1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

use std::collections::HashMap;

use zeroize::Zeroizing;
use rand_core::{RngCore, CryptoRng};

use ciphersuite::{group::ff::Field, Ciphersuite};

use crate::{
  ThresholdKeys,
  musig::{musig_key, musig},
  tests::{PARTICIPANTS, recover_key},
};

/// Tests MuSig key generation.
pub fn test_musig<R: RngCore + CryptoRng, C: Ciphersuite>(rng: &mut R) {
  let mut keys = vec![];
  let mut pub_keys = vec![];
  for _ in 0 .. PARTICIPANTS {
    let key = Zeroizing::new(C::F::random(&mut *rng));
    pub_keys.push(C::generator() * *key);
    keys.push(key);
  }

  const CONTEXT: &[u8] = b"MuSig Test";

  // Empty signing set
  musig::<C>(CONTEXT, &Zeroizing::new(C::F::ZERO), &[]).unwrap_err();
  // Signing set we're not part of
  musig::<C>(CONTEXT, &Zeroizing::new(C::F::ZERO), &[C::generator()]).unwrap_err();

  // Test with n keys
  {
    let mut created_keys = HashMap::new();
    let mut verification_shares = HashMap::new();
    let group_key = musig_key::<C>(CONTEXT, &pub_keys).unwrap();
    for (i, key) in keys.iter().enumerate() {
      let these_keys = musig::<C>(CONTEXT, key, &pub_keys).unwrap();
      assert_eq!(these_keys.params().t(), PARTICIPANTS);
      assert_eq!(these_keys.params().n(), PARTICIPANTS);
      assert_eq!(usize::from(these_keys.params().i().0), i + 1);

      verification_shares
        .insert(these_keys.params().i(), C::generator() * **these_keys.secret_share());

      assert_eq!(these_keys.group_key(), group_key);

      created_keys.insert(these_keys.params().i(), ThresholdKeys::new(these_keys));
    }

    for keys in created_keys.values() {
      assert_eq!(keys.verification_shares(), verification_shares);
    }

    assert_eq!(C::generator() * recover_key(&created_keys), group_key);
  }
}

#[test]
fn musig_literal() {
  test_musig::<_, ciphersuite::Ristretto>(&mut rand_core::OsRng)
}