Right now gt_rand maps to e.g. fp12_rand, which generates any element in fp12
instead of only in gt.
I see two ways to fix this:
- Generate random 0 <= k < n, compute e(g1,g2)^k. However this would require to
precompute e(g1,g2) which takes space, or to compute it on the fly, which takes
time. (Though BB signature also uses e(g1,g2), so maybe precomputing it would
be nice)
- Generate random element in fpx and raise by the "cofactor", which can be done
with pp_exp. Seems nice but I don't know how secure/uniform this is.
Original issue reported on code.google.com by conrado...@gmail.com on 28 Jun 2013 at 2:44
Original issue reported on code.google.com by
conrado...@gmail.comon 28 Jun 2013 at 2:44