-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FP256BN Plus and math.MaxInt64 #58
Comments
This is actually related to miracl/core#44 and in fact, the git revision refers to that repo. The issue can be reproduced against both libraries |
Hello Alessandro,
Not sure what you are trying to achieve here, but this is not the best way
to do it.
For FP256BN the BIG type has digits of 2^56, and NewBigint() will only work
with positive numbers less than that.
In your case there will be overflows occurring everywhere. The library was
not intended to be used like this.
Tell me what you are trying to achieve, and I can probably point out a
better way of doing it.
Mike
…On Tue, May 18, 2021 at 11:19 AM Alessandro Sorniotti < ***@***.***> wrote:
This is actually related to miracl/core#44
<miracl/core#44> and in fact, the git revision
refers to that repo. The issue can be reproduced against both libraries
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#58 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAU3ZDXGFHOA3XLGRCJWWODTOI5LJANCNFSM45CFRLVA>
.
|
Thanks @mcarrickscott. We were testing various ECC math/crypto libraries (e.g. miracl/core, https://github.com/ConsenSys/gnark-crypto etc) trying to develop tests asserting basic behaviour across all of them, which is how we stumbled upon this issue.
would work. |
OK, the particular issue is that addition needs to be followed by
"normalization". For speed numbers are added digit by digit without
processing the carries. Normalisation propagates the carries.
So your program should look like
for j := 0; j < 64; j++ {
i = i.Plus(i)
i.norm()
}
Alternatively in BIG64.go, change the Plus function to do the normalization
internally
/* return this+x */
func (r *BIG) Plus(x *BIG) *BIG {
s := new(BIG)
for i := 0; i < NLEN; i++ {
s.w[i] = r.w[i] + x.w[i]
}
* s.norm()*
return s
}
Actually it's probably an idea to do this since Plus is public.
Hope this helps!
Mike
…On Tue, May 18, 2021 at 4:02 PM Alessandro Sorniotti < ***@***.***> wrote:
Thanks @mcarrickscott <https://github.com/mcarrickscott>. We were testing
various ECC math/crypto libraries (e.g. miracl/core,
https://github.com/ConsenSys/gnark-crypto etc) trying to develop tests
asserting basic behaviour across all of them, which is how we stumbled upon
this issue.
What are the restrictions on the BIG and its constructors? We were
expecting that something like
func TestMaxInt(t *testing.T) {
i := FP256BN.NewBIGint(1)
for j := 0; j < 64; j++ {
i = i.Plus(i)
}
zero := FP256BN.NewBIGint(0)
assert.NotEqual(t, zero, i)
}
would work.
Let us know how we're misusing the library - thanks!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#58 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAU3ZDXANSPTMPCINQI5KQLTOJ6RLANCNFSM45CFRLVA>
.
|
Thanks a lot! So, without the explicit call to normalization the correctness of the result of |
Well yes. But normalisations are not needed after every Plus, but are
eventually needed to avoid overflow.
It is probably best if we implement the norm() inside of Plus() since
Plus() is public and likely to be used as you have used it. So thanks for
bringing this to my attention.
But note that this is not a bignum library, and is not expected to be used
as one.
Mike
…On Tue, May 18, 2021 at 4:52 PM Alessandro Sorniotti < ***@***.***> wrote:
Thanks a lot! So, without the explicit call to normalization the
correctness of the result of Plus invocations is not guaranteed?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#58 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAU3ZDSQGN5RFCWMR4S6UUTTOKEMBANCNFSM45CFRLVA>
.
|
Thank you
Fair enough; but.. computations over the exponents (e.g. g^{\sum{a_i} mod Q}) are commonplace, and one might chain multiple +'s before calling Mod(q) (which iiuc calls norm()). So for example
one might assume this would work (I did notice that calling mod after every Plus seems to produce the right result). |
The following test
fails whereas it looks like it should be succeeding. The test was conducted with
go version go1.14.4 linux/amd64
against the curvegenerated by
config64.py
(git revision5387e6a895243dde0
).The text was updated successfully, but these errors were encountered: