`c` modulus is inconsistent across different implementations

plume-sig / zk-nullifier-sig

Implementation of PLUME: nullifier friendly signature scheme on ECDSA

MIT License

129 stars 22 forks source link

Closed 0xbok closed 10 months ago

0xbok commented 1 year ago

If c overflows the Curve order, the value returned by Rust impls differ from js and circom versions.

Rust impls return c % Curve.n, js and circom return the plain c.

skaunov commented 10 months ago

Feels obvious, but let me double check: we want it returned wrapped, right? Like currently in Rust done.

Divide-By-0 commented 10 months ago

Wrapped seems good!