You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The problem is Point.from_bytes call. You can follow it to sapling_jubjub.py and you can see it needs to get the square root (u = u2.sqrt())[https://github.com/daira/zcash-test-vectors/blob/master/sapling_jubjub.py#L157)
Can you not just provide a witness for the points u coordinate and verify is_on_curve(u, v) and v == v_from_hash(...) ?
One problem with that is there may be more than one u coordinate for any given v and visa versa, e.g. negative points with the sign bit have the X coordinate flipped.
So it's not safe to just verify is_on_curve unless you also verify the sign bit of the encoded point and whether or not the X coord is negative or positive.
See
find_group_hash
@ https://github.com/daira/zcash-test-vectors/blob/master/sapling_generators.py#L31The text was updated successfully, but these errors were encountered: