Updating test vectors for DuplexSponge.

SHAKE128 and Keccak sponges are passing test vectors.

Author: armfazh

Cargo.toml

@@ -45,6 +45,7 @@ curve25519-dalek = { version = "4", default-features = false, features = ["serde
 hex = "0.4"
 hex-literal = "0.4"
 json = "0.12.4"
+libtest-mimic = "0.8.1"
 serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.140"
 sha2 = "0.10"

src/codec.rs

@@ -26,7 +26,7 @@ pub trait Codec {
     fn new(protocol_identifier: &[u8], session_identifier: &[u8], instance_label: &[u8]) -> Self;
 
     /// Allows for precomputed initialization of the codec with a specific IV.
-    fn from_iv(iv: [u8; 32]) -> Self;
+    fn from_iv(iv: [u8; 64]) -> Self;
 
     /// Absorbs data into the codec.
     fn prover_message(&mut self, data: &[u8]);
@@ -68,15 +68,15 @@ pub fn compute_iv<H: DuplexSpongeInterface>(
     protocol_id: &[u8],
     session_id: &[u8],
     instance_label: &[u8],
-) -> [u8; 32] {
-    let mut tmp = H::new([0u8; 32]);
+) -> [u8; 64] {
+    let mut tmp = H::new([0u8; 64]);
     tmp.absorb(&length_to_bytes(protocol_id.len()));
     tmp.absorb(protocol_id);
     tmp.absorb(&length_to_bytes(session_id.len()));
     tmp.absorb(session_id);
     tmp.absorb(&length_to_bytes(instance_label.len()));
     tmp.absorb(instance_label);
-    tmp.squeeze(32).try_into().unwrap()
+    tmp.squeeze(64).try_into().unwrap()
 }
 
 impl<G, H> Codec for ByteSchnorrCodec<G, H>
@@ -91,7 +91,7 @@ where
         Self::from_iv(iv)
     }
 
-    fn from_iv(iv: [u8; 32]) -> Self {
+    fn from_iv(iv: [u8; 64]) -> Self {
         Self {
             hasher: H::new(iv),
             _marker: core::marker::PhantomData,

src/duplex_sponge/keccak.rs

@@ -15,9 +15,9 @@ const LENGTH: usize = 136 + 64;
 pub struct KeccakPermutationState([u64; LENGTH / 8]);
 
 impl KeccakPermutationState {
-    pub fn new(iv: [u8; 32]) -> Self {
+    pub fn new(iv: [u8; 64]) -> Self {
         let mut state = Self::default();
-        state.as_mut()[RATE..RATE + 32].copy_from_slice(&iv);
+        state.as_mut()[RATE..RATE + 64].copy_from_slice(&iv);
         state
     }
 
@@ -47,7 +47,7 @@ pub struct KeccakDuplexSponge {
 }
 
 impl KeccakDuplexSponge {
-    pub fn new(iv: [u8; 32]) -> Self {
+    pub fn new(iv: [u8; 64]) -> Self {
         let state = KeccakPermutationState::new(iv);
         KeccakDuplexSponge {
             state,
@@ -58,7 +58,7 @@ impl KeccakDuplexSponge {
 }
 
 impl DuplexSpongeInterface for KeccakDuplexSponge {
-    fn new(iv: [u8; 32]) -> Self {
+    fn new(iv: [u8; 64]) -> Self {
         KeccakDuplexSponge::new(iv)
     }
 
@@ -108,8 +108,8 @@ mod tests {
     #[test]
     fn test_associativity_of_absorb() {
         let expected_output =
-            hex!("7dfada182d6191e106ce287c2262a443ce2fb695c7cc5037a46626e88889af58");
-        let tag = *b"absorb-associativity-domain-----";
+            hex!("efc1c34f94c0d9cfe051561f8206543056ce660fd17834b2eeb9431a4c65bc77");
+        let tag = *b"absorb-associativity-domain-----absorb-associativity-domain-----";
 
         // Absorb all at once
         let mut sponge1 = KeccakDuplexSponge::new(tag);

src/duplex_sponge/mod.rs

@@ -20,7 +20,9 @@ pub trait DuplexSpongeInterface {
     /// Creates a new sponge instance with a given initialization vector (IV).
     ///
     /// The IV enables domain separation and reproducibility between parties.
-    fn new(iv: [u8; 32]) -> Self;
+    fn new(iv: [u8; 64]) -> Self
+    where
+        Self: Sized;
 
     /// Absorbs input data into the sponge state.
     fn absorb(&mut self, input: &[u8]);

src/duplex_sponge/shake.rs

@@ -13,9 +13,10 @@ use sha3::Shake128;
 pub struct ShakeDuplexSponge(Shake128);
 
 impl DuplexSpongeInterface for ShakeDuplexSponge {
-    fn new(iv: [u8; 32]) -> Self {
+    fn new(iv: [u8; 64]) -> Self {
         let mut hasher = Shake128::default();
-        hasher.update(&iv);
+        let initial_block = [iv.to_vec(), vec![0u8; 168 - 64]].concat();
+        hasher.update(&initial_block);
         Self(hasher)
     }
 

src/fiat_shamir.rs

@@ -78,7 +78,7 @@ where
         }
     }
 
-    pub fn from_iv(iv: [u8; 32], interactive_proof: P) -> Self {
+    pub fn from_iv(iv: [u8; 64], interactive_proof: P) -> Self {
         let hash_state = C::from_iv(iv);
         Self {
             hash_state,

src/tests/spec/test_duplex_sponge.rs

@@ -1,4 +1,7 @@
-use crate::duplex_sponge::{keccak::KeccakDuplexSponge, DuplexSpongeInterface};
+use crate::duplex_sponge::{
+    keccak::KeccakDuplexSponge, shake::ShakeDuplexSponge, DuplexSpongeInterface,
+};
+use libtest_mimic::{Arguments, Failed, Trial};
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 
@@ -10,8 +13,8 @@ struct TestVector {
     hash_function: String,
     #[serde(rename = "Operations")]
     operations: Vec<Operation>,
-    #[serde(rename = "Tag")]
-    tag: String,
+    #[serde(rename = "IV")]
+    iv: String,
 }
 
 #[derive(Debug, Deserialize, Serialize)]
@@ -36,12 +39,15 @@ fn load_test_vectors() -> HashMap<String, TestVector> {
     serde_json::from_str(json_data).expect("Failed to parse test vectors JSON")
 }
 
-fn run_test_vector(name: &str, test_vector: &TestVector) {
-    let tag_bytes = hex_decode(&test_vector.tag);
-    let mut tag_array = [0u8; 32];
-    tag_array.copy_from_slice(&tag_bytes);
+fn run_test_vector(name: &str, test_vector: &TestVector) -> Result<(), Failed> {
+    let iv_bytes = hex_decode(&test_vector.iv);
+    let iv_array: [u8; 64] = iv_bytes.try_into().unwrap();
 
-    let mut sponge = KeccakDuplexSponge::new(tag_array);
+    let mut sponge: Box<dyn DuplexSpongeInterface> = match test_vector.hash_function.as_str() {
+        "Keccak-f[1600] overwrite mode" => Box::new(KeccakDuplexSponge::new(iv_array)),
+        "SHAKE128" => Box::new(ShakeDuplexSponge::new(iv_array)),
+        _ => panic!("Unknown hash function: {}", test_vector.hash_function),
+    };
     let mut final_output = Vec::new();
 
     for operation in &test_vector.operations {
@@ -62,88 +68,27 @@ fn run_test_vector(name: &str, test_vector: &TestVector) {
         }
     }
 
-    let expected_output = hex_decode(&test_vector.expected);
-    assert_eq!(final_output, expected_output, "Test vector '{name}' failed");
+    assert_eq!(
+        hex::encode(final_output),
+        test_vector.expected,
+        "Test vector '{name}' failed"
+    );
+    Ok(())
 }
 
 #[test]
 fn test_all_duplex_sponge_vectors() {
     let test_vectors = load_test_vectors();
 
-    for (name, test_vector) in test_vectors {
-        run_test_vector(&name, &test_vector);
-    }
-}
-
-#[test]
-fn test_keccak_duplex_sponge_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors.get("test_keccak_duplex_sponge").unwrap();
-    run_test_vector("test_keccak_duplex_sponge", test_vector);
-}
-
-#[test]
-fn test_absorb_empty_before_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors
-        .get("test_absorb_empty_before_does_not_break")
-        .unwrap();
-    run_test_vector("test_absorb_empty_before_does_not_break", test_vector);
-}
-
-#[test]
-fn test_absorb_empty_after_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors
-        .get("test_absorb_empty_after_does_not_break")
-        .unwrap();
-    run_test_vector("test_absorb_empty_after_does_not_break", test_vector);
-}
-
-#[test]
-fn test_squeeze_zero_before_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors.get("test_squeeze_zero_behavior").unwrap();
-    run_test_vector("test_squeeze_zero_behavior", test_vector);
-}
-
-#[test]
-fn test_squeeze_zero_after_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors
-        .get("test_squeeze_zero_after_behavior")
-        .unwrap();
-    run_test_vector("test_squeeze_zero_after_behavior", test_vector);
-}
-
-#[test]
-fn test_absorb_squeeze_absorb_consistency_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors
-        .get("test_absorb_squeeze_absorb_consistency")
-        .unwrap();
-    run_test_vector("test_absorb_squeeze_absorb_consistency", test_vector);
-}
-
-#[test]
-fn test_associativity_of_absorb_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors.get("test_associativity_of_absorb").unwrap();
-    run_test_vector("test_associativity_of_absorb", test_vector);
-}
-
-#[test]
-fn test_tag_affects_output_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors.get("test_tag_affects_output").unwrap();
-    run_test_vector("test_tag_affects_output", test_vector);
-}
-
-#[test]
-fn test_multiple_blocks_absorb_squeeze_vector() {
-    let test_vectors = load_test_vectors();
-    let test_vector = test_vectors
-        .get("test_multiple_blocks_absorb_squeeze")
-        .unwrap();
-    run_test_vector("test_multiple_blocks_absorb_squeeze", test_vector);
+    let tests = test_vectors
+        .into_iter()
+        .map(|(name, test_vector)| {
+            Trial::test(
+                format!("tests::spec::test_duplex_sponge::{}", name),
+                move || run_test_vector(&name, &test_vector),
+            )
+        })
+        .collect();
+
+    libtest_mimic::run(&Arguments::from_args(), tests).exit();
 }