Update BabyJubJub EdDSA to last circomlib version

- Update BabyJubJub EdDSA signature to last circomlib version (Poseidon usage) - Remove panic on hash error inside verification, to avoid panic due field overflow of BabyJubJub signature verification
2026-02-07 11:36:41 +01:00 · 2020-12-02 19:57:27 +01:00
parent 94e92e88fb
commit 5dd19b46dd
2 changed files with 6 additions and 6 deletions
--- a/babyjub/eddsa.go
+++ b/babyjub/eddsa.go
@@ -247,7 +247,7 @@ func (p *PublicKey) VerifyMimc7(msg *big.Int, sig *Signature) bool {
 	hmInput := []*big.Int{sig.R8.X, sig.R8.Y, p.X, p.Y, msg}
 	hm, err := mimc7.Hash(hmInput, nil) // hm = H1(8*R.x, 8*R.y, A.x, A.y, msg)
 	if err != nil {
-		panic(err)
+		return false
 	}

 	left := NewPoint().Mul(sig.S, B8) // left = s * 8 * B
@@ -273,7 +273,7 @@ func (k *PrivateKey) SignPoseidon(msg *big.Int) *Signature {
 	R8 := NewPoint().Mul(r, B8) // R8 = r * 8 * B
 	A := k.Public().Point()

-	hmInput := []*big.Int{R8.X, R8.Y, A.X, A.Y, msg, big.NewInt(int64(0))}
+	hmInput := []*big.Int{R8.X, R8.Y, A.X, A.Y, msg}
 	hm, err := poseidon.Hash(hmInput) // hm = H1(8*R.x, 8*R.y, A.x, A.y, msg)
 	if err != nil {
 		panic(err)
@@ -290,10 +290,10 @@ func (k *PrivateKey) SignPoseidon(msg *big.Int) *Signature {
 // VerifyPoseidon verifies the signature of a message encoded as a big.Int in Zq
 // using blake-512 hash for buffer hashing and Poseidon for big.Int hashing.
 func (p *PublicKey) VerifyPoseidon(msg *big.Int, sig *Signature) bool {
-	hmInput := []*big.Int{sig.R8.X, sig.R8.Y, p.X, p.Y, msg, big.NewInt(int64(0))}
+	hmInput := []*big.Int{sig.R8.X, sig.R8.Y, p.X, p.Y, msg}
 	hm, err := poseidon.Hash(hmInput) // hm = H1(8*R.x, 8*R.y, A.x, A.y, msg)
 	if err != nil {
-		panic(err)
+		return false
 	}

 	left := NewPoint().Mul(sig.S, B8) // left = s * 8 * B