ecc_verify_hash_raw fails when not using Shamir method and provided hash is all zeros

libtom / libtomcrypt

LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.

https://www.libtom.net

Other

1.51k stars 449 forks source link

ecc_verify_hash_raw fails when not using Shamir method and provided hash is all zeros #116

Open dgarske opened 8 years ago

dgarske commented 8 years ago

The math for handling the ECC verify with a hash with null characters, such as {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0} and hashlen = 20. This results in an invalid signature verification (v != r). This only happens if the traditional (non Shamir) method is used to calculate "u1_mG + u2_mQ = mG".

This happens when calling "ecc_verify_hash_raw" and not using Shamir method (ecc_mul2add == NULL) and provided hash is all zeros.

Has anyone seen this or have any idea how to resolve the math?

sjaeckel commented 7 years ago

@karel-m how should we proceed with this issue regarding the release?