Add check for identity point in all required Coconut functions

This commit is contained in:
aniampio
2024-08-09 00:11:03 +01:00
parent 07de1868ff
commit 5743624948
3 changed files with 46 additions and 0 deletions
@@ -115,6 +115,11 @@ pub fn aggregate_signatures_and_verify(
.map(|(&attr, beta_i)| beta_i * attr)
.sum::<G2Projective>();
if bool::from(signature.0.is_identity()){
return Err(CoconutError::Aggregation(
"Verification of the aggregated signature failed - h is an identity point".to_string(),
));
}
if !check_bilinear_pairing(
&signature.0.to_affine(),
&G2Prepared::from((alpha + tmp).to_affine()),
+36
View File
@@ -317,6 +317,11 @@ pub fn blind_sign(
// Verify the commitment hash
let h = compute_hash(blind_sign_request.commitment, public_attributes);
if bool::from(blind_sign_request.commitment_hash.is_identity()){
return Err(CoconutError::Issuance(
"Commitment hash should not be an identity point".to_string(),
));
}
if !(h == blind_sign_request.commitment_hash) {
return Err(CoconutError::Issuance(
"Failed to verify the commitment hash".to_string(),
@@ -385,6 +390,9 @@ pub fn verify_partial_blind_signature(
if num_private_attributes + public_attributes.len() > partial_verification_key.beta_g2.len() {
return false;
}
if bool::from(blind_sig.0.is_identity()){
return false;
}
// TODO: we're losing some memory here due to extra allocation,
// but worst-case scenario (given SANE amount of attributes), it's just few kb at most
@@ -534,6 +542,34 @@ mod tests {
}
#[test]
fn test_blind_sign_with_identity_commitment_hash() {
let params = Parameters::new(1).unwrap();
random_scalars_refs!(private_attributes, params, 1);
random_scalars_refs!(public_attributes, params, 0);
// Call the function to prepare the blind sign
let (_commitments_openings, blind_sign_request) = prepare_blind_sign(&params, &private_attributes, &public_attributes).unwrap();
let blind_sign_request = BlindSignRequest {
commitment_hash: G1Projective::identity(),
..blind_sign_request // This copies the other fields from the existing instance
};
let signing_secret_key = SecretKey{
x: params.random_scalar(),
ys: vec![params.random_scalar()],
};
// Call blind_sign and ensure it returns an error due to identity commitment hash
let result = blind_sign(&params, &signing_secret_key, &blind_sign_request, &public_attributes);
// The result should be an error
assert!(
result.is_err(),
"blind_sign should return an error when commitment_hash is the identity point"
);
}
#[test]
fn successful_verify_partial_blind_signature() {
let params = Parameters::new(4).unwrap();
+5
View File
@@ -103,6 +103,11 @@ impl Signature {
commitment_hash: &G1Projective,
) -> Result<()> {
// Verify the commitment hash
if bool::from(self.0.is_identity()){
return Err(CoconutError::Verification(
"Commitment hash should not be an identity point".to_string(),
));
}
if !(commitment_hash == &self.0) {
return Err(CoconutError::Verification(
"Verification of commitment hash from signature failed".to_string(),