Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
Download
80559 views
Tweet
Share
Share
1
var assert = require('assert');

2
var bn = require('bn.js');

3
var elliptic = require('../');

4


5
describe('Curve', function() {

6
  it('should work with example curve', function() {

7
    var curve = new elliptic.curve.short({

8
      p: '1d',

9
      a: '4',

10
      b: '14'

11
    });

12


13
    var p = curve.point('18', '16');

14
    assert(p.validate());

15
    assert(p.dbl().validate());

16
    assert(p.dbl().add(p).validate());

17
    assert(p.dbl().add(p.dbl()).validate());

18
    assert(p.dbl().add(p.dbl()).eq(p.add(p).add(p).add(p)));

19
  });

20


21
  it('should work with secp112k1', function() {

22
    var curve = new elliptic.curve.short({

23
      p: 'db7c 2abf62e3 5e668076 bead208b',

24
      a: 'db7c 2abf62e3 5e668076 bead2088',

25
      b: '659e f8ba0439 16eede89 11702b22'

26
    });

27


28
    var p = curve.point(

29
      '0948 7239995a 5ee76b55 f9c2f098',

30
      'a89c e5af8724 c0a23e0e 0ff77500');

31
    assert(p.validate());

32
    assert(p.dbl().validate());

33
  });

34


35
  it('should work with secp256k1', function() {

36
    var curve = new elliptic.curve.short({

37
      p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ' +

38
             'fffffc2f',

39
      a: '0',

40
      b: '7',

41
      n: 'ffffffff ffffffff ffffffff fffffffe ' +

42
             'baaedce6 af48a03b bfd25e8c d0364141',

43
      g: [

44
        '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',

45
        '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8'

46
      ]

47
    });

48


49
    var p = curve.point(

50
      '79be667e f9dcbbac 55a06295 ce870b07 029bfcdb 2dce28d9 59f2815b 16f81798',

51
      '483ada77 26a3c465 5da4fbfc 0e1108a8 fd17b448 a6855419 9c47d08f fb10d4b8'

52
    );

53
    assert(p.validate());

54
    assert(p.dbl().validate());

55
    assert(p.toJ().dbl().toP().validate());

56
    assert(p.mul(new bn('79be667e f9dcbbac 55a06295 ce870b07', 16)).validate());

57


58
    var j = p.toJ();

59
    assert(j.trpl().eq(j.dbl().add(j)));

60


61
    // Endomorphism test

62
    assert(curve.endo);

63
    assert.equal(

64
      curve.endo.beta.fromRed().toString(16),

65
      '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee');

66
    assert.equal(

67
      curve.endo.lambda.toString(16),

68
      '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72');

69


70
    var k = new bn('1234567890123456789012345678901234', 16);

71
    var split = curve._endoSplit(k);

72
    assert.equal(

73
      split.k1.add(split.k2.mul(curve.endo.lambda)).mod(curve.n).toString(16),

74
      k.toString(16));

75
  });

76


77
  it('should compute this problematic secp256k1 multiplication', function() {

78
    var curve = elliptic.curves.secp256k1.curve;

79
    var g1 = curve.g; // precomputed g

80
    assert(g1.precomputed);

81
    var g2 = curve.point(g1.getX(), g1.getY()); // not precomputed g

82
    assert(!g2.precomputed);

83
    var a = new bn('6d1229a6b24c2e775c062870ad26bc261051e0198c67203167273c7c62538846', 16);

84
    var p1 = g1.mul(a);

85
    var p2 = g2.mul(a);

86
    assert(p1.eq(p2));

87
  });

88


89
  it('should not fail on secp256k1 regression', function() {

90
    var curve = elliptic.curves.secp256k1.curve;

91
    var k1 = new bn('32efeba414cd0c830aed727749e816a01c471831536fd2fce28c56b54f5a3bb1', 16);

92
    var k2 = new bn('5f2e49b5d64e53f9811545434706cde4de528af97bfd49fde1f6cf792ee37a8c', 16);

93


94
    var p1 = curve.g.mul(k1);

95
    var p2 = curve.g.mul(k2);

96


97
    // 2 + 2 + 1 = 2 + 1 + 2

98
    var two = p2.dbl();

99
    var five = two.dbl().add(p2);

100
    var three = two.add(p2);

101
    var maybeFive = three.add(two);

102


103
    assert(maybeFive.eq(five));

104


105
    p1 = p1.mul(k2);

106
    p2 = p2.mul(k1);

107


108
    assert(p1.validate());

109
    assert(p2.validate());

110
    assert(p1.eq(p2));

111
  });

112


113
  it('should correctly double the affine point on secp256k1', function() {

114
    var bad = {

115
      x: '026a2073b1ef6fab47ace18e60e728a05180a82755bbcec9a0abc08ad9f7a3d4',

116
      y: '9cd8cb48c3281596139f147c1364a3ede88d3f310fdb0eb98c924e599ca1b3c9',

117
      z: 'd78587ad45e4102f48b54b5d85598296e069ce6085002e169c6bad78ddc6d9bd'

118
    };

119


120
    var good = {

121
      x: 'e7789226739ac2eb3c7ccb2a9a910066beeed86cdb4e0f8a7fee8eeb29dc7016',

122
      y: '4b76b191fd6d47d07828ea965e275b76d0e3e0196cd5056d38384fbb819f9fcb',

123
      z: 'cbf8d99056618ba132d6145b904eee1ce566e0feedb9595139c45f84e90cfa7d'

124
    };

125


126
    var curve = elliptic.curves.secp256k1.curve;

127
    bad = curve.jpoint(bad.x, bad.y, bad.z);

128
    good = curve.jpoint(good.x, good.y, good.z);

129


130
    // They are the same points

131
    assert(bad.add(good.neg()).isInfinity());

132


133
    // But doubling borks them out

134
    assert(bad.dbl().add(good.dbl().neg()).isInfinity());

135
  });

136


137
  it('should store precomputed values correctly on negation', function() {

138
    var curve = elliptic.curves.secp256k1.curve;

139
    var p = curve.g.mul('2');

140
    p.precompute();

141
    var neg = p.neg(true);

142
    var neg2 = neg.neg(true);

143
    assert(p.eq(neg2));

144
  });

145
});

146


147