From 0b7267388e169fab608f8a5223eeb0ee0f92ea2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mamy=20Andr=C3=A9-Ratsimbazafy?= Date: Fri, 4 Dec 2020 12:00:02 +0100 Subject: [PATCH] Add comment about group check caching and use new deserialization --- blscurve/blst/bls_sig_min_pubkey_size_pop.nim | 11 +++++++++-- blscurve/blst/blst_abi.nim | 1 + 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/blscurve/blst/bls_sig_min_pubkey_size_pop.nim b/blscurve/blst/bls_sig_min_pubkey_size_pop.nim index 445f036..37397af 100644 --- a/blscurve/blst/bls_sig_min_pubkey_size_pop.nim +++ b/blscurve/blst/bls_sig_min_pubkey_size_pop.nim @@ -16,7 +16,14 @@ # approach, since the size of (PK_1, ..., PK_n, signature) is # dominated by the public keys even for small n. -# We expose the same API as nim-blscurve +# We expose the same API as MIRACL +# +# Design: +# - We check public keys and signatures at deserialization +# - non-zero +# - in the correct subgroup +# The primitives called assume that input are already subgroup-checked +# and so do not call "KeyValidate" again in verification procs. import # Status libraries @@ -166,7 +173,7 @@ func fromBytes*( return false let pa = cast[ptr array[L, byte]](raw[0].unsafeAddr) obj.scalar.blst_scalar_from_bendian(pa[]) - if obj.vec_is_zero(): + if obj.vec_is_zero() or not obj.blst_sk_check(): return false return true diff --git a/blscurve/blst/blst_abi.nim b/blscurve/blst/blst_abi.nim index d5ddedf..0ea86e5 100644 --- a/blscurve/blst/blst_abi.nim +++ b/blscurve/blst/blst_abi.nim @@ -140,6 +140,7 @@ proc blst_bendian_from_scalar*(ret: var array[32, byte]; a: blst_scalar) proc blst_scalar_from_lendian*(ret: var blst_scalar; a: array[32, byte]) proc blst_lendian_from_scalar*(ret: var array[32, byte]; a: blst_scalar) proc blst_scalar_fr_check*(a: blst_scalar): CTBool +proc blst_sk_check*(a: blst_scalar): CTBool # BLS12-381-specific Fr operations (Modulo curve order) proc blst_fr_add*(ret: var blst_fr; a: blst_fr; b: blst_fr)