Closed milapsheth closed 2 years ago
The computation does occur over integers and is expected to be larger than the modulus. I'm planning on removing the debug_assert from the paillier-rs
repo that is being tripped by this. (mentioned in this comment)
In one part of the MtA proof, we compute a parameter
t1 = gamma + e s
, which during verify is encrypted under the Paillier keypair. Although,t1
exceeds the size of the Paillier modulus, and thus the message domain allowed for encryption. Investigate the reason whyt1
exceeds the modulus.