bitcoin/bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-11-03 14:19:40 +00:00
Code Issues Releases Wiki Activity

Fail if any point is infinity when verifying

Browse Source
This commit is contained in:
Andrew Toth 2024-12-21 12:52:54 -05:00
parent 1f875a3706
commit 687198d72b
No known key found for this signature in database
GPG Key ID: 60007AFC8938B018
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
bip-DLEQ.mediawiki
View File

@ -74,6 +74,7 @@ Input:
* An optional message ''m'': a 32-byte array<ref name="why_include_a_message"> ''' Why include a message as an input?''' This could be useful for protocols that want to authorize on a compound statement, not just knowledge of a scalar. This allows the protocol to combine knowledge of the scalar and the statement.</ref>
The algorithm ''VerifyProof(A, B, C, proof, G, m)'' is defined as:
* Fail if any of ''is_infinite(A)'', ''is_infinite(B)'', ''is_infinite(C)'', ''is_infinite(G)''
* Let ''e = int(proof[0:32])''.
* Let ''s = int(proof[32:64])''; fail if ''s &ge; n''.
* Let ''R<sub>1</sub> = s⋅G - e⋅A''.

2
bip-DLEQ/reference.py
View File

@ -75,6 +75,8 @@ def dleq_generate_proof(
def dleq_verify_proof(
A: GE, B: GE, C: GE, proof: bytes, G: GE = G, m: bytes | None = None
) -> bool:
if A.infinity or B.infinity or C.infinity or G.infinity:
return False
assert len(proof) == 64
e = int.from_bytes(proof[:32], "big")
s = int.from_bytes(proof[32:], "big")