Fix/malleability sig

[ThomasPiellard]

Description

Deserialisation eddsa and ecdsa signature now ensures that the data is in [0, mod] where mod is the relevant modulus (field of definition of relevant group size of the curve).

Type of change

• Bug fix (non-breaking change which fixes an issue)

Credits to Verichains for raising the issue

[github-actions]

Summary

✅ Passed: 5571
❌ Failed: 0
🚧 Skipped: 7

🚧 Skipped

• TestReference (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestLimbDecomposition (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestReference (github.com/consensys/gnark-crypto/ecc/bn254/fr/swifft)
• TestLimbDecomposition (github.com/consensys/gnark-crypto/ecc/bn254/fr/swifft)
• TestAppend (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestAppendSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestCommitmentSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)

[ivokub]

See comments.

[github-actions]

Summary

✅ Passed: 5561
❌ Failed: 0
🚧 Skipped: 5

🚧 Skipped

• TestAppend (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestReference (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestLimbDecomposition (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestAppendSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestCommitmentSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)

[github-actions]

Summary

✅ Passed: 5607
❌ Failed: 0
🚧 Skipped: 5

🚧 Skipped

• TestReference (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestLimbDecomposition (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestAppend (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestAppendSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestCommitmentSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)

[github-actions]

Summary

✅ Passed: 5607
❌ Failed: 0
🚧 Skipped: 5

🚧 Skipped

• TestReference (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestLimbDecomposition (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestAppend (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestAppendSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestCommitmentSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)

[ivokub]

Rereviewed - we still accept zero signatures. For example, following doesn't fail:

func TestZero(t *testing.T) {
	var signature Signature
	var bts [sizeSignature]byte
	_, err := signature.SetBytes(bts[:])
	if err == nil {
		t.Fatal("expected error")
	}
}

[github-actions]

Summary

✅ Passed: 5607
❌ Failed: 0
🚧 Skipped: 5

🚧 Skipped

• TestReference (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestLimbDecomposition (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestAppend (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestAppendSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestCommitmentSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)

[github-actions]

Summary

✅ Passed: 5883
❌ Failed: 0
🚧 Skipped: 5

🚧 Skipped

• TestReference (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestLimbDecomposition (github.com/consensys/gnark-crypto/ecc/bn254/fr/sis)
• TestAppend (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestAppendSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)
• TestCommitmentSis (github.com/consensys/gnark-crypto/ecc/bn254/fr/tensor-commitment)

[ivokub]

I made some updates - particularly checking against 0 values as this leads to div by zero elsewhere.

Tests work, but would be nice to have a confirmation.

And I checked that negative values are not issues as incoming bytes are represented as unsigned ints.