Point at infinity not emplemented

AntonKueltz / fastecdsa

Python library for fast elliptic curve crypto

https://pypi.python.org/pypi/fastecdsa

The Unlicense

264 stars 77 forks source link

Point at infinity not emplemented #21

Closed shikuk closed 4 years ago

shikuk commented 5 years ago

Operands with resulting point at infinity fails to ValueError: (x, y) coordinates are not on curve <test_curve> or simply does wrong (0G or NG )

print ("G =  %s" % (G))
print ("0*G = %s" % (0*G))
print ("G - G = %s" % (G - G))

G =  X: 0x500
Y: 0x823
(On curve <test_curve>)
0*G = X: 0x500
Y: 0x823
(On curve <test_curve>)
    print ("G - G = %s" % (G - G))
  File "build\bdist.win32\egg\fastecdsa\point.py", line 99, in __sub__
  File "build\bdist.win32\egg\fastecdsa\point.py", line 74, in __add__
  File "build\bdist.win32\egg\fastecdsa\point.py", line 31, in __init__
ValueError: (x, y) coordinates are not on curve <test_curve>

May be need to define Infinity point and add check for this to "is_point_on_curve"

AntonKueltz commented 5 years ago

Good catch, I've made handling of the identity element more explicit to avoid this (the error was the case where G was subtracted from itself). The commit is 76a5dea9bb513703fdb2ba54e448746a61018859 which is in version 1.6.5 (tag v.1.6.5). pip install -U fastecdsa should get you the latest release.


In [1]: from fastecdsa.curve import P256

In [2]: G = P256.G

In [3]: print ("G =  %s" % (G))
   ...: print ("0*G = %s" % (0*G))
   ...: print ("G - G = %s" % (G - G))
   ...:
G =  X: 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296
Y: 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5
(On curve <P256>)
0*G = <POINT AT INFINITY>
G - G = <POINT AT INFINITY>

shikuk commented 5 years ago

Tested, work as expected. Thank You!!!

shikuk commented 4 years ago

Addition of points R + (-R) fails m - random. Checked at random curves. Issue catched by implementation of Miller's algorithm

# n = #E(P192)
n = 6277101735386680763835789423176059013767194773182842284081
m = 0xAA5E28D6A97A2479A65527F7290311A3624D4CC0FA157
nm = n - m
R = m * P192.G
negR = nm * P192.G
FAIL = R + negR

-> ValueError: coordinates are not on curve <P192> Expected 'POINT AT INFINITY' to be here.

AntonKueltz commented 4 years ago

Good catch, not sure why this didn't already have test coverage. Fixed in commit 3a7eb8aefd19d59c9ce35c09be7f1897ed623918.

In [1]: from fastecdsa.curve import P192

In [2]: n = 6277101735386680763835789423176059013767194773182842284081
   ...: m = 0xAA5E28D6A97A2479A65527F7290311A3624D4CC0FA157
   ...: nm = n - m
   ...: R = m * P192.G
   ...: negR = nm * P192.G
   ...: R + negR
Out[2]: <POINT AT INFINITY>