You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2020/02/07 13:12:55 UTC
[incubator-milagro-MPC] branch add-dschnorr-proof created (now
b8f064b)
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a change to branch add-dschnorr-proof
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git.
at b8f064b Fix schnorr documentation
This branch includes the following new commits:
new 877350c Add double Schnorr proof
new 7a81940 Add tests for double schnorr proof
new 0fefe8c add benchmakr and examples for double schnorr proof
new 12f3277 Add support for interactive schnorr/double schnorr proofs
new b8f064b Fix schnorr documentation
The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[incubator-milagro-MPC] 02/05: Add tests for double schnorr proof
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch add-dschnorr-proof
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 7a8194063bd8caeda90f0cc10a28f68ea3594f15
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Thu Feb 6 13:30:19 2020 +0000
Add tests for double schnorr proof
---
test/smoke/test_d_schnorr_smoke.c | 113 +++++++++++++++++++++++++++++
test/unit/test_d_schnorr_challenge.c | 106 +++++++++++++++++++++++++++
test/unit/test_d_schnorr_commit.c | 116 ++++++++++++++++++++++++++++++
test/unit/test_d_schnorr_prove.c | 125 ++++++++++++++++++++++++++++++++
test/unit/test_d_schnorr_verify.c | 135 +++++++++++++++++++++++++++++++++++
testVectors/schnorr/dchallenge.json | 72 +++++++++++++++++++
testVectors/schnorr/dchallenge.txt | 60 ++++++++++++++++
testVectors/schnorr/dcommit.json | 72 +++++++++++++++++++
testVectors/schnorr/dcommit.txt | 60 ++++++++++++++++
testVectors/schnorr/dprove.json | 102 ++++++++++++++++++++++++++
testVectors/schnorr/dprove.txt | 90 +++++++++++++++++++++++
testVectors/schnorr/dverify.json | 92 ++++++++++++++++++++++++
testVectors/schnorr/dverify.txt | 80 +++++++++++++++++++++
13 files changed, 1223 insertions(+)
diff --git a/test/smoke/test_d_schnorr_smoke.c b/test/smoke/test_d_schnorr_smoke.c
new file mode 100644
index 0000000..40cfbf8
--- /dev/null
+++ b/test/smoke/test_d_schnorr_smoke.c
@@ -0,0 +1,113 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include "amcl/schnorr.h"
+
+/* Double Schnorr's proofs smoke test */
+
+int main()
+{
+ int rc;
+
+ BIG_256_56 r;
+ BIG_256_56 s;
+ BIG_256_56 l;
+ BIG_256_56 q;
+ ECP_SECP256K1 G;
+ ECP_SECP256K1 ECPR;
+
+ char oct_s[SGS_SECP256K1];
+ octet S = {0, sizeof(oct_s), oct_s};
+
+ char oct_l[SGS_SECP256K1];
+ octet L = {0, sizeof(oct_l), oct_l};
+
+ char oct_r[SFS_SECP256K1 + 1];
+ octet R = {0, sizeof(oct_r), oct_r};
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+
+ char a[SGS_SECP256K1];
+ octet A = {0, sizeof(a), a};
+
+ char b[SGS_SECP256K1];
+ octet B = {0, sizeof(b), b};
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+
+ char t[SGS_SECP256K1];
+ octet T = {0, sizeof(t), t};
+
+ char u[SGS_SECP256K1];
+ octet U = {0, sizeof(u), u};
+
+ // Deterministic RNG for testing
+ char seed[32] = {0};
+ csprng RNG;
+ RAND_seed(&RNG, 32, seed);
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ ECP_SECP256K1_generator(&G);
+ ECP_SECP256K1_generator(&ECPR);
+
+ // Generate public R
+ BIG_256_56_randomnum(r, q, &RNG);
+ ECP_SECP256K1_mul(&ECPR, r);
+
+ ECP_SECP256K1_toOctet(&R, &ECPR, 1);
+
+ // Generate double DLOG
+ BIG_256_56_randomnum(s, q, &RNG);
+ BIG_256_56_randomnum(l, q, &RNG);
+
+ ECP_SECP256K1_mul2(&G, &ECPR, l, s);
+
+ BIG_256_56_toBytes(S.val, s);
+ BIG_256_56_toBytes(L.val, l);
+ S.len = SGS_SECP256K1;
+ L.len = SGS_SECP256K1;
+
+ ECP_SECP256K1_toOctet(&V, &G, 1);
+
+ // Run test
+ rc = SCHNORR_D_commit(&RNG, &R, &A, &B, &C);
+ if (rc != SCHNORR_OK)
+ {
+ printf("FAILURE SCHNORR_D_commit. RC %d\n", rc);
+ exit(EXIT_FAILURE);
+ }
+
+ SCHNORR_D_challenge(&R, &V, &C, &E);
+ SCHNORR_D_prove(&A, &B, &E, &S, &L, &T, &U);
+
+ rc = SCHNORR_D_verify(&R, &V, &C, &E, &T, &U);
+ if (rc != SCHNORR_OK)
+ {
+ printf("FAILURE SCHNORR_D_verify. RC %d\n", rc);
+ exit(EXIT_FAILURE);
+ }
+
+ printf("SUCCESS\n");
+ exit(EXIT_SUCCESS);
+}
\ No newline at end of file
diff --git a/test/unit/test_d_schnorr_challenge.c b/test/unit/test_d_schnorr_challenge.c
new file mode 100644
index 0000000..61d3041
--- /dev/null
+++ b/test/unit/test_d_schnorr_challenge.c
@@ -0,0 +1,106 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+*/
+
+#include <string.h>
+#include "test.h"
+#include "amcl/schnorr.h"
+
+/* Double Schnorr's Proof challenge unit test */
+
+#define LINE_LEN 256
+
+int main(int argc, char **argv)
+{
+ if (argc != 2)
+ {
+ printf("usage: ./test_d_schnorr_challenge [path to test vector file]\n");
+ exit(EXIT_FAILURE);
+ }
+
+ int test_run = 0;
+
+ FILE *fp;
+ char line[LINE_LEN] = {0};
+
+ const char *TESTline = "TEST = ";
+ int testNo = 0;
+
+ char r[SFS_SECP256K1+1];
+ octet R = {0, sizeof(r), r};
+ const char *Rline = "R = ";
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+ const char *Vline = "V = ";
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+ const char *Cline = "C = ";
+
+ char e_golden[SGS_SECP256K1];
+ octet E_GOLDEN = {0, sizeof(e_golden), e_golden};
+ const char *Eline = "E = ";
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+
+ // Line terminating a test vector
+ const char *last_line = Eline;
+
+ /* Test happy path using test vectors */
+ fp = fopen(argv[1], "r");
+ if (fp == NULL)
+ {
+ printf("ERROR opening test vector file\n");
+ exit(EXIT_FAILURE);
+ }
+
+ while (fgets(line, LINE_LEN, fp) != NULL)
+ {
+ scan_int(&testNo, line, TESTline);
+
+ // Read inputs
+ scan_OCTET(fp, &R, line, Rline);
+ scan_OCTET(fp, &V, line, Vline);
+ scan_OCTET(fp, &C, line, Cline);
+
+ // Read ground truth
+ scan_OCTET(fp, &E_GOLDEN, line, Eline);
+
+ if (!strncmp(line, last_line, strlen(last_line)))
+ {
+ SCHNORR_D_challenge(&R, &V, &C, &E);
+ compare_OCT(fp, testNo, "SCHNORR_D_challenge", &E, &E_GOLDEN);
+
+ // Mark that at least one test vector was executed
+ test_run = 1;
+ }
+ }
+
+ fclose(fp);
+
+ if (test_run == 0)
+ {
+ printf("ERROR no test vector was executed\n");
+ exit(EXIT_FAILURE);
+ }
+
+ printf("SUCCESS\n");
+ exit(EXIT_SUCCESS);
+}
diff --git a/test/unit/test_d_schnorr_commit.c b/test/unit/test_d_schnorr_commit.c
new file mode 100644
index 0000000..bb11500
--- /dev/null
+++ b/test/unit/test_d_schnorr_commit.c
@@ -0,0 +1,116 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include <string.h>
+#include "test.h"
+#include "amcl/schnorr.h"
+
+/* Double Schnorr's Proof commitment unit test */
+
+#define LINE_LEN 256
+
+int main(int argc, char **argv)
+{
+ if (argc != 2)
+ {
+ printf("usage: ./test_schnorr_d_commit [path to test vector file]\n");
+ exit(EXIT_FAILURE);
+ }
+
+ int rc;
+ int test_run = 0;
+
+ char err_msg[128];
+
+ FILE *fp;
+ char line[LINE_LEN] = {0};
+
+ const char *TESTline = "TEST = ";
+ int testNo = 0;
+
+ char a[SGS_SECP256K1];
+ octet A = {0, sizeof(a), a};
+ const char *Aline = "A = ";
+
+ char b[SGS_SECP256K1];
+ octet B = {0, sizeof(b), b};
+ const char *Bline = "B = ";
+
+ char r[SFS_SECP256K1+1];
+ octet R = {0, sizeof(r), r};
+ const char *Rline = "R = ";
+
+ char c_golden[SFS_SECP256K1+1];
+ octet C_GOLDEN = {0, sizeof(c_golden), c_golden};
+ const char *Cline = "C = ";
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+
+ // Line terminating a test vector
+ const char *last_line = Cline;
+
+ fp = fopen(argv[1], "r");
+ if (fp == NULL)
+ {
+ printf("ERROR opening test vector file\n");
+ exit(EXIT_FAILURE);
+ }
+
+ while (fgets(line, LINE_LEN, fp) != NULL)
+ {
+ scan_int(&testNo, line, TESTline);
+
+ // Read input
+ scan_OCTET(fp, &R, line, Rline);
+ scan_OCTET(fp, &A, line, Aline);
+ scan_OCTET(fp, &B, line, Bline);
+
+ // Read ground truth
+ scan_OCTET(fp, &C_GOLDEN, line, Cline);
+
+ if (!strncmp(line, last_line, strlen(last_line)))
+ {
+ rc = SCHNORR_D_commit(NULL, &R, &A, &B, &C);
+ sprintf(err_msg, "FAILURE SCHNORR_D_commit. rc %d", rc);
+ assert_tv(fp, testNo, err_msg, rc == SCHNORR_OK);
+
+ compare_OCT(fp, testNo, "SCHNORR_D_commit", &C, &C_GOLDEN);
+
+ // Mark that at least one test vector was executed
+ test_run = 1;
+ }
+ }
+
+ fclose(fp);
+
+ if (test_run == 0)
+ {
+ printf("ERROR no test vector was executed\n");
+ exit(EXIT_FAILURE);
+ }
+
+ // Test invalid R
+ rc = SCHNORR_D_commit(NULL, &A, &A, &B, &C);
+ sprintf(err_msg, "FAILURE SCHNORR_D_commit invalid R. rc %d", rc);
+ assert_tv(fp, testNo, err_msg, rc == SCHNORR_INVALID_ECP);
+
+ printf("SUCCESS\n");
+ exit(EXIT_SUCCESS);
+}
diff --git a/test/unit/test_d_schnorr_prove.c b/test/unit/test_d_schnorr_prove.c
new file mode 100644
index 0000000..4724ef4
--- /dev/null
+++ b/test/unit/test_d_schnorr_prove.c
@@ -0,0 +1,125 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+*/
+
+#include <string.h>
+#include "test.h"
+#include "amcl/schnorr.h"
+
+/* Double Schnorr's Proof prove unit test */
+
+#define LINE_LEN 256
+
+int main(int argc, char **argv)
+{
+ if (argc != 2)
+ {
+ printf("usage: ./test_shcnorr_d_prove [path to test vector file]\n");
+ exit(EXIT_FAILURE);
+ }
+
+ int test_run = 0;
+
+ FILE *fp;
+ char line[LINE_LEN] = {0};
+
+ const char *TESTline = "TEST = ";
+ int testNo = 0;
+
+ char a[SGS_SECP256K1];
+ octet A = {0, sizeof(a), a};
+ const char *Aline = "A = ";
+
+ char b[SGS_SECP256K1];
+ octet B = {0, sizeof(b), b};
+ const char *Bline = "B = ";
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+ const char *Eline = "E = ";
+
+ char s[SGS_SECP256K1];
+ octet S = {0, sizeof(s), s};
+ const char *Sline = "S = ";
+
+ char l[SGS_SECP256K1];
+ octet L = {0, sizeof(l), l};
+ const char *Lline = "L = ";
+
+ char t_golden[SGS_SECP256K1];
+ octet T_GOLDEN = {0, sizeof(t_golden), t_golden};
+ const char *Tline = "T = ";
+
+ char u_golden[SGS_SECP256K1];
+ octet U_GOLDEN = {0, sizeof(u_golden), u_golden};
+ const char *Uline = "U = ";
+
+ char t[SGS_SECP256K1];
+ octet T = {0, sizeof(t), t};
+
+ char u[SGS_SECP256K1];
+ octet U = {0, sizeof(u), u};
+
+ // Line terminating a test vector
+ const char *last_line = Uline;
+
+ fp = fopen(argv[1], "r");
+ if (fp == NULL)
+ {
+ printf("ERROR opening test vector file\n");
+ exit(EXIT_FAILURE);
+ }
+
+ while (fgets(line, LINE_LEN, fp) != NULL)
+ {
+ scan_int(&testNo, line, TESTline);
+
+ // Read input
+ scan_OCTET(fp, &A, line, Aline);
+ scan_OCTET(fp, &B, line, Bline);
+ scan_OCTET(fp, &E, line, Eline);
+ scan_OCTET(fp, &S, line, Sline);
+ scan_OCTET(fp, &L, line, Lline);
+
+ // Read ground truth
+ scan_OCTET(fp, &T_GOLDEN, line, Tline);
+ scan_OCTET(fp, &U_GOLDEN, line, Uline);
+
+ // Read P and run test
+ if (!strncmp(line, last_line, strlen(last_line)))
+ {
+ SCHNORR_D_prove(&A, &B, &E, &S, &L, &T, &U);
+ compare_OCT(fp, testNo, "SCHNORR_D_prove T", &T, &T_GOLDEN);
+ compare_OCT(fp, testNo, "SCHNORR_D_prove U", &U, &U_GOLDEN);
+
+ // Mark that at least one test vector was executed
+ test_run = 1;
+ }
+ }
+
+ fclose(fp);
+
+ if (test_run == 0)
+ {
+ printf("ERROR no test vector was executed\n");
+ exit(EXIT_FAILURE);
+ }
+
+ printf("SUCCESS\n");
+ exit(EXIT_SUCCESS);
+}
diff --git a/test/unit/test_d_schnorr_verify.c b/test/unit/test_d_schnorr_verify.c
new file mode 100644
index 0000000..448db42
--- /dev/null
+++ b/test/unit/test_d_schnorr_verify.c
@@ -0,0 +1,135 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+*/
+
+#include <string.h>
+#include "test.h"
+#include "amcl/schnorr.h"
+
+/* Double Schnorr's Proof challenge verify test */
+
+#define LINE_LEN 256
+
+int main(int argc, char **argv)
+{
+ if (argc != 2)
+ {
+ printf("usage: ./test_schnorr_d_verify [path to test vector file]\n");
+ exit(EXIT_FAILURE);
+ }
+
+ int rc;
+ int test_run = 0;
+
+ char err_msg[128];
+
+ FILE *fp;
+ char line[LINE_LEN] = {0};
+
+ const char *TESTline = "TEST = ";
+ int testNo = 0;
+
+ char r[SFS_SECP256K1+1];
+ octet R = {0, sizeof(r), r};
+ const char *Rline = "R = ";
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+ const char *Vline = "V = ";
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+ const char *Cline = "C = ";
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+ const char *Eline = "E = ";
+
+ char t[SGS_SECP256K1];
+ octet T = {0, sizeof(t), t};
+ const char *Tline = "T = ";
+
+ char u[SGS_SECP256K1];
+ octet U = {0, sizeof(u), u};
+ const char *Uline = "U = ";
+
+ // Line terminating a test vector
+ const char *last_line = Uline;
+
+ fp = fopen(argv[1], "r");
+ if (fp == NULL)
+ {
+ printf("ERROR opening test vector file\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Test happy path with test vectors */
+ while (fgets(line, LINE_LEN, fp) != NULL)
+ {
+ scan_int(&testNo, line, TESTline);
+
+ // Read input
+ scan_OCTET(fp, &R, line, Rline);
+ scan_OCTET(fp, &V, line, Vline);
+ scan_OCTET(fp, &C, line, Cline);
+ scan_OCTET(fp, &E, line, Eline);
+ scan_OCTET(fp, &T, line, Tline);
+ scan_OCTET(fp, &U, line, Uline);
+
+ if (!strncmp(line, last_line, strlen(last_line)))
+ {
+ rc = SCHNORR_D_verify(&R, &V, &C, &E, &T, &U);
+ sprintf(err_msg, "SCHNORR_D_verify. rc %d", rc);
+ assert_tv(fp, testNo, err_msg, rc == SCHNORR_OK);
+
+ // Mark that at least one test vector was executed
+ test_run = 1;
+ }
+ }
+
+ fclose(fp);
+
+ if (test_run == 0)
+ {
+ printf("ERROR no test vector was executed\n");
+ exit(EXIT_FAILURE);
+ }
+
+ /* Test unhappy path */
+ char zero[SFS_SECP256K1+1] = {0};
+ octet ZERO = {0, sizeof(zero), zero};
+
+ rc = SCHNORR_D_verify(&ZERO, &V, &C, &E, &T, &U);
+ sprintf(err_msg, "SCHNORR_D_verify invalid R. rc %d", rc);
+ assert(NULL, err_msg, rc == SCHNORR_INVALID_ECP);
+
+ rc = SCHNORR_D_verify(&R, &ZERO, &C, &E, &T, &U);
+ sprintf(err_msg, "SCHNORR_D_verify invalid V. rc %d", rc);
+ assert(NULL, err_msg, rc == SCHNORR_INVALID_ECP);
+
+ rc = SCHNORR_D_verify(&R, &V, &ZERO, &E, &T, &U);
+ sprintf(err_msg, "SCHNORR_D_verify invalid C. rc %d", rc);
+ assert(NULL, err_msg, rc == SCHNORR_INVALID_ECP);
+
+ rc = SCHNORR_D_verify(&R, &V, &C, &E, &ZERO, &U);
+ sprintf(err_msg, "SCHNORR_D_verify invalid proof. rc %d", rc);
+ assert(NULL, err_msg, rc == SCHNORR_FAIL);
+
+ printf("SUCCESS\n");
+ exit(EXIT_SUCCESS);
+}
diff --git a/testVectors/schnorr/dchallenge.json b/testVectors/schnorr/dchallenge.json
new file mode 100644
index 0000000..751694d
--- /dev/null
+++ b/testVectors/schnorr/dchallenge.json
@@ -0,0 +1,72 @@
+[
+ {
+ "TEST": 0,
+ "R": "02fce97b3461044ccb1cfda6653e3307cc0404e634bd042e9ed42abc114a7fae12",
+ "V": "03a7aa6833de71fe8157742cda5fec88ae20e9daa420363a8bee9baaac05baf53d",
+ "C": "03b93be23c0f9283a0cd97e3f41247aa26926cd4345e4a622abc0ccf7e9a5a7396",
+ "E": "377641844b33e90b6d0fc4fbcfd9bfc06dc1667e5211d8e231256f098fd0dcd6"
+ },
+ {
+ "TEST": 1,
+ "R": "03e9f81d0e6c24199940612ab91ebaa6dce5d2d3f1d084e8ca6f5e297c9c5a6dc1",
+ "V": "03f25c7a101353776030a55deffe291c10c977192e86f6c285afb80e5391cd7cc8",
+ "C": "024989f21a8234221ddf2eba3b634da8bb96c7d5681a366356a98afb9670207a45",
+ "E": "5b95c4f3ba9c18c54b3877a24e74363bbf7df8434d59c54332955941f5f0cb06"
+ },
+ {
+ "TEST": 2,
+ "R": "03a7e24af1dc8d18f1f1e29f1394d8d0a8e90d6c4c26de91bea4bfe1e71ebfa1f6",
+ "V": "02e8abc8a4759b17f0203e06688bff8abcb9f9664066b63a84a1cdbf3d1ec83871",
+ "C": "031a4e2b1c88faa7b2d33c174bce726589effa301fa28eb20de8d20930f0808478",
+ "E": "96631591ff2ab6d5f75c7350a01e562f419ea124519650892bc52ec4a1f9ec56"
+ },
+ {
+ "TEST": 3,
+ "R": "0345276ef03da95891d8ab5fec315a99c1d2a0b73e5c6428d2c4783d76ea12e8e5",
+ "V": "03294ea766113835c1295a89dfa2d72c9133693705232f6961ab112320e13b393b",
+ "C": "031f7196fbe48c4fb565c096aa221ad50531e1e4fe86d849402b050e479601afb2",
+ "E": "9dadd46409bc914c556aeadfe4354357fbc1015936e09e4e0bc104ba83c88999"
+ },
+ {
+ "TEST": 4,
+ "R": "03c5014eefdd3f846f5e44fe27c0b373ea4f8063f0190f134c1daeac38cb99018d",
+ "V": "027f1738999c2ba46a69ca139c0231e1bae9d72f7b005116ef326dbf1c159be802",
+ "C": "023a42f0ac7af46fc1347b085b6c0393630aaafde82c9ea8ff3f19dfe76b439bc9",
+ "E": "ecd14eab141fedf4ff74a99b04be0b0a3ecee7f61dfd9ade62607d72ca5603c4"
+ },
+ {
+ "TEST": 5,
+ "R": "021982e226d514f6b456ce6dd34207e3614c75c7212c1e4aafc8466db3b7f46d7b",
+ "V": "02e63eb2a216d4b599e3a3744931a994f9ec42e7a1206f7f1da3d02179470d2349",
+ "C": "0370ae390278ed2b8e2c60f5ae07620bf152b561c07555cd47e7b5f0bc633eef30",
+ "E": "4fc268495304a9cae32c7034a61e8f06a66daf2eb2de39fbb14898eef3f0a2f0"
+ },
+ {
+ "TEST": 6,
+ "R": "02505dd9744db3c1c7f32766c5982f60528a94f5e196beb71a055455a8d565a9fb",
+ "V": "036049148cb142e8ee3ec967e0fb26407fe896f490ccbb98a9cc4692a5b1353b0e",
+ "C": "02ba916da7a61ddbd7e4d0e83586bdb9835157b5e194075f7cc68ecbb3255c0862",
+ "E": "89e69d2a6efd2f0a73ab58720ed4c9f26857f41095ef4ff6078251fb5c0fc7a8"
+ },
+ {
+ "TEST": 7,
+ "R": "03c885c69fb95055bb5a69f166024462de5ac80edb1b0a5c7d78ca5f7cf755ed72",
+ "V": "0224484bebb5b98fbe8c2e2e036e47117df3e7cb8aea0e33cb85313175c355f2a0",
+ "C": "03d555668d044c595b0b88eb4e24187fc3126f223e8d2c1eb719503ab6bf4bac79",
+ "E": "278333b0429c722e43f44db99ccdf61c72b8540191d73cd34dc961104df2ac68"
+ },
+ {
+ "TEST": 8,
+ "R": "0241b9c2cbd4cdd8c14e875daa25371dddad0843daf46c4e50516eae3a4c93f1da",
+ "V": "03d5d6a159ea9eb3740c273ca73b570c4532b6865365ceaff9d49ccaae254ff79d",
+ "C": "028cdc49a1c1e62cb0080a08668e38c9dd45cf1f70cb1edac7a787c43de33a9f13",
+ "E": "7b5cbf866b40fcf8685eea11dccd0aeaf712daaf79a7593392e0c8072d7bc41e"
+ },
+ {
+ "TEST": 9,
+ "R": "03608303184489be2160b83396fabb2941cb75554f7705ed9b20a723f0e35ab5e9",
+ "V": "0331443c4928d41e51f066f9c19ffe16d3136d952d541c5726a8b69acb88da2c11",
+ "C": "02f6ce8a1ea47a2736b5274328a8a49e5cf38dbf896f86396223a219df68f49588",
+ "E": "f3626cb346393399732569f32e4efffad65a76d27762bb7fef9efdccce0671bf"
+ }
+]
\ No newline at end of file
diff --git a/testVectors/schnorr/dchallenge.txt b/testVectors/schnorr/dchallenge.txt
new file mode 100644
index 0000000..cf10987
--- /dev/null
+++ b/testVectors/schnorr/dchallenge.txt
@@ -0,0 +1,60 @@
+TEST = 0,
+R = 02fce97b3461044ccb1cfda6653e3307cc0404e634bd042e9ed42abc114a7fae12,
+V = 03a7aa6833de71fe8157742cda5fec88ae20e9daa420363a8bee9baaac05baf53d,
+C = 03b93be23c0f9283a0cd97e3f41247aa26926cd4345e4a622abc0ccf7e9a5a7396,
+E = 377641844b33e90b6d0fc4fbcfd9bfc06dc1667e5211d8e231256f098fd0dcd6,
+
+TEST = 1,
+R = 03e9f81d0e6c24199940612ab91ebaa6dce5d2d3f1d084e8ca6f5e297c9c5a6dc1,
+V = 03f25c7a101353776030a55deffe291c10c977192e86f6c285afb80e5391cd7cc8,
+C = 024989f21a8234221ddf2eba3b634da8bb96c7d5681a366356a98afb9670207a45,
+E = 5b95c4f3ba9c18c54b3877a24e74363bbf7df8434d59c54332955941f5f0cb06,
+
+TEST = 2,
+R = 03a7e24af1dc8d18f1f1e29f1394d8d0a8e90d6c4c26de91bea4bfe1e71ebfa1f6,
+V = 02e8abc8a4759b17f0203e06688bff8abcb9f9664066b63a84a1cdbf3d1ec83871,
+C = 031a4e2b1c88faa7b2d33c174bce726589effa301fa28eb20de8d20930f0808478,
+E = 96631591ff2ab6d5f75c7350a01e562f419ea124519650892bc52ec4a1f9ec56,
+
+TEST = 3,
+R = 0345276ef03da95891d8ab5fec315a99c1d2a0b73e5c6428d2c4783d76ea12e8e5,
+V = 03294ea766113835c1295a89dfa2d72c9133693705232f6961ab112320e13b393b,
+C = 031f7196fbe48c4fb565c096aa221ad50531e1e4fe86d849402b050e479601afb2,
+E = 9dadd46409bc914c556aeadfe4354357fbc1015936e09e4e0bc104ba83c88999,
+
+TEST = 4,
+R = 03c5014eefdd3f846f5e44fe27c0b373ea4f8063f0190f134c1daeac38cb99018d,
+V = 027f1738999c2ba46a69ca139c0231e1bae9d72f7b005116ef326dbf1c159be802,
+C = 023a42f0ac7af46fc1347b085b6c0393630aaafde82c9ea8ff3f19dfe76b439bc9,
+E = ecd14eab141fedf4ff74a99b04be0b0a3ecee7f61dfd9ade62607d72ca5603c4,
+
+TEST = 5,
+R = 021982e226d514f6b456ce6dd34207e3614c75c7212c1e4aafc8466db3b7f46d7b,
+V = 02e63eb2a216d4b599e3a3744931a994f9ec42e7a1206f7f1da3d02179470d2349,
+C = 0370ae390278ed2b8e2c60f5ae07620bf152b561c07555cd47e7b5f0bc633eef30,
+E = 4fc268495304a9cae32c7034a61e8f06a66daf2eb2de39fbb14898eef3f0a2f0,
+
+TEST = 6,
+R = 02505dd9744db3c1c7f32766c5982f60528a94f5e196beb71a055455a8d565a9fb,
+V = 036049148cb142e8ee3ec967e0fb26407fe896f490ccbb98a9cc4692a5b1353b0e,
+C = 02ba916da7a61ddbd7e4d0e83586bdb9835157b5e194075f7cc68ecbb3255c0862,
+E = 89e69d2a6efd2f0a73ab58720ed4c9f26857f41095ef4ff6078251fb5c0fc7a8,
+
+TEST = 7,
+R = 03c885c69fb95055bb5a69f166024462de5ac80edb1b0a5c7d78ca5f7cf755ed72,
+V = 0224484bebb5b98fbe8c2e2e036e47117df3e7cb8aea0e33cb85313175c355f2a0,
+C = 03d555668d044c595b0b88eb4e24187fc3126f223e8d2c1eb719503ab6bf4bac79,
+E = 278333b0429c722e43f44db99ccdf61c72b8540191d73cd34dc961104df2ac68,
+
+TEST = 8,
+R = 0241b9c2cbd4cdd8c14e875daa25371dddad0843daf46c4e50516eae3a4c93f1da,
+V = 03d5d6a159ea9eb3740c273ca73b570c4532b6865365ceaff9d49ccaae254ff79d,
+C = 028cdc49a1c1e62cb0080a08668e38c9dd45cf1f70cb1edac7a787c43de33a9f13,
+E = 7b5cbf866b40fcf8685eea11dccd0aeaf712daaf79a7593392e0c8072d7bc41e,
+
+TEST = 9,
+R = 03608303184489be2160b83396fabb2941cb75554f7705ed9b20a723f0e35ab5e9,
+V = 0331443c4928d41e51f066f9c19ffe16d3136d952d541c5726a8b69acb88da2c11,
+C = 02f6ce8a1ea47a2736b5274328a8a49e5cf38dbf896f86396223a219df68f49588,
+E = f3626cb346393399732569f32e4efffad65a76d27762bb7fef9efdccce0671bf,
+
diff --git a/testVectors/schnorr/dcommit.json b/testVectors/schnorr/dcommit.json
new file mode 100644
index 0000000..c2dfdec
--- /dev/null
+++ b/testVectors/schnorr/dcommit.json
@@ -0,0 +1,72 @@
+[
+ {
+ "TEST": 0,
+ "R": "0259e1d6f1cf1d5e97248a54b33c7c18261b2a6152cc4eb36c9c38681616815b1b",
+ "A": "fb02633176a5893922feb54b6d37188dd8d08695b61cf48210e351ba2aaca20e",
+ "B": "4621a4da1b0c44d8015214b502b3028c8cfce6dd03bda3dfb92fabf8b324a521",
+ "C": "02835e9b712b046d5700c347ca4e10846c0e481f05eaa9bdd7da2b6da8574d3471"
+ },
+ {
+ "TEST": 1,
+ "R": "0244b8babba4345fd4407bf44ad76f7884f4f8fb38cc0d99cf09b6cf98c2033035",
+ "A": "f7e8ebe2fed516c81ff6777958c1eba87df724318090be9ffb5c2ea0ac367737",
+ "B": "36bf6b7dfb228fd360752a392da3b3d8daeeaced132261baf1b075cc34349776",
+ "C": "03aa219766dd92764d9cc4d125f6cbd1c6f73449dfa96f1268e9ee3723db7918d5"
+ },
+ {
+ "TEST": 2,
+ "R": "0296a698250a1237f45aac507bac7f88d1ae2fa5502c0cc061bab6e4d77817de8c",
+ "A": "0824de324be47ecd9177d6c90dc72158ef2b35047b8d7717ef3d130ed6444fb2",
+ "B": "a34117c6b8babc2d85af6d70ab1468eee8bf3aace79e90eb1fa8dc4e63f091a1",
+ "C": "036d4afbc091ca1d0e8e5e3d61ac3d82aa81e1ef7edc901ad8f5c976ff5c376c3a"
+ },
+ {
+ "TEST": 3,
+ "R": "03591e1e077cd4195e5afc880ea96ff5d783fd587c1aba1129dfb3c6517ec1c8f6",
+ "A": "201abd5a905d6686305b79caf6d240281e874f9ff0320469520307d2a5468f7b",
+ "B": "e2a53a62010f99811f2b0e80776047c9ef9be04b423db6a0963c22c21cf325ce",
+ "C": "0279747d0a1800961d4173b267185db43ccc22c80afe521b537d734485b78dd463"
+ },
+ {
+ "TEST": 4,
+ "R": "038e0ec278ef160284bb19944fcef4158f4a85c181a8c7db020c0796845d5ce4c1",
+ "A": "18305a54a2b4eebb83ea8a5c73253c0989454f587f2b5bd66d7919cae9c0a6fc",
+ "B": "8744a82766ec8aca0f398c4e9ac1581e2b0254ab1b0610fa8c911808d838336e",
+ "C": "02a80e63387fb9bca43fcf13cc4874d3c8c84de22ed7695ff6d7874b02bc197b2f"
+ },
+ {
+ "TEST": 5,
+ "R": "03fd2eb61386982525575394a89be40758c24bf6b0a6e4807c1ab7a82a4e1cdd73",
+ "A": "0d29b13ebd9d14d115cd94822e9e885d81ef67472e5fef7653f8f2d742af851e",
+ "B": "95d44557e995734a211bd97b586669ae054c18624b19de4ea4700527445c1833",
+ "C": "02476e16a4960b5fa50e62ef3016c93a344459747e972637f78da66a3193e6b4d2"
+ },
+ {
+ "TEST": 6,
+ "R": "03b7a6d84f9577daab651b724ee3d226daf86fccc34a1124703c9c0070597ac5f2",
+ "A": "74fbe75bce9e10b57486fd5ebade8227421a8c3aeb7855b72cf9f12561fef096",
+ "B": "8c071721faa418ad062df7462ab65b019a786178088344b58063883dfef78ab8",
+ "C": "0323bcd4ddca10d9e1bf31ca8f18d4ed62e19770e5495c2d4f6dd8e2382b731024"
+ },
+ {
+ "TEST": 7,
+ "R": "028a6e0d9fe36b568ddad3dfc5cf9506eba8e62aa45d08ef59b6c8980720b84221",
+ "A": "ffcf45371d32b708f527ca3a1875aeb1e0eec092e4688d9ed8ba59df338eb56a",
+ "B": "81a27940ced64fe34de599799eb567d61b80a1d519c51d5af3fc796d569a51d3",
+ "C": "02bd668682e5343ac4abb96d913d7e9deec10d5c6278de9b719e32f837a894d7fe"
+ },
+ {
+ "TEST": 8,
+ "R": "0313afef23301766f3f26443e2fac4ce42cd850593916daa672baab642d8217ba7",
+ "A": "d689fcde07c7ffa6ddca08806b53aadc2acad6d139538beb2771dac4c6be8081",
+ "B": "aeb017ab7ad847df1653fa383898bacea67051a74bec966a2700e91a6d5c9ed1",
+ "C": "03a46cd1028277311085050afe9c8af7e7accc2a9dfbe6f264ffef6e6021736439"
+ },
+ {
+ "TEST": 9,
+ "R": "03f0b186990b491a9f6d7bae86dfa3188a6fcd79204de0c677ea9e1a4c939a9a19",
+ "A": "c2f66ddf4d51057c88033378b3d088bc8a3b930823b661cd6b3b0f55e7a10d8c",
+ "B": "5fa5b601079c88f235f73277b53a08f0b50bb09ed404aeef1acd03b4c58d5969",
+ "C": "03e1507f9e21f26aa04452e7fdbab469dfb28ea1c035def6e56cd7d5ad123b7e9c"
+ }
+]
\ No newline at end of file
diff --git a/testVectors/schnorr/dcommit.txt b/testVectors/schnorr/dcommit.txt
new file mode 100644
index 0000000..fc9ec1a
--- /dev/null
+++ b/testVectors/schnorr/dcommit.txt
@@ -0,0 +1,60 @@
+TEST = 0,
+R = 0259e1d6f1cf1d5e97248a54b33c7c18261b2a6152cc4eb36c9c38681616815b1b,
+A = fb02633176a5893922feb54b6d37188dd8d08695b61cf48210e351ba2aaca20e,
+B = 4621a4da1b0c44d8015214b502b3028c8cfce6dd03bda3dfb92fabf8b324a521,
+C = 02835e9b712b046d5700c347ca4e10846c0e481f05eaa9bdd7da2b6da8574d3471,
+
+TEST = 1,
+R = 0244b8babba4345fd4407bf44ad76f7884f4f8fb38cc0d99cf09b6cf98c2033035,
+A = f7e8ebe2fed516c81ff6777958c1eba87df724318090be9ffb5c2ea0ac367737,
+B = 36bf6b7dfb228fd360752a392da3b3d8daeeaced132261baf1b075cc34349776,
+C = 03aa219766dd92764d9cc4d125f6cbd1c6f73449dfa96f1268e9ee3723db7918d5,
+
+TEST = 2,
+R = 0296a698250a1237f45aac507bac7f88d1ae2fa5502c0cc061bab6e4d77817de8c,
+A = 0824de324be47ecd9177d6c90dc72158ef2b35047b8d7717ef3d130ed6444fb2,
+B = a34117c6b8babc2d85af6d70ab1468eee8bf3aace79e90eb1fa8dc4e63f091a1,
+C = 036d4afbc091ca1d0e8e5e3d61ac3d82aa81e1ef7edc901ad8f5c976ff5c376c3a,
+
+TEST = 3,
+R = 03591e1e077cd4195e5afc880ea96ff5d783fd587c1aba1129dfb3c6517ec1c8f6,
+A = 201abd5a905d6686305b79caf6d240281e874f9ff0320469520307d2a5468f7b,
+B = e2a53a62010f99811f2b0e80776047c9ef9be04b423db6a0963c22c21cf325ce,
+C = 0279747d0a1800961d4173b267185db43ccc22c80afe521b537d734485b78dd463,
+
+TEST = 4,
+R = 038e0ec278ef160284bb19944fcef4158f4a85c181a8c7db020c0796845d5ce4c1,
+A = 18305a54a2b4eebb83ea8a5c73253c0989454f587f2b5bd66d7919cae9c0a6fc,
+B = 8744a82766ec8aca0f398c4e9ac1581e2b0254ab1b0610fa8c911808d838336e,
+C = 02a80e63387fb9bca43fcf13cc4874d3c8c84de22ed7695ff6d7874b02bc197b2f,
+
+TEST = 5,
+R = 03fd2eb61386982525575394a89be40758c24bf6b0a6e4807c1ab7a82a4e1cdd73,
+A = 0d29b13ebd9d14d115cd94822e9e885d81ef67472e5fef7653f8f2d742af851e,
+B = 95d44557e995734a211bd97b586669ae054c18624b19de4ea4700527445c1833,
+C = 02476e16a4960b5fa50e62ef3016c93a344459747e972637f78da66a3193e6b4d2,
+
+TEST = 6,
+R = 03b7a6d84f9577daab651b724ee3d226daf86fccc34a1124703c9c0070597ac5f2,
+A = 74fbe75bce9e10b57486fd5ebade8227421a8c3aeb7855b72cf9f12561fef096,
+B = 8c071721faa418ad062df7462ab65b019a786178088344b58063883dfef78ab8,
+C = 0323bcd4ddca10d9e1bf31ca8f18d4ed62e19770e5495c2d4f6dd8e2382b731024,
+
+TEST = 7,
+R = 028a6e0d9fe36b568ddad3dfc5cf9506eba8e62aa45d08ef59b6c8980720b84221,
+A = ffcf45371d32b708f527ca3a1875aeb1e0eec092e4688d9ed8ba59df338eb56a,
+B = 81a27940ced64fe34de599799eb567d61b80a1d519c51d5af3fc796d569a51d3,
+C = 02bd668682e5343ac4abb96d913d7e9deec10d5c6278de9b719e32f837a894d7fe,
+
+TEST = 8,
+R = 0313afef23301766f3f26443e2fac4ce42cd850593916daa672baab642d8217ba7,
+A = d689fcde07c7ffa6ddca08806b53aadc2acad6d139538beb2771dac4c6be8081,
+B = aeb017ab7ad847df1653fa383898bacea67051a74bec966a2700e91a6d5c9ed1,
+C = 03a46cd1028277311085050afe9c8af7e7accc2a9dfbe6f264ffef6e6021736439,
+
+TEST = 9,
+R = 03f0b186990b491a9f6d7bae86dfa3188a6fcd79204de0c677ea9e1a4c939a9a19,
+A = c2f66ddf4d51057c88033378b3d088bc8a3b930823b661cd6b3b0f55e7a10d8c,
+B = 5fa5b601079c88f235f73277b53a08f0b50bb09ed404aeef1acd03b4c58d5969,
+C = 03e1507f9e21f26aa04452e7fdbab469dfb28ea1c035def6e56cd7d5ad123b7e9c,
+
diff --git a/testVectors/schnorr/dprove.json b/testVectors/schnorr/dprove.json
new file mode 100644
index 0000000..a422c3c
--- /dev/null
+++ b/testVectors/schnorr/dprove.json
@@ -0,0 +1,102 @@
+[
+ {
+ "TEST": 0,
+ "A": "c3658c336985e9415ac8395a5a97dcd9bd0cb566f7c7fc23e4c53726627fc3d2",
+ "B": "c8d085e5ea92fb4086caf99c27ba68d0cf075531f9a45527e49667558d9d79ff",
+ "E": "744953855c767494d6f4fdc48e852a54027e2b7aa6c6552c217dd98b152f6395",
+ "S": "4ba56d82ab4fd7f34eb58be3e3b1b23c06270f1d4d51d4662742b37700a70a06",
+ "L": "3e13bc076f821b97aaabb9b5a65fa5ef7a1c7e200009d2fa11f17a1858d0a52f",
+ "T": "2d01dec8512cdd6e880c25053de5f807ed48ebf831de4235754d825b0d1494a5",
+ "U": "54bf98385efdb40d39827c52d2f4e6d4df8dc0938655a7b0a57cace7986e895d"
+ },
+ {
+ "TEST": 1,
+ "A": "931f39d36bfc27283f5b3d791ad3f6df1c55f144fa2b52bd443fc4eb24f26281",
+ "B": "b6fdb0f8402d57e166816f281b48c2b5a5c04d6c4ab52be80620feb98118957e",
+ "E": "9675ad591af467de8c64a39b438c213d86e5bbba431bb3880c186b4e8282a672",
+ "S": "b6683ed0c7f7bb9b53250bb5cbdaf15aa84673d44c011f970b27c4dedc79a7c3",
+ "L": "6450fb92cefca0594fe5e37a2fab9eed46fcd44eaee464adf1237b8c3f9855ec",
+ "T": "30e4a42f280a7a135654a4af59a445ce09ed5683b7404d575bccf9d7a2c8c760",
+ "U": "db60d0b8ba2d3ba0b884774259b8fc40e92595b01ffbc0aa36ee63e3126b194f"
+ },
+ {
+ "TEST": 2,
+ "A": "f65387fd820997e523d1099ff99727dde285bac05a0cd9e63fb75e28284df79d",
+ "B": "94d0c8ba02ebde9f728d1fffd0ec743db34192366c42a9063580ea971d8d8d4b",
+ "E": "37ce44b6fcd5617c4470e9a83cdb9c2a5057eb71bdf656de4ad1a50cee70334c",
+ "S": "626e6215eae0f7f304af9abeac0d5267d9c83cbb9ed0beacb0090faaf0fc18eb",
+ "L": "0da04fe6194cc495ccb9d43225f0b29d7ef322665d37347c441b1a054f4a60b4",
+ "T": "3e0ff7c4fddb1f58933cf1d5ba9388ff2a6d0e4be347c59bf2be18457c7ab5e7",
+ "U": "71ee5b78721471d2ac47073eb92d979477208b44a16e8425293902e134c41d34"
+ },
+ {
+ "TEST": 3,
+ "A": "0e3cebfb2e5ef09c85305b6d400b35ed581729ecac51782cdb8908043d6bf4af",
+ "B": "192db7270206618045a6a83cc26babc89eb0f68946bec5b8b99d71a70f391505",
+ "E": "b1568c9ef268cb8eca2f95a6b9bfa4fe90f65c368a44fbf105305263cf99b396",
+ "S": "57339ac50d52d6778fcd5787c5578d454c31d285d98e53e60dbfaee5eb22b5de",
+ "L": "6bffa4f19113e216da05bd988cde2fbbb1553f2f32b03893dad8569f61da8e59",
+ "T": "60c391d164811208e890f9b1b596b948b423ceca295a2f5e2bc3066dab605051",
+ "U": "a410308bf97a4b2db7f809bdd7193a91191dfdbd7dc20e9d60ffa91602f2ad02"
+ },
+ {
+ "TEST": 4,
+ "A": "a6720ad0cd437e1fad7b6cb831748de9a4c113d7a4407ac48d1c1c649a32cfa7",
+ "B": "b7001f7b29784a455a9de707f496498e776af6cace3281a5d6dc877c3b960feb",
+ "E": "de8bd108f9ece11b75fb01241477fb361609105d9874696121c678ceb39dbca1",
+ "S": "f03a58d3248464d8a1d77e3107151f69ea0a3217238305e43208adb296d27deb",
+ "L": "5ce20cf65990bf869cb82b4d1b8a7a3dea605340419e86968d31266ad7ceb7cb",
+ "T": "b7f424831ddbe2061f78e9c505748f30c719d0c813932a957bd62f98dd35bfe4",
+ "U": "6f10117963601ad31ef4c6ad7baf3753e4febd6b64e7772d741d5db2d7cdcd18"
+ },
+ {
+ "TEST": 5,
+ "A": "e064c90e03b7774ecea6f0c5633d9dd98fc6f8416d7baf39cf83df372bbd1a8f",
+ "B": "b89bf2b48410d26cd0b2450bc384bde59caecd03d1b534b9dee14c4ffb718cc0",
+ "E": "4a12fe6e64639407ad01860b3cdc10e69dc7d6b319a2160abcac5b4cf1a609f9",
+ "S": "892a19776ba393756e325ae26eb1be8d058d1978b0cb20dfbbd6f1f514fbdccb",
+ "L": "06584dc2fbcb24bd8dcefa2ecb75468ca3ee594cafb7e65223fdb49357e7e2f0",
+ "T": "722402d368c0818577f357aad04d9195ea80e0b013d164f89cf7f3c8f2761f14",
+ "U": "778d3d0e10ea34e5379297027c1e5f9a0470f126cd19f6bfc21e881652563b5e"
+ },
+ {
+ "TEST": 6,
+ "A": "1cb8713e7dba86e70d446668d75bc9c992e6c10c9f6ed108ff0006a6d1b0937b",
+ "B": "f5cca22f672064914108a628be72e54380471853c91cd92904973944d3671631",
+ "E": "f54feab6fc6679e536521834a395893c4dcbb9f5cbd79dc6a9b54661eebb3166",
+ "S": "b69c37cc0963f8619645e9bf2f949ef829aace7604835f08579ecff67049782a",
+ "L": "e3f71b7a4f66283eab2cc81ae718723105ac4284f668271d53a5053bcb86f449",
+ "T": "03fec2defb4cb0037aa1fe3e98062b7d3265e6fe6b96257e961203daa7bb20ab",
+ "U": "b9710f2a2824a140aa970cf2aff3d898c9fe0e69352e5ceee4281549bade7ffe"
+ },
+ {
+ "TEST": 7,
+ "A": "38c3298372a795c04c9bf3490d01f6f366bf3ac64c6a5c921581be6fb8263922",
+ "B": "eb922d0b0694a1e7973742dbff6bfc65cf29cfdf50d22cb7304dc060292adea2",
+ "E": "bf22c8d94b8b6005b6790ff357647e61b3cb853994f358e4fca9ddc9e191232b",
+ "S": "692622cb87e36d76b72f5726cc47877cbdd20e5f09ed37a69f9e3483432f8832",
+ "L": "35459a922c7dee62d1bd2cc240d5ced07bb978f7e2519f93cc5c8f24985593d1",
+ "T": "4075007fe3a002a59f723027738a37b90dfe8237dc92588769e3e8bae191ec28",
+ "U": "67caf11bef014d06b9f4467c8b520af8ef9cce399be37997d37f34f1e5cfe367"
+ },
+ {
+ "TEST": 8,
+ "A": "45776a977fbb24669f0f5b14d7acbead19b1f23e67d8355156e4d2ad835b3ecb",
+ "B": "e30e8c0c7b4ada29ae217d87a7ce3a645354b6fa6585650e7e749f6b3c6a8cd6",
+ "E": "be816305456e6074737eb32e141a1cef89003ed5448d013a43f890ffa7d9eeb6",
+ "S": "b8bea737a5195af618cbc05f7d0af60df5f2f20805074e4b0b16f086134a0d2c",
+ "L": "f7ba14eafb15ee44511b0b7fc8f77cc2b0c3a4f7ec77f71286c022eb7ecc284c",
+ "T": "0c0c3e3cd44061869ccca4a6b9c449a2b46dbf2e73174822d9b2899cda6349a2",
+ "U": "787c5a03a3b443ee3fa7ff3ff90983b15fbd225b91dad900c2e115f9802c43f7"
+ },
+ {
+ "TEST": 9,
+ "A": "a2dad6ce28cf198caa48eaddcdbd925452ece6cad4107559356a055a0fe24893",
+ "B": "ecc961fbe43346c86b5d4d39df3dcef0d10b7705e82b6efc150a0af912ee2b6d",
+ "E": "789ab333343a7d16cbc282cb8e4e19782443f31c1d49282d7a39229a85a83d38",
+ "S": "630f2d213eb0eb0f7bbe51999b55f6e66483e84c3658122b54bc5eec79885df6",
+ "L": "49f0f6e0465c04217d317516c0c1b844c96c113adcd4d48144ea83e2389c0d0d",
+ "T": "55a5b26fa437690e5cedb136b26d248459ee49801b7ae1423d12be5e6e28dc23",
+ "U": "59cf48a53168290f13e8df8ca62f45e2fbb9172e9b9161c95894d5ceef2300ab"
+ }
+]
\ No newline at end of file
diff --git a/testVectors/schnorr/dprove.txt b/testVectors/schnorr/dprove.txt
new file mode 100644
index 0000000..fca06d2
--- /dev/null
+++ b/testVectors/schnorr/dprove.txt
@@ -0,0 +1,90 @@
+TEST = 0,
+A = c3658c336985e9415ac8395a5a97dcd9bd0cb566f7c7fc23e4c53726627fc3d2,
+B = c8d085e5ea92fb4086caf99c27ba68d0cf075531f9a45527e49667558d9d79ff,
+E = 744953855c767494d6f4fdc48e852a54027e2b7aa6c6552c217dd98b152f6395,
+S = 4ba56d82ab4fd7f34eb58be3e3b1b23c06270f1d4d51d4662742b37700a70a06,
+L = 3e13bc076f821b97aaabb9b5a65fa5ef7a1c7e200009d2fa11f17a1858d0a52f,
+T = 2d01dec8512cdd6e880c25053de5f807ed48ebf831de4235754d825b0d1494a5,
+U = 54bf98385efdb40d39827c52d2f4e6d4df8dc0938655a7b0a57cace7986e895d,
+
+TEST = 1,
+A = 931f39d36bfc27283f5b3d791ad3f6df1c55f144fa2b52bd443fc4eb24f26281,
+B = b6fdb0f8402d57e166816f281b48c2b5a5c04d6c4ab52be80620feb98118957e,
+E = 9675ad591af467de8c64a39b438c213d86e5bbba431bb3880c186b4e8282a672,
+S = b6683ed0c7f7bb9b53250bb5cbdaf15aa84673d44c011f970b27c4dedc79a7c3,
+L = 6450fb92cefca0594fe5e37a2fab9eed46fcd44eaee464adf1237b8c3f9855ec,
+T = 30e4a42f280a7a135654a4af59a445ce09ed5683b7404d575bccf9d7a2c8c760,
+U = db60d0b8ba2d3ba0b884774259b8fc40e92595b01ffbc0aa36ee63e3126b194f,
+
+TEST = 2,
+A = f65387fd820997e523d1099ff99727dde285bac05a0cd9e63fb75e28284df79d,
+B = 94d0c8ba02ebde9f728d1fffd0ec743db34192366c42a9063580ea971d8d8d4b,
+E = 37ce44b6fcd5617c4470e9a83cdb9c2a5057eb71bdf656de4ad1a50cee70334c,
+S = 626e6215eae0f7f304af9abeac0d5267d9c83cbb9ed0beacb0090faaf0fc18eb,
+L = 0da04fe6194cc495ccb9d43225f0b29d7ef322665d37347c441b1a054f4a60b4,
+T = 3e0ff7c4fddb1f58933cf1d5ba9388ff2a6d0e4be347c59bf2be18457c7ab5e7,
+U = 71ee5b78721471d2ac47073eb92d979477208b44a16e8425293902e134c41d34,
+
+TEST = 3,
+A = 0e3cebfb2e5ef09c85305b6d400b35ed581729ecac51782cdb8908043d6bf4af,
+B = 192db7270206618045a6a83cc26babc89eb0f68946bec5b8b99d71a70f391505,
+E = b1568c9ef268cb8eca2f95a6b9bfa4fe90f65c368a44fbf105305263cf99b396,
+S = 57339ac50d52d6778fcd5787c5578d454c31d285d98e53e60dbfaee5eb22b5de,
+L = 6bffa4f19113e216da05bd988cde2fbbb1553f2f32b03893dad8569f61da8e59,
+T = 60c391d164811208e890f9b1b596b948b423ceca295a2f5e2bc3066dab605051,
+U = a410308bf97a4b2db7f809bdd7193a91191dfdbd7dc20e9d60ffa91602f2ad02,
+
+TEST = 4,
+A = a6720ad0cd437e1fad7b6cb831748de9a4c113d7a4407ac48d1c1c649a32cfa7,
+B = b7001f7b29784a455a9de707f496498e776af6cace3281a5d6dc877c3b960feb,
+E = de8bd108f9ece11b75fb01241477fb361609105d9874696121c678ceb39dbca1,
+S = f03a58d3248464d8a1d77e3107151f69ea0a3217238305e43208adb296d27deb,
+L = 5ce20cf65990bf869cb82b4d1b8a7a3dea605340419e86968d31266ad7ceb7cb,
+T = b7f424831ddbe2061f78e9c505748f30c719d0c813932a957bd62f98dd35bfe4,
+U = 6f10117963601ad31ef4c6ad7baf3753e4febd6b64e7772d741d5db2d7cdcd18,
+
+TEST = 5,
+A = e064c90e03b7774ecea6f0c5633d9dd98fc6f8416d7baf39cf83df372bbd1a8f,
+B = b89bf2b48410d26cd0b2450bc384bde59caecd03d1b534b9dee14c4ffb718cc0,
+E = 4a12fe6e64639407ad01860b3cdc10e69dc7d6b319a2160abcac5b4cf1a609f9,
+S = 892a19776ba393756e325ae26eb1be8d058d1978b0cb20dfbbd6f1f514fbdccb,
+L = 06584dc2fbcb24bd8dcefa2ecb75468ca3ee594cafb7e65223fdb49357e7e2f0,
+T = 722402d368c0818577f357aad04d9195ea80e0b013d164f89cf7f3c8f2761f14,
+U = 778d3d0e10ea34e5379297027c1e5f9a0470f126cd19f6bfc21e881652563b5e,
+
+TEST = 6,
+A = 1cb8713e7dba86e70d446668d75bc9c992e6c10c9f6ed108ff0006a6d1b0937b,
+B = f5cca22f672064914108a628be72e54380471853c91cd92904973944d3671631,
+E = f54feab6fc6679e536521834a395893c4dcbb9f5cbd79dc6a9b54661eebb3166,
+S = b69c37cc0963f8619645e9bf2f949ef829aace7604835f08579ecff67049782a,
+L = e3f71b7a4f66283eab2cc81ae718723105ac4284f668271d53a5053bcb86f449,
+T = 03fec2defb4cb0037aa1fe3e98062b7d3265e6fe6b96257e961203daa7bb20ab,
+U = b9710f2a2824a140aa970cf2aff3d898c9fe0e69352e5ceee4281549bade7ffe,
+
+TEST = 7,
+A = 38c3298372a795c04c9bf3490d01f6f366bf3ac64c6a5c921581be6fb8263922,
+B = eb922d0b0694a1e7973742dbff6bfc65cf29cfdf50d22cb7304dc060292adea2,
+E = bf22c8d94b8b6005b6790ff357647e61b3cb853994f358e4fca9ddc9e191232b,
+S = 692622cb87e36d76b72f5726cc47877cbdd20e5f09ed37a69f9e3483432f8832,
+L = 35459a922c7dee62d1bd2cc240d5ced07bb978f7e2519f93cc5c8f24985593d1,
+T = 4075007fe3a002a59f723027738a37b90dfe8237dc92588769e3e8bae191ec28,
+U = 67caf11bef014d06b9f4467c8b520af8ef9cce399be37997d37f34f1e5cfe367,
+
+TEST = 8,
+A = 45776a977fbb24669f0f5b14d7acbead19b1f23e67d8355156e4d2ad835b3ecb,
+B = e30e8c0c7b4ada29ae217d87a7ce3a645354b6fa6585650e7e749f6b3c6a8cd6,
+E = be816305456e6074737eb32e141a1cef89003ed5448d013a43f890ffa7d9eeb6,
+S = b8bea737a5195af618cbc05f7d0af60df5f2f20805074e4b0b16f086134a0d2c,
+L = f7ba14eafb15ee44511b0b7fc8f77cc2b0c3a4f7ec77f71286c022eb7ecc284c,
+T = 0c0c3e3cd44061869ccca4a6b9c449a2b46dbf2e73174822d9b2899cda6349a2,
+U = 787c5a03a3b443ee3fa7ff3ff90983b15fbd225b91dad900c2e115f9802c43f7,
+
+TEST = 9,
+A = a2dad6ce28cf198caa48eaddcdbd925452ece6cad4107559356a055a0fe24893,
+B = ecc961fbe43346c86b5d4d39df3dcef0d10b7705e82b6efc150a0af912ee2b6d,
+E = 789ab333343a7d16cbc282cb8e4e19782443f31c1d49282d7a39229a85a83d38,
+S = 630f2d213eb0eb0f7bbe51999b55f6e66483e84c3658122b54bc5eec79885df6,
+L = 49f0f6e0465c04217d317516c0c1b844c96c113adcd4d48144ea83e2389c0d0d,
+T = 55a5b26fa437690e5cedb136b26d248459ee49801b7ae1423d12be5e6e28dc23,
+U = 59cf48a53168290f13e8df8ca62f45e2fbb9172e9b9161c95894d5ceef2300ab,
+
diff --git a/testVectors/schnorr/dverify.json b/testVectors/schnorr/dverify.json
new file mode 100644
index 0000000..f0bfff8
--- /dev/null
+++ b/testVectors/schnorr/dverify.json
@@ -0,0 +1,92 @@
+[
+ {
+ "TEST": 0,
+ "R": "0337f69333ec13ff263492807e1da7efccf880dda2d3e54062ebe1e56a4ac8114f",
+ "V": "03da9f79c96ede4add43f6da69c13c24d441c418ccf9266a0794d4b60139b769f8",
+ "C": "03be659529d5b0e5e895c98fe4a1615019a0ef506e8be65a844ea3e846e06ab06c",
+ "E": "5d163667398926b52b47f8164fc92795a9cad7e43efe9f71b78fb6b9d623dc10",
+ "T": "9b802924c454fa018f220d92c431e927a68bd861f3a823815b5bce9d59291f79",
+ "U": "9825d990f6a0219cfe6cd8385ed3124f3d20211b8fc8a53440dbf565d6435e21"
+ },
+ {
+ "TEST": 1,
+ "R": "0310d9f650695d137ca05adec60b1b78445a40bf403e4f641fe38c2897aaa67769",
+ "V": "02555ec03ecd2e1585b708a8fe7a1d514057e3152381de479281e083d783a7beb9",
+ "C": "031072f0b4d488f0e8f93aae1957d5894f0dc3a98c1bc7bae8ea86fd8eb3222565",
+ "E": "1a45745881d6a22056c4734b068b7d92877a51aead03432774347880f860aa65",
+ "T": "52b37b5e9e38d8e26fc1b21fcafc63474cb6539134f9931145804bc925913032",
+ "U": "e148e44602200a79114daa2458f09a8a6e372cf1af472eca05ff2c17f12b42a9"
+ },
+ {
+ "TEST": 2,
+ "R": "03903e4bb60f886668c5cdfadd0ddd349cacc4879de7fe8b7fa43ba79a6cbe01b3",
+ "V": "03ade35a1e50500a4bc8ed3fecb3f1aa2570a39499044c6282398f4dd071ed6c85",
+ "C": "02cbd3a2714376e1f3cab63feb5e9d23b36135b4565e7d4b4a85afae0882baa4ed",
+ "E": "450a269d202de9a6d2573b510bcc02f1e7c7d5b4a5779c55fbb4bd25241a1f9f",
+ "T": "e96ce1c43cbe59f6f6946dea0ff1f3bc15227da9758308f48a53e4fc4c666249",
+ "U": "a42aa5d5efceb63a480e8718d6e7930c3a156ba9ff971bae8538062305e502c7"
+ },
+ {
+ "TEST": 3,
+ "R": "02ac3a849571574161e53aaf3cb9c8c323c3498e7d329f02d723a6b9b3a1848a67",
+ "V": "025fbc82aa7b986a386ad2fa524f085a0e23dadd259a01e2dda66bf79d4fef9fb5",
+ "C": "039436f7a6a41ef3e624090f34ac24331fc9b233d03430f263ac62e3b6555817ba",
+ "E": "670dcf5cca02ce7bb776e48fd01f06119da99af75581ce715cca828e14627771",
+ "T": "b4702324fa24b547850709fc0874809b638aa5e8ef10f8715100d116f5683702",
+ "U": "f708022da7a842e68094699df0cd1124a7ae40d17a9bbb5788bf4fec85e9a1b8"
+ },
+ {
+ "TEST": 4,
+ "R": "0316ddced170deb5eee2121216c5a714e25ed0cbc5ef5646cc754234f778eb1c0b",
+ "V": "03b5302ae8d3061ebeebd34ad3e74f4be7ff11b20d321716f10d4e0a409059b2fa",
+ "C": "021e20bf1693d7515137d274938beb4faa5b6e5fa4fe81d2706cd1c9ad04c07a62",
+ "E": "7d9690223a556bcbcd86d24b20d85a520199ae39299dfc4f1f1ee36ffeda24e3",
+ "T": "d6bab7bb975b18d876909c797fd3c70ee4ab59168d0bdad29620c517e5af324b",
+ "U": "a3a0e66ed30df31b1e3195c964a00e731939ea5ea2c9176fc6fdd39c0dde4701"
+ },
+ {
+ "TEST": 5,
+ "R": "03d28743c72ab145876065f39a3105d9b0f55bb225ef797c0674e65bf85c3439c3",
+ "V": "03708abbfa0a807e3540d8aa6c589c6993bcc0238986b317cfecbdc962fb459860",
+ "C": "02804191a4f52d8cf6948596122d89c079e4f6212420a263e66a693c1da94c3223",
+ "E": "ff5bfd05347b361da4d159a29dae99df2ecdf2eec94fd4ade894398d9c4bc239",
+ "T": "4ca83780f3ab9e30e29c87c3cb6fa0eabb3e0f664d2c27a6bce05380c9ae92ae",
+ "U": "4edeef14e75585e7fd197c719fd3948f1f420a724d5c3a95eb5bff0bb38681a6"
+ },
+ {
+ "TEST": 6,
+ "R": "0375cd1b2c2de801df582927c5b7bb823d03544d818dc2b4ff754cdf3ef30c4c03",
+ "V": "039fe1711cd9f775105caa6db9cdea37023fccd81d2c03a36141cc15a009e3ee58",
+ "C": "03271d03e3c2105cd8dce4e17d7e76cb4174cd1631c8c2dcbdee5ef9d67312b2a4",
+ "E": "56eec5122920560f0b88db05c7912d517f1ba492d1f21e9ab747e354df7e6665",
+ "T": "f53dc9b0e3580638a7ea996318663d207c73495ebadf47e8061597cf7addb557",
+ "U": "af3c5fa843e6bb582820c9f8a7a050f4162980c2aaf15952cb615ec0c86e53ab"
+ },
+ {
+ "TEST": 7,
+ "R": "03a487f61837e87c747c2737172b962f79f90f3e485792db349390393c7bbec009",
+ "V": "025c58b47fac4b2bc4556782fd0ff5d6f2761520b256150167144bfe1589531d2b",
+ "C": "02de1aac64d96206096d82a9782d890593492c33b6fb2cd0eb3d5da13e37a0571e",
+ "E": "608e104063ace2a703cdb85d79a9817f7732fada6cd2447af523df25083fe01c",
+ "T": "36c6489ecae5ccb524d2f3166bcdfc71b77aac8cc25a61433cd1062e113103aa",
+ "U": "b6dadf473f9e7a341848f0a6ea84962694afe9776cd5f45175d6902b64709e96"
+ },
+ {
+ "TEST": 8,
+ "R": "0345c3278b4d2e9fbb697b4a497bd41b068314b20a3556984286a348195e4bf87d",
+ "V": "028c61a27347c094aa299e95dc648cfde1d0ab65ee48a70bbc1d2fddbb43cea989",
+ "C": "0369298338f45f3e501e7f46d31ff4010425074b128e557bbc8ac5f80dbf764aa9",
+ "E": "9f553102958aecaf0d00130c36f5bc7c42eaa2ace113853ede0001ae5164a07b",
+ "T": "a0b325d9e5b895ceae62621c1cf29d9a2fc4498fd1fc9937a63c8f32446080cc",
+ "U": "a552b6f899eba8c5c2fdc67d2e8f20420a79002b2a8ed545c1332b2b2675eeb7"
+ },
+ {
+ "TEST": 9,
+ "R": "02c9ce032faa136eb3ad72225300a592a620d5a9a9f90bf303fab853e29bb68276",
+ "V": "02313802a1e8c0e23d830d0ddbc81f4b9bdf8636f79823a84ba57e3beb8d11c35d",
+ "C": "026647a49f2daed3ff69d03c9638bea864f125485af059fe60d640f9e9a0685944",
+ "E": "fb92fc530bb01d308afc30190ec261d4474346107f33809abe4bef288891e2cb",
+ "T": "f1be16549e065da6bf96466c9330194e92f2dde14fffb883922c98e6361f19f8",
+ "U": "e9a57b8486df4a58021fb1f57e3fb8ac5a30a73de5868d6542a196fbf3fc47fb"
+ }
+]
\ No newline at end of file
diff --git a/testVectors/schnorr/dverify.txt b/testVectors/schnorr/dverify.txt
new file mode 100644
index 0000000..41b2438
--- /dev/null
+++ b/testVectors/schnorr/dverify.txt
@@ -0,0 +1,80 @@
+TEST = 0,
+R = 0337f69333ec13ff263492807e1da7efccf880dda2d3e54062ebe1e56a4ac8114f,
+V = 03da9f79c96ede4add43f6da69c13c24d441c418ccf9266a0794d4b60139b769f8,
+C = 03be659529d5b0e5e895c98fe4a1615019a0ef506e8be65a844ea3e846e06ab06c,
+E = 5d163667398926b52b47f8164fc92795a9cad7e43efe9f71b78fb6b9d623dc10,
+T = 9b802924c454fa018f220d92c431e927a68bd861f3a823815b5bce9d59291f79,
+U = 9825d990f6a0219cfe6cd8385ed3124f3d20211b8fc8a53440dbf565d6435e21,
+
+TEST = 1,
+R = 0310d9f650695d137ca05adec60b1b78445a40bf403e4f641fe38c2897aaa67769,
+V = 02555ec03ecd2e1585b708a8fe7a1d514057e3152381de479281e083d783a7beb9,
+C = 031072f0b4d488f0e8f93aae1957d5894f0dc3a98c1bc7bae8ea86fd8eb3222565,
+E = 1a45745881d6a22056c4734b068b7d92877a51aead03432774347880f860aa65,
+T = 52b37b5e9e38d8e26fc1b21fcafc63474cb6539134f9931145804bc925913032,
+U = e148e44602200a79114daa2458f09a8a6e372cf1af472eca05ff2c17f12b42a9,
+
+TEST = 2,
+R = 03903e4bb60f886668c5cdfadd0ddd349cacc4879de7fe8b7fa43ba79a6cbe01b3,
+V = 03ade35a1e50500a4bc8ed3fecb3f1aa2570a39499044c6282398f4dd071ed6c85,
+C = 02cbd3a2714376e1f3cab63feb5e9d23b36135b4565e7d4b4a85afae0882baa4ed,
+E = 450a269d202de9a6d2573b510bcc02f1e7c7d5b4a5779c55fbb4bd25241a1f9f,
+T = e96ce1c43cbe59f6f6946dea0ff1f3bc15227da9758308f48a53e4fc4c666249,
+U = a42aa5d5efceb63a480e8718d6e7930c3a156ba9ff971bae8538062305e502c7,
+
+TEST = 3,
+R = 02ac3a849571574161e53aaf3cb9c8c323c3498e7d329f02d723a6b9b3a1848a67,
+V = 025fbc82aa7b986a386ad2fa524f085a0e23dadd259a01e2dda66bf79d4fef9fb5,
+C = 039436f7a6a41ef3e624090f34ac24331fc9b233d03430f263ac62e3b6555817ba,
+E = 670dcf5cca02ce7bb776e48fd01f06119da99af75581ce715cca828e14627771,
+T = b4702324fa24b547850709fc0874809b638aa5e8ef10f8715100d116f5683702,
+U = f708022da7a842e68094699df0cd1124a7ae40d17a9bbb5788bf4fec85e9a1b8,
+
+TEST = 4,
+R = 0316ddced170deb5eee2121216c5a714e25ed0cbc5ef5646cc754234f778eb1c0b,
+V = 03b5302ae8d3061ebeebd34ad3e74f4be7ff11b20d321716f10d4e0a409059b2fa,
+C = 021e20bf1693d7515137d274938beb4faa5b6e5fa4fe81d2706cd1c9ad04c07a62,
+E = 7d9690223a556bcbcd86d24b20d85a520199ae39299dfc4f1f1ee36ffeda24e3,
+T = d6bab7bb975b18d876909c797fd3c70ee4ab59168d0bdad29620c517e5af324b,
+U = a3a0e66ed30df31b1e3195c964a00e731939ea5ea2c9176fc6fdd39c0dde4701,
+
+TEST = 5,
+R = 03d28743c72ab145876065f39a3105d9b0f55bb225ef797c0674e65bf85c3439c3,
+V = 03708abbfa0a807e3540d8aa6c589c6993bcc0238986b317cfecbdc962fb459860,
+C = 02804191a4f52d8cf6948596122d89c079e4f6212420a263e66a693c1da94c3223,
+E = ff5bfd05347b361da4d159a29dae99df2ecdf2eec94fd4ade894398d9c4bc239,
+T = 4ca83780f3ab9e30e29c87c3cb6fa0eabb3e0f664d2c27a6bce05380c9ae92ae,
+U = 4edeef14e75585e7fd197c719fd3948f1f420a724d5c3a95eb5bff0bb38681a6,
+
+TEST = 6,
+R = 0375cd1b2c2de801df582927c5b7bb823d03544d818dc2b4ff754cdf3ef30c4c03,
+V = 039fe1711cd9f775105caa6db9cdea37023fccd81d2c03a36141cc15a009e3ee58,
+C = 03271d03e3c2105cd8dce4e17d7e76cb4174cd1631c8c2dcbdee5ef9d67312b2a4,
+E = 56eec5122920560f0b88db05c7912d517f1ba492d1f21e9ab747e354df7e6665,
+T = f53dc9b0e3580638a7ea996318663d207c73495ebadf47e8061597cf7addb557,
+U = af3c5fa843e6bb582820c9f8a7a050f4162980c2aaf15952cb615ec0c86e53ab,
+
+TEST = 7,
+R = 03a487f61837e87c747c2737172b962f79f90f3e485792db349390393c7bbec009,
+V = 025c58b47fac4b2bc4556782fd0ff5d6f2761520b256150167144bfe1589531d2b,
+C = 02de1aac64d96206096d82a9782d890593492c33b6fb2cd0eb3d5da13e37a0571e,
+E = 608e104063ace2a703cdb85d79a9817f7732fada6cd2447af523df25083fe01c,
+T = 36c6489ecae5ccb524d2f3166bcdfc71b77aac8cc25a61433cd1062e113103aa,
+U = b6dadf473f9e7a341848f0a6ea84962694afe9776cd5f45175d6902b64709e96,
+
+TEST = 8,
+R = 0345c3278b4d2e9fbb697b4a497bd41b068314b20a3556984286a348195e4bf87d,
+V = 028c61a27347c094aa299e95dc648cfde1d0ab65ee48a70bbc1d2fddbb43cea989,
+C = 0369298338f45f3e501e7f46d31ff4010425074b128e557bbc8ac5f80dbf764aa9,
+E = 9f553102958aecaf0d00130c36f5bc7c42eaa2ace113853ede0001ae5164a07b,
+T = a0b325d9e5b895ceae62621c1cf29d9a2fc4498fd1fc9937a63c8f32446080cc,
+U = a552b6f899eba8c5c2fdc67d2e8f20420a79002b2a8ed545c1332b2b2675eeb7,
+
+TEST = 9,
+R = 02c9ce032faa136eb3ad72225300a592a620d5a9a9f90bf303fab853e29bb68276,
+V = 02313802a1e8c0e23d830d0ddbc81f4b9bdf8636f79823a84ba57e3beb8d11c35d,
+C = 026647a49f2daed3ff69d03c9638bea864f125485af059fe60d640f9e9a0685944,
+E = fb92fc530bb01d308afc30190ec261d4474346107f33809abe4bef288891e2cb,
+T = f1be16549e065da6bf96466c9330194e92f2dde14fffb883922c98e6361f19f8,
+U = e9a57b8486df4a58021fb1f57e3fb8ac5a30a73de5868d6542a196fbf3fc47fb,
+
[incubator-milagro-MPC] 05/05: Fix schnorr documentation
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch add-dschnorr-proof
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit b8f064b8be3af9ae778f7c390f6ebf70705c5a4f
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Fri Feb 7 11:50:25 2020 +0000
Fix schnorr documentation
---
include/amcl/schnorr.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/amcl/schnorr.h b/include/amcl/schnorr.h
index e659b04..087d6ce 100644
--- a/include/amcl/schnorr.h
+++ b/include/amcl/schnorr.h
@@ -138,7 +138,8 @@ extern void SCHNORR_D_prove(octet *A, octet *B, octet *E, octet *S, octet *L, oc
* @param V Public ECP of the DLOG. V = s.R + l.G. Compressed form
* @param C Commitment value received from the prover
* @param E Challenge for the Schnorr Proof
- * @param P Proof received from the prover
+ * @param T First component of the proof received
+ * @param U Second component of the proof received
* @return SCHNORR_OK if the prove is valid or an error code
*/
extern int SCHNORR_D_verify(octet *R, octet *V, octet *C, octet *E, octet *T, octet *U);
[incubator-milagro-MPC] 03/05: add benchmakr and examples for
double schnorr proof
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch add-dschnorr-proof
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 0fefe8c23ed1f0d410506f2ea61d654797f2de90
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Thu Feb 6 13:30:36 2020 +0000
add benchmakr and examples for double schnorr proof
---
benchmark/bench_d_schnorr.c | 161 +++++++++++++++++++++++++++++++++++++++++++
examples/example_d_schnorr.c | 144 ++++++++++++++++++++++++++++++++++++++
2 files changed, 305 insertions(+)
diff --git a/benchmark/bench_d_schnorr.c b/benchmark/bench_d_schnorr.c
new file mode 100644
index 0000000..edf4226
--- /dev/null
+++ b/benchmark/bench_d_schnorr.c
@@ -0,0 +1,161 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/*
+ * Benchmark Schnorr's Proof.
+ */
+
+#include "bench.h"
+#include "amcl/schnorr.h"
+
+#define MIN_TIME 5.0
+#define MIN_ITERS 10
+
+// Proof input V = s.R + l.G
+char *S_hex = "803ccd21cddad626e15f21b1ad787949e9beef08e6e68a9e00df59dec16ed290";
+char *L_hex = "0c5afd75c3d8255e6c91dc4aac664337e1a87f74b40f35746fb8a81311715b31";
+char *R_hex = "032cf4b348c9d00718f01ed98923e164df53b5e8bc4c2250662ed2df784e1784f4";
+char *V_hex = "0381acba44dd777e95fdad8491e5aedfc5cdd2165070e2f29cc11a8e194cf3a65d";
+
+// Random values for commitments
+char *A_hex = "45ab980d9da6d7b45f35830afb6d5749fce755b86b83dd1720ab8b0c4ec05dd1";
+char *B_hex = "2291376f2e6e023df783d7d3155616778fb436a1eb20708922050e421321625e";
+
+int main()
+{
+ int rc;
+
+ int iterations;
+ clock_t start;
+ double elapsed;
+
+ char oct_s[SGS_SECP256K1];
+ octet S = {0, sizeof(oct_s), oct_s};
+
+ char oct_l[SGS_SECP256K1];
+ octet L = {0, sizeof(oct_l), oct_l};
+
+ char oct_r[SFS_SECP256K1 + 1];
+ octet R = {0, sizeof(oct_r), oct_r};
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+
+ char a[SGS_SECP256K1];
+ octet A = {0, sizeof(a), a};
+
+ char b[SGS_SECP256K1];
+ octet B = {0, sizeof(b), b};
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+
+ char t[SGS_SECP256K1];
+ octet T = {0, sizeof(t), t};
+
+ char u[SGS_SECP256K1];
+ octet U = {0, sizeof(u), u};
+
+ // Load values
+ OCT_fromHex(&S, S_hex);
+ OCT_fromHex(&L, L_hex);
+ OCT_fromHex(&R, R_hex);
+ OCT_fromHex(&V, V_hex);
+
+ OCT_fromHex(&A, A_hex);
+ OCT_fromHex(&B, B_hex);
+
+ print_system_info();
+
+ printf("Timing info\n");
+ printf("===========\n");
+
+ iterations=0;
+ start=clock();
+ do
+ {
+ rc = SCHNORR_D_commit(NULL, &R, &A, &B, &C);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ }
+ while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+
+ if (rc != SCHNORR_OK)
+ {
+ printf("FAILURE SCHNORR_D_commit: %d\n", rc);
+ exit(EXIT_FAILURE);
+ }
+
+ elapsed= MICROSECOND * elapsed / iterations;
+ printf("\tSCHNORR_D_commit\t%8d iterations\t",iterations);
+ printf("%8.2lf us per iteration\n",elapsed);
+
+ iterations=0;
+ start=clock();
+ do
+ {
+ SCHNORR_D_challenge(&R, &V, &C, &E);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ }
+ while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+
+ elapsed= MICROSECOND * elapsed / iterations;
+ printf("\tSCHNORR_D_challenge\t%8d iterations\t",iterations);
+ printf("%8.2lf us per iteration\n",elapsed);
+
+ iterations=0;
+ start=clock();
+ do
+ {
+ SCHNORR_D_prove(&A, &B, &E, &S, &L, &T, &U);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ }
+ while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+
+ elapsed= MICROSECOND * elapsed / iterations;
+ printf("\tSCHNORR_D_prove\t\t%8d iterations\t",iterations);
+ printf("%8.2lf us per iteration\n",elapsed);
+
+ iterations = 0;
+ start = clock();
+ do
+ {
+ rc = SCHNORR_D_verify(&R, &V, &C, &E, &T, &U);
+ iterations++;
+ elapsed = (clock() - start) / (double)CLOCKS_PER_SEC;
+ }
+ while (elapsed < MIN_TIME || iterations < MIN_ITERS);
+
+ if (rc != SCHNORR_OK)
+ {
+ printf("FAILURE SCHNORR_D_verify: %d\n", rc);
+ exit(EXIT_FAILURE);
+ }
+
+ elapsed = MICROSECOND * elapsed / iterations;
+ printf("\tSCHNORR_D_verify\t%8d iterations\t", iterations);
+ printf("%8.2lf us per iteration\n", elapsed);
+
+ exit(EXIT_SUCCESS);
+}
diff --git a/examples/example_d_schnorr.c b/examples/example_d_schnorr.c
new file mode 100644
index 0000000..552f157
--- /dev/null
+++ b/examples/example_d_schnorr.c
@@ -0,0 +1,144 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include "amcl/schnorr.h"
+
+/* Double Schnorr's proofs example */
+
+int main()
+{
+ int rc;
+
+ BIG_256_56 r;
+ BIG_256_56 s;
+ BIG_256_56 l;
+ BIG_256_56 q;
+ ECP_SECP256K1 G;
+ ECP_SECP256K1 ECPR;
+
+ char oct_s[SGS_SECP256K1];
+ octet S = {0, sizeof(oct_s), oct_s};
+
+ char oct_l[SGS_SECP256K1];
+ octet L = {0, sizeof(oct_l), oct_l};
+
+ char oct_r[SFS_SECP256K1 + 1];
+ octet R = {0, sizeof(oct_r), oct_r};
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+
+ char a[SGS_SECP256K1];
+ octet A = {0, sizeof(a), a};
+
+ char b[SGS_SECP256K1];
+ octet B = {0, sizeof(b), b};
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+
+ char t[SGS_SECP256K1];
+ octet T = {0, sizeof(t), t};
+
+ char u[SGS_SECP256K1];
+ octet U = {0, sizeof(u), u};
+
+ // Deterministic RNG for example
+ char seed[32] = {0};
+ csprng RNG;
+ RAND_seed(&RNG, 32, seed);
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ ECP_SECP256K1_generator(&G);
+ ECP_SECP256K1_generator(&ECPR);
+
+ // Generate public R
+ BIG_256_56_randomnum(r, q, &RNG);
+ ECP_SECP256K1_mul(&ECPR, r);
+
+ ECP_SECP256K1_toOctet(&R, &ECPR, 1);
+
+ // Generate double DLOG
+ BIG_256_56_randomnum(s, q, &RNG);
+ BIG_256_56_randomnum(l, q, &RNG);
+
+ ECP_SECP256K1_mul2(&G, &ECPR, l, s);
+
+ BIG_256_56_toBytes(S.val, s);
+ BIG_256_56_toBytes(L.val, l);
+ S.len = SGS_SECP256K1;
+ L.len = SGS_SECP256K1;
+
+ ECP_SECP256K1_toOctet(&V, &G, 1);
+
+ printf("Double Schnorr's Proof of knowledge of a DLOG. V = s.R + l.G\n");
+ printf("\ts = ");
+ OCT_output(&S);
+ printf("\tl = ");
+ OCT_output(&L);
+ printf("\tR = ");
+ OCT_output(&R);
+ printf("\tV = ");
+ OCT_output(&V);
+
+ printf("\nGenerate a commitment C = a.R + b.G\n");
+ rc = SCHNORR_D_commit(&RNG, &R, &A, &B, &C);
+ if (rc != SCHNORR_OK)
+ {
+ printf("FAILURE SCHNORR_D_commit. RC %d\n", rc);
+ exit(EXIT_FAILURE);
+ }
+
+ printf("\ta = ");
+ OCT_output(&A);
+ printf("\tb = ");
+ OCT_output(&B);
+ printf("\tC = ");
+ OCT_output(&C);
+
+ printf("\nGenerate a challenge from the public parameters\n");
+ SCHNORR_D_challenge(&R, &V, &C, &E);
+
+ printf("\te = ");
+ OCT_output(&E);
+
+ printf("\nGenerate the proof (t, u)\n");
+ SCHNORR_D_prove(&A, &B, &E, &S, &L, &T, &U);
+
+ printf("\tt = ");
+ OCT_output(&T);
+ printf("\tu = ");
+ OCT_output(&U);
+
+ printf("\nTransmit proof (C,t,u) for V\n");
+
+ printf("\nCompute challenge from public parameters and verify proof\n");
+ rc = SCHNORR_D_verify(&R, &V, &C, &E, &T, &U);
+ if (rc != SCHNORR_OK)
+ {
+ printf("\tFailure! RC %d\n", rc);
+ }
+ else
+ {
+ printf("\tSuccess!\n");
+ }
+}
\ No newline at end of file
[incubator-milagro-MPC] 01/05: Add double Schnorr proof
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch add-dschnorr-proof
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 877350cf1910eea88162b7eb7a14b086a35b48e2
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Thu Feb 6 13:29:28 2020 +0000
Add double Schnorr proof
---
include/amcl/schnorr.h | 54 ++++++++++++++-
src/schnorr.c | 182 ++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 224 insertions(+), 12 deletions(-)
diff --git a/include/amcl/schnorr.h b/include/amcl/schnorr.h
index a3d9fdd..3a091cb 100644
--- a/include/amcl/schnorr.h
+++ b/include/amcl/schnorr.h
@@ -41,7 +41,7 @@ extern "C"
#define SFS_SECP256K1 MODBYTES_256_56 /**< Schnorr Field Size */
#define SCHNORR_OK 0 /**< Valid proof */
-#define SCHNORR_FAIL 51 /**< Invalid proof */
+#define SCHNORR_FAIL 51 /**< Invalid proof */
#define SCHNORR_INVALID_ECP 52 /**< Not a valid point on the curve */
/* Classic Schnorr's proofs API */
@@ -83,6 +83,58 @@ extern void SCHNORR_prove(octet *R, octet *E, octet *X, octet *P);
*/
extern int SCHNORR_verify(octet *V, octet *C, octet *E, octet *P);
+/* Double Schnorr's proofs API */
+
+// The double Schnorr Proof allows to prove knwoldedge of
+// s,l s.t. V = s.R + l.G for some R ECP
+
+/*! \brief Generate a commitment for the proof
+ *
+ * @param RNG CSPRNG to use for commitment
+ * @param R Public ECP base of the DLOG. Compressed form
+ * @param A Secret value used for the commitment. If RNG is NULL this is read
+ * @param B Secret value used for the commitment. If RNG is NULL this is read
+ * @param C Public commitment value. An ECP in compressed form
+ * @return SCHNORR_INVALID_ECP if R is not a valid ECP, SCHNORR_OK otherwise
+ */
+extern int SCHNORR_D_commit(csprng *RNG, octet *R, octet *A, octet *B, octet *C);
+
+/*! \brief Generate the challenge for the proof
+ *
+ * Compute the challenge for the proof. RFC8235#section-3.3 can not be applied
+ * here, but we try to follow closely by treating R like a secondary generator.
+ * Returns H(G, R, C, V)
+ *
+ * @param V Public ECP result of the DLOG. V = s.R + l.G. Compressed form
+ * @param R Public ECP base of the DLOG. Compressed form
+ * @param C Public commitment value. Compressed form
+ * @param E Challenge generated
+ */
+extern void SCHNORR_D_challenge(octet *R, octet *V, octet *C, octet *E);
+
+/*! \brief Generate the proof for the given commitment and challenge
+ *
+ * @param A Secret value used for the commitment
+ * @param B Secret value used for the commitment
+ * @param E Challenge received from the verifier
+ * @param S Secret exponent of the DLOG. V = s.R + l.G
+ * @param L Secret exponent of the DLOG. V = s.R + l.G
+ * @param T First component of the proof of knowldege of the DLOG
+ * @param U Second component of the proof of knowldege of the DLOG
+ */
+extern void SCHNORR_D_prove(octet *A, octet *B, octet *E, octet *S, octet *L, octet *T, octet *U);
+
+/*! \brief Verify the proof of knowledge for the DLOG
+ *
+ * @param R Public ECP base of the DLOG. Compressed form
+ * @param V Public ECP of the DLOG. V = s.R + l.G. Compressed form
+ * @param C Commitment value received from the prover
+ * @param E Challenge for the Schnorr Proof
+ * @param P Proof received from the prover
+ * @return SCHNORR_OK if the prove is valid or an error code
+ */
+extern int SCHNORR_D_verify(octet *R, octet *V, octet *C, octet *E, octet *T, octet *U);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/schnorr.c b/src/schnorr.c
index 7be9103..eb1a7a3 100644
--- a/src/schnorr.c
+++ b/src/schnorr.c
@@ -44,7 +44,7 @@ void SCHNORR_commit(csprng *RNG, octet *R, octet *C)
{
BIG_256_56_randomnum(r, q, RNG);
BIG_256_56_toBytes(R->val, r);
- R->len = MODBYTES_256_56;
+ R->len = SGS_SECP256K1;
}
else
{
@@ -70,7 +70,7 @@ void SCHNORR_challenge(octet *V, octet *C, octet *E)
BIG_256_56 q;
ECP_SECP256K1 G;
- char o[2 * SFS_SECP256K1 + 1];
+ char o[SFS_SECP256K1 + 1];
octet O = {0, sizeof(o), o};
BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
@@ -89,7 +89,7 @@ void SCHNORR_challenge(octet *V, octet *C, octet *E)
BIG_256_56_mod(e, q);
BIG_256_56_toBytes(E->val, e);
- E->len = MODBYTES_256_56;
+ E->len = SGS_SECP256K1;
}
void SCHNORR_prove(octet *R, octet *E, octet *X, octet *P)
@@ -97,7 +97,6 @@ void SCHNORR_prove(octet *R, octet *E, octet *X, octet *P)
BIG_256_56 r;
BIG_256_56 e;
BIG_256_56 x;
- BIG_256_56 p;
BIG_256_56 q;
DBIG_256_56 d;
@@ -110,17 +109,17 @@ void SCHNORR_prove(octet *R, octet *E, octet *X, octet *P)
// Generate proof r - (e * x) mod the curve order
BIG_256_56_mul(d, e, x);
- BIG_256_56_dmod(p, d, q);
- BIG_256_56_modneg(p, p, q);
- BIG_256_56_add(p, p, r);
- BIG_256_56_mod(p, q);
+ BIG_256_56_dmod(x, d, q);
+ BIG_256_56_modneg(x, x, q);
+ BIG_256_56_add(x, x, r);
+ BIG_256_56_mod(x, q);
- BIG_256_56_toBytes(P->val, p);
- P->len = MODBYTES_256_56;
+ BIG_256_56_toBytes(P->val, x);
+ P->len = SGS_SECP256K1;
// Clean memory
BIG_256_56_zero(r);
- BIG_256_56_zero(x);
+ BIG_256_56_dzero(d);
}
int SCHNORR_verify(octet *V, octet*C, octet *E, octet *P)
@@ -162,3 +161,164 @@ int SCHNORR_verify(octet *V, octet*C, octet *E, octet *P)
return SCHNORR_OK;
}
+
+int SCHNORR_D_commit(csprng *RNG, octet *R, octet *A, octet *B, octet *C)
+{
+ BIG_256_56 a;
+ BIG_256_56 b;
+ BIG_256_56 q;
+
+ ECP_SECP256K1 G;
+ ECP_SECP256K1 ECPR;
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ ECP_SECP256K1_generator(&G);
+
+ if (!ECP_SECP256K1_fromOctet(&ECPR, R))
+ {
+ return SCHNORR_INVALID_ECP;
+ }
+
+ // Read or generate secrets A, B
+ if (RNG != NULL)
+ {
+ BIG_256_56_randomnum(a, q, RNG);
+ BIG_256_56_randomnum(b, q, RNG);
+ BIG_256_56_toBytes(A->val, a);
+ BIG_256_56_toBytes(B->val, b);
+ A->len = SGS_SECP256K1;
+ B->len = SGS_SECP256K1;
+ }
+ else
+ {
+ BIG_256_56_fromBytesLen(a, A->val, A->len);
+ BIG_256_56_fromBytesLen(b, B->val, B->len);
+ }
+
+ // Generate commitment C = a.R + b.G
+ ECP_SECP256K1_mul2(&ECPR, &G, a, b);
+ ECP_SECP256K1_toOctet(C, &ECPR, 1);
+
+ // Clean memory
+ BIG_256_56_zero(a);
+ BIG_256_56_zero(b);
+
+ return SCHNORR_OK;
+}
+
+void SCHNORR_D_challenge(octet *R, octet *V, octet *C, octet *E)
+{
+ hash256 sha;
+
+ BIG_256_56 e;
+ BIG_256_56 q;
+ ECP_SECP256K1 G;
+
+ char o[SFS_SECP256K1 + 1];
+ octet O = {0, sizeof(o), o};
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+
+ ECP_SECP256K1_generator(&G);
+ ECP_SECP256K1_toOctet(&O, &G, 1);
+
+ // e = H(G,R,C,V) mod q
+ HASH256_init(&sha);
+ hash_octet(&sha, &O);
+ hash_octet(&sha, R);
+ hash_octet(&sha, C);
+ hash_octet(&sha, V);
+ HASH256_hash(&sha, o);
+
+ BIG_256_56_fromBytesLen(e, o, SHA256);
+ BIG_256_56_mod(e, q);
+
+ BIG_256_56_toBytes(E->val, e);
+ E->len = MODBYTES_256_56;
+}
+
+void SCHNORR_D_prove(octet *A, octet *B, octet *E, octet *S, octet *L, octet *T, octet *U)
+{
+ BIG_256_56 r;
+ BIG_256_56 e;
+ BIG_256_56 x;
+ BIG_256_56 q;
+ DBIG_256_56 d;
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ BIG_256_56_fromBytesLen(e, E->val, E->len);
+
+ // Generate proof t = a + (e * s) mod the curve order
+ BIG_256_56_fromBytesLen(x, S->val, S->len);
+ BIG_256_56_fromBytesLen(r, A->val, A->len);
+
+ BIG_256_56_mul(d, e, x);
+ BIG_256_56_dmod(x, d, q);
+ BIG_256_56_add(x, x, r);
+ BIG_256_56_mod(x, q);
+
+ BIG_256_56_toBytes(T->val, x);
+ T->len = SGS_SECP256K1;
+
+ // Generate proof u = b + (e * l) mod the curve order
+ BIG_256_56_fromBytesLen(x, L->val, L->len);
+ BIG_256_56_fromBytesLen(r, B->val, B->len);
+
+ BIG_256_56_mul(d, e, x);
+ BIG_256_56_dmod(x, d, q);
+ BIG_256_56_add(x, x, r);
+ BIG_256_56_mod(x, q);
+
+ BIG_256_56_toBytes(U->val, x);
+ U->len = SGS_SECP256K1;
+
+ // Clean memory
+ BIG_256_56_zero(r);
+ BIG_256_56_dzero(d);
+}
+
+int SCHNORR_D_verify(octet *R, octet *V, octet *C, octet *E, octet *T, octet *U)
+{
+ ECP_SECP256K1 G;
+ ECP_SECP256K1 ECPR;
+ ECP_SECP256K1 ECPV;
+ ECP_SECP256K1 ECPC;
+
+ BIG_256_56 t;
+ BIG_256_56 u;
+
+ // Read octets
+ if (!ECP_SECP256K1_fromOctet(&ECPV, V))
+ {
+ return SCHNORR_INVALID_ECP;
+ }
+
+ if (!ECP_SECP256K1_fromOctet(&ECPR, R))
+ {
+ return SCHNORR_INVALID_ECP;
+ }
+
+ if (!ECP_SECP256K1_fromOctet(&ECPC, C))
+ {
+ return SCHNORR_INVALID_ECP;
+ }
+
+ BIG_256_56_fromBytesLen(t, T->val, T->len);
+ BIG_256_56_fromBytesLen(u, U->val, U->len);
+
+ // Compute verification t.R + u.G
+ ECP_SECP256K1_generator(&G);
+ ECP_SECP256K1_mul2(&ECPR, &G, t, u);
+
+ // Compute ground truth C + e.V
+ BIG_256_56_fromBytesLen(t, E->val, E->len);
+ ECP_SECP256K1_mul(&ECPV, t);
+ ECP_SECP256K1_add(&ECPV, &ECPC);
+
+ if (!ECP_SECP256K1_equals(&ECPV, &ECPR))
+ {
+ return SCHNORR_FAIL;
+ }
+
+ return SCHNORR_OK;
+}
[incubator-milagro-MPC] 04/05: Add support for interactive
schnorr/double schnorr proofs
Posted by sa...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
sandreoli pushed a commit to branch add-dschnorr-proof
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-MPC.git
commit 12f32776502f15ad11de6b2ff0d3c80f638179df
Author: Samuele Andreoli <sa...@yahoo.it>
AuthorDate: Thu Feb 6 13:30:53 2020 +0000
Add support for interactive schnorr/double schnorr proofs
---
examples/example_schnorr_interactive.c | 103 ++++++++++++++++++++++++++++
include/amcl/schnorr.h | 8 +++
src/schnorr.c | 13 ++++
test/smoke/test_schnorr_interactive_smoke.c | 81 ++++++++++++++++++++++
test/unit/CMakeLists.txt | 14 ++--
5 files changed, 215 insertions(+), 4 deletions(-)
diff --git a/examples/example_schnorr_interactive.c b/examples/example_schnorr_interactive.c
new file mode 100644
index 0000000..9373dc0
--- /dev/null
+++ b/examples/example_schnorr_interactive.c
@@ -0,0 +1,103 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include "amcl/schnorr.h"
+
+/* Schnorr's proofs example */
+
+int main()
+{
+ int rc;
+
+ BIG_256_56 x;
+ BIG_256_56 q;
+ ECP_SECP256K1 G;
+
+ char x_char[SGS_SECP256K1];
+ octet X = {0, sizeof(x_char), x_char};
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+
+ char r[SGS_SECP256K1];
+ octet R = {0, sizeof(r), r};
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+
+ char p[SGS_SECP256K1];
+ octet P = {0, sizeof(p), p};
+
+ // Deterministic RNG for example
+ char seed[32] = {0};
+ csprng RNG;
+ RAND_seed(&RNG, 32, seed);
+
+ // Generate DLOG
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ BIG_256_56_randomnum(x, q, &RNG);
+
+ ECP_SECP256K1_generator(&G);
+ ECP_SECP256K1_mul(&G, x);
+
+ BIG_256_56_toBytes(X.val, x);
+ X.len = SGS_SECP256K1;
+
+ ECP_SECP256K1_toOctet(&V, &G, 1);
+
+ printf("Schnorr's Proof of knowledge of a DLOG. V = x.G\n");
+ printf("\tx = ");
+ OCT_output(&X);
+ printf("\tV = ");
+ OCT_output(&V);
+
+ printf("\n[Prover] Generate and transmit a commitment C = r.G\n");
+ SCHNORR_commit(&RNG, &R, &C);
+
+ printf("\tr = ");
+ OCT_output(&R);
+ printf("\tC = ");
+ OCT_output(&C);
+
+ printf("\n[Verifier] Generate and send back a random challenge\n");
+ SCHNORR_random_challenge(&RNG, &E);
+
+ printf("\te = ");
+ OCT_output(&E);
+
+ printf("\n[Prover] Generate and transmit the proof p for C = r.G and E\n");
+ SCHNORR_prove(&R, &E, &X, &P);
+
+ printf("\tp = ");
+ OCT_output(&P);
+
+ printf("\n[Verifier] Verify the proof against V, C and e\n");
+ rc = SCHNORR_verify(&V, &C, &E, &P);
+ if (rc)
+ {
+ printf("\tFailure! RC %d\n", rc);
+ }
+ else
+ {
+ printf("\tSuccess!\n");
+ }
+}
\ No newline at end of file
diff --git a/include/amcl/schnorr.h b/include/amcl/schnorr.h
index 3a091cb..e659b04 100644
--- a/include/amcl/schnorr.h
+++ b/include/amcl/schnorr.h
@@ -44,6 +44,14 @@ extern "C"
#define SCHNORR_FAIL 51 /**< Invalid proof */
#define SCHNORR_INVALID_ECP 52 /**< Not a valid point on the curve */
+/*! \brief Generate random challenge for any Schnorr Proof
+ *
+ * Generate a random challenge that can be used to make any
+ * of the following Schnorr Proofs interactive. This can be used
+ * to be interoperable with other implementations.
+ */
+extern void SCHNORR_random_challenge(csprng *RNG, octet *E);
+
/* Classic Schnorr's proofs API */
/*! \brief Generate a commitment for the proof
diff --git a/src/schnorr.c b/src/schnorr.c
index eb1a7a3..0d2a96f 100644
--- a/src/schnorr.c
+++ b/src/schnorr.c
@@ -29,6 +29,19 @@ void hash_octet(hash256 *sha, octet *O)
}
}
+void SCHNORR_random_challenge(csprng *RNG, octet *E)
+{
+ BIG_256_56 e;
+ BIG_256_56 q;
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+
+ BIG_256_56_randomnum(e, q, RNG);
+
+ BIG_256_56_toBytes(E->val, e);
+ E->len = SGS_SECP256K1;
+}
+
/* Classic Schnorr's Proof Definitions */
void SCHNORR_commit(csprng *RNG, octet *R, octet *C)
diff --git a/test/smoke/test_schnorr_interactive_smoke.c b/test/smoke/test_schnorr_interactive_smoke.c
new file mode 100644
index 0000000..82a8d14
--- /dev/null
+++ b/test/smoke/test_schnorr_interactive_smoke.c
@@ -0,0 +1,81 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+#include "amcl/schnorr.h"
+
+/* Schnorr's proofs smoke test using random challenge */
+
+int main()
+{
+ int rc;
+
+ BIG_256_56 x;
+ BIG_256_56 q;
+ ECP_SECP256K1 G;
+
+ char x_char[SGS_SECP256K1];
+ octet X = {0, sizeof(x_char), x_char};
+
+ char v[SFS_SECP256K1+1];
+ octet V = {0, sizeof(v), v};
+
+ char r[SGS_SECP256K1];
+ octet R = {0, sizeof(r), r};
+
+ char c[SFS_SECP256K1+1];
+ octet C = {0, sizeof(c), c};
+
+ char e[SGS_SECP256K1];
+ octet E = {0, sizeof(e), e};
+
+ char p[SGS_SECP256K1];
+ octet P = {0, sizeof(p), p};
+
+ // Deterministic RNG for testing
+ char seed[32] = {0};
+ csprng RNG;
+ RAND_seed(&RNG, 32, seed);
+
+ BIG_256_56_rcopy(q, CURVE_Order_SECP256K1);
+ BIG_256_56_randomnum(x, q, &RNG);
+
+ ECP_SECP256K1_generator(&G);
+ ECP_SECP256K1_mul(&G, x);
+
+ BIG_256_56_toBytes(X.val, x);
+ X.len = SGS_SECP256K1;
+
+ ECP_SECP256K1_toOctet(&V, &G, 1);
+
+ SCHNORR_commit(&RNG, &R, &C);
+
+ SCHNORR_random_challenge(&RNG, &E);
+
+ SCHNORR_prove(&R, &E, &X, &P);
+
+ rc = SCHNORR_verify(&V, &C, &E, &P);
+ if (rc)
+ {
+ printf("FAILURE SCHNORR_verify. RC %d\n", rc);
+ exit(EXIT_FAILURE);
+ }
+
+ printf("SUCCESS\n");
+ exit(EXIT_SUCCESS);
+}
\ No newline at end of file
diff --git a/test/unit/CMakeLists.txt b/test/unit/CMakeLists.txt
index c03672f..e1f0ffb 100644
--- a/test/unit/CMakeLists.txt
+++ b/test/unit/CMakeLists.txt
@@ -52,13 +52,19 @@ amcl_test(test_factoring_zk_prove test_factoring_zk_prove.c amcl_mpc "SUCCESS"
amcl_test(test_factoring_zk_verify test_factoring_zk_verify.c amcl_mpc "SUCCESS" "factoring_zk/verify.txt")
# Classic Schnorr tests
-amcl_test(test_schnorr_commit test_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/commit.txt")
+amcl_test(test_schnorr_commit test_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/commit.txt")
amcl_test(test_schnorr_challenge test_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/challenge.txt")
-amcl_test(test_schnorr_prove test_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/prove.txt")
-amcl_test(test_schnorr_verify test_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/verify.txt")
+amcl_test(test_schnorr_prove test_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/prove.txt")
+amcl_test(test_schnorr_verify test_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/verify.txt")
+
+# Double Schnorr tests
+amcl_test(test_d_schnorr_commit test_d_schnorr_commit.c amcl_mpc "SUCCESS" "schnorr/dcommit.txt")
+amcl_test(test_d_schnorr_challenge test_d_schnorr_challenge.c amcl_mpc "SUCCESS" "schnorr/dchallenge.txt")
+amcl_test(test_d_schnorr_prove test_d_schnorr_prove.c amcl_mpc "SUCCESS" "schnorr/dprove.txt")
+amcl_test(test_d_schnorr_verify test_d_schnorr_verify.c amcl_mpc "SUCCESS" "schnorr/dverify.txt")
# BC Commitment tests
-amcl_test(test_bc_setup test_bc_setup.c amcl_mpc "SUCCESS" "commitments/bc_setup.txt")
+amcl_test(test_bc_setup test_bc_setup.c amcl_mpc "SUCCESS" "commitments/bc_setup.txt")
amcl_test(test_bc_internals test_bc_internals.c amcl_mpc "SUCCESS")
# MTA Range Proof tests