|
@@ -69,6 +69,11 @@ def signatureWithESK(m,h,pk):
|
|
|
def newSK():
|
|
|
return os.urandom(32)
|
|
|
|
|
|
+def random_scalar(entropy_f): # 0..L-1 inclusive
|
|
|
+ # reduce the bias to a safe level by generating 256 extra bits
|
|
|
+ oversized = int(binascii.hexlify(entropy_f(32+32)), 16)
|
|
|
+ return oversized % ell
|
|
|
+
|
|
|
# ------------------------------------------------------------
|
|
|
|
|
|
MSG = "This is extremely silly. But it is also incredibly serious business!"
|
|
@@ -126,6 +131,31 @@ class SelfTest(unittest.TestCase):
|
|
|
|
|
|
self._testSignatures(besk, bpk)
|
|
|
|
|
|
+ def testIdentity(self):
|
|
|
+ # Base point:
|
|
|
+ # B is the unique point (x, 4/5) \in E for which x is positive
|
|
|
+ By = 4 * inv(5)
|
|
|
+ Bx = xrecover(By)
|
|
|
+ B = [Bx % q,By % q]
|
|
|
+
|
|
|
+ # Get identity E by doing: E = l*B, where l is the group order
|
|
|
+ identity = scalarmult(B, ell)
|
|
|
+
|
|
|
+ # Get identity E by doing: E = l*A, where A is a random point
|
|
|
+ sk = newSK()
|
|
|
+ pk = decodepoint(publickey(sk))
|
|
|
+ identity2 = scalarmult(pk, ell)
|
|
|
+
|
|
|
+ # Check that identities match
|
|
|
+ assert(identity == identity2)
|
|
|
+ # Check that identity is the point (0,1)
|
|
|
+ assert(identity == [0L,1L])
|
|
|
+
|
|
|
+ # Check identity element: a*E = E, where a is a random scalar
|
|
|
+ scalar = random_scalar(os.urandom)
|
|
|
+ result = scalarmult(identity, scalar)
|
|
|
+ assert(result == identity == identity2)
|
|
|
+
|
|
|
# ------------------------------------------------------------
|
|
|
|
|
|
# From pprint.pprint([ binascii.b2a_hex(os.urandom(32)) for _ in xrange(8) ])
|