absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-09 04:39:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix handling of prime/composite-order curves within short-weierstrass

Browse Source
This commit is contained in:
Luke Parker
2025-08-28 22:31:33 -04:00
parent da190759a9
commit 45bd376c08
4 changed files with 25 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/short-weierstrass/src/projective.rs
View File

@@ -308,12 +308,20 @@ impl<C: ShortWeierstrass> GroupEncoding for Projective<C> {
let (x, odd_y) = C::decode_compressed(bytes);
// Parse x, recover y, return the result
C::FieldElement::from_repr(x).and_then(|x| {
let result = C::FieldElement::from_repr(x).and_then(|x| {
// Parse x and recover y
let non_identity_on_curve_point = Affine::decompress(x, odd_y).map(Projective::from);
// Set the identity, if the identity
let identity = CtOption::new(Projective::IDENTITY, identity);
non_identity_on_curve_point.or_else(|| identity)
})
});
let mut result_is_valid = result.is_some();
let result = result.unwrap_or(Projective::IDENTITY);
// Constrain points to the prime-order subgroup
result_is_valid &= !C::has_torsion_element(result);
CtOption::new(result, result_is_valid)
}
fn from_bytes_unchecked(bytes: &C::Repr) -> CtOption<Self> {
Self::from_bytes(bytes)
@@ -341,6 +349,7 @@ impl<C: ShortWeierstrass> GroupEncoding for Projective<C> {
}
}
/// We implement `PrimeGroup` due to constraining to a prime-order subgroup
impl<C: ShortWeierstrass<Scalar: PrimeFieldBits>> PrimeGroup for Projective<C> {}
#[cfg(feature = "alloc")]