This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
Should we perform subgroup checks for G2? #21
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
https://github.com/paritytech/bn/blob/master/src/groups/mod.rs#L108 The check is here.
I have seen no the same checks in bellman_ce, go-ethereum, and ethereumj. But parity-ethereum (openethereum) is still using this costly check.
Obviously, we should not check the subgroup for G1 at the prime order curve. What about checking G2 subgroup before pairing?
The text was updated successfully, but these errors were encountered: