Add check for identity point in all required Coconut functions
This commit is contained in:
@@ -115,6 +115,11 @@ pub fn aggregate_signatures_and_verify(
|
||||
.map(|(&attr, beta_i)| beta_i * attr)
|
||||
.sum::<G2Projective>();
|
||||
|
||||
if bool::from(signature.0.is_identity()){
|
||||
return Err(CoconutError::Aggregation(
|
||||
"Verification of the aggregated signature failed - h is an identity point".to_string(),
|
||||
));
|
||||
}
|
||||
if !check_bilinear_pairing(
|
||||
&signature.0.to_affine(),
|
||||
&G2Prepared::from((alpha + tmp).to_affine()),
|
||||
|
||||
@@ -317,6 +317,11 @@ pub fn blind_sign(
|
||||
|
||||
// Verify the commitment hash
|
||||
let h = compute_hash(blind_sign_request.commitment, public_attributes);
|
||||
if bool::from(blind_sign_request.commitment_hash.is_identity()){
|
||||
return Err(CoconutError::Issuance(
|
||||
"Commitment hash should not be an identity point".to_string(),
|
||||
));
|
||||
}
|
||||
if !(h == blind_sign_request.commitment_hash) {
|
||||
return Err(CoconutError::Issuance(
|
||||
"Failed to verify the commitment hash".to_string(),
|
||||
@@ -385,6 +390,9 @@ pub fn verify_partial_blind_signature(
|
||||
if num_private_attributes + public_attributes.len() > partial_verification_key.beta_g2.len() {
|
||||
return false;
|
||||
}
|
||||
if bool::from(blind_sig.0.is_identity()){
|
||||
return false;
|
||||
}
|
||||
|
||||
// TODO: we're losing some memory here due to extra allocation,
|
||||
// but worst-case scenario (given SANE amount of attributes), it's just few kb at most
|
||||
@@ -534,6 +542,34 @@ mod tests {
|
||||
}
|
||||
|
||||
|
||||
#[test]
|
||||
fn test_blind_sign_with_identity_commitment_hash() {
|
||||
let params = Parameters::new(1).unwrap();
|
||||
random_scalars_refs!(private_attributes, params, 1);
|
||||
random_scalars_refs!(public_attributes, params, 0);
|
||||
|
||||
// Call the function to prepare the blind sign
|
||||
let (_commitments_openings, blind_sign_request) = prepare_blind_sign(¶ms, &private_attributes, &public_attributes).unwrap();
|
||||
let blind_sign_request = BlindSignRequest {
|
||||
commitment_hash: G1Projective::identity(),
|
||||
..blind_sign_request // This copies the other fields from the existing instance
|
||||
};
|
||||
|
||||
let signing_secret_key = SecretKey{
|
||||
x: params.random_scalar(),
|
||||
ys: vec![params.random_scalar()],
|
||||
};
|
||||
|
||||
// Call blind_sign and ensure it returns an error due to identity commitment hash
|
||||
let result = blind_sign(¶ms, &signing_secret_key, &blind_sign_request, &public_attributes);
|
||||
|
||||
// The result should be an error
|
||||
assert!(
|
||||
result.is_err(),
|
||||
"blind_sign should return an error when commitment_hash is the identity point"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn successful_verify_partial_blind_signature() {
|
||||
let params = Parameters::new(4).unwrap();
|
||||
|
||||
@@ -103,6 +103,11 @@ impl Signature {
|
||||
commitment_hash: &G1Projective,
|
||||
) -> Result<()> {
|
||||
// Verify the commitment hash
|
||||
if bool::from(self.0.is_identity()){
|
||||
return Err(CoconutError::Verification(
|
||||
"Commitment hash should not be an identity point".to_string(),
|
||||
));
|
||||
}
|
||||
if !(commitment_hash == &self.0) {
|
||||
return Err(CoconutError::Verification(
|
||||
"Verification of commitment hash from signature failed".to_string(),
|
||||
|
||||
Reference in New Issue
Block a user