-
Notifications
You must be signed in to change notification settings - Fork 415
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to check a VerifyingKey point is within the prime order subgroup #623
Comments
I guess one of the immediate concerns here is there is no I believe this would be checked if we implemented NIST's "D.1.3.2. Full Public Key Validation": see #380 (comment). Namely step 3:
|
randombit
added a commit
to randombit/curve25519-dalek
that referenced
this issue
Feb 12, 2024
Opened a patch proposal in #624 |
randombit
added a commit
to randombit/curve25519-dalek
that referenced
this issue
Feb 12, 2024
Adds VerifyingKey::to_edwards and a From conversion See dalek-cryptography#623
Thank you for the fast review! |
mikelodder7
pushed a commit
to mikelodder7/curve25519-dalek-ml
that referenced
this issue
Feb 17, 2024
…dalek-cryptography#624) Adds VerifyingKey::to_edwards and a From conversion See dalek-cryptography#623
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Given a
VerifyingKey
that I've created from bytes sent to me by another party, how can I check that the point is within the prime order subgroup?IIUC, I can check if it is contained entirely within the torsion subgroup using
is_weak()
, but to check that it is within the subgroup mod \ell the best I can find ispk.to_montgomery().to_edwards(0).unwrap().is_torsion_free()
which seems quite contorted, not to mention pointlessly expensive.
Am I missing something that would make this easier/cheaper?
The text was updated successfully, but these errors were encountered: