Skip to content

Make base multiplication (not Jacobi) correct#374

Merged
tomato42 merged 3 commits into
masterfrom
bad_mul
Jun 5, 2026
Merged

Make base multiplication (not Jacobi) correct#374
tomato42 merged 3 commits into
masterfrom
bad_mul

Conversation

@tomato42
Copy link
Copy Markdown
Member

@tomato42 tomato42 commented Jun 5, 2026

fixes #373

@tomato42 tomato42 self-assigned this Jun 5, 2026
@tomato42 tomato42 added the bug unintended behaviour in ecdsa code label Jun 5, 2026
tomato42 added 3 commits June 5, 2026 13:57
@tomato42
make INFINITY from Jacobi easier to print
a37671a
@tomato42
ensure that the points are really the same before doubling
6e6dbf1
@tomato42
use simple double and add algorithm in Point
8c5704e 
So, X9.62 looks to be trying to protect against side-channels
from double and add by doing a "addition-subtraction method"
in section D.3.2. For some reason, that doesn't work for all
parameters (see issue #373). Given that we don't have
a need for side-channel resistance, and this is not a faster
algorithm than double and add, just use double and add.
@tomato42 tomato42 mentioned this pull request Jun 5, 2026
Closed
beldmit
beldmit approved these changes Jun 5, 2026
View reviewed changes
Copy link
Copy Markdown

@beldmit beldmit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTm

@tomato42 tomato42 merged commit 6c426b9 into master Jun 5, 2026
70 checks passed
@tomato42 tomato42 deleted the bad_mul branch June 5, 2026 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beldmit beldmit beldmit approved these changes

Assignees

@tomato42 tomato42

Labels

bug unintended behaviour in ecdsa code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bug in multiplication of point by integer

2 participants

@tomato42 @beldmit