Comments (6)
For the API, will externally received points always pass through a deserialization function? If so, that seems like the place to do the validation.
So a deserialization function would look like
int ecp2_BN254_deserialize(char* buf, size_t len, struct ecp2_BN254 point_out) {
// do deserialization here
if (ret)
return ret; // deserialization failed
return ecp2_BN254_check_membership(point_out);
}
If the expected group can change, then specialize the deserialization methods and check membership functions:
int ecp2_BN254_deserialize_for_G2(char* buf, size_t len, struct ecp2_BN254 point_out);
from ecdaa.
Yea, this is exactly what I'm planning (and, what I think I currently have). I'm just not confident that my current implementation does this correctly.
from ecdaa.
Does the current version actually do this?
For example, ecp_BN254_deserialize
doesn't call ecp_BN254_check_membership
. Instead,
ecdaa_credential_BN254_deserialize_with_signature
calls ecdaa_credential_BN254_validate
which calls ecp_BN254_check_membership
.
But ecdaa_credentia_BN254_deserialize
doesn't call a validate
or check_membership
function.
Moving the validation call into the curve point deserialization functions (possibly specialized to the curve) would ensure that no point is deserialized without checking its membership.
from ecdaa.
Note: currently, we do the standard (x9.62) membership checks for a G1 point upon deserialization (then assume that any points passed to other functions have undergone this check, and thus we don't perform them again).
Currently, for G2 points, we do the same checks as for G1 except we don't do the small-subgroup check. This was due to the fact that I wasn't sure how to do this check for G2 (in G1, I'm currently doing the standard shortcut of ensuring that cofactor * point != inf, but I wasn't sure how to find the cofactor for G2). However, Chen Page and Smart's paper (doi: 10.1007/978-3-642-12510-2_16) explicitly says G2 group checks can be done by checking that the point is on the curve (that is, the sextic-twist of the curve, over F_p^2), and then that curve_order*point == inf. That is, all we have to do is add the curve_order*point == inf
check.
A PR with this change is forthcoming.
from ecdaa.
Fixed in PR #47
from ecdaa.
For future reference: the subgroup check for G1 points is not actually necessary for the Barreto-Naehrig curves, since they have cofactor=1. It seems likely we will continue to use prime-order (thus cofactor=1) curves, but let's leave this check in there for now, and come back to this issue later.
from ecdaa.
Related Issues (20)
- CI: Decouple TPM simulator setup from xaptum-tpm repo
- Separate TPM and non-TPM functionalities
- Get Coverity working in travis-ci again
- Travis builds fail due to inability to download LibSodium HOT 1
- Upgrade Schnorr verification for TPM to use Rev 1.16 Errata 1.5
- ECDAA Tool creation
- Transition implementation to newest literature recommendations
- Improve travis testing of static-lib build and installation HOT 1
- Get CPPCheck working again
- Find out why valgrind tests in travis are failing
- Publish deb for v0.10.1 release HOT 1
- Cannot compile tools on 32-bit arch HOT 2
- Bump version in CMakeLists HOT 1
- Include issues when attempting to compile on Raspbian. HOT 3
- Enable signing a message without a basename. HOT 4
- create_tpm_key_util fails to create signing key HOT 8
- TPM Tests fail persistently HOT 5
- Apt packages and future distro support HOT 3
- Limit the number of times someone can join. HOT 6
- Examine how to take randomness
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ecdaa.