From 5dd19b46ddebc5f6dd54937a4e2b58af7b11ee6e Mon Sep 17 00:00:00 2001 From: arnaucube Date: Wed, 2 Dec 2020 19:57:27 +0100 Subject: [PATCH] Update BabyJubJub EdDSA to last circomlib version - Update BabyJubJub EdDSA signature to last circomlib version (Poseidon usage) - Remove panic on hash error inside verification, to avoid panic due field overflow of BabyJubJub signature verification --- babyjub/eddsa.go | 8 ++++---- babyjub/eddsa_test.go | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/babyjub/eddsa.go b/babyjub/eddsa.go index 8952364..01fdac3 100644 --- a/babyjub/eddsa.go +++ b/babyjub/eddsa.go @@ -247,7 +247,7 @@ func (p *PublicKey) VerifyMimc7(msg *big.Int, sig *Signature) bool { hmInput := []*big.Int{sig.R8.X, sig.R8.Y, p.X, p.Y, msg} hm, err := mimc7.Hash(hmInput, nil) // hm = H1(8*R.x, 8*R.y, A.x, A.y, msg) if err != nil { - panic(err) + return false } left := NewPoint().Mul(sig.S, B8) // left = s * 8 * B @@ -273,7 +273,7 @@ func (k *PrivateKey) SignPoseidon(msg *big.Int) *Signature { R8 := NewPoint().Mul(r, B8) // R8 = r * 8 * B A := k.Public().Point() - hmInput := []*big.Int{R8.X, R8.Y, A.X, A.Y, msg, big.NewInt(int64(0))} + hmInput := []*big.Int{R8.X, R8.Y, A.X, A.Y, msg} hm, err := poseidon.Hash(hmInput) // hm = H1(8*R.x, 8*R.y, A.x, A.y, msg) if err != nil { panic(err) @@ -290,10 +290,10 @@ func (k *PrivateKey) SignPoseidon(msg *big.Int) *Signature { // VerifyPoseidon verifies the signature of a message encoded as a big.Int in Zq // using blake-512 hash for buffer hashing and Poseidon for big.Int hashing. func (p *PublicKey) VerifyPoseidon(msg *big.Int, sig *Signature) bool { - hmInput := []*big.Int{sig.R8.X, sig.R8.Y, p.X, p.Y, msg, big.NewInt(int64(0))} + hmInput := []*big.Int{sig.R8.X, sig.R8.Y, p.X, p.Y, msg} hm, err := poseidon.Hash(hmInput) // hm = H1(8*R.x, 8*R.y, A.x, A.y, msg) if err != nil { - panic(err) + return false } left := NewPoint().Mul(sig.S, B8) // left = s * 8 * B diff --git a/babyjub/eddsa_test.go b/babyjub/eddsa_test.go index 504beb0..a3813eb 100644 --- a/babyjub/eddsa_test.go +++ b/babyjub/eddsa_test.go @@ -96,7 +96,7 @@ func TestSignVerifyPoseidon(t *testing.T) { "15383486972088797283337779941324724402501462225528836549661220478783371668959", sig.R8.Y.String()) assert.Equal(t, - "1662463587877312619203503803508234533733252768380479199263194005796068211378", + "1398758333392199195742243841591064350253744445503462896781493968760929513778", sig.S.String()) ok := pk.VerifyPoseidon(msg, sig) @@ -108,7 +108,7 @@ func TestSignVerifyPoseidon(t *testing.T) { assert.Equal(t, ""+ "dfedb4315d3f2eb4de2d3c510d7a987dcab67089c8ace06308827bf5bcbe02a2"+ - "b23a1f04909fc088dec7e4835d85a326f7c0d0b2a3d0232d84448ca7c9ebac03", + "32f16b0f2f4c4e1169aa59685637e1429b6581a9531d058d65f4ab224eab1703", hex.EncodeToString(sigBuf[:])) ok = pk.VerifyPoseidon(msg, sig2)