Open kirk-baird opened 4 years ago
If this isn't explicitely part of #79 maybe this change can be extracted to a stand-alone PR?
I made this PR cause it is a security vulnerability that currently exists but it is included as part or the BLS stand.
Do you this it should be it's own PR or part of the BLS standard PR?
I've added this in #79
What is wrong?
Currently verification of a signature does not check that the signature is in the correct subgroup. This poses a security risk when verifying a pairing.
How can it be fixed
When verifying a signature check
r * sig == 0
before pairing.I will update #79 to include the check as this had been inserted into the standard.