diff --git a/bandersnatch/src/lib.rs b/bandersnatch/src/lib.rs index 863b4b5..7af09d7 100644 --- a/bandersnatch/src/lib.rs +++ b/bandersnatch/src/lib.rs @@ -472,9 +472,18 @@ pub unsafe extern "C" fn new_ring_vrf_verifier( let public_keys_slice = std::slice::from_raw_parts(public_keys, public_keys_len); let num_keys = public_keys_len / PUBLIC_KEY_LENGTH; + let padding_point = ring_context().padding_point(); + let zero_chunk = [0u8; PUBLIC_KEY_LENGTH]; let ring: Vec = public_keys_slice .chunks(PUBLIC_KEY_LENGTH) - .filter_map(|chunk| Public::deserialize_compressed(chunk).ok()) + .map(|chunk| { + // Replace any zero'd out public keys with a padding point. + if chunk == zero_chunk { + Public::from(padding_point) + } else { + Public::deserialize_compressed(chunk).unwrap() + } + }) .collect(); if ring.len() != num_keys { @@ -655,9 +664,18 @@ pub unsafe extern "C" fn new_ring_vrf_prover( let num_keys = public_keys_len / PUBLIC_KEY_LENGTH; + let padding_point = ring_context().padding_point(); + let zero_chunk = [0u8; PUBLIC_KEY_LENGTH]; let ring: Vec = public_keys_slice .chunks(PUBLIC_KEY_LENGTH) - .filter_map(|chunk| Public::deserialize_compressed(chunk).ok()) + .map(|chunk| { + // Replace any zero'd out public keys with a padding point. + if chunk == zero_chunk { + Public::from(padding_point) + } else { + Public::deserialize_compressed(chunk).unwrap() + } + }) .collect(); if ring.len() != num_keys { diff --git a/internal/crypto/bandersnatch/bandersnatch_test.go b/internal/crypto/bandersnatch/bandersnatch_test.go index e3dee46..419067c 100644 --- a/internal/crypto/bandersnatch/bandersnatch_test.go +++ b/internal/crypto/bandersnatch/bandersnatch_test.go @@ -54,6 +54,11 @@ func TestRingSignAndVerify(t *testing.T) { ring = append(ring, pk) } + // Including some zero'd out public keys that should be replaced with + // padding points. + ring[4] = crypto.BandersnatchPublicKey{} + ring[5] = crypto.BandersnatchPublicKey{} + var proverIdx uint = 3 proverSk, err := NewPrivateKeyFromSeed(uintToSeed(proverIdx)) require.NoError(t, err)