feat(bls-12-381): add test vectors for BLS-12-381#224
feat(bls-12-381): add test vectors for BLS-12-381#224tob-scott-a wants to merge 4 commits intoC2SP:mainfrom
Conversation
The methodology for generating this test vectors is as follows: 1. Source several high-quality implementations. 2. Run mutation testing on each of them. 3. Have Claude write additional test inputs intended to trigger more behaviors in internal functions not currently exercised by the incumbent test suites. 4. Re-run the mutation testing framework with the new Wycheproof harness and new JSON files. 5. Compare before/after. The end result are a set of static tests that ensure implementations do not have subtle mistakes that the barebones known answer tests do not detect.
Go's json.Marshal HTML-escapes > as \u003e; reformat_json.py expects literal >= characters. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
cpu
left a comment
cpu
left a comment
There was a problem hiding this comment.
Thanks! I think this mutation based approach for generating vectors is really cool 🚀
I propose we consider the feedback I left, give it a bit to see if anyone else has input, and then merge. Sound good?
| "required": ["pk", "group", "keySize"], | ||
| "additionalProperties": false | ||
| }, | ||
| "BlsSigVerifyTestVector": { |
There was a problem hiding this comment.
I think this could re-use SignatureTestVector from schemas/signature_common.json with the only downside being that we lose the comment explicitly describing the sig as being a BLS signature in compressed form.
WDYT? Is that detail sufficiently important to duplicate the schema content?
| @@ -0,0 +1,109 @@ | |||
| { | |||
There was a problem hiding this comment.
Leaving a comment here as a convenient place to anchor it
nit: I recommend dropping the _v1 suffix on the new schema filenames.
The other schemas that have this suffix were using it to differentiate from related testvectors/ schemas and that's not a concern for new files (and we removed all the testvectors/ vectors/schemas in #169).
| @@ -0,0 +1,109 @@ | |||
| { | |||
There was a problem hiding this comment.
Could you also update the README.md algorithm coverage to include BLS-12-381?
| "EdgeCase": { | ||
| "bugType": "EDGE_CASE", | ||
| "description": "The test vector tests an edge case input." | ||
| }, |
There was a problem hiding this comment.
I think the EdgeCase flag is only used in this file for single-byte messages. Would something like MinimalInput be a more expressive flag name? I think it has the advantage of not being the same as the bugType EDGE_CASE.
| { | ||
| "type": "BlsHashToG2", | ||
| "source": { | ||
| "name": "c2sp/wycheproof/blsvecgen", |
There was a problem hiding this comment.
Would something like github/trailofbits/bls be more appropriate here (and in the other source defs)? Or is there a repo where blsvecgen lives?
2 participants
The methodology for generating this test vectors is as follows:
The end result are a set of static tests that ensure implementations do not have subtle mistakes that the barebones known answer tests do not detect.
Here's an example of the delta in mutation testing coverage provided by the JSON files generated in this PR, against https://github.com/zkcrypto/bls12_381:
&→^), arithmetic (square, neg, from_bytes)*Full file now tested (more mutants in scope).