Skip to content

Commit

Permalink
core/vm: add subgroup checks for mul/mulexp for G1/G2 (#29637)
Browse files Browse the repository at this point in the history
  • Loading branch information
MariusVanDerWijden authored and buddh0 committed Sep 23, 2024
1 parent 051c924 commit b40736f
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions core/vm/contracts.go
Original file line number Diff line number Diff line change
Expand Up @@ -904,6 +904,8 @@ func (c *bls12381G1Add) Run(input []byte) ([]byte, error) {
return nil, err
}

// No need to check the subgroup here, as specified by EIP-2537

// Compute r = p_0 + p_1
p0.Add(p0, p1)

Expand Down Expand Up @@ -933,6 +935,11 @@ func (c *bls12381G1Mul) Run(input []byte) ([]byte, error) {
if p0, err = decodePointG1(input[:128]); err != nil {
return nil, err
}
// 'point is on curve' check already done,
// Here we need to apply subgroup checks.
if !p0.IsInSubGroup() {
return nil, errBLS12381G1PointSubgroup
}
// Decode scalar value
e := new(big.Int).SetBytes(input[128:])

Expand Down Expand Up @@ -986,6 +993,11 @@ func (c *bls12381G1MultiExp) Run(input []byte) ([]byte, error) {
if err != nil {
return nil, err
}
// 'point is on curve' check already done,
// Here we need to apply subgroup checks.
if !p.IsInSubGroup() {
return nil, errBLS12381G1PointSubgroup
}
points[i] = *p
// Decode scalar value
scalars[i] = *new(fr.Element).SetBytes(input[t1:t2])
Expand Down Expand Up @@ -1026,6 +1038,8 @@ func (c *bls12381G2Add) Run(input []byte) ([]byte, error) {
return nil, err
}

// No need to check the subgroup here, as specified by EIP-2537

// Compute r = p_0 + p_1
r := new(bls12381.G2Affine)
r.Add(p0, p1)
Expand Down Expand Up @@ -1056,6 +1070,11 @@ func (c *bls12381G2Mul) Run(input []byte) ([]byte, error) {
if p0, err = decodePointG2(input[:256]); err != nil {
return nil, err
}
// 'point is on curve' check already done,
// Here we need to apply subgroup checks.
if !p0.IsInSubGroup() {
return nil, errBLS12381G2PointSubgroup
}
// Decode scalar value
e := new(big.Int).SetBytes(input[256:])

Expand Down Expand Up @@ -1109,6 +1128,11 @@ func (c *bls12381G2MultiExp) Run(input []byte) ([]byte, error) {
if err != nil {
return nil, err
}
// 'point is on curve' check already done,
// Here we need to apply subgroup checks.
if !p.IsInSubGroup() {
return nil, errBLS12381G2PointSubgroup
}
points[i] = *p
// Decode scalar value
scalars[i] = *new(fr.Element).SetBytes(input[t1:t2])
Expand Down

0 comments on commit b40736f

Please sign in to comment.