threshold_test

Tests for DKLS23 Threshold ECDSA implementation.

Run with: pytest charm/test/schemes/threshold_test.py -v

This module tests: - SimpleOT: Base Oblivious Transfer protocol - OTExtension: IKNP-style OT extension - MtA/MtAwc: Multiplicative-to-Additive conversion - ThresholdSharing/PedersenVSS: Threshold secret sharing - DKLS23_DKG: Distributed Key Generation - DKLS23_Presign: Presigning protocol - DKLS23_Sign: Signing protocol - DKLS23: Complete threshold ECDSA protocol

class threshold_test.TestCGGMP21_Complete(methodName='runTest')

Bases: TestCase

End-to-end tests for complete CGGMP21 protocol

setUp()

Hook method for setting up the test fixture before exercising it.

test_3_of_5_threshold()

Test 3-of-5 threshold scheme with CGGMP21

test_complete_2_of_3_with_presigning()

Complete flow: keygen -> presign -> sign -> verify for CGGMP21

test_different_participant_combinations()

Test that any 2 of 3 parties can sign with CGGMP21

class threshold_test.TestCGGMP21_DKG(methodName='runTest')

Bases: TestCase

Tests for CGGMP21 Distributed Key Generation

setUp()

Hook method for setting up the test fixture before exercising it.

test_2_of_3_dkg()

Test 2-of-3 distributed key generation for CGGMP21

test_all_parties_same_pubkey()

All parties should derive the same public key in CGGMP21

class threshold_test.TestCGGMP21_IdentifiableAbort(methodName='runTest')

Bases: TestCase

Tests for CGGMP21 identifiable abort feature

setUp()

Hook method for setting up the test fixture before exercising it.

test_security_abort_exception()

Test SecurityAbort exception is properly defined

test_security_abort_with_evidence()

Test SecurityAbort with evidence

class threshold_test.TestCGGMP21_Presign(methodName='runTest')

Bases: TestCase

Tests for CGGMP21 presigning protocol

setUp()

Hook method for setting up the test fixture before exercising it.

test_presign_generates_valid_presignature()

Test that CGGMP21 presigning produces valid presignature objects

class threshold_test.TestCGGMP21_Proofs(methodName='runTest')

Bases: TestCase

Tests for CGGMP21 zero-knowledge proofs

setUp()

Hook method for setting up the test fixture before exercising it.

test_ring_pedersen_generation()

Test Ring-Pedersen parameter generation

class threshold_test.TestCurveAgnostic(methodName='runTest')

Bases: TestCase

Tests for curve agnosticism (MEDIUM-11)

test_curve_agnostic_prime256v1()

Test that DKLS23 works with different curves (MEDIUM-11).

Uses prime256v1 (P-256/secp256r1) instead of secp256k1 to verify the protocol is curve-agnostic.

class threshold_test.TestDKLS23_Complete(methodName='runTest')

Bases: TestCase

End-to-end tests for complete DKLS23 protocol

setUp()

Hook method for setting up the test fixture before exercising it.

test_3_of_5_threshold()

Test 3-of-5 threshold scheme

test_complete_2_of_3_signing()

Complete flow: keygen -> presign -> sign -> verify

test_different_participant_combinations()

Test that any 2 of 3 parties can sign

test_insufficient_participants_raises_error()

Test that signing with insufficient participants raises error

test_invalid_threshold_raises_error()

Test that invalid threshold/num_parties raises error

test_keygen_interface()

Test the PKSig-compatible keygen interface

test_multiple_messages_same_keys()

Test signing multiple messages with same key shares

test_signature_is_standard_ecdsa()

Verify that output is standard ECDSA signature format

test_wrong_message_fails_verification()

Test that signature verification fails with wrong message

class threshold_test.TestDKLS23_DKG(methodName='runTest')

Bases: TestCase

Tests for Distributed Key Generation

setUp()

Hook method for setting up the test fixture before exercising it.

test_2_of_3_dkg()

Test 2-of-3 distributed key generation

test_all_parties_same_pubkey()

All parties should derive the same public key

test_dkg_computes_correct_public_key()

Test that DKG computes public key as product of individual contributions

test_dkg_rejects_empty_session_id()

Test that DKG keygen_round1 rejects empty session_id

test_dkg_rejects_none_session_id()

Test that DKG keygen_round1 rejects None session_id

class threshold_test.TestDKLS23_Presign(methodName='runTest')

Bases: TestCase

Tests for presigning protocol

setUp()

Hook method for setting up the test fixture before exercising it.

test_presign_generates_valid_presignature()

Test that presigning produces valid presignature objects

test_presign_rejects_empty_session_id()

Test that presign_round1 rejects empty session_id

test_presign_rejects_none_session_id()

Test that presign_round1 rejects None session_id

test_presignatures_have_same_r()

All parties’ presignatures should have the same r value

class threshold_test.TestDKLS23_Sign(methodName='runTest')

Bases: TestCase

Tests for signing protocol

setUp()

Hook method for setting up the test fixture before exercising it.

test_signature_share_generation()

Test that signature shares are generated correctly

test_signature_share_verification()

Test that invalid signature shares are detected (MEDIUM-06).

test_signature_verification_correct()

Test that valid ECDSA signatures verify correctly

test_signature_verification_wrong_message()

Test that signature verification fails with wrong message

class threshold_test.TestDPF(methodName='runTest')

Bases: TestCase

Tests for Distributed Point Function (GGM-based)

test_dpf_full_eval()

Test DPF full domain evaluation.

test_dpf_key_independence()

Test that individual keys reveal nothing about alpha/beta.

test_dpf_off_points()

Test DPF correctness at non-target points.

test_dpf_single_point()

Test DPF correctness at target point.

class threshold_test.TestGG18_Complete(methodName='runTest')

Bases: TestCase

End-to-end tests for complete GG18 protocol

setUp()

Hook method for setting up the test fixture before exercising it.

test_3_of_5_threshold()

Test 3-of-5 threshold scheme with GG18

test_complete_2_of_3_signing()

Complete flow: keygen -> sign -> verify for GG18

test_different_participant_combinations()

Test that any 2 of 3 parties can sign with GG18

class threshold_test.TestGG18_DKG(methodName='runTest')

Bases: TestCase

Tests for GG18 Distributed Key Generation

setUp()

Hook method for setting up the test fixture before exercising it.

test_2_of_3_dkg()

Test 2-of-3 distributed key generation for GG18

test_all_parties_same_pubkey()

All parties should derive the same public key in GG18

class threshold_test.TestGG18_Sign(methodName='runTest')

Bases: TestCase

Tests for GG18 signing protocol

setUp()

Hook method for setting up the test fixture before exercising it.

test_signature_verification_correct()

Test that valid ECDSA signatures verify correctly with GG18

test_signature_verification_wrong_message()

Test that signature verification fails with wrong message

class threshold_test.TestMPFSS(methodName='runTest')

Bases: TestCase

Tests for Multi-Point Function Secret Sharing

test_mpfss_empty()

Test MPFSS with empty point set.

test_mpfss_full_eval()

Test MPFSS full domain evaluation.

test_mpfss_multiple_points()

Test MPFSS with multiple points.

test_mpfss_single_point()

Test MPFSS with single point (should match DPF).

class threshold_test.TestMaliciousParties(methodName='runTest')

Bases: TestCase

Tests for adversarial/malicious party scenarios in threshold ECDSA.

These tests verify that the protocol correctly detects and handles various forms of malicious behavior including: - Invalid shares during DKG - Wrong commitments - Commitment mismatches during presigning - Invalid signature shares

classmethod setUpClass()

Hook method for setting up class fixture before running tests in the class.

test_dkg_insufficient_honest_parties()

Test that a party can identify malicious parties when multiple collude.

Run 2-of-3 DKG where 2 parties (party 2 and party 3) send invalid shares to party 1. Verify party 1 can identify both malicious parties.

test_dkg_invalid_share_detected()

Test that DKG detects tampered shares during round 3.

Run DKG with 3 parties. In round 2, tamper with party 3’s share to party 1 (add 1 to the share value). Verify that party 1 detects the invalid share in round 3 (returns a complaint).

test_dkg_wrong_commitment_detected()

Test that DKG detects when a party’s commitment doesn’t match their shares.

Run DKG round 1, then modify party 2’s commitment list by changing the first commitment to a random point. Verify share verification fails for party 2’s shares.

test_mta_receiver_learns_only_chosen_message()

Test MtA security property: receiver’s beta depends only on chosen values.

Run MtA protocol and verify that the receiver’s beta calculation depends only on the specific input values used, not any other information. This tests the basic security property of the MtA protocol.

test_presign_commitment_mismatch_detected()

Test that presigning detects when Gamma_i doesn’t match the commitment.

Run presign round 1 with 3 parties. In round 2 messages, replace party 2’s Gamma_i with a different value that doesn’t match the commitment. Verify round 3 raises ValueError about commitment verification.

Note: This test validates the commitment verification logic in the presigning protocol. The test directly verifies commitment checking without going through the full MtA completion (which has a separate API change).

test_signature_invalid_share_produces_invalid_sig()

Test that tampering with signature shares produces invalid signatures.

Use simulated presignatures to test that modifying a party’s signature share (s_i) causes the aggregated signature to fail ECDSA verification. This validates that malicious tampering with signature shares is detectable.

class threshold_test.TestMtA(methodName='runTest')

Bases: TestCase

Tests for Multiplicative-to-Additive conversion

setUp()

Hook method for setting up the test fixture before exercising it.

test_mta_correctness()

Test that a*b = alpha + beta (mod q) - multiplicative to additive with real OT

test_mta_edge_case_near_order()

Test MtA with values close to the curve order (MEDIUM-04).

test_mta_multiple_invocations()

Test MtA with multiple random values

test_mta_return_types()

Test MtA methods have documented return types (LOW-03).

test_mta_uses_real_ot()

Test that MtA uses real OT - receiver never sees both messages

class threshold_test.TestMtAwc(methodName='runTest')

Bases: TestCase

Tests for MtA with correctness check

setUp()

Hook method for setting up the test fixture before exercising it.

test_mtawc_correctness()

Test MtA with correctness check produces valid shares

test_mtawc_proof_does_not_reveal_sender_bits()

Test that MtAwc proof does NOT contain sender_bits (CRITICAL-02 fix)

class threshold_test.TestOTExtension(methodName='runTest')

Bases: TestCase

Tests for IKNP-style OT Extension

setUp()

Hook method for setting up the test fixture before exercising it.

test_base_ot_required_for_receiver_extend()

Verify receiver_extend fails if base OT not completed.

test_base_ot_required_for_sender_init()

Verify sender_init fails if base OT not completed.

test_ot_extension_alternating_bits()

Test OT extension with alternating choice bits

test_ot_extension_basic()

Test OT extension with 256 OTs

test_sender_s_not_exposed()

Verify receiver cannot access sender’s random bits.

class threshold_test.TestPedersenVSS(methodName='runTest')

Bases: TestCase

Tests for Pedersen VSS (information-theoretically hiding)

setUp()

Hook method for setting up the test fixture before exercising it.

test_pedersen_vss_reconstruction()

Test that Pedersen VSS shares reconstruct correctly

test_pedersen_vss_verification()

Test Pedersen VSS share verification

class threshold_test.TestSilentOT(methodName='runTest')

Bases: TestCase

Tests for Silent OT Extension (PCG-based)

test_silent_ot_basic()

Test basic Silent OT correctness.

test_silent_ot_choice_distribution()

Test that choice bits come from sparse set.

test_silent_ot_different_messages()

Test that m0 and m1 are different for each OT.

test_silent_ot_larger()

Test Silent OT with larger output size.

test_silent_ot_messages_32_bytes()

Test that OT messages are 32 bytes each.

class threshold_test.TestSimpleOT(methodName='runTest')

Bases: TestCase

Tests for base Oblivious Transfer (Chou-Orlandi style)

setUp()

Hook method for setting up the test fixture before exercising it.

test_ot_choice_one()

Test OT with choice bit 1 - receiver should learn m1

test_ot_choice_zero()

Test OT with choice bit 0 - receiver should learn m0

test_ot_invalid_point_rejected()

Test that invalid points from malicious sender are rejected

test_ot_multiple_transfers()

Test multiple independent OT instances

test_ot_reset_sender()

Test that reset_sender clears sender state

class threshold_test.TestThresholdSharing(methodName='runTest')

Bases: TestCase

Tests for threshold secret sharing (Shamir-style)

setUp()

Hook method for setting up the test fixture before exercising it.

test_basic_sharing_and_reconstruction()

Test basic 2-of-3 secret sharing and reconstruction

test_feldman_vss_detects_invalid_share()

Test that Feldman VSS detects tampered shares

test_feldman_vss_verification()

Test Feldman VSS verification - shares should verify against commitments

test_insufficient_shares_raises_error()

Test that reconstruction fails with insufficient shares

test_invalid_threshold_raises_error()

Test that invalid threshold values raise errors

test_threshold_3_of_5()

Test 3-of-5 threshold scheme

test_threshold_limit_validation()

Test that excessive thresholds are rejected (MEDIUM-05).

class threshold_test.TestThresholdSignature(methodName='runTest')

Bases: TestCase

Tests for ThresholdSignature class

setUp()

Hook method for setting up the test fixture before exercising it.

test_der_encoding()

Test DER encoding produces valid structure

test_signature_equality()

Test ThresholdSignature equality comparison

test_signature_inequality()

Test ThresholdSignature inequality