You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While looking into #1675 the following was noted by @marsella:
I spent some time looking around in the NIST document with EC algorithms you shared. In that doc, the subtraction algorithm matches what was here previously. I think the missing link is that the doc notes elsewhere that the three coordinates are all field elements, so the mod is implicit.
If we have users who depend on the elliptic curve operations in here, I would recommend making a separate issue to review the full file and bring it closer in line with a reference implementation. The two things I'd focus on are:
Making sure there are no other places where BigNums are being used as normal numbers instead of the field elements they are supposed to represent.
Reviewing the names and conditions in this file compared to the reference. I noticed a few checks that are either missing or are in different places than I expected, so it might be worth confirming that this is fully correct.
In addition we should look into ec_mult deviating from the spec in which we iterate of the bits of (d, 3d) while the spec does NOT iterate over the most significant bit.
The text was updated successfully, but these errors were encountered:
While looking into #1675 the following was noted by @marsella:
I spent some time looking around in the NIST document with EC algorithms you shared. In that doc, the subtraction algorithm matches what was here previously. I think the missing link is that the doc notes elsewhere that the three coordinates are all field elements, so the mod is implicit.
If we have users who depend on the elliptic curve operations in here, I would recommend making a separate issue to review the full file and bring it closer in line with a reference implementation. The two things I'd focus on are:
BigNums are being used as normal numbers instead of the field elements they are supposed to represent.Originally posted by @marsella in #1701 (review)
In addition we should look into
ec_multdeviating from the spec in which we iterate of the bits of(d, 3d)while the spec does NOT iterate over the most significant bit.The text was updated successfully, but these errors were encountered: