Wycheproof tests vectors

[real-or-random]

Though we have good tests, the Wycheproof test vectors will be a good addition.

• The ECDSA test vectors are probably most interesting but some test vectors are incompatible with Bitcoin (see Distinguish ECDSA malleability? C2SP/wycheproof#70). We asked for other vectors there but they don't respond currently. But even if we disable the incompatible vectors (after careful checking), the other vectors will be a good addition
• Not sure if we can ECDH to work but I expect it will work at least with a custom derivation function
• SHA256 and HMAC should not be an issue

The test cases are in a simple JSON format: https://github.com/google/wycheproof/tree/master/testvectors We could either parse them (e.g., https://github.com/zserge/jsmn is very thin, MIT single-header parser that we ), or have a small script (in whatever language) that converts the vectors to C code.

[Sajjon]

@real-or-random Any progress on this? I've written a Swift wrapper called K1 around this wonderful library, and I've implemented unit test for every secp256k1 test vector known to man. Here is the folder with all unit tests and here are all test vectors I use

I've also done the necessary filtering out test vector which are incompatible with this library.

In K1 I support three ECDH variants, what this library does by default (SHA256 of compressed shared public point), and also ASN1 X9.63 version (returning only X component of shared public point, unhashed) and also a custom one which returns the whole point unhashed, I've implemented test for the first two, by having generated a couple of hundreds of tests using Python wrappers around this library and some other secp256k1 Python libraries (based on Open SSL secp25k1 I think), which vendors ASN1 X9.63 ECDH function. See the repo with the code to generated these ECDH test vectors here

This is such an important library since so many libraries build on top of it. I would love for this library to vendors thousands of test vectors for:

• Public Key derivation
• Public Key serialization
• Public Key deserialziation
• ECDH
• ECDSA recoverable
• ECDSA non-recoverable
• Schnorr

I would be happy to contribute, but my C skills is not the greatest... how would one parse JSON i C? But I could probably easilty contribute once some first tests parsing JSON is up! :)

[real-or-random]

@Sajjon That sounds very interesting.

Parsing JSON is indeed a pain point, but since it's really only for tests, and test vectors rarely change, we can really do whatever is most convenient. For example, we could just have a Python script that parses the JSON and outputs C data structures and literals... This was recently done in the fork secp256k1-zkp for MuSig2 test vectors (see https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/contrib/musig2-vectors.py). Not exactly elegant, but it does the job. We could do the same here. What do you think?

Please let us know if you run into any issues / API inconveniences with your Swift wrapper.

By the way, I'm currently out of office, so I won't reply quickly.

[andozw]

We opened a PR that adds coverage for ECDSA Wycheproof test vectors at #1245 . We wrote a small Python script that parses the JSON and outputs C data structure, and embedded it in the source file (much like it is done elsewhere). All the tests for ECDSA pass from the latest drop of Wycheproof (released about 3 weeks ago).