From 33018bf6da079e1e361bfa42ef7c28f4d6c5483f Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Sat, 12 Apr 2025 08:37:41 -0400 Subject: [PATCH] Explicitly ban the identity point as an Ethereum Schnorr public key (002) This doesn't have a well-defined affine representation. k256's behavior, mapping it to (0, 0), means this would've been rejected anyways (so this isn't a change of any current behavior), but it's best not to rely on such an implementation detail. --- networks/ethereum/schnorr/src/public_key.rs | 6 +++++- networks/ethereum/schnorr/src/tests/public_key.rs | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/networks/ethereum/schnorr/src/public_key.rs b/networks/ethereum/schnorr/src/public_key.rs index fbf00584..f9940547 100644 --- a/networks/ethereum/schnorr/src/public_key.rs +++ b/networks/ethereum/schnorr/src/public_key.rs @@ -1,5 +1,5 @@ use subtle::Choice; -use group::ff::PrimeField; +use group::{ff::PrimeField, Group}; use k256::{ elliptic_curve::{ ops::Reduce, @@ -22,6 +22,10 @@ impl PublicKey { /// bounds such as parity). #[must_use] pub fn new(A: ProjectivePoint) -> Option { + if bool::from(A.is_identity()) { + None?; + } + let affine = A.to_affine(); // Only allow even keys to save a word within Ethereum diff --git a/networks/ethereum/schnorr/src/tests/public_key.rs b/networks/ethereum/schnorr/src/tests/public_key.rs index 9294cbac..896f9dba 100644 --- a/networks/ethereum/schnorr/src/tests/public_key.rs +++ b/networks/ethereum/schnorr/src/tests/public_key.rs @@ -27,6 +27,11 @@ pub(crate) fn test_key() -> (Scalar, PublicKey) { } } +#[test] +fn test_identity_key() { + assert!(PublicKey::new(ProjectivePoint::IDENTITY).is_none()); +} + #[test] fn test_odd_key() { // We generate a valid key to ensure there's not some distinct reason this key is invalid