Skip to content

fix: bls Fp2/Fp6/Fp12 isValid#221

Open
ChALkeR wants to merge 4 commits intopaulmillr:mainfrom
ChALkeR:chalker/fix/5
Open

fix: bls Fp2/Fp6/Fp12 isValid#221
ChALkeR wants to merge 4 commits intopaulmillr:mainfrom
ChALkeR:chalker/fix/5

Conversation

@ChALkeR
Copy link
Contributor

@ChALkeR ChALkeR commented Nov 15, 2025
edited
Loading

  1. Fp2.isValid was expecting both components to be between 0 and Fp.ORDER * Fp.ORDER, when it should have expected them to be between 0 and Fp.ORDER
    This unifies Fp2 code with Fp6 and Fp12.

  2. Fp2.fromBytes expects both components to fit into separate full bytes, adjust Fp2.BYTES calculation to reflect that.

    noble-curves/src/abstract/tower.ts

    Lines 334 to 338 in 40ef465

    fromBytes(b: Uint8Array): Fp2 {
    const { Fp } = this;
    if (b.length !== this.BYTES) throw new Error('fromBytes invalid length=' + b.length);
    return { c0: Fp.fromBytes(b.subarray(0, Fp.BYTES)), c1: Fp.fromBytes(b.subarray(Fp.BYTES)) };
    }

    This also unifies Fp2 code with Fp6 and Fp12.

  3. Fp2.ORDER is now unused, at least in tower.ts

This expects Fp.BITS, Fp.BYTES, Fp.isValid to be present

Also, this does not fix the discrepancy between .ORDER:

  1. Fp.ORDER is Fp field order
  2. Fp2.ORDER is { Fp, Fp } quadratic field order
  3. Fp6.ORDER is { Fp, Fp } quadratic field order
  4. Fp12.ORDER is { Fp, Fp } quadratic field order

2-4 are not really used and make little sense (and are likely a source of bugs), but this PR does not remove them

@ChALkeR ChALkeR changed the title fix: bls isValid fix: bls Fp2/Fp6/Fp12 isValid Nov 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ChALkeR @paulmillr