plutus-core-1.45.0.0: Language library for Plutus Core
Safe HaskellSafe-Inferred
LanguageHaskell2010

Evaluation.Builtins.BLS12_381

Description

Property tests for the BLS12-381 builtins

Synopsis

Documentation

mkTestName ∷ ∀ g. TestableAbelianGroup g ⇒ StringString Source #

withNTestsTestable prop ⇒ prop → Property Source #

arbitraryConstant ∷ ∀ g. TestableAbelianGroup g ⇒ Gen PlcTerm Source #

arbitraryScalarGen PlcTerm Source #

millerLoopTermPlcTermPlcTermPlcTerm Source #

mulMlResultTermPlcTermPlcTermPlcTerm Source #

finalVerifyTermPlcTermPlcTermPlcTerm Source #

test_add_assoc ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

Group addition is associative.

test_add_zero ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

Zero is an identity for addition.

test_neg ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

Every element has an inverse | a+(-a) = 0 for all group elements.

test_add_commutative ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

Group addition is commutative.

test_is_an_abelian_group ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

test_scalarMul_assoc ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

(ab)p = a(bp) for all scalars a and b and all group elements p.

test_scalarMul_distributive_left ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

(a+b)p = ap +bp for all scalars a and b and all group elements p.

test_scalarMul_distributive_right ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

a(p+q) = ap + aq for all scalars a and all group elements p and q.

test_scalarMul_zero ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

0p = 0 for all group elements p.

test_scalarMul_one ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

1p = p for all group elements p.

test_scalarMul_inverse ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

(-1)p = -p for all group elements p.

test_scalarMul_repeated_addition ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

test_scalarMul_periodic ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

test_Z_action_good ∷ ∀ g. TestableAbelianGroup g ⇒ TestTree Source #

test_roundtrip_compression ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

test_uncompression_wrong_size ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

Uncompression should only accept inputs of the expected length, so we check it on random inputs of the incorrect length. Inputs of the expected length are excluded by the incorrectSize predicate; however even if an input did have the expected length it would be very unlikely to deserialise to a point in the group because the cofactors are very big (7.6*10^37 for G1 and 3.1*10^152 for G2).

test_uncompress_out_of_group ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

This tests the case we've omitted in the previous test, and should fail with very high probablity. It's quite difficult to test this with random inputs. We can improve our chances of getting a bytestring which encodes a point on the curve by setting the compression bit and clearing the infinity bit, but about 50% of the samples will still not be the x-coordinate of a point on the curve. We can also generate points with an x-coordinate that's bigger than the field size (especially for G2), which will give us a bad encoding. Maybe this just isn't a very good test.

test_compression_bit_set ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

Check that the most significant bit is set for all compressed points

test_clear_compression_bit ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

Check that bytestrings with the compression bit clear fail to uncompress.

test_flip_sign_bit ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

Check that flipping the sign bit in a compressed point gives the inverse of the point.

test_set_infinity_bit ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

Check that bytestrings with the infinity bit set fail to uncompress.

numHashCollisionInputsInt Source #

test_no_hash_collisions ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

Hashing into G1 or G2 should be collision-free. A failure here would suggest an implementation error somewhere. Here we test multiple messages but always use an empty Domain Separation Tag.

test_no_hash_collisions_dst ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

Test that we get no collisions if we keep the message constant but vary the DST. DSTs can be at most 255 bytes long in Plutus Core; there's a test elsewhere that we get a failure for longer DSTs. This test could fail (but not because of a hash collision) if we let it generate longer DSTs because the final list could contain multiple occurrences of CekError.

test_compress_hash ∷ ∀ g. HashAndCompress g ⇒ TestTree Source #

test_pairing_left_additiveTestTree Source #

test_pairing_right_additiveTestTree Source #

test_pairing_balancedTestTree Source #

test_random_pairingTestTree Source #

test_BLS12_381TestTree Source #