Closed cronokirby closed 3 years ago
There are a few places where we an integer mod N by sampling the same number of random bits as N, and then reducing modulo N. e.g. https://github.com/taurusgroup/cmp-ecdsa/blob/main/pkg/math/sample/sample.go#L35 https://github.com/taurusgroup/cmp-ecdsa/blob/main/pkg/math/sample/sample.go#L51
This has a good amount of bias, although it's probably not exploitable.
We should probably do rejection sampling, or bump up the security parameter. The former is probably faster.
It would also be a good idea to unify this logic behind a sampler function, this logic is repeated atm in different places.
There are a few places where we an integer mod N by sampling the same number of random bits as N, and then reducing modulo N. e.g. https://github.com/taurusgroup/cmp-ecdsa/blob/main/pkg/math/sample/sample.go#L35 https://github.com/taurusgroup/cmp-ecdsa/blob/main/pkg/math/sample/sample.go#L51
This has a good amount of bias, although it's probably not exploitable.
We should probably do rejection sampling, or bump up the security parameter. The former is probably faster.
It would also be a good idea to unify this logic behind a sampler function, this logic is repeated atm in different places.