From f7ecbd8e9f37ff56c755cd2a2391cd8fd1c62893 Mon Sep 17 00:00:00 2001 From: Oliver Powell Date: Thu, 14 Nov 2024 13:14:59 +0100 Subject: [PATCH] Add RingVRF padding points (#109) Zero'd out bandersnatch public keys need to be replaced with padding points that actually exist on the curve. --- bandersnatch/src/lib.rs | 22 +++++++++++++++++-- .../crypto/bandersnatch/bandersnatch_test.go | 5 +++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/bandersnatch/src/lib.rs b/bandersnatch/src/lib.rs index 863b4b56..7af09d7d 100644 --- a/bandersnatch/src/lib.rs +++ b/bandersnatch/src/lib.rs @@ -472,9 +472,18 @@ pub unsafe extern "C" fn new_ring_vrf_verifier( let public_keys_slice = std::slice::from_raw_parts(public_keys, public_keys_len); let num_keys = public_keys_len / PUBLIC_KEY_LENGTH; + let padding_point = ring_context().padding_point(); + let zero_chunk = [0u8; PUBLIC_KEY_LENGTH]; let ring: Vec = public_keys_slice .chunks(PUBLIC_KEY_LENGTH) - .filter_map(|chunk| Public::deserialize_compressed(chunk).ok()) + .map(|chunk| { + // Replace any zero'd out public keys with a padding point. + if chunk == zero_chunk { + Public::from(padding_point) + } else { + Public::deserialize_compressed(chunk).unwrap() + } + }) .collect(); if ring.len() != num_keys { @@ -655,9 +664,18 @@ pub unsafe extern "C" fn new_ring_vrf_prover( let num_keys = public_keys_len / PUBLIC_KEY_LENGTH; + let padding_point = ring_context().padding_point(); + let zero_chunk = [0u8; PUBLIC_KEY_LENGTH]; let ring: Vec = public_keys_slice .chunks(PUBLIC_KEY_LENGTH) - .filter_map(|chunk| Public::deserialize_compressed(chunk).ok()) + .map(|chunk| { + // Replace any zero'd out public keys with a padding point. + if chunk == zero_chunk { + Public::from(padding_point) + } else { + Public::deserialize_compressed(chunk).unwrap() + } + }) .collect(); if ring.len() != num_keys { diff --git a/internal/crypto/bandersnatch/bandersnatch_test.go b/internal/crypto/bandersnatch/bandersnatch_test.go index e3dee465..419067c1 100644 --- a/internal/crypto/bandersnatch/bandersnatch_test.go +++ b/internal/crypto/bandersnatch/bandersnatch_test.go @@ -54,6 +54,11 @@ func TestRingSignAndVerify(t *testing.T) { ring = append(ring, pk) } + // Including some zero'd out public keys that should be replaced with + // padding points. + ring[4] = crypto.BandersnatchPublicKey{} + ring[5] = crypto.BandersnatchPublicKey{} + var proverIdx uint = 3 proverSk, err := NewPrivateKeyFromSeed(uintToSeed(proverIdx)) require.NoError(t, err)