Fix subgroup check in Pluto's G2. (#155)

* fix: Pluto G2 torsion_free Also added test for Bn and Pluto curves. * chore: move new test to test_suite * fix: cofactor comment
privacy-scaling-explorations · May 3, 2024 · 5246c17 · 5246c17
1 parent 8af4f1e
commit 5246c17
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 3 deletions.
diff --git a/src/bn256/curve.rs b/src/bn256/curve.rs
@@ -201,6 +201,8 @@ impl G1 {
 mod test {
     use super::*;
     use group::UncompressedEncoding;
+
+    crate::curve_testing_suite!(G2, "clear_cofactor");
     crate::curve_testing_suite!(G1, G2);
     crate::curve_testing_suite!(G1, "hash_to_curve");
     crate::curve_testing_suite!(G1, "endo_consistency");

diff --git a/src/pluto_eris/curve.rs b/src/pluto_eris/curve.rs
@@ -196,16 +196,17 @@ impl CofactorGroup for G2 {
     }
 
     fn into_subgroup(self) -> CtOption<Self::Subgroup> {
+        // TODO: Handle the case where the point is already in the subgroup.
         CtOption::new(self.clear_cofactor(), 1.into())
     }
 
     fn is_torsion_free(&self) -> Choice {
-        // group order = p
+        // group order = q
         let e: [u8; 56] = [
             0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x01, 0x30, 0xe0, 0x00, 0x0d, 0x7f,
             0x70, 0xe4, 0xa8, 0x03, 0xca, 0x76, 0xf4, 0x39, 0x26, 0x6f, 0x44, 0x3f, 0x9a, 0x5c,
-            0xda, 0x8a, 0x6c, 0x7b, 0xe4, 0xa7, 0xa5, 0xfe, 0x8f, 0xad, 0xff, 0xd6, 0xa2, 0xa7,
-            0xe8, 0xc3, 0x00, 0x06, 0xb9, 0x45, 0x9f, 0xff, 0xfc, 0xd3, 0x00, 0x00, 0x00, 0x01,
+            0x7a, 0x8a, 0x6c, 0x7b, 0xe4, 0xa7, 0x75, 0xfe, 0x8e, 0x17, 0x7f, 0xd6, 0x9c, 0xa7,
+            0xe8, 0x5d, 0x60, 0x05, 0x0a, 0xf4, 0x1f, 0xff, 0xfc, 0xd3, 0x00, 0x00, 0x00, 0x01,
         ];
         // self * GROUP_ORDER;
         let mut acc = G2::identity();
@@ -244,6 +245,8 @@ new_curve_impl!(
 mod test {
     use super::*;
     use group::UncompressedEncoding;
+
+    crate::curve_testing_suite!(G2, "clear_cofactor");
     crate::curve_testing_suite!(G1, Eris, G2);
     crate::curve_testing_suite!(G1, Eris, "hash_to_curve");
     crate::curve_testing_suite!(G1, Eris, "endo_consistency");

diff --git a/src/tests/curve.rs b/src/tests/curve.rs
@@ -399,6 +399,22 @@ macro_rules! curve_testing_suite {
         }
     };
 
+    ($($curve: ident),*, "clear_cofactor") => {
+        #[test]
+        fn test_cofactor_clearing() {
+            use rand_core::OsRng;
+            $(
+                for _ in 0..50 {
+                let point = $curve::random(OsRng);
+                assert!(bool::from(point.is_on_curve()));
+                use group::cofactor::CofactorGroup;
+                assert!(bool::from(point.is_torsion_free()));
+                }
+
+            )*
+        }
+    };
+
     ($($curve: ident),*, "endo_consistency") => {
         #[test]
         fn test_endo_consistency() {