You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
G1 and G2 are prime-order subgroups, but they currently have several public APIs that don't apply to prime-order groups:
G1Affine::is_torsion_free
G1Affine::is_on_curve
G1Projective::clear_cofactor
G1Projective::is_on_curve
Similarly for G2Affine and G2Projective.
The is_* APIs are all documented as "Always returns true unless the unchecked APIs were [mis]used". Meanwhile, clear_cofactor (added in #18) is defined as mapping elliptic curve points to elements of G{1,2}, but the type it is defined on is already an element of G{1,2}.
These APIs were implemented because of the G*Affine::from_[un]compressed_unchecked APIs, which can technically be used to load full-group elements, but doing so is explicitly breaking the requirements set by the *_unchecked APIs, so this shouldn't be a supported case.
We should make the above APIs private (all except G*Projective::is_on_curve are used internally), and then consider on a case-by-case basis how to handle full-group elements (which in general we do not want to expose or support).
The text was updated successfully, but these errors were encountered:
G1 and G2 are prime-order subgroups, but they currently have several public APIs that don't apply to prime-order groups:
G1Affine::is_torsion_freeG1Affine::is_on_curveG1Projective::clear_cofactorG1Projective::is_on_curveG2AffineandG2Projective.The
is_*APIs are all documented as "Always returns true unless the unchecked APIs were [mis]used". Meanwhile,clear_cofactor(added in #18) is defined as mapping elliptic curve points to elements of G{1,2}, but the type it is defined on is already an element of G{1,2}.These APIs were implemented because of the
G*Affine::from_[un]compressed_uncheckedAPIs, which can technically be used to load full-group elements, but doing so is explicitly breaking the requirements set by the*_uncheckedAPIs, so this shouldn't be a supported case.We should make the above APIs private (all except
G*Projective::is_on_curveare used internally), and then consider on a case-by-case basis how to handle full-group elements (which in general we do not want to expose or support).The text was updated successfully, but these errors were encountered: