xy().0); - let p = EdwardsPoint::witness(&mut cs, Some(p), params).unwrap(); - assert!(cs.is_satisfied()); - assert!(p.assert_not_small_order(&mut cs, params).is_err()); + check_small_order_from_p(p, true); }; // zero has low order check_small_order_from_strs("0", "1"); + // generator for jubjub + let (x, y) = ( + Fr::from_str( + "11076627216317271660298050606127911965867021807910416450833192264015104452986", + ) + .unwrap(), + Fr::from_str( + "44412834903739585386157632289020980010620626017712148233229312325549216099227", + ) + .unwrap(), + ); + let g = edwards::Point::::get_for_y(y, false, params).unwrap(); + assert_eq!(x, g.to_xy().0); + // generator for the jubjub group + check_small_order_from_p(g.clone(), false); // generator for the small order subgroup - check_small_order_from_strs( - "948411088638444611740115537621561973758360269817276634325562542866802143934", - "19260245455242183936012133194672327304390353749328020389743628630787497879844", + let g2 = g.mul( + Fs::from_str( + "6554484396890773809930967563523245729705921265872317281365359162392183254199", + ) + .unwrap() + .into_repr(), + params, ); + check_small_order_from_p(g2, true); } } From e0c5ef22bc2ea50c431a25a4a84633040166d5f9 Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Sat, 11 Aug 2018 13:06:20 +0300 Subject: [PATCH 20/29] ecc: makes assert_not_small_order tests deeper --- zcash_proofs/src/circuit/ecc.rs | 53 ++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 10 deletions(-) diff --git a/zcash_proofs/src/circuit/ecc.rs b/zcash_proofs/src/circuit/ecc.rs index 9e33c4720f..822c3550dd 100644 --- a/zcash_proofs/src/circuit/ecc.rs +++ b/zcash_proofs/src/circuit/ecc.rs @@ -1120,6 +1120,16 @@ mod test { // zero has low order check_small_order_from_strs("0", "1"); + + // prime subgroup order + let prime_subgroup_order = Fs::from_str( + "6554484396890773809930967563523245729705921265872317281365359162392183254199", + ) + .unwrap(); + let largest_small_subgroup_order = Fs::from_str("8").unwrap(); + + let (zero_x, zero_y) = (Fr::from_str("0").unwrap(), Fr::from_str("1").unwrap()); + // generator for jubjub let (x, y) = ( Fr::from_str( @@ -1133,17 +1143,40 @@ mod test { ); let g = edwards::Point::::get_for_y(y, false, params).unwrap(); assert_eq!(x, g.to_xy().0); - // generator for the jubjub group check_small_order_from_p(g.clone(), false); + + // generator for the prime subgroup + let g_prime = g.mul(largest_small_subgroup_order, params); + check_small_order_from_p(g_prime.clone(), false); + let mut prime_subgroup_order_minus_1 = prime_subgroup_order.clone(); + prime_subgroup_order_minus_1.sub_assign(&Fs::from_str("1").unwrap()); + + let should_not_be_zero = g_prime.mul(prime_subgroup_order_minus_1, params); + assert_ne!(zero_x, should_not_be_zero.to_xy().0); + assert_ne!(zero_y, should_not_be_zero.to_xy().1); + let should_be_zero = should_not_be_zero.add(&g_prime, params); + assert_eq!(zero_x, should_be_zero.to_xy().0); + assert_eq!(zero_y, should_be_zero.to_xy().1); + // generator for the small order subgroup - let g2 = g.mul( - Fs::from_str( - "6554484396890773809930967563523245729705921265872317281365359162392183254199", - ) - .unwrap() - .into_repr(), - params, - ); - check_small_order_from_p(g2, true); + let g_small = g.mul(prime_subgroup_order_minus_1, params); + let g_small = g_small.add(&g, params); + check_small_order_from_p(g_small.clone(), true); + + // g_small does have order 8 + let mut largest_small_subgroup_order_minus_1 = largest_small_subgroup_order.clone(); + largest_small_subgroup_order_minus_1.sub_assign(&Fs::from_str("1").unwrap()); + + let should_not_be_zero = g_small.mul(largest_small_subgroup_order_minus_1, params); + assert_ne!(zero_x, should_not_be_zero.to_xy().0); + assert_ne!(zero_y, should_not_be_zero.to_xy().1); + + let should_be_zero = should_not_be_zero.add(&g_small, params); + assert_eq!(zero_x, should_be_zero.to_xy().0); + assert_eq!(zero_y, should_be_zero.to_xy().1); + + // take all the points from the script + // assert should be different than multiplying by cofactor, which is the solution + // is user input verified? https://github.com/zcash/librustzcash/blob/f5d2afb4eabac29b1b1cc860d66e45a5b48b4f88/src/rustzcash.rs#L299 } } From f3533e291f7b3f967ebeeab54332c12518d7b77b Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Mon, 6 Aug 2018 10:50:44 +0300 Subject: [PATCH 21/29] boolean: adds tests for alloc_conditionally --- bellman/src/gadgets/boolean.rs | 78 ++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/bellman/src/gadgets/boolean.rs b/bellman/src/gadgets/boolean.rs index b26bb19259..57718b1e43 100644 --- a/bellman/src/gadgets/boolean.rs +++ b/bellman/src/gadgets/boolean.rs @@ -1740,4 +1740,82 @@ mod test { } } } + + #[test] + fn test_alloc_conditionally() { + { + let mut cs = TestConstraintSystem::::new(); + let b = AllocatedBit::alloc(&mut cs, Some(false)).unwrap(); + + let value = None; + // if value is none, fail with SynthesisError + let is_err = AllocatedBit::alloc_conditionally( + cs.namespace(|| "alloc_conditionally"), + value, + &b, + ) + .is_err(); + assert!(is_err); + } + + { + // since value is true, b must be false, so it should succeed + let mut cs = TestConstraintSystem::::new(); + + let value = Some(true); + let b = AllocatedBit::alloc(&mut cs, Some(false)).unwrap(); + let allocated_value = AllocatedBit::alloc_conditionally( + cs.namespace(|| "alloc_conditionally"), + value, + &b, + ) + .unwrap(); + + assert_eq!(allocated_value.get_value().unwrap(), true); + assert!(cs.is_satisfied()); + } + + { + // since value is true, b must be false, so it should fail + let mut cs = TestConstraintSystem::::new(); + + let value = Some(true); + let b = AllocatedBit::alloc(&mut cs, Some(true)).unwrap(); + let allocated_value = AllocatedBit::alloc_conditionally( + cs.namespace(|| "alloc_conditionally"), + value, + &b, + ) + .unwrap(); + + assert!(!cs.is_satisfied()); + } + + { + // since value is false, we don't care about the value of the bit + + let value = Some(false); + //check with false bit + let mut cs = TestConstraintSystem::::new(); + let b1 = AllocatedBit::alloc(&mut cs, Some(false)).unwrap(); + let allocated_value = AllocatedBit::alloc_conditionally( + cs.namespace(|| "alloc_conditionally"), + value, + &b1, + ) + .unwrap(); + + //check with true bit + let mut cs = TestConstraintSystem::::new(); + let b2 = AllocatedBit::alloc(&mut cs, Some(true)).unwrap(); + let allocated_value = AllocatedBit::alloc_conditionally( + cs.namespace(|| "alloc_conditionally"), + value, + &b2, + ) + .unwrap(); + + assert!(cs.is_satisfied()); + } + } } From d56758d42680e9c8ddb5c02832217d522bf4c43a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Nicolas?= Date: Tue, 21 Aug 2018 19:52:43 +0200 Subject: [PATCH 22/29] Calculate number of constraints and more comprehensive test --- zcash_proofs/src/circuit/pedersen_hash.rs | 82 ++++++++++++++++------- 1 file changed, 58 insertions(+), 24 deletions(-) diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index acaf7c91bb..3e7ec310a6 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -114,6 +114,31 @@ mod test { use rand_xorshift::XorShiftRng; use zcash_primitives::pedersen_hash; + /// Predict the number of constraints of a Pedersen hash + fn ph_num_constraints(input_bits: usize) -> usize { + // Account for the 6 personalization bits. + let personalized_bits = 6 + input_bits; + // Constant booleans in the personalization and padding don't need lookup "precomp" constraints. + let precomputed_booleans = 2 + (personalized_bits % 3 == 1) as usize; + + // Count chunks and segments with ceiling division + let chunks = (personalized_bits + 3 - 1) / 3; + let segments = (chunks + 63 - 1) / 63; + let all_but_last_segments = segments - 1; + let last_chunks = chunks - all_but_last_segments * 63; + + // Constraints per operation + let lookup_chunk = 2; + let add_chunks = 3; // Montgomery addition + let convert_segment = 2; // Conversion to Edwards + let add_segments = 6; // Edwards addition + + return (chunks) * lookup_chunk - precomputed_booleans + + segments * convert_segment + + all_but_last_segments * ((63 - 1) * add_chunks + add_segments) + + (last_chunks - 1) * add_chunks; + } + #[test] fn test_pedersen_hash_constraints() { let mut rng = XorShiftRng::from_seed([ @@ -121,32 +146,41 @@ mod test { 0xbc, 0xe5, ]); let params = &JubjubBls12::new(); - let mut cs = TestConstraintSystem::::new(); - - let input: Vec = (0..(Fr::NUM_BITS * 2)) - .map(|_| rng.next_u32() % 2 != 0) - .collect(); - - let input_bools: Vec = input - .iter() - .enumerate() - .map(|(i, b)| { - Boolean::from( - AllocatedBit::alloc(cs.namespace(|| format!("input {}", i)), Some(*b)).unwrap(), - ) - }) - .collect(); - pedersen_hash( - cs.namespace(|| "pedersen hash"), - Personalization::NoteCommitment, - &input_bools, - params, - ) - .unwrap(); + for &n_bits in [0, 3 * 63 - 6, 3 * 63 - 6 + 1, 3 * 63 - 6 + 2, 255, 510].iter() { + let mut cs = TestConstraintSystem::::new(); + + let input: Vec = (0..n_bits).map(|_| rng.next_u32() % 2 != 0).collect(); + + let input_bools: Vec = input + .iter() + .enumerate() + .map(|(i, b)| { + Boolean::from( + AllocatedBit::alloc(cs.namespace(|| format!("input {}", i)), Some(*b)) + .unwrap(), + ) + }) + .collect(); - assert!(cs.is_satisfied()); - assert_eq!(cs.num_constraints(), 1377); + pedersen_hash( + cs.namespace(|| "pedersen hash"), + Personalization::NoteCommitment, + &input_bools, + params, + ) + .unwrap(); + + assert!(cs.is_satisfied()); + + let bitness_constraints = n_bits; + let ph_constraints = ph_num_constraints(n_bits); + assert_eq!(cs.num_constraints(), bitness_constraints + ph_constraints); + // The main use case + if n_bits == 510 { + assert_eq!(cs.num_constraints(), 510 + 867) + }; + } } #[test] From 3efb7f9146efcc3dda032989ce1ba7599365915b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Nicolas?= Date: Wed, 22 Aug 2018 12:45:44 +0200 Subject: [PATCH 23/29] Test PH circuit for the size used in the Merkle tree --- zcash_proofs/src/circuit/pedersen_hash.rs | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 3e7ec310a6..5356331f4c 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -147,7 +147,19 @@ mod test { ]); let params = &JubjubBls12::new(); - for &n_bits in [0, 3 * 63 - 6, 3 * 63 - 6 + 1, 3 * 63 - 6 + 2, 255, 510].iter() { + let leaves_len = 2 * 255; + let note_len = 64 + 256 + 256; + + for &n_bits in [ + 0, + 3 * 63 - 6, + 3 * 63 - 6 + 1, + 3 * 63 - 6 + 2, + leaves_len, + note_len, + ] + .iter() + { let mut cs = TestConstraintSystem::::new(); let input: Vec = (0..n_bits).map(|_| rng.next_u32() % 2 != 0).collect(); @@ -176,9 +188,12 @@ mod test { let bitness_constraints = n_bits; let ph_constraints = ph_num_constraints(n_bits); assert_eq!(cs.num_constraints(), bitness_constraints + ph_constraints); - // The main use case - if n_bits == 510 { - assert_eq!(cs.num_constraints(), 510 + 867) + // The actual usages + if n_bits == leaves_len { + assert_eq!(cs.num_constraints(), leaves_len + 867) + }; + if n_bits == note_len { + assert_eq!(cs.num_constraints(), note_len + 982) }; } } From 15b4c37ab01530f7e13a4987baf46e02f49d0015 Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Wed, 1 Aug 2018 09:26:30 +0300 Subject: [PATCH 24/29] adds test for linear relation between pedersen hash generators --- zcash_primitives/src/jubjub/mod.rs | 170 +++++++++++++++++++---------- 1 file changed, 112 insertions(+), 58 deletions(-) diff --git a/zcash_primitives/src/jubjub/mod.rs b/zcash_primitives/src/jubjub/mod.rs index 40938f3797..65e04a0ce4 100644 --- a/zcash_primitives/src/jubjub/mod.rs +++ b/zcash_primitives/src/jubjub/mod.rs @@ -216,28 +216,6 @@ impl JubjubBls12 { fixed_base_circuit_generators: vec![], }; - fn find_group_hash( - m: &[u8], - personalization: &[u8; 8], - params: &E::Params, - ) -> edwards::Point { - let mut tag = m.to_vec(); - let i = tag.len(); - tag.push(0u8); - - loop { - let gh = group_hash(&tag, personalization, params); - - // We don't want to overflow and start reusing generators - assert!(tag[i] != u8::max_value()); - tag[i] += 1; - - if let Some(gh) = gh { - break gh; - } - } - } - // Create the bases for the Pedersen hashes { let mut pedersen_hash_generators = vec![]; @@ -250,26 +228,17 @@ impl JubjubBls12 { .write_u32::(m) .unwrap(); - pedersen_hash_generators.push(find_group_hash( + pedersen_hash_generators.push(JubjubBls12::find_group_hash( &segment_number, constants::PEDERSEN_HASH_GENERATORS_PERSONALIZATION, &tmp_params, )); } - // Check for duplicates, far worse than spec inconsistencies! - for (i, p1) in pedersen_hash_generators.iter().enumerate() { - if p1 == &edwards::Point::zero() { - panic!("Neutral element!"); - } - - for p2 in pedersen_hash_generators.iter().skip(i + 1) { - if p1 == p2 { - panic!("Duplicate generator!"); - } - } - } - + JubjubBls12::check_consistency_of_pedersen_hash_generators( + &tmp_params, + &pedersen_hash_generators, + ); tmp_params.pedersen_hash_generators = pedersen_hash_generators; } @@ -314,43 +283,47 @@ impl JubjubBls12 { let mut fixed_base_generators = vec![edwards::Point::zero(); FixedGenerators::Max as usize]; - fixed_base_generators[FixedGenerators::ProofGenerationKey as usize] = find_group_hash( - &[], - constants::PROOF_GENERATION_KEY_BASE_GENERATOR_PERSONALIZATION, - &tmp_params, - ); + fixed_base_generators[FixedGenerators::ProofGenerationKey as usize] = + JubjubBls12::find_group_hash( + &[], + constants::PROOF_GENERATION_KEY_BASE_GENERATOR_PERSONALIZATION, + &tmp_params, + ); fixed_base_generators[FixedGenerators::NoteCommitmentRandomness as usize] = - find_group_hash( + JubjubBls12::find_group_hash( b"r", constants::PEDERSEN_HASH_GENERATORS_PERSONALIZATION, &tmp_params, ); - fixed_base_generators[FixedGenerators::NullifierPosition as usize] = find_group_hash( - &[], - constants::NULLIFIER_POSITION_IN_TREE_GENERATOR_PERSONALIZATION, - &tmp_params, - ); + fixed_base_generators[FixedGenerators::NullifierPosition as usize] = + JubjubBls12::find_group_hash( + &[], + constants::NULLIFIER_POSITION_IN_TREE_GENERATOR_PERSONALIZATION, + &tmp_params, + ); - fixed_base_generators[FixedGenerators::ValueCommitmentValue as usize] = find_group_hash( - b"v", - constants::VALUE_COMMITMENT_GENERATOR_PERSONALIZATION, - &tmp_params, - ); + fixed_base_generators[FixedGenerators::ValueCommitmentValue as usize] = + JubjubBls12::find_group_hash( + b"v", + constants::VALUE_COMMITMENT_GENERATOR_PERSONALIZATION, + &tmp_params, + ); fixed_base_generators[FixedGenerators::ValueCommitmentRandomness as usize] = - find_group_hash( + JubjubBls12::find_group_hash( b"r", constants::VALUE_COMMITMENT_GENERATOR_PERSONALIZATION, &tmp_params, ); - fixed_base_generators[FixedGenerators::SpendingKeyGenerator as usize] = find_group_hash( - &[], - constants::SPENDING_KEY_GENERATOR_PERSONALIZATION, - &tmp_params, - ); + fixed_base_generators[FixedGenerators::SpendingKeyGenerator as usize] = + JubjubBls12::find_group_hash( + &[], + constants::SPENDING_KEY_GENERATOR_PERSONALIZATION, + &tmp_params, + ); // Check for duplicates, far worse than spec inconsistencies! for (i, p1) in fixed_base_generators.iter().enumerate() { @@ -427,6 +400,55 @@ impl JubjubBls12 { tmp_params } + + fn find_group_hash( + m: &[u8], + personalization: &[u8; 8], + params: &E::Params, + ) -> edwards::Point { + let mut tag = m.to_vec(); + let i = tag.len(); + tag.push(0u8); + + loop { + let gh = group_hash(&tag, personalization, params); + + // We don't want to overflow and start reusing generators + assert!(tag[i] != u8::max_value()); + tag[i] += 1; + + if let Some(gh) = gh { + break gh; + } + } + } + + /// Check for simple relations between the generators, that make finding collisions easy; + /// far worse than spec inconsistencies! + fn check_consistency_of_pedersen_hash_generators( + tmp_params: &E::Params, + pedersen_hash_generators: &[edwards::Point], + ) { + let sum = &edwards::Point::zero(); + for (i, p1) in pedersen_hash_generators.iter().enumerate() { + if p1 == &edwards::Point::zero() { + panic!("Neutral element!"); + } + // Used for checking no generator is a sum of previous ones. + let sum = &sum.add(&p1, &tmp_params); + for p2 in pedersen_hash_generators.iter().skip(i + 1) { + if p1 == p2 { + panic!("Duplicate generator!"); + } + if p1 == &p2.negate() { + panic!("Inverse generator!"); + } + if sum == p2 { + panic!("Linear relation between generators!"); + } + } + } + } } #[test] @@ -464,3 +486,35 @@ fn test_jubjub_bls12() { assert!(p == q); } + +#[test] +#[should_panic(expected = "Linear relation between generators!")] +fn test_jubjub_bls12_pedersen_hash_generators_consistency_check_linear_relation() { + let params = JubjubBls12::new(); + + let mut pedersen_hash_generators: Vec> = vec![]; + + use byteorder::{LittleEndian, WriteBytesExt}; + + for m in 0..5 { + let mut segment_number = [0u8; 4]; + (&mut segment_number[0..4]) + .write_u32::(m) + .unwrap(); + + let p = JubjubBls12::find_group_hash( + &segment_number, + constants::PEDERSEN_HASH_GENERATORS_PERSONALIZATION, + ¶ms, + ); + pedersen_hash_generators.push(p); + } + + let p1 = pedersen_hash_generators[0].clone(); + let p2 = pedersen_hash_generators[1].clone(); + + //test for linear relation + pedersen_hash_generators.push(p1.add(&p2, ¶ms)); + + JubjubBls12::check_consistency_of_pedersen_hash_generators(¶ms, &pedersen_hash_generators); +} From e391594e9e91dde8f029a5ca9854c4d4fd6b4e13 Mon Sep 17 00:00:00 2001 From: Taylor Hornby Date: Tue, 12 Mar 2019 16:37:04 -0600 Subject: [PATCH 25/29] Fix broken linear relation checking --- zcash_primitives/src/jubjub/mod.rs | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/zcash_primitives/src/jubjub/mod.rs b/zcash_primitives/src/jubjub/mod.rs index 65e04a0ce4..732193253c 100644 --- a/zcash_primitives/src/jubjub/mod.rs +++ b/zcash_primitives/src/jubjub/mod.rs @@ -429,13 +429,10 @@ impl JubjubBls12 { tmp_params: &E::Params, pedersen_hash_generators: &[edwards::Point], ) { - let sum = &edwards::Point::zero(); for (i, p1) in pedersen_hash_generators.iter().enumerate() { if p1 == &edwards::Point::zero() { panic!("Neutral element!"); } - // Used for checking no generator is a sum of previous ones. - let sum = &sum.add(&p1, &tmp_params); for p2 in pedersen_hash_generators.iter().skip(i + 1) { if p1 == p2 { panic!("Duplicate generator!"); @@ -443,8 +440,21 @@ impl JubjubBls12 { if p1 == &p2.negate() { panic!("Inverse generator!"); } - if sum == p2 { - panic!("Linear relation between generators!"); + } + + // check for a generator being the sum of any other two + for (j, p2) in pedersen_hash_generators.iter().enumerate() { + if j == i { + continue; + } + for (k, p3) in pedersen_hash_generators.iter().enumerate() { + if k == j || k == i { + continue; + } + let sum = &p2.add(&p3, &tmp_params); + if sum == p1 { + panic!("Linear relation between generators!"); + } } } } From caab37c3361d9a95b39adeedc9422b45355dcf65 Mon Sep 17 00:00:00 2001 From: Taylor Hornby Date: Wed, 10 Apr 2019 14:18:52 -0600 Subject: [PATCH 26/29] Fix build warnings --- bellman/src/gadgets/boolean.rs | 24 ++++++----------------- zcash_proofs/src/circuit/pedersen_hash.rs | 2 +- 2 files changed, 7 insertions(+), 19 deletions(-) diff --git a/bellman/src/gadgets/boolean.rs b/bellman/src/gadgets/boolean.rs index 57718b1e43..a228d396aa 100644 --- a/bellman/src/gadgets/boolean.rs +++ b/bellman/src/gadgets/boolean.rs @@ -1781,12 +1781,8 @@ mod test { let value = Some(true); let b = AllocatedBit::alloc(&mut cs, Some(true)).unwrap(); - let allocated_value = AllocatedBit::alloc_conditionally( - cs.namespace(|| "alloc_conditionally"), - value, - &b, - ) - .unwrap(); + AllocatedBit::alloc_conditionally(cs.namespace(|| "alloc_conditionally"), value, &b) + .unwrap(); assert!(!cs.is_satisfied()); } @@ -1798,22 +1794,14 @@ mod test { //check with false bit let mut cs = TestConstraintSystem::::new(); let b1 = AllocatedBit::alloc(&mut cs, Some(false)).unwrap(); - let allocated_value = AllocatedBit::alloc_conditionally( - cs.namespace(|| "alloc_conditionally"), - value, - &b1, - ) - .unwrap(); + AllocatedBit::alloc_conditionally(cs.namespace(|| "alloc_conditionally"), value, &b1) + .unwrap(); //check with true bit let mut cs = TestConstraintSystem::::new(); let b2 = AllocatedBit::alloc(&mut cs, Some(true)).unwrap(); - let allocated_value = AllocatedBit::alloc_conditionally( - cs.namespace(|| "alloc_conditionally"), - value, - &b2, - ) - .unwrap(); + AllocatedBit::alloc_conditionally(cs.namespace(|| "alloc_conditionally"), value, &b2) + .unwrap(); assert!(cs.is_satisfied()); } diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 5356331f4c..5ac13e8443 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -274,7 +274,7 @@ mod test { "2112827187110048608327330788910224944044097981650120385961435904443901436107", ]; for length in 300..302 { - let mut input: Vec = (0..length).map(|_| rng.next_u32() % 2 != 0).collect(); + let input: Vec = (0..length).map(|_| rng.next_u32() % 2 != 0).collect(); let mut cs = TestConstraintSystem::::new(); From 4dff8055bf37b7edc4f188770fc97600255efcfb Mon Sep 17 00:00:00 2001 From: Taylor Hornby Date: Thu, 25 Jul 2019 13:19:09 -0600 Subject: [PATCH 27/29] Remove unfinished find_group_hash test. --- zcash_primitives/src/group_hash.rs | 92 ------------------------------ 1 file changed, 92 deletions(-) diff --git a/zcash_primitives/src/group_hash.rs b/zcash_primitives/src/group_hash.rs index a4d0bb5af6..8549c5e3e5 100644 --- a/zcash_primitives/src/group_hash.rs +++ b/zcash_primitives/src/group_hash.rs @@ -39,95 +39,3 @@ pub fn group_hash( Err(_) => None, } } - -#[cfg(test)] -mod test { - use ff::PrimeField; - use pairing::bls12_381::{Bls12, Fr}; - - use crate::{ - group_hash::group_hash, - jubjub::{edwards, JubjubBls12, JubjubEngine, PrimeOrder}, - }; - - #[test] - fn test_group_hash() { - fn find_group_hash( - m: &[u8], - personalization: &[u8; 8], - params: &E::Params, - ) -> edwards::Point { - let mut tag = m.to_vec(); - let i = tag.len(); - tag.push(0u8); - - loop { - let gh = group_hash(&tag, personalization, params); - - // We don't want to overflow and start reusing generators - assert!(tag[i] != u8::max_value()); - tag[i] += 1; - - if let Some(gh) = gh { - break gh; - } - } - } - let params = JubjubBls12::new(); - - let expected_points: Vec> = vec![]; - let domains = vec![ - hex!("0b4c693149060f99"), - hex!("982fc029ed2213e4"), - hex!("5a01101e28c6b466"), - hex!("a3716d31a988b6e6"), - ]; - let msgs = vec![ - hex!("076cb41a3d40719b258b9f2d959e6e26555950ba05cee053cda7fd1b7a3e94907906959d36e3462ab8c8ec070fa99dbc0bc6e5554e9a7c30ba875fa3b3269e0dbd30b63b19313dbe3a50279e7d5d4e3787ebc794bac60c683ca8e3220fcf8a2bccf061a02635b32a1e368e82b345ae5a1af5150b0c703892b8da35a070ddacf97faf529602ef4071908b7df09d66c55da5543d1669888d64ad17785e555d202e00a8005afb0d490c0807377d45227f4474e1aa527694b0b7a0b17608b09bd44c8d8aa9debfe7a7620cd60fc623bfe26ddfb91e9ae32138dc3a0585c42ca89a61c299f9fe79f0e0237d8ee8b4d30186b77a88bd6f0d20b753a496c3bf399e9ca1b62ade8e7dd662c5a19123f077066be5dfa90e5a06c2624046ddf11ce7e53cc3f88d8aa2834363c8d38dc612d58a980317448ef79ccebdcbcd9f03d31a13727e7bff883135b87072d164436b1da4b4f214601cef55a5c5721618c0c6dac59464084b9ef9620729e8f9c7ef2c2c806f2506ccf7b8f2edcb675f8be1c50b288c3653e8db78baa785f0a0c2e059fdd2cf0104b597cdb9b82d03c63c161085da637fbfe444d3e5f9b9143088f2be54c1d293ac03967299dafca5b3c4f5e3257fe9010325531c9cc1cd67b70afad697ad750d8488b977ad3d3882f2d0050a0e22aab95eb13e80ffac09003a4282ef27820636b17ed11bc29bfe9b1941a0d5534510483f4178b327b7297b95b98832313999bedd43018e27ffb9d69777a4d7aeb1e5702171317949cb2577b897b059a976ce944a750b77ab07cf6ed4c8f45559f46dedcea4d5082772ac11ade8d1a057ce584000ef0bf4aa0b5589c5cca54fb69cc67d486ac040480efe6e5a38b3cb82c2b78ad125ee6cee4261644f38bdc34bf4da4dc087a394c313ec839a8a4ba6bcbf1eeb4afc15fd46fb9900a4744943efefffc477f8ca897e683d7d9f007f6c73ca4b64eb4ffb253f0a6137fc2956c74b9e869527b3bc5819c3d6cf6523bcd7a44599fdd6baeca754bc55d9ff338e64399d6dcaf50df0f1c5873991eb83fb92d3ce9b2bdd133b24b9edae467371563167c9402adadbfeed5d3f571a9fb1d5090004213fb333484d15ed753fbaeacf16aeb9764a960c5b7b382d2d925050fd103a0bc1ae709cfff11e701cad99d82eb42a493ef2f32862ac07cbe2494b354511cdfc6417dfa647c967026552e39cb96282e40c4ad7c3d838b2edb0df0e9b98bb90280998ff8cafa456fafaa6a769ad47599bec3fe242211424369acca65ad5507f96881130262b407d0f5fdabfbdb1b97570dd3b397fce15234674a90812f7eb6ddc5cb21db5b64e25a8449e67a7ae09d2e438d1da8ff5e06ff417d5c0d432a2fe811ad216ccd46f71202b0bd045dc3664f8d2a4b78de8991191876c38959056c02764d1cabec14de12aa059dea10d0d20b75a7f"), - hex!("814d0b90d16d7d4c270913ab375291651ea130aa5608d5fc625a8daaf49d15ac3977f879126f19f651b8b167f5debf3e824efcf7fe27789025026e91db64f271ea2b3787448bddac9992d45b3419209bd4ec43dda893af5ce21939c3cfceef2b2b3bbb8bebe19cc3e5068c54ca4eb0c80152f0a9738f01a48f2b86503213a0ea50008d77a96842749bd3aa09368f641df231b8ea58a1ab76b311cc3c5f6341216407f0e3bb9e20efc50b8430ce3eb848c53441e1c22cd358042d4f7fc0bcb41a3b45edd30d52b0acb67ec67312fbbf47b3fa1716ab14caeab013c30a886070b9e8bce8e3c6d24e57e3e96e9ad044a7e2a6ea13a6a2dbffca1b81ba76075831b167ff423523429ffa42a03654329d86475642d1b1ed9f597d45147884a88844d33bec515a0b38d1e0351647c7c522bcdcf5c9286afda49431c2e156f4a8859d28b6e19eaabee2adf42acadfd9ae8ed6b1031c4d4c9feea5380db5e56ec036ff656c3eb59f11e58bffbbd988177bd2a0116ca2870e4d471f5c7f5c36463089118ed57073bc069eb209264640b3048a0204b4af3d714e64b502b4168514f86d0269346e78ea9d0d33926e3c784f3ea3dd07ad1bc188fad41880333786e821322d0c8be675fde29ea0a3f6ed30fc46c79447f4368ffc8268fba099b5b0ca7cb75995313a556c7ab339f0c03af811bae47f4806f2b6eacec66f15e4656cefe3df08887a625f14bf497d2f8bf99a68e7361193116a3bb1765d7e8e7bc4d4864c88dbfb818334b8cfb5dca3620e097e40756a1f7d28c7868d7dd65e49bc5155e26c8973d476e25fb1ea75e382f654bdfbe2bc45540f215a357fa29cd6238e8bd1085ce625f43f40eaa1d20bcf9772890725ca27b4d38c9870d91530f95a406d90b1b77c700d0d0296a1ded208507b7284fb4d2202c7fe9a20ef96700f7eb70e3eaad51bb95e215da42794fd17d0aae260cecccf99dcbde251f6c115acbee8a30745bffa43f572383112f45e97a3316edc96a8f6f9dfd55cc99f878e627a46ef65ac95f81eedb14106dcb0b2c6c53bb9034ead2338b28b20c09f2f17f202a7b6c1be3e8885f119e4f6599e05ddcd5b74a99af7c935228899de177a93438da57ce396782f65032ef40805ec01e7375b07dd71929fddb88995da03a879437f34534514d48b1ae5ba86e096d00951e7b96ad890ed85dd4a2f79214f7193ca02facb19d9d99ca1bca3ffd237abfd57c4d9b210115f5d62a092d36b100b1f84b17889bb59fd84d47e046ec646ee99a3c14c2ad9fd78628c76035ad126ea3ac0f7543d15f569d9de5467d54f3536105e7f9d0592d2e3a3b9175f252e6243fc1694231ea5159f865d2997eeb50241c4a7ab5e0d97ec760c40212116f3b1f139c48be3696c717329878dacdd7376c81ef8c077d2eac4d8516551cac435077d2359a24e624a1b26b8"), - hex!("6b94782eb58954430de33992f53f4ee00f99977a8cfa30eda3021673182e39b046594fc8df623e23a58bb136aa294feb4c4e7a692db5b537176eb0c521fde239eb6a5218fc82bcb7de114e05120b91a605beff13a9968564aefc15255bfb6ba2ebe37832ecf9168ac65dd01015df8b9372472c9cc5b4446b73467afdabdd25a629eec87ee0221a93f7bd88125f1178d427cb21c288a8d8c3cb4d1843a57d4637bdb1eeffa1dd8276ac680140e73657ed4a84563f5b09ddfb604bf4c2ddd6075db6b02d78c4cb02a4ce3aac20aa15e3a5d5b30669b343c5239c134f76de18185a6e0a66407c26023d3049adc74b0fdde0a9176cc3e2ccb9bf03ee306953a9ac1312c68c65a284110590c29dc8baff373ad49a40e3de8098c67dca210c26f768745bfa859b0a3fc5e88985d046abcb5e6155e0e23115ad062d10d1b73af0680f9a141e379bbd177bb0f9ea3bb5f01b8a5665bf0a9ea1266138bd688572a779c0b0a69e57f40dfb418d514f8ab058ba28eeb21cefa3634300e89d204c4236848f5dd11130ba13d83c10afebd4f822c26ae0ed7ea3bc3ac92817ae405c3cf886c81bdda07447cebb71a8bc3d26973afa57e0365b8fc8c0658131734ca29afa10eeb0895d3cd5f0b84a625f53f9f3dbfc5bfac233c7c7d3ac8829475076b14e5c57026c4a63bc9a347ec3fdbcc997cea4c273f923e01fa0781f847cea54a81a4ed14117a46b0894bf4816a46b1f7af963382eeb6f58ed35fa70572a7bb3f2bf97d8c549fc55d7bf562c2d8c4d4d748b7d062cb41b025309b5587a4b2a0cedc85280dce2f58dad0943ccd591b2ee7bb39378efa09cbdd975af07c33862f560d03e1621374cadf6cb05484a23a37d3c200bc3e1780ac65b02bab7db25fe89dae218d9e7dfb60473f9f5b21a007b714eef58129518d637bd581922a54629bef62a575a98d513d9abb90b023752439e20d897242fea3fabcf3fb7eae7604fd0dd1bd5653c41276660a15d39093e4c0862d48333b77b8bc3d64a5908614b3af7c815406b3ba21598cf0c70afe7b8a8ca668dfc8376e15a0ba0d9b9a79552993d2a24f3d0689964e7141d4255a19cc9450806d632a73b88a5768d0de18c20f2b00268ce5d3a8ca2231ce3d8924335f650cb98df84bb58073166848786de3d1823075259952389c50bced6c8921e7b019977d58c5a07e57eb21ef907a9dd465962bd52beb0cbad28b434ed7fecde21953b3fd260a90fd9ab7495c47cdaa4e73fb487a5239e03fb1e74e8cf6d691126813a6f5c16ae948da8cda292fd46e79f7551f8553b21249a5679a5f56dd4b08a136ce0fe8146bddc1d60e0a9a757e1a608749bcce4ac57cdc8fafff59860fd22f95f46f3ab50812a6b877f24941c2b8e1724e527ba9ad9331e004792d2b292a7edee983e6cc22445f4fd43e9f006ddea19fbe6269f29cd"), - hex!("883b1a34c0d0a8d9387cff427ab0b476b4c6f5a09e30be336aa2bc35f38ab4cc398673fae02ab727f069e887006ac3c0b891477c4a837456417c9e817c5ccdaf12b54eb90cc18a9c30673ed36bd7fba45269437c09feff9a1bcc2993533533227a535950c98cc77f00f4e77c34184b45d865942a3d72acce4922e9c284df5589d506404648c5c3bc7f217ca023b364e74d591d75c8a19e063b2b82c28e27ce5b2afede6699d6bf8d4931244aad739b285f410f1e95c6d5e9a34982908d1c7be5f0365dbf30a7d6dbb2821bf6d55c142a15bd561f3eb202da9b59f891584b35011f5cbe77cab38263b5773360d52e29b765a03c420c75ffa2c91e8edd4a9bba4035119bc3a088ec303a6344e4dafbd8d1889cc9b3d56ee08cff1530f1a1d9a77712006ebc9a3d80f5a69e17b0a0f65d97e53e7852ddd95760c68bba78d326a28eb07908c8e630dd6e42ab272e980774c5c51825c02ed8950fc85f5711c80d5fed1d72162a4bcaefbba33c09d09e0611ad5c2bb2949daa55861b5f6f8beea02ed392d09ab0489f89b3875fe7ae90c6ecf0bddb4b9fbce6dc1f97b12ee058f00cc9672c35702dac4afbd6776e1e222d2182358e91e8d4d20b99d5f2adbac7abad48c07afc94c212278812bfc5e76da0e1b97b850020bc1ba3c0bc0093d8acf4a594a8fc1dcea70c613fcc550b7654a08ed9f50a34c21626f2b599a15a097c85785bc93d5c5034edb3590f0c6aee3dcbeac5f15be5bf6f179246c347dce5040115dccff18fbcd9e9ab485d85e89dc0995aaebe4eb8796fb01b03fe5f5c6c903845a0fc02c69d2543684a33e4eefc7e0d5635192c82fdde5e7487df95595a442a6a71e98e09073cdf318f808fd916e0de7e9182855023f4844042764fef897ccb500d520651a262d27f46c16e38187da84a3d7f9c42bb65e1940a1f3b3c2eced613e141839d77851ef833f94d9a5ec073e1b12d0a2b59b8b90c5e560baceacebe569f8ded41a67d15cd7486f45aacc1fa4e50805485a698d2722ba8fbf87442e1a2e46cde49f1600f97ae3d6f67169141a40b0628c9994c115377db6c30d822381dede366f355c71ff8c38ae4f60da77bf40e3da97f77ba6756ae766a17896ead15d4367f43fd2a4c096feb3e23d4a061fed2422e9e424f1e81e890ecc9474bb5b7d8231447d5359efa8ce4d40698d329cd5d069f50050d26a0c613a4cc3d70774537af278643799bf5d336d71a19b83a5660ebc6fefa4664167c497478ec4e8b0954fc1a41948a84f5271c4c2ab93c6848fe5abd28fa68b47ff79ba1475a46d2ddbf5a07600ee4cf76bf85bccc53d5b5094f6728542951a63c71b251429e8bb4fc95cfbf283db2b0ad2d16bc2d8ba07b193249bc974eb5392b7e9c5a0e1056ef0208e6494abe61f37d64b543acf509926f7b9f1724ce39e7690bae4d918be3295fd2") - ]; - - let ys = vec![ - "8502599294297669157183582041043506286304348771153601905088214968423735432772", - "33965310400650966081486833884535323100804531882948083108992748314044766607474", - "15277426621450144245366093477629790944965634885834431068514786570163432982421", - "35526445498940553839675656924597924255939683458731864358252626115877434851278", - ]; - let xs = vec![ - "23479585783156774250942425515624703792585157520679515316930097097463607664576", - "30414851484511157010605445406157992259368652076831836832380699127755424334026", - "34566775937206506013251574661622220967552701387632591444790779184716709173668", - "32625571922270028001313966220069858825087579007581150636305043327525524456655", - ]; - for i in 0..domains.len() { - let domain = domains[i]; - let msg = msgs[i]; - - let gh: edwards::Point = find_group_hash(&msg, &domain, ¶ms); - - let p_sign_false = - edwards::Point::::get_for_y(Fr::from_str(ys[i]).unwrap(), false, ¶ms) - .unwrap(); - let p_sign_true = - edwards::Point::::get_for_y(Fr::from_str(ys[i]).unwrap(), true, ¶ms) - .unwrap(); - let is_one_of_xs = p_sign_false.to_xy().0 == Fr::from_str(xs[i]).unwrap() - || p_sign_true.to_xy().0 == Fr::from_str(xs[i]).unwrap(); - let is_y = p_sign_false.to_xy().1 == Fr::from_str(ys[i]).unwrap() - && p_sign_true.to_xy().1 == Fr::from_str(ys[i]).unwrap(); - assert!(is_one_of_xs && is_y); - } - - for m in 0..5 { - use byteorder::{LittleEndian, WriteBytesExt}; - let mut segment_number = [0u8; 4]; - (&mut segment_number[0..4]) - .write_u32::(m) - .unwrap(); - let p: edwards::Point = - find_group_hash(&segment_number, b"Zcash_PH", ¶ms); - } - } -} From 3701c2b4421616e18622c4fa0e623894435d8cb3 Mon Sep 17 00:00:00 2001 From: Taylor Hornby Date: Thu, 29 Aug 2019 15:57:02 -0600 Subject: [PATCH 28/29] Increase the number of pedersen hash generators, exercise all test vectors. --- zcash_primitives/src/jubjub/mod.rs | 2 +- zcash_primitives/src/pedersen_hash.rs | 26 ++++++++++++++++---------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/zcash_primitives/src/jubjub/mod.rs b/zcash_primitives/src/jubjub/mod.rs index 732193253c..d3c44b46ed 100644 --- a/zcash_primitives/src/jubjub/mod.rs +++ b/zcash_primitives/src/jubjub/mod.rs @@ -220,7 +220,7 @@ impl JubjubBls12 { { let mut pedersen_hash_generators = vec![]; - for m in 0..5 { + for m in 0..6 { use byteorder::{LittleEndian, WriteBytesExt}; let mut segment_number = [0u8; 4]; diff --git a/zcash_primitives/src/pedersen_hash.rs b/zcash_primitives/src/pedersen_hash.rs index 10cad94be3..c2668f9544 100644 --- a/zcash_primitives/src/pedersen_hash.rs +++ b/zcash_primitives/src/pedersen_hash.rs @@ -124,19 +124,25 @@ pub mod test { fn test_pedersen_hash_points() { let test_vectors = pedersen_hash_vectors::get_vectors(); - let params = &JubjubBls12::new(); + assert!(test_vectors.len() > 0); - let v = &test_vectors[0]; - let input_bools: Vec = v.input_bits.iter().map(|&i| i == 1).collect(); + for v in test_vectors.iter() { + let params = &JubjubBls12::new(); - // The 6 bits prefix is handled separately - assert_eq!(v.personalization.get_bits(), &input_bools[..6]); + let input_bools: Vec = v.input_bits.iter().map(|&i| i == 1).collect(); - let (x, y) = - pedersen_hash::(v.personalization, input_bools.into_iter().skip(6), params) - .to_xy(); + // The 6 bits prefix is handled separately + assert_eq!(v.personalization.get_bits(), &input_bools[..6]); - assert_eq!(x.to_string(), v.hash_x); - assert_eq!(y.to_string(), v.hash_y); + let (x, y) = pedersen_hash::( + v.personalization, + input_bools.into_iter().skip(6), + params, + ) + .to_xy(); + + assert_eq!(x.to_string(), v.hash_x); + assert_eq!(y.to_string(), v.hash_y); + } } } From 39a73c8eda3af3ad94bde3eb9aea018b7e5c5c31 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 17 Sep 2019 00:16:33 +0100 Subject: [PATCH 29/29] Add missing cs.is_satisfied() to bellman test --- bellman/src/gadgets/boolean.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bellman/src/gadgets/boolean.rs b/bellman/src/gadgets/boolean.rs index a228d396aa..52b6cb880b 100644 --- a/bellman/src/gadgets/boolean.rs +++ b/bellman/src/gadgets/boolean.rs @@ -1797,6 +1797,8 @@ mod test { AllocatedBit::alloc_conditionally(cs.namespace(|| "alloc_conditionally"), value, &b1) .unwrap(); + assert!(cs.is_satisfied()); + //check with true bit let mut cs = TestConstraintSystem::::new(); let b2 = AllocatedBit::alloc(&mut cs, Some(true)).unwrap();