FCL_elliptic: return P0 if P1 is zero

rdubois-crypto / FreshCryptoLib

Cryptographic Primitives for Blockchain Systems (solidity, cairo, C and rust)

MIT License

124 stars 22 forks source link

FCL_elliptic: return P0 if P1 is zero #6

Closed Kelvyne closed 1 year ago

Kelvyne commented 1 year ago

as discussed :)

rdubois-crypto commented 1 year ago

The actual comparizon flaw returns the infinity (neutral) point when performing ecadd(infinity, P1) instead of returning P1. While not affecting the main verification (only call is over public key and base points that cannot be neutral by construction), correction is necessary for other use.

Thx for careful notice !