PROBLEM: The following function in ECKeyPair.cs allows one to obtain the public key from an input private key.
public static ECPoint publicPointFromPrivate(BigInteger privKey)
{
/*
* TODO: FixedPointCombMultiplier currently doesn't support scalars longer than the group
* order, but that could change in future versions.
*/
if (privKey.BitLength > CURVE.N.BitLength)
{
privKey = privKey.Mod(CURVE.N);
}
return new FixedPointCombMultiplier().Multiply(CURVE.G, privKey);
}
If the input privKey has a bit length that is larger than the bit length of the group order N, then privKey is reduced modulo N. There are couple of issues here: 1) Any input privKey that does not fall between 1 and N-1 (both inclusive) should be outright rejected. 2) Comparing the bit length of N and privKey is not correct. One should rather compare their values directly.
SOLUTION: Replace the if condition by instead checking whether the input privKey is valid or not. A valid privKey is simply a scalar value that is between 1 and N-1. If privKey is invalid, then the function should simply throw an error instead of reducing privKey modulo N.
PROBLEM: The following function in
ECKeyPair.cs
allows one to obtain the public key from an input private key.If the input
privKey
has a bit length that is larger than the bit length of the group orderN
, thenprivKey
is reduced moduloN
. There are couple of issues here: 1) Any inputprivKey
that does not fall between1
andN-1
(both inclusive) should be outright rejected. 2) Comparing the bit length ofN
andprivKey
is not correct. One should rather compare their values directly.SOLUTION: Replace the
if
condition by instead checking whether the inputprivKey
is valid or not. A validprivKey
is simply a scalar value that is between1
andN-1
. IfprivKey
is invalid, then the function should simply throw an error instead of reducingprivKey
moduloN
.@neeboo @yanbin007