Point multiplication by negative factor is not correct

AntonKueltz / fastecdsa

Python library for fast elliptic curve crypto

https://pypi.python.org/pypi/fastecdsa

The Unlicense

264 stars 77 forks source link

Point multiplication by negative factor is not correct #10

Closed naumazeredo closed 6 years ago

naumazeredo commented 6 years ago

Simple verification with negative factor fails like shown:

#!/usr/bin/env python

from fastecdsa.curve import P256
from fastecdsa.point import Point

a = -1 * P256.G
b = (-1 % P256.q) * P256.G

assert(a == b)

As stated in StackExchange, the identity xP = (x+q)P should hold even for negative values.

I think that if all multiplications should be done modulus curve's q (but I don't know much about EC, so the fix could be broader).

AntonKueltz commented 6 years ago

Thanks for catching that, you're correct that multiplication by negatives should be multiplication by the element in Zq that they are congruent to. Fixed in commit e38578e, will be in version 1.4.3.

In [1]: from fastecdsa.curve import P256

In [2]: from fastecdsa.point import Point

In [3]: a = -1 * P256.G

In [4]: b = (-1 % P256.q) * P256.G

In [5]: assert(a == b)

In [6]: