TypeError in prove_group_implementations.sage #1067

issue jonasnick openend this issue on January 30, 2022
  1. jonasnick commented at 8:38 pm on January 30, 2022: contributor 
     0$ sage --version
 1SageMath version 9.4, Release Date: 2021-08-22
 2$ sage ./prove_group_implementations.sage
 3Formula secp256k1_gej_add_var:
 4Traceback (most recent call last):
 5  File "sage/rings/polynomial/multi_polynomial_libsingular.pyx", line 4680, in sage.rings.polynomial.multi_polynomial_libsingular.MPolynomial_libsingular.reduce (build/cythonized/sage/rings/polynomial/multi_polynomial_libsingular.cpp:36255)
 6  File "sage/structure/parent_old.pyx", line 185, in sage.structure.parent_old.Parent._coerce_c (build/cythonized/sage/structure/parent_old.c:3973)
 7  File "sage/structure/parent.pyx", line 1207, in sage.structure.parent.Parent.coerce (build/cythonized/sage/structure/parent.c:10953)
 8TypeError: no canonical coercion from Multivariate Polynomial Ring in ax, bx, ay, by, Az, Bz, Ai, Bi over Rational Field to Multivariate Polynomial Ring in ax, bx, ay, by, Az, Bz, Ai, Bi over Integer Ring
 9
10During handling of the above exception, another exception occurred:
11
12Traceback (most recent call last):
13  File "secp256k1/sage/./prove_group_implementations.sage.py", line 300, in <module>
14    check_symbolic_jacobian_weierstrass("secp256k1_gej_add_var", _sage_const_0 , _sage_const_7 , _sage_const_5 , formula_secp256k1_gej_add_var)
15  File "<string>", line 255, in check_symbolic_jacobian_weierstrass
16  File "<string>", line 220, in check_symbolic_function
17  File "<string>", line 306, in check_symbolic
18  File "<string>", line 255, in prove_zero
19  File "<string>", line 230, in prove_nonzero
20  File "/nix/store/fj99mwys7crk5iifzym7q1m4li9ksknc-python3-3.9.9-env/lib/python3.9/site-packages/sage/rings/polynomial/multi_polynomial_ideal.py", line 4530, in reduce
21    return f.reduce(gb)
22  File "sage/rings/polynomial/multi_polynomial_libsingular.pyx", line 4683, in sage.rings.polynomial.multi_polynomial_libsingular.MPolynomial_libsingular.reduce (build/cythonized/sage/rings/polynomial/multi_polynomial_libsingular.cpp:36314)
23TypeError: no canonical coercion from Multivariate Polynomial Ring in ax, bx, ay, by, Az, Bz, Ai, Bi over Rational Field to Multivariate Polynomial Ring in ax, bx, ay, by, Az, Bz, Ai, Bi over Integer Ring

    For what it’s worth, I have only very limited understanding of what the sage script does, but if I change line 230 in group_prover.sage from

    0for (f, n) in zero.reduce(numerator(allexprs)).factor():

    to

    0for (f, n) in zero.reduce(numerator(allexprs).change_ring(QQ)).factor():

    the type error disappears, but running sage ./prove_group_implementations.sage reports failure for secp256k1_gej_add_var (add) and secp256k1_gej_add_zinv_var (add).

  2. sipa commented at 8:41 pm on January 30, 2022: contributor
    Hmm, it works for me, in Sage 9.2.
  3. real-or-random referenced this in commit e108d0039c on Jan 31, 2022
  4. real-or-random cross-referenced this on Jan 31, 2022 from issue sage: Fix incompatibility with sage 9.4 by real-or-random
  5. jonasnick commented at 4:58 pm on January 31, 2022: contributor

    @sipa Just to be clear, that means that you do not see the following failures in the output?

    0Formula secp256k1_gej_add_var:
1  add:
2    branch 4: FAIL, <map object at 0x7f417d48b820> fails (assuming )
3...
4Formula secp256k1_gej_add_zinv_var:
5  add:
6    branch 4: FAIL, <map object at 0x7f417d67d420> fails (assuming )
7...
  6. sipa commented at 5:01 pm on January 31, 2022: contributor

    My output as of commit d8a246324650c3df8d54d133a8ac3c1b857a7a4e (master):

     0$ sage --version; sage prove_group_implementations.sage 
 1SageMath version 9.2, Release Date: 2020-10-24
 2Formula secp256k1_gej_add_var:
 3  add:
 4    branch 4: OK
 5  double:
 6    branch 2: OK
 7  add_opposite:
 8    branch 3: OK
 9  add_infinite_a:
10    branch 0: OK
11  add_infinite_b:
12    branch 1: OK
13  add_infinite_ab:
14    branch 0: OK
15
16Formula secp256k1_gej_add_ge_var:
17  add:
18    branch 4: OK (assuming Bz - 1 = 0 [b.z=1])
19  double:
20    branch 2: OK (assuming Bz - 1 = 0 [b.z=1])
21  add_opposite:
22    branch 3: OK (assuming Bz - 1 = 0 [b.z=1])
23  add_infinite_a:
24    branch 0: OK (assuming Bz - 1 = 0 [b.z=1])
25  add_infinite_b:
26    branch 1: OK (assuming Bz - 1 = 0 [b.z=1])
27  add_infinite_ab:
28    branch 0: OK (assuming Bz - 1 = 0 [b.z=1])
29
30Formula secp256k1_gej_add_zinv_var:
31  add:
32    branch 4: OK
33  double:
34    branch 2: OK
35  add_opposite:
36    branch 3: OK
37  add_infinite_a:
38    branch 1: OK
39  add_infinite_b:
40    branch 0: OK
41  add_infinite_ab:
42    branch 0: OK
43
44Formula secp256k1_gej_add_ge:
45  add:
46    branch 0: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
47    branch 2: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
48    branch 3: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
49  double:
50    branch 0: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
51  add_opposite:
52    branch 9: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
53  add_infinite_a:
54    branch 4: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
55    branch 6: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
56    branch 7: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
57    branch 13: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
58  add_infinite_b:
59  add_infinite_ab:
60
61Formula secp256k1_gej_add_ge_old [should fail]:
62  add:
63    branch 0: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
64    branch 2: FAIL, ['finite_point', 'on_curve', 'colinear_1', 'colinear_2', 'colinear_3'] fails (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
65  double:
66    branch 0: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
67  add_opposite:
68    branch 2: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
69  add_infinite_a:
70    branch 1: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
71  add_infinite_b:
72  add_infinite_ab:

    My output as of eb86372d5d411ccf200a3add49111d9c197d7dce (#1068):

     0$ sage --version; sage prove_group_implementations.sage 
 1SageMath version 9.2, Release Date: 2020-10-24
 2Formula secp256k1_gej_add_var:
 3  add:
 4    branch 4: OK
 5  double:
 6    branch 2: OK
 7  add_opposite:
 8    branch 3: OK
 9  add_infinite_a:
10    branch 0: OK
11  add_infinite_b:
12    branch 1: OK
13  add_infinite_ab:
14    branch 0: OK
15
16Formula secp256k1_gej_add_ge_var:
17  add:
18    branch 4: OK (assuming Bz - 1 = 0 [b.z=1])
19  double:
20    branch 2: OK (assuming Bz - 1 = 0 [b.z=1])
21  add_opposite:
22    branch 3: OK (assuming Bz - 1 = 0 [b.z=1])
23  add_infinite_a:
24    branch 0: OK (assuming Bz - 1 = 0 [b.z=1])
25  add_infinite_b:
26    branch 1: OK (assuming Bz - 1 = 0 [b.z=1])
27  add_infinite_ab:
28    branch 0: OK (assuming Bz - 1 = 0 [b.z=1])
29
30Formula secp256k1_gej_add_zinv_var:
31  add:
32    branch 4: OK
33  double:
34    branch 2: OK
35  add_opposite:
36    branch 3: OK
37  add_infinite_a:
38    branch 1: OK
39  add_infinite_b:
40    branch 0: OK
41  add_infinite_ab:
42    branch 0: OK
43
44Formula secp256k1_gej_add_ge:
45  add:
46    branch 0: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
47    branch 2: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
48    branch 3: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
49  double:
50    branch 0: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
51  add_opposite:
52    branch 9: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
53  add_infinite_a:
54    branch 4: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
55    branch 6: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
56    branch 7: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
57    branch 13: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
58  add_infinite_b:
59  add_infinite_ab:
60
61Formula secp256k1_gej_add_ge_old [should fail]:
62  add:
63    branch 0: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
64    branch 2: FAIL, ['finite_point', 'on_curve', 'colinear_1', 'colinear_2', 'colinear_3'] fails (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
65  double:
66    branch 0: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
67  add_opposite:
68    branch 2: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
69  add_infinite_a:
70    branch 1: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
71  add_infinite_b:
72  add_infinite_ab:
  7. siv2r commented at 10:32 am on February 1, 2022: contributor

    The branch 4 of gej_add_var and gej_add_zinv_var fails on SageMath version 9.4, Release Date: 2021-08-22 

     0sage: load("prove_group_implementations.sage")                                            
 1Formula secp256k1_gej_add_var:
 2  add:
 3    branch 4: FAIL, <map object at 0x7fdf43f902b0> fails (assuming )
 4  double:
 5    branch 2: OK
 6  add_opposite:
 7    branch 3: OK
 8  add_infinite_a:
 9    branch 0: OK
10  add_infinite_b:
11    branch 1: OK
12  add_infinite_ab:
13    branch 0: OK
14
15Formula secp256k1_gej_add_ge_var:
16  add:
17    branch 4: OK (assuming Bz - 1 = 0 [b.z=1])
18  double:
19    branch 2: OK (assuming Bz - 1 = 0 [b.z=1])
20  add_opposite:
21    branch 3: OK (assuming Bz - 1 = 0 [b.z=1])
22  add_infinite_a:
23    branch 0: OK (assuming Bz - 1 = 0 [b.z=1])
24  add_infinite_b:
25    branch 1: OK (assuming Bz - 1 = 0 [b.z=1])
26  add_infinite_ab:
27    branch 0: OK (assuming Bz - 1 = 0 [b.z=1])
28
29Formula secp256k1_gej_add_zinv_var:
30  add:
31    branch 4: FAIL, <map object at 0x7fdf443faac0> fails (assuming )
32  double:
33    branch 2: OK
34  add_opposite:
35    branch 3: OK
36  add_infinite_a:
37    branch 1: OK
38  add_infinite_b:
39    branch 0: OK
40  add_infinite_ab:
41    branch 0: OK
42
43Formula secp256k1_gej_add_ge:
44  add:
45    branch 0: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
46    branch 2: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
47    branch 3: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
48  double:
49    branch 0: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
50  add_opposite:
51    branch 9: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
52  add_infinite_a:
53    branch 4: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
54    branch 6: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
55    branch 7: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
56    branch 13: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
57  add_infinite_b:
58  add_infinite_ab:
59
60Formula secp256k1_gej_add_ge_old [should fail]:
61  add:
62    branch 0: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
63    branch 2: FAIL, ['finite_point', 'on_curve', 'colinear_1', 'colinear_2', 'colinear_3'] fails (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
64  double:
65    branch 0: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
66  add_opposite:
67    branch 2: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
68  add_infinite_a:
69    branch 1: OK (assuming Bi = 0 [b_finite], Bz - 1 = 0 [b.z=1])
70  add_infinite_b:
71  add_infinite_ab:

    But there was no TypeError in my case. I used CoCalc to run the sage scripts.

    On running, sage ./prove_group_implementations.sage for sage v9.0 (on my local machine) there are no errors (with or without the change_ring workaround).

     0$ sage --version;sage ./prove_group_implementations.sage
 1SageMath version 9.0, Release Date: 2020-01-01
 2Formula secp256k1_gej_add_var:
 3  add:
 4    branch 4: OK
 5  double:
 6    branch 2: OK
 7  add_opposite:
 8    branch 3: OK
 9  add_infinite_a:
10    branch 0: OK
11  add_infinite_b:
12    branch 1: OK
13  add_infinite_ab:
14    branch 0: OK
15
16Formula secp256k1_gej_add_ge_var:
17  add:
18    branch 4: OK (assuming Bz - 1 = 0 [b.z=1])
19  double:
20    branch 2: OK (assuming Bz - 1 = 0 [b.z=1])
21  add_opposite:
22    branch 3: OK (assuming Bz - 1 = 0 [b.z=1])
23  add_infinite_a:
24    branch 0: OK (assuming Bz - 1 = 0 [b.z=1])
25  add_infinite_b:
26    branch 1: OK (assuming Bz - 1 = 0 [b.z=1])
27  add_infinite_ab:
28    branch 0: OK (assuming Bz - 1 = 0 [b.z=1])
29
30Formula secp256k1_gej_add_zinv_var:
31  add:
32    branch 4: OK
33  double:
34    branch 2: OK
35  add_opposite:
36    branch 3: OK
37  add_infinite_a:
38    branch 1: OK
39  add_infinite_b:
40    branch 0: OK
41  add_infinite_ab:
42    branch 0: OK
43
44Formula secp256k1_gej_add_ge:
45  add:
46    branch 0: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
47    branch 2: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
48    branch 3: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
49  double:
50    branch 0: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
51  add_opposite:
52    branch 9: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
53  add_infinite_a:
54    branch 4: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
55    branch 6: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
56    branch 7: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
57    branch 13: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
58  add_infinite_b:
59  add_infinite_ab:
60
61Formula secp256k1_gej_add_ge_old [should fail]:
62  add:
63    branch 0: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
64    branch 2: FAIL, ['finite_point', 'on_curve', 'colinear_1', 'colinear_2', 'colinear_3'] fails (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
65  double:
66    branch 0: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
67  add_opposite:
68    branch 2: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
69  add_infinite_a:
70    branch 1: OK (assuming Bz - 1 = 0 [b.z=1], Bi = 0 [b_finite])
71  add_infinite_b:
72  add_infinite_ab:
  8. jonasnick closed this on Feb 5, 2022
  9. dderjoel referenced this in commit 9a3a468ff4 on May 23, 2023
  10. matteonardelli referenced this in commit a84443afca on Jun 16, 2023


jonasnick sipa siv2r

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-22 03:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me