Add Javadoc to GroupElement etc. It should state that
for op, we assume that right hand side to be in the right group, otherwise behavior is undefined (and may be a security risk)
document reasons why getElement(Represenatation) should be used for untrusted Representations of GroupElements, and make clear that you would never trust Group representations from an untrusted source. (Basically, tell people not to send groups alongside their elements just so everything is neatly StandaloneRepresentable).
Add some remarks about 3rd party serialization frameworks that use reflection magic to serialize group elements. Not a good idea. It would not be a breach of contract if each group element stored the exponents from which it was formed (i.e. you'd end up with some dlogs in your serialization). More realistically, we do have to normalize elements before sending them. getRepresentation() makes sure that it's safe to send.
(This issue has been imported from the Gitlab repository because it seems to not have been addressed yet)
Original Text (Issue 186)
Add Javadoc to GroupElement etc. It should state that
op
, we assume that right hand side to be in the right group, otherwise behavior is undefined (and may be a security risk)getElement(Represenatation)
should be used for untrusted Representations of GroupElements, and make clear that you would never trustGroup
representations from an untrusted source. (Basically, tell people not to send groups alongside their elements just so everything is neatlyStandaloneRepresentable
).getRepresentation()
makes sure that it's safe to send.