There is a bug in redjubjub where it rejects Jubjub small order points and the identity when they should be valid VerificationKeys to conform to the Zcash Spec. While those points are rejected when the VerificationKey is being used as a SpendAuthorizationKey, they should not be rejected to conform to the pure RedJubjub spec in other cases. See https://github.com/ZcashFoundation/redjubjub/issues/127 for more.
If redjubjub changes to strictly conform and resolve https://github.com/ZcashFoundation/redjubjub/issues/127, we need to expliticly make our derived key types and Sapling value commit to check and reject small order values:
Motivation
There is a bug in
redjubjub
where it rejects Jubjub small order points and the identity when they should be validVerificationKey
s to conform to the Zcash Spec. While those points are rejected when theVerificationKey
is being used as aSpendAuthorizationKey
, they should not be rejected to conform to the pure RedJubjub spec in other cases. See https://github.com/ZcashFoundation/redjubjub/issues/127 for more.If
redjubjub
changes to strictly conform and resolve https://github.com/ZcashFoundation/redjubjub/issues/127, we need to expliticly make our derived key types and Sapling value commit to check and reject small order values:Related Work
redjubjub https://github.com/ZcashFoundation/redjubjub/issues/127