dot-asm
commented
1 week ago As quoted commentary implies, the case is not cared for. With rationale that in real-life application the scalar would be a result of calculation and the said calculation is expected to produce properly bound value. If the application trusts somebody else to perform the calculation (a.k.a. accepting inputs from the internet), then it's expected that application would vet the inputs and take an action (of application choice) if it's found out-of-range, most likely reject it, prior passing it to the library.
I noticed that the
blst_p1_multAPI can take scalar of any size. But if the scalar value is not less thanBLS12_381_rthe implementation selects the slower "w5" algorithm.https://github.com/supranational/blst/blob/master/src/e1.c#L526-L527
I wonder if for scalars of 256 bits it is not better to reduce its value by doing
mod BLS12_381_r.