Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bn128: not checking group order when deserializing into G2 #61

Closed
ebfull opened this issue Dec 28, 2016 · 3 comments
Closed

bn128: not checking group order when deserializing into G2 #61

ebfull opened this issue Dec 28, 2016 · 3 comments
Assignees
@tromer @madars @alexchmit
Labels
duplicate

Comments

@ebfull
Copy link

ebfull commented Dec 28, 2016

The bn128 G2 deserialization code does not ensure that the point is in the correct subgroup. This is resolved in Zcash (see zcash/zcash#1938) but is_well_formed and the deserialization code itself should be checking the order of the points it deserializes.

It's unclear to me how points outside the group affect the pairing.
@tromer
Copy link
Member

tromer commented Jan 25, 2017

Duplicate of #42.

@tromer tromer closed this as completed Jan 25, 2017
@ebfull
Copy link
Author

ebfull commented Feb 2, 2017

@tromer #42 is about something slightly different, the deserialization code doesn't check if it's on the curve, and checking if it's on the curve when you're verifying is a bit sketchy. This issue is about the check itself: it doesn't actually properly check if G2 elements are in the right subgroup.

@daira
Copy link

daira commented Oct 21, 2017
edited
Loading

This should be reopened IMHO. It is not a duplicate of #42.

@daira daira mentioned this issue Oct 21, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tromer tromer

@madars madars

@alexchmit alexchmit

Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tromer @daira @madars @ebfull @alexchmit