specific dst and unit tests

curiecrypt · curiecrypt · commit 21a7359b35c8 · 2025-12-19T18:45:11.000+03:00
diff --git a/mithril-stm/src/signature_scheme/schnorr_signature/jubjub/poseidon_digest.rs b/mithril-stm/src/signature_scheme/schnorr_signature/jubjub/poseidon_digest.rs
@@ -3,8 +3,13 @@ use dusk_poseidon::{Domain, Hash};
 
 use super::{BaseFieldElement, ScalarFieldElement};
 
-/// A DST (Domain Separation Tag) to distinguish between use of Poseidon hash
-const DST_SIGNATURE: JubjubBase = JubjubBase::from_raw([0u64, 0, 0, 0]);
+/// Domain Separation Tag (DST) for the Poseidon hash used in signature contexts.
+const DST_SIGNATURE: JubjubBase = JubjubBase::from_raw([
+    0x5349_474E_5F44_5354, // "SIGN_DST" (ASCII), little-endian u64
+    0,
+    0,
+    0,
+]);
 
 /// Computes a truncated Poseidon digest over the provided base field elements
 /// Returns a scalar field element as the digest
diff --git a/mithril-stm/src/signature_scheme/schnorr_signature/signature.rs b/mithril-stm/src/signature_scheme/schnorr_signature/signature.rs
@@ -145,7 +145,21 @@ mod tests {
     use crate::signature_scheme::{SchnorrSignature, SchnorrSigningKey, SchnorrVerificationKey};
 
     #[test]
-    fn invalid_sig() {
+    fn valid_signature_verification() {
+        let msg = vec![0, 0, 0, 1];
+        let seed = [0u8; 32];
+        let mut rng = ChaCha20Rng::from_seed(seed);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let vk = SchnorrVerificationKey::new_from_signing_key(sk.clone()).unwrap();
+
+        let sig = sk.sign(&msg, &mut rng).unwrap();
+
+        sig.verify(&msg, &vk)
+            .expect("Valid signature should verify successfully");
+    }
+
+    #[test]
+    fn invalid_signature() {
         let msg = vec![0, 0, 0, 1];
         let msg2 = vec![0, 0, 0, 2];
         let seed = [0u8; 32];
@@ -168,26 +182,75 @@ mod tests {
     }
 
     #[test]
-    fn serialize_deserialize_signature() {
+    fn from_bytes_signature_not_enough_bytes() {
+        let msg = vec![0u8; 95];
+        let result = SchnorrSignature::from_bytes(&msg);
+        result.expect_err("Not enough bytes.");
+    }
+
+    #[test]
+    fn from_bytes_signature_exact_size() {
         let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let msg = vec![1, 2, 3];
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
 
-        let msg = vec![0, 0, 0, 1];
+        let sig = sk.sign(&msg, &mut rng).unwrap();
+        let sig_bytes: [u8; 96] = sig.to_bytes();
+
+        let sig_restored = SchnorrSignature::from_bytes(&sig_bytes).unwrap();
+        assert_eq!(sig, sig_restored);
+    }
+
+    #[test]
+    fn from_bytes_signature_extra_bytes() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let msg = vec![1, 2, 3];
         let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
 
         let sig = sk.sign(&msg, &mut rng).unwrap();
         let sig_bytes: [u8; 96] = sig.to_bytes();
-        let sig2 = SchnorrSignature::from_bytes(&sig_bytes).unwrap();
 
-        assert_eq!(sig, sig2);
+        let mut extended_bytes = sig_bytes.to_vec();
+        extended_bytes.extend_from_slice(&[0xFF; 10]);
+
+        let sig_restored = SchnorrSignature::from_bytes(&extended_bytes).unwrap();
+        assert_eq!(sig, sig_restored);
     }
 
     #[test]
-    fn from_bytes_signature_not_enough_bytes() {
-        let msg = vec![0u8; 95];
+    fn to_bytes_is_deterministic() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let msg = vec![1, 2, 3];
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
 
-        let result = SchnorrSignature::from_bytes(&msg);
+        let sig = sk.sign(&msg, &mut rng).unwrap();
 
-        result.expect_err("Not enough bytes.");
+        // Converting to bytes multiple times should give same result
+        let bytes1 = sig.to_bytes();
+        let bytes2 = sig.to_bytes();
+
+        assert_eq!(bytes1, bytes2);
+    }
+
+    #[test]
+    fn signature_roundtrip_preserves_verification() {
+        let mut rng = ChaCha20Rng::from_seed([42u8; 32]);
+        let msg = vec![5, 6, 7, 8, 9];
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let vk = SchnorrVerificationKey::new_from_signing_key(sk.clone()).unwrap();
+
+        // Create and verify original signature
+        let sig = sk.sign(&msg, &mut rng).unwrap();
+        sig.verify(&msg, &vk).expect("Original signature should verify");
+
+        // Roundtrip through bytes
+        let sig_bytes = sig.to_bytes();
+        let sig_restored = SchnorrSignature::from_bytes(&sig_bytes).unwrap();
+
+        // Restored signature should still verify
+        sig_restored
+            .verify(&msg, &vk)
+            .expect("Restored signature should verify");
     }
 
     mod golden {
@@ -200,8 +263,8 @@ mod tests {
         const GOLDEN_JSON: &str = r#"
         {
             "commitment_point": [143, 53, 198, 62, 178, 1, 88, 253, 21, 92, 100, 13, 72, 180, 198, 127, 39, 175, 102, 69, 147, 249, 244, 224, 122, 121, 248, 68, 217, 242, 158, 113],
-            "response": [94, 57, 200, 241, 208, 145, 251, 8, 92, 119, 163, 38, 81, 85, 54, 36, 193, 221, 254, 242, 21, 129, 110, 161, 142, 184, 107, 156, 100, 34, 190, 9],
-            "challenge": [200, 20, 178, 142, 61, 253, 193, 11, 5, 180, 97, 73, 125, 88, 162, 36, 30, 177, 225, 52, 136, 21, 138, 93, 81, 23, 19, 64, 82, 78, 229, 3]
+            "response": [5, 81, 137, 228, 235, 18, 112, 76, 71, 127, 44, 47, 60, 55, 144, 204, 254, 50, 67, 167, 67, 133, 79, 168, 10, 153, 228, 114, 147, 64, 34, 9],
+            "challenge": [12, 75, 91, 200, 29, 62, 12, 245, 185, 181, 67, 251, 210, 211, 37, 42, 204, 205, 133, 215, 235, 236, 193, 155, 2, 147, 83, 189, 148, 38, 71, 0]
         }"#;
 
         fn golden_value() -> SchnorrSignature {
diff --git a/mithril-stm/src/signature_scheme/schnorr_signature/signing_key.rs b/mithril-stm/src/signature_scheme/schnorr_signature/signing_key.rs
@@ -113,6 +113,72 @@ impl SchnorrSigningKey {
 
 #[cfg(test)]
 mod tests {
+    use rand_chacha::ChaCha20Rng;
+    use rand_core::SeedableRng;
+
+    use crate::signature_scheme::SchnorrSigningKey;
+
+    #[test]
+    fn generate_signing_key() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng);
+
+        assert!(sk.is_ok(), "Signing key generation should succeed");
+    }
+
+    #[test]
+    fn generate_different_keys() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk1 = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let sk2 = SchnorrSigningKey::generate(&mut rng).unwrap();
+
+        // Keys should be different
+        assert_ne!(sk1, sk2, "Different keys should be generated");
+    }
+
+    #[test]
+    fn from_bytes_not_enough_bytes() {
+        let bytes = vec![0u8; 31];
+        let result = SchnorrSigningKey::from_bytes(&bytes);
+
+        result.expect_err("Should fail with insufficient bytes");
+    }
+
+    #[test]
+    fn from_bytes_exact_size() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let sk_bytes = sk.to_bytes();
+
+        let sk_restored = SchnorrSigningKey::from_bytes(&sk_bytes).unwrap();
+
+        assert_eq!(sk, sk_restored);
+    }
+
+    #[test]
+    fn from_bytes_extra_bytes() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let sk_bytes = sk.to_bytes();
+
+        let mut extended_bytes = sk_bytes.to_vec();
+        extended_bytes.extend_from_slice(&[0xFF; 10]);
+
+        let sk_restored = SchnorrSigningKey::from_bytes(&extended_bytes).unwrap();
+
+        assert_eq!(sk, sk_restored);
+    }
+
+    #[test]
+    fn to_bytes_is_deterministic() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+
+        let bytes1 = sk.to_bytes();
+        let bytes2 = sk.to_bytes();
+
+        assert_eq!(bytes1, bytes2, "to_bytes should be deterministic");
+    }
 
     mod golden {
 
diff --git a/mithril-stm/src/signature_scheme/schnorr_signature/verification_key.rs b/mithril-stm/src/signature_scheme/schnorr_signature/verification_key.rs
@@ -59,6 +59,114 @@ impl SchnorrVerificationKey {
 
 #[cfg(test)]
 mod tests {
+    use rand_chacha::ChaCha20Rng;
+    use rand_core::SeedableRng;
+
+    use crate::signature_scheme::{SchnorrSigningKey, SchnorrVerificationKey};
+
+    #[test]
+    fn create_verification_key_from_signing_key() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+
+        let vk = SchnorrVerificationKey::new_from_signing_key(sk);
+
+        assert!(
+            vk.is_ok(),
+            "Verification key creation should succeed for valid signing key"
+        );
+    }
+
+    #[test]
+    fn different_signing_keys_produce_different_verification_keys() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk1 = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let sk2 = SchnorrSigningKey::generate(&mut rng).unwrap();
+
+        let vk1 = SchnorrVerificationKey::new_from_signing_key(sk1).unwrap();
+        let vk2 = SchnorrVerificationKey::new_from_signing_key(sk2).unwrap();
+
+        assert_ne!(
+            vk1, vk2,
+            "Different signing keys should produce different verification keys"
+        );
+    }
+
+    #[test]
+    fn same_signing_key_produces_same_verification_key() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+
+        let vk1 = SchnorrVerificationKey::new_from_signing_key(sk.clone()).unwrap();
+        let vk2 = SchnorrVerificationKey::new_from_signing_key(sk).unwrap();
+
+        assert_eq!(
+            vk1, vk2,
+            "Same signing key should produce same verification key"
+        );
+    }
+
+    #[test]
+    fn valid_verification_key_passes_validation() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let vk = SchnorrVerificationKey::new_from_signing_key(sk).unwrap();
+
+        let result = vk.is_valid();
+
+        assert!(
+            result.is_ok(),
+            "Valid verification key should pass validation"
+        );
+    }
+
+    #[test]
+    fn from_bytes_not_enough_bytes() {
+        let bytes = vec![0u8; 31];
+        let result = SchnorrVerificationKey::from_bytes(&bytes);
+
+        result.expect_err("Should fail with insufficient bytes");
+    }
+
+    #[test]
+    fn from_bytes_exact_size() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let vk = SchnorrVerificationKey::new_from_signing_key(sk).unwrap();
+        let vk_bytes = vk.to_bytes();
+
+        let vk_restored = SchnorrVerificationKey::from_bytes(&vk_bytes).unwrap();
+
+        assert_eq!(vk, vk_restored);
+    }
+
+    #[test]
+    fn from_bytes_extra_bytes() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let vk = SchnorrVerificationKey::new_from_signing_key(sk).unwrap();
+        let vk_bytes = vk.to_bytes();
+
+        let mut extended_bytes = vk_bytes.to_vec();
+        extended_bytes.extend_from_slice(&[0xFF; 10]);
+
+        let vk_restored = SchnorrVerificationKey::from_bytes(&extended_bytes).unwrap();
+
+        assert_eq!(vk, vk_restored);
+    }
+
+    #[test]
+    fn to_bytes_is_deterministic() {
+        let mut rng = ChaCha20Rng::from_seed([0u8; 32]);
+        let sk = SchnorrSigningKey::generate(&mut rng).unwrap();
+        let vk = SchnorrVerificationKey::new_from_signing_key(sk).unwrap();
+
+        let bytes1 = vk.to_bytes();
+        let bytes2 = vk.to_bytes();
+
+        assert_eq!(bytes1, bytes2, "to_bytes should be deterministic");
+    }
+
     mod golden {
 
         use rand_chacha::ChaCha20Rng;
