pierluca
commented
1 month ago @K1li4nL I see the PR fixing this was closed, because it introduced non-backwards-compatible changes, but what's the status on this ?
Closed cgrigis closed 1 month ago
pierluca
commented
1 month ago @K1li4nL I see the PR fixing this was closed, because it introduced non-backwards-compatible changes, but what's the status on this ?
K1li4nL
commented
1 month ago I see a couple possibilities: 1) Given #443, we get rid of BN256 altogether since we now have BLS12-381 in master and close this issue 2) If we want to keep BN256, update the documentation to make sure this is not lost and close this issue. 3) Break backward compatibility, I don't think this makes much sense since this curve is not recommended and ultimately unfix-able, mentions it out of completeness.
pierluca
commented
1 month ago Okay, let's go with option 2 then !
K1li4nL
commented
1 month ago Will update pr #538 to add that then
Security Code Review finding:
Another modulo bias in
kyberwas found inpairing/bn256/point.goon line 239, notice this is not necessarily a danger depending how thehashToPoint()method is later used, but it could be done using iterative hashing and masking until a value below the modulus is found to ensure a uniform distribution of thexcoordinate.