search

mratsim / constantine

Constantine: modular, high-performance, zero-dependency cryptography stack for proof systems and blockchain protocols.
Other
272 stars 38 forks source link

Twisted Edwards MSM: `setNeutral` instead of zeroMem #406

Closed mratsim closed 3 days ago

mratsim commented 3 days ago

There were 2 bugs leading to wrong result in Twisted Edwards MSM in #390.

  1. The equality checks should special case neutral elements or a neutral element will be considered equal.
  2. In MSM, we should initialize buckets to the neutral element not via zeroMem which lead to invalid computation for Twisted Edwards curves. This fixes #390. Unfortunately it doesn't seem to help for #366