all tests complete

Author: siv2r

examples/schnorr_adaptor.c

@@ -16,7 +16,7 @@
 #include <secp256k1_schnorr_adaptor.h>
 
 #include "examples_util.h"
-/* TODO: what's Z+A+B?*/
+/* TODO: make is clear, like multi_hop_tests of ECDSA adaptor */
 int main(void) {
     unsigned char msg[12] = "Hello World!";
     unsigned char msg_hash[32];
@@ -96,8 +96,7 @@ int main(void) {
 	assert(memcmp(sec_adaptor, extracted_sec_adaptor, sizeof(sec_adaptor)) == 0);
 
 	/* Alice subtracts out local blinding factor `b`, can now claim incoming
-	 * PTLC from Alice with sec_adaptor(=z+a)
-	 */
+	 * PTLC from Alice with sec_adaptor(=z+a) */
 
 	printf("Success!\n\n");
 	secp256k1_context_destroy(ctx);

schnorr_adaptor_example

@@ -1,5 +1,5 @@
 /**********************************************************************
- * Copyright (c) 2023 Zhe Pang                                        *
+ * Copyright (c) 2023-2024 Zhe Pang and Sivaram Dhakshinamoorthy      *
  * Distributed under the MIT software license, see the accompanying   *
  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
  **********************************************************************/

src/modules/schnorr_adaptor/main_impl.h

@@ -1,5 +1,5 @@
 /**********************************************************************
- * Copyright (c) 2023 Zhe Pang                                        *
+ * Copyright (c) 2023-2024 Zhe Pang and Sivaram Dhakshinamoorthy      *
  * Distributed under the MIT software license, see the accompanying   *
  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
  **********************************************************************/
@@ -1200,6 +1200,55 @@ static void test_schnorr_adaptor_edge_cases(void) {
     }
 }
 
+static void test_schnorr_adaptor_correctness(void) {
+    unsigned char alice_sk[32];
+    secp256k1_keypair alice_keypair;
+    secp256k1_xonly_pubkey alice_pk;
+    unsigned char sec_adaptor[32];
+    secp256k1_pubkey adaptor;
+    unsigned char extracted_sec_adaptor[32];
+    secp256k1_pubkey extracted_adaptor;
+    unsigned char msg[32];
+    unsigned char pre_sig[65];
+    unsigned char sig[64];
+
+    /* Alice setup */
+    secp256k1_testrand256(alice_sk);
+    CHECK(secp256k1_keypair_create(CTX, &alice_keypair, alice_sk) == 1);
+    CHECK(secp256k1_keypair_xonly_pub(CTX, &alice_pk, NULL, &alice_keypair) == 1);
+
+    /* t := sec_adaptor
+     * There exists an adaptor T = t*G, where t is unknown to Bob */
+    secp256k1_testrand256(sec_adaptor);
+    CHECK(secp256k1_ec_pubkey_create(CTX, &adaptor, sec_adaptor));
+
+    /* Alice creates a pre-siganture for the adaptor point T,
+     * and sends it to Bob. */
+    secp256k1_testrand256(msg);
+    CHECK(secp256k1_schnorr_adaptor_presign(CTX, pre_sig, msg, &alice_keypair, &adaptor, NULL) == 1);
+
+    /* Bob extracts the adaptor point from the pre-signature,
+     * and verifies if it is equal to T */
+    CHECK(secp256k1_schnorr_adaptor_extract(CTX, &extracted_adaptor, pre_sig, msg, &alice_pk) == 1);
+    CHECK(secp256k1_ec_pubkey_cmp(CTX, &extracted_adaptor, &adaptor) == 0);
+
+    /* Bob learns t (the discrete logarithm of T). For example, Bob can
+     * pay a Lightning invoice that reveals t, assuming Lightning uses
+     * PTLC (Point Time Locked Contracts). */
+
+    /* Bob adapts the pre-signature with the discrete logarithm of T to
+     * create a valid BIP 340 Schnorr signature. */
+    CHECK(secp256k1_schnorr_adaptor_adapt(CTX, sig, pre_sig, sec_adaptor) == 1);
+    CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &alice_pk) == 1);
+
+    /* Alice learns the BIP340 signature after Bob publishes it on the blockchain. */
+
+    /* Alice extracts the discrete logarithm of T from the pre-signature and the
+     * BIP 340 signature. */
+    CHECK(secp256k1_schnorr_adaptor_extract_sec(CTX, extracted_sec_adaptor, pre_sig, sig) == 1);
+    CHECK(secp256k1_memcmp_var(extracted_sec_adaptor, sec_adaptor, sizeof(extracted_sec_adaptor)) == 0);
+}
+
 static void run_schnorr_adaptor_tests(void) {
     int i;
     run_nonce_function_schnorr_adaptor_tests();
@@ -1209,6 +1258,7 @@ static void run_schnorr_adaptor_tests(void) {
     for (i = 0; i < COUNT; i++) {
         test_schnorr_adaptor_edge_cases();
     }
+    test_schnorr_adaptor_correctness();
 }
 
 #endif

src/modules/schnorr_adaptor/tests_impl.h

@@ -7736,53 +7736,53 @@ int main(int argc, char **argv) {
     /*** Run actual tests ***/
 
     /* selftest tests */
-/*     run_selftest_tests(); */
+    run_selftest_tests();
 
     /* context tests */
-/*     run_proper_context_tests(0); run_proper_context_tests(1);
+    run_proper_context_tests(0); run_proper_context_tests(1);
     run_static_context_tests(0); run_static_context_tests(1);
-    run_deprecated_context_flags_test(); */
+    run_deprecated_context_flags_test();
 
     /* scratch tests */
-/*     run_scratch_tests(); */
+    run_scratch_tests();
 
     /* util tests */
-/*     run_util_tests(); */
+    run_util_tests();
 
     /* integer arithmetic tests */
 #ifdef SECP256K1_WIDEMUL_INT128
-/*     run_int128_tests(); */
+    run_int128_tests();
 #endif
-/*     run_ctz_tests();
+    run_ctz_tests();
     run_modinv_tests();
-    run_inverse_tests(); */
+    run_inverse_tests();
 
     /* hash tests */
-/*     run_sha256_known_output_tests();
+    run_sha256_known_output_tests();
     run_sha256_counter_tests();
     run_hmac_sha256_tests();
     run_rfc6979_hmac_sha256_tests();
-    run_tagged_sha256_tests(); */
+    run_tagged_sha256_tests();
 
     /* scalar tests */
-/*     run_scalar_tests(); */
+    run_scalar_tests();
 
     /* field tests */
-/*     run_field_half();
+    run_field_half();
     run_field_misc();
     run_field_convert();
     run_field_be32_overflow();
     run_fe_mul();
     run_sqr();
-    run_sqrt(); */
+    run_sqrt();
 
     /* group tests */
-/*     run_ge();
+    run_ge();
     run_gej();
-    run_group_decompress(); */
+    run_group_decompress();
 
     /* ecmult tests */
-/*     run_ecmult_pre_g();
+    run_ecmult_pre_g();
     run_wnaf();
     run_point_times_order();
     run_ecmult_near_split_bound();
@@ -7792,88 +7792,88 @@ int main(int argc, char **argv) {
     run_ecmult_const_tests();
     run_ecmult_multi_tests();
     run_ec_combine();
-    run_ec_commit(); */
+    run_ec_commit();
 
     /* endomorphism tests */
-/*     run_endomorphism_tests(); */
+    run_endomorphism_tests();
 
     /* EC point parser test */
-/*     run_ec_pubkey_parse_test(); */
+    run_ec_pubkey_parse_test();
 
     /* EC key edge cases */
-/*     run_eckey_edge_case_test(); */
+    run_eckey_edge_case_test();
 
     /* EC key arithmetic test */
-/*     run_eckey_negate_test(); */
+    run_eckey_negate_test();
 
 #ifdef ENABLE_MODULE_BPPP
-/*     run_bppp_tests(); */
+    run_bppp_tests();
 #endif
 
 #ifdef ENABLE_MODULE_ECDH
     /* ecdh tests */
-/*     run_ecdh_tests(); */
+    run_ecdh_tests();
 #endif
 
 #ifdef ENABLE_MODULE_MUSIG
-/*     run_musig_tests(); */
+    run_musig_tests();
 #endif
 
     /* ecdsa tests */
-/*     run_ec_illegal_argument_tests();
+    run_ec_illegal_argument_tests();
     run_pubkey_comparison();
     run_random_pubkeys();
     run_ecdsa_der_parse();
     run_ecdsa_sign_verify();
     run_ecdsa_end_to_end();
     run_ecdsa_edge_cases();
-    run_ecdsa_wycheproof(); */
+    run_ecdsa_wycheproof();
 
 #ifdef ENABLE_MODULE_RECOVERY
     /* ECDSA pubkey recovery tests */
-/*     run_recovery_tests(); */
+    run_recovery_tests();
 #endif
 
 #ifdef ENABLE_MODULE_GENERATOR
-/*     run_generator_tests(); */
+    run_generator_tests();
 #endif
 
 #ifdef ENABLE_MODULE_RANGEPROOF
-/*     run_rangeproof_tests(); */
+    run_rangeproof_tests();
 #endif
 
 #ifdef ENABLE_MODULE_WHITELIST
     /* Key whitelisting tests */
-/*     run_whitelist_tests(); */
+    run_whitelist_tests();
 #endif
 
 #ifdef ENABLE_MODULE_SURJECTIONPROOF
-/*     run_surjection_tests(); */
+    run_surjection_tests();
 #endif
 
 #ifdef ENABLE_MODULE_EXTRAKEYS
-/*     run_extrakeys_tests(); */
+    run_extrakeys_tests();
 #endif
 
 #ifdef ENABLE_MODULE_SCHNORRSIG
-/*     run_schnorrsig_tests(); */
+    run_schnorrsig_tests();
 #endif
 
 #ifdef ENABLE_MODULE_SCHNORR_ADAPTOR
     run_schnorr_adaptor_tests();
 #endif
 
 #ifdef ENABLE_MODULE_ELLSWIFT
-/*     run_ellswift_tests(); */
+    run_ellswift_tests();
 #endif
 
 #ifdef ENABLE_MODULE_ECDSA_S2C
     /* ECDSA sign to contract */
-/*     run_ecdsa_s2c_tests(); */
+    run_ecdsa_s2c_tests();
 #endif
 
 #ifdef ENABLE_MODULE_ECDSA_ADAPTOR
-/*     run_ecdsa_adaptor_tests(); */
+    run_ecdsa_adaptor_tests();
 #endif
 
     /* util tests */