Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Point multiplication behavior for scalars bigger than the main subgroup order #236

Open
chfast opened this issue Oct 31, 2024 · 1 comment

Comments

@chfast
Copy link

chfast commented Oct 31, 2024

I noticed that the blst_p1_mult API can take scalar of any size. But if the scalar value is not less than BLS12_381_r the implementation selects the slower "w5" algorithm.

https://github.com/supranational/blst/blob/master/src/e1.c#L526-L527

I wonder if for scalars of 256 bits it is not better to reduce its value by doing mod BLS12_381_r.

@dot-asm
Copy link
Collaborator

dot-asm commented Nov 1, 2024

As quoted commentary implies, the case is not cared for. With rationale that in real-life application the scalar would be a result of calculation and the said calculation is expected to produce properly bound value. If the application trusts somebody else to perform the calculation (a.k.a. accepting inputs from the internet), then it's expected that application would vet the inputs and take an action (of application choice) if it's found out-of-range, most likely reject it, prior passing it to the library.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants