Hyperledger Ursa (a shared cryptographic library) has moved to end-of-life status, with the components of Ursa still in use moved to their relevant Hyperledger projects (AnonCreds, Indy, Aries and Iroha).
This PR checks for exceptional behavior in keys and values that could potentially lead to disastrous results like validating every signature even though I don't think this formally breaks the security of the scheme.
This could occur if the secret key is zero bytes which would result in a public key equal to the identity point.
The problem with allowing the identity point as a public key is that every signature under this public key is also the identity point, which means that a signer falsifies the message they signed.
It also checks makes sure random values are never zero.
This PR checks for exceptional behavior in keys and values that could potentially lead to disastrous results like validating every signature even though I don't think this formally breaks the security of the scheme.
This could occur if the secret key is zero bytes which would result in a public key equal to the identity point.
The problem with allowing the identity point as a public key is that every signature under this public key is also the identity point, which means that a signer falsifies the message they signed.
It also checks makes sure random values are never zero.