Skip to content

Commit 05eba44

Browse files
armfazharmfazh
committed
fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.
1 parent eef0878 commit 05eba44

File tree

2 files changed

+38
-23
lines changed

2 files changed

+38
-23
lines changed

ecc/fourq/point.go

Lines changed: 31 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -272,36 +272,48 @@ func (P *Point) Unmarshal(in *[Size]byte) bool {
272272

273273
func (P *pointR1) IsOnCurve() bool {
274274
t0, lhs, rhs := &Fq{}, &Fq{}, &Fq{}
275+
// Check z != 0
276+
eq0 := !P.Z.isZero()
275277

278+
// Check Eq 1: -X^2 + Y^2 == Z^2 + dT^2
276279
fqAdd(t0, &P.Y, &P.X) // t0 = y + x
277280
fqSub(lhs, &P.Y, &P.X) // lhs = y - x
278281
fqMul(lhs, lhs, t0) // lhs = y^2 - x^2
279-
fqMul(rhs, &P.X, &P.Y) // rhs = xy
280-
fqSqr(rhs, rhs) // rhs = x^2y^2
281-
fqMul(rhs, rhs, &paramD) // rhs = dx^2y^2
282-
t0.setOne() // t0 = 1
283-
fqAdd(rhs, rhs, t0) // rhs = 1 + dx^2y^2
284-
fqSub(t0, lhs, rhs) // t0 = -x^2 + y^2 - (1 + dx^2y^2)
285-
return t0.isZero()
282+
fqMul(rhs, &P.Ta, &P.Tb) // rhs = T = Ta * Tb
283+
fqSqr(rhs, rhs) // rhs = T^2
284+
fqMul(rhs, rhs, &paramD) // rhs = dT^2
285+
fqSqr(t0, &P.Z) // t0 = Z^2
286+
fqAdd(rhs, rhs, t0) // rhs = Z^2 + dT^2
287+
fqSub(t0, lhs, rhs) // t0 = (-X^2 + Y^2) - (Z^2 + dT^2)
288+
eq1 := t0.isZero()
289+
290+
// Check Eq 2: (Ta*Tb)*Z == X*Y
291+
fqMul(lhs, &P.Ta, &P.Tb) // lhs = Ta*Tb = T
292+
fqMul(lhs, lhs, &P.Z) // lhs = T * Z
293+
fqMul(rhs, &P.X, &P.Y) // rhs = X * Y
294+
fqSub(t0, lhs, rhs) // t0 = Ta*Tb*Z - X*Y
295+
eq2 := t0.isZero()
296+
297+
return eq0 && eq1 && eq2
286298
}
287299

288300
func (P *pointR1) isEqual(Q *pointR1) bool {
289301
l, r := &Fq{}, &Fq{}
290-
fqMul(l, &P.X, &Q.Z)
291-
fqMul(r, &Q.X, &P.Z)
292-
fqSub(l, l, r)
302+
fqMul(l, &P.X, &Q.Z) // l = X1*Z2
303+
fqMul(r, &Q.X, &P.Z) // r = X2*Z1
304+
fqSub(l, l, r) // l = l-r
293305
b := l.isZero()
294-
fqMul(l, &P.Y, &Q.Z)
295-
fqMul(r, &Q.Y, &P.Z)
296-
fqSub(l, l, r)
306+
fqMul(l, &P.Y, &Q.Z) // l = Y1*Z2
307+
fqMul(r, &Q.Y, &P.Z) // r = Y2*Z1
308+
fqSub(l, l, r) // l = l-r
297309
b = b && l.isZero()
298-
fqMul(l, &P.Ta, &P.Tb)
299-
fqMul(l, l, &Q.Z)
300-
fqMul(r, &Q.Ta, &Q.Tb)
301-
fqMul(r, r, &P.Z)
302-
fqSub(l, l, r)
310+
fqMul(l, &P.Ta, &P.Tb) // l = T1 = Ta1*Tb1
311+
fqMul(l, l, &Q.Z) // l = T1*Z2
312+
fqMul(r, &Q.Ta, &Q.Tb) // r = T2 = Ta2*Tb2
313+
fqMul(r, r, &P.Z) // r = T2*Z1
314+
fqSub(l, l, r) // l = l-r
303315
b = b && l.isZero()
304-
return b
316+
return b && !P.Z.isZero() && !Q.Z.isZero()
305317
}
306318

307319
func (P *pointR1) ClearCofactor() {

ecc/fourq/point_test.go

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,7 @@ func TestOddMultiples(t *testing.T) {
110110
Q.add(&Tab[j])
111111
}
112112
// R = (2^6)P == 64P
113+
R = P
113114
for j := 0; j < 6; j++ {
114115
R.double()
115116
}
@@ -123,7 +124,7 @@ func TestOddMultiples(t *testing.T) {
123124

124125
func TestScalarMult(t *testing.T) {
125126
const testTimes = 1 << 10
126-
var P, Q, G pointR1
127+
var P, Q pointR1
127128
var k [Size]byte
128129

129130
t.Run("0P=0", func(t *testing.T) {
@@ -163,11 +164,13 @@ func TestScalarMult(t *testing.T) {
163164
}
164165
})
165166
t.Run("mult", func(t *testing.T) {
166-
G.X = genX
167-
G.Y = genY
167+
var G Point
168+
G.SetGenerator()
169+
var gen pointR1
170+
G.toR1(&gen)
168171
for i := 0; i < testTimes; i++ {
169172
_, _ = rand.Read(k[:])
170-
P.ScalarMult(&k, &G)
173+
P.ScalarMult(&k, &gen)
171174
Q.ScalarBaseMult(&k)
172175
got := Q.isEqual(&P)
173176
want := true

0 commit comments

Comments
 (0)