From 8eee3188d3c541b3d78d35a47d079a8b3434c98f Mon Sep 17 00:00:00 2001 From: Kevin Charm Date: Wed, 3 Apr 2024 22:11:05 +0200 Subject: [PATCH] clone point to avoid race condition in MakeAffine and ValidatePairing --- pairing/bn254/suite.go | 9 ++++++--- pairing/bn254/twist.go | 27 +++++++++++++++------------ 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/pairing/bn254/suite.go b/pairing/bn254/suite.go index 98e8f96bd..5986057c9 100644 --- a/pairing/bn254/suite.go +++ b/pairing/bn254/suite.go @@ -132,10 +132,13 @@ func (s *Suite) Pair(p1 kyber.Point, p2 kyber.Point) kyber.Point { return s.GT().Point().(*pointGT).Pair(p1, p2) } +// NB: Not safe for concurrent calls func (s *Suite) ValidatePairing(p1, p2, inv1, inv2 kyber.Point) bool { - p2.(*pointG2).g.MakeAffine() - inv2.(*pointG2).g.MakeAffine() - return s.Pair(p1, p2).Equal(s.Pair(inv1, inv2)) + p2Norm := p2.Clone() + inv2Norm := inv2.Clone() + p2Norm.(*pointG2).g.MakeAffine() + inv2Norm.(*pointG2).g.MakeAffine() + return s.Pair(p1, p2Norm).Equal(s.Pair(inv1, inv2Norm)) } // Not used other than for reflect.TypeOf() diff --git a/pairing/bn254/twist.go b/pairing/bn254/twist.go index 69f58e6dd..d1da036c7 100644 --- a/pairing/bn254/twist.go +++ b/pairing/bn254/twist.go @@ -177,24 +177,27 @@ func (c *twistPoint) Mul(a *twistPoint, scalar *big.Int) { c.Set(sum) } +// NB: Not safe for concurrent calls func (c *twistPoint) MakeAffine() { - if c.z.IsOne() { + g := c.Clone() + if g.z.IsOne() { return - } else if c.z.IsZero() { - c.x.SetZero() - c.y.SetOne() - c.t.SetZero() + } else if g.z.IsZero() { + g.x.SetZero() + g.y.SetOne() + g.t.SetZero() return } - zInv := (&gfP2{}).Invert(&c.z) - t := (&gfP2{}).Mul(&c.y, zInv) + zInv := (&gfP2{}).Invert(&g.z) + t := (&gfP2{}).Mul(&g.y, zInv) zInv2 := (&gfP2{}).Square(zInv) - c.y.Mul(t, zInv2) - t.Mul(&c.x, zInv2) - c.x.Set(t) - c.z.SetOne() - c.t.SetOne() + g.y.Mul(t, zInv2) + t.Mul(&g.x, zInv2) + g.x.Set(t) + g.z.SetOne() + g.t.SetOne() + c.Set(g) } func (c *twistPoint) Neg(a *twistPoint) {