diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-06-29 15:03:00 +0100 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-09-11 13:38:04 +0000 |
commit | c42917624849daeac0b4bc2fb1cd1f2539470b28 (patch) | |
tree | 301e71aef03eb5962360a95e2205432add3c78e9 /src/ringct/rctOps.cpp | |
parent | bulletproofs: speed up a few multiplies using existing Hi cache (diff) | |
download | monero-c42917624849daeac0b4bc2fb1cd1f2539470b28.tar.xz |
bulletproofs: reject points not in the main subgroup
Diffstat (limited to '')
-rw-r--r-- | src/ringct/rctOps.cpp | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/ringct/rctOps.cpp b/src/ringct/rctOps.cpp index fe0ad8747..df027f4b6 100644 --- a/src/ringct/rctOps.cpp +++ b/src/ringct/rctOps.cpp @@ -60,6 +60,17 @@ namespace rct { //Various key generation functions + bool toPointCheckOrder(ge_p3 *P, const unsigned char *data) + { + if (ge_frombytes_vartime(P, data)) + return false; + ge_p2 R; + ge_scalarmult(&R, curveOrder().bytes, P); + key tmp; + ge_tobytes(tmp.bytes, &R); + return tmp == identity(); + } + //generates a random scalar which can be used as a secret key or mask void skGen(key &sk) { random32_unbiased(sk.bytes); @@ -200,6 +211,12 @@ namespace rct { return aP; } + //Computes aL where L is the curve order + bool isInMainSubgroup(const key & a) { + ge_p3 p3; + return toPointCheckOrder(&p3, a.bytes); + } + //Curve addition / subtractions //for curve points: AB = A + B |