Skip to content

Commit bd6bc37

Browse files
MariusVanDerWijdenMariusVanDerWijden
authored
core/vm: add subgroup checks for mul/mulexp for G1/G2 (#29637)
1 parent 7c7e3a7 commit bd6bc37

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

core/vm/contracts.go

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -705,6 +705,8 @@ func (c *bls12381G1Add) Run(input []byte) ([]byte, error) {
705705
return nil, err
706706
}
707707

708+
// No need to check the subgroup here, as specified by EIP-2537
709+
708710
// Compute r = p_0 + p_1
709711
p0.Add(p0, p1)
710712

@@ -734,6 +736,11 @@ func (c *bls12381G1Mul) Run(input []byte) ([]byte, error) {
734736
if p0, err = decodePointG1(input[:128]); err != nil {
735737
return nil, err
736738
}
739+
// 'point is on curve' check already done,
740+
// Here we need to apply subgroup checks.
741+
if !p0.IsInSubGroup() {
742+
return nil, errBLS12381G1PointSubgroup
743+
}
737744
// Decode scalar value
738745
e := new(big.Int).SetBytes(input[128:])
739746

@@ -787,6 +794,11 @@ func (c *bls12381G1MultiExp) Run(input []byte) ([]byte, error) {
787794
if err != nil {
788795
return nil, err
789796
}
797+
// 'point is on curve' check already done,
798+
// Here we need to apply subgroup checks.
799+
if !p.IsInSubGroup() {
800+
return nil, errBLS12381G1PointSubgroup
801+
}
790802
points[i] = *p
791803
// Decode scalar value
792804
scalars[i] = *new(fr.Element).SetBytes(input[t1:t2])
@@ -827,6 +839,8 @@ func (c *bls12381G2Add) Run(input []byte) ([]byte, error) {
827839
return nil, err
828840
}
829841

842+
// No need to check the subgroup here, as specified by EIP-2537
843+
830844
// Compute r = p_0 + p_1
831845
r := new(bls12381.G2Affine)
832846
r.Add(p0, p1)
@@ -857,6 +871,11 @@ func (c *bls12381G2Mul) Run(input []byte) ([]byte, error) {
857871
if p0, err = decodePointG2(input[:256]); err != nil {
858872
return nil, err
859873
}
874+
// 'point is on curve' check already done,
875+
// Here we need to apply subgroup checks.
876+
if !p0.IsInSubGroup() {
877+
return nil, errBLS12381G2PointSubgroup
878+
}
860879
// Decode scalar value
861880
e := new(big.Int).SetBytes(input[256:])
862881

@@ -910,6 +929,11 @@ func (c *bls12381G2MultiExp) Run(input []byte) ([]byte, error) {
910929
if err != nil {
911930
return nil, err
912931
}
932+
// 'point is on curve' check already done,
933+
// Here we need to apply subgroup checks.
934+
if !p.IsInSubGroup() {
935+
return nil, errBLS12381G2PointSubgroup
936+
}
913937
points[i] = *p
914938
// Decode scalar value
915939
scalars[i] = *new(fr.Element).SetBytes(input[t1:t2])

0 commit comments

Comments
 (0)