You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As noted here, our implementation of BN, secp256k1, and supersingular curves do not check the curve equation, nor do they check if the given element is in the right subgroup.
This needs to be fixed.
The curve check can go into the WeierstrassCurve interface and called in the AbstractEllipticCurvePoint class during deserialization.
The subgroup check should happen in PairingSourceGroupImpl. The current PairingSourceGroupImpl::isMember in there may be a bit wonky because it uses the pow() function, which may optimize the exponentiation by taking the exponent mod size(). So something like the dedicated PairingSourceGroupImpl::cofactorMultiplication() seens to be much better for this use case.
It should be called in the PairingSourceGroupImpl::restoreElement() method (together with the check that the point is on the curve).
The text was updated successfully, but these errors were encountered:
As noted here, our implementation of BN, secp256k1, and supersingular curves do not check the curve equation, nor do they check if the given element is in the right subgroup.
This needs to be fixed.
The curve check can go into the
WeierstrassCurve
interface and called in theAbstractEllipticCurvePoint
class during deserialization.The subgroup check should happen in
PairingSourceGroupImpl
. The currentPairingSourceGroupImpl::isMember
in there may be a bit wonky because it uses the pow() function, which may optimize the exponentiation by taking the exponent modsize()
. So something like the dedicatedPairingSourceGroupImpl::cofactorMultiplication()
seens to be much better for this use case.It should be called in the
PairingSourceGroupImpl::restoreElement()
method (together with the check that the point is on the curve).The text was updated successfully, but these errors were encountered: