Page MenuHomePhabricator
Differential D16681

[electrum] properly handle point at infinity and point not on curve
ClosedPublic
Actions

Authored by PiRK on Mon, Aug 26, 15:08.

Details

Reviewers
bytesofman
Group Reviewers
Restricted Project
Commits
rABCc60c8fbc7d46: [electrum] properly handle point at infinity and point not on curve
Summary

Raise a custom error for points not on the curve. Support a special *point a inifinity* value for ECPubkey (will be needed in the next diff for Cash Fusion code)

This is a backport of https://github.com/spesmilo/electrum/commit/59c1d03f018026ac301c4e74facfc64da8ae4708

Additional tests from:

  • electrumabc_plugins/fusion/tests/test_pedersen.py

Depends on D16676

Test Plan

python test_runner.py

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

PiRK created this revision.Mon, Aug 26, 15:08
Herald added a reviewer: Restricted Project. · View Herald TranscriptMon, Aug 26, 15:08
PiRK requested review of this revision.Mon, Aug 26, 15:08
Harbormaster completed remote builds in B30087: Diff 49352.Mon, Aug 26, 15:10
PiRK added a child revision: D16682: [electrum] use GENERATOR and CURVE_ORDER from ecc module.Mon, Aug 26, 15:16
PiRK updated this revision to Diff 49368.Tue, Aug 27, 07:05

rebase

Harbormaster completed remote builds in B30098: Diff 49368.Tue, Aug 27, 07:10
PiRK planned changes to this revision.Tue, Aug 27, 08:28

point at infinity shouldn't be an error on the ECC side, this needs some more work

PiRK updated this revision to Diff 49370.Tue, Aug 27, 09:03
PiRK retitled this revision from [electrum] raise a custom error for invalid eliptic curve points to [electrum] properly handle point at infinity and point not on curve.
PiRK edited the summary of this revision. (Show Details)

properly hand point at infinity (not an error)

Harbormaster completed remote builds in B30100: Diff 49370.Tue, Aug 27, 09:05
PiRK planned changes to this revision.Tue, Aug 27, 15:44
PiRK added inline comments.
electrum/electrumabc/ecc.py
57–62 ↗(On Diff #49370)

These two are changed from functions to simple CONSTANTs in a coming backport, so might as well do it immediately to save us from another clean-up commit.

PiRK updated this revision to Diff 49382.Wed, Aug 28, 06:36

use GENERATOR and POINT_AT_INFINITY constants. These need to be placed after the ECPubkey class is defined.

PiRK added a child revision: D16684: [electrum] also use libsecp256k1 for point addition.Wed, Aug 28, 07:03
Harbormaster completed remote builds in B30107: Diff 49382.Wed, Aug 28, 07:20
bytesofman requested changes to this revision.Wed, Aug 28, 21:16
bytesofman added a subscriber: bytesofman.

like D16676, I'm not able to arc patch this diff. Looks like there is an issue with the parent / child revisions in the stack.

image.png (521×731 px, 120 KB)

This revision now requires changes to proceed.Wed, Aug 28, 21:16
PiRK added a comment.Thu, Aug 29, 08:38

I'm not sure exactly what is going on. I will try to rebase all these diffs onto D16687 when I get it sorted out. Hopefully it will fix the situation. I could just rebase everything onto master after I land any diff in the stack, but that would be tedious and noisy in the phabricator logs for a stack of 10+ commits.

PiRK updated this revision to Diff 49407.Thu, Aug 29, 09:37

rebase

PiRK removed a child revision: D16684: [electrum] also use libsecp256k1 for point addition.Thu, Aug 29, 09:39
Harbormaster completed remote builds in B30129: Diff 49407.Thu, Aug 29, 09:40
bytesofman accepted this revision.Thu, Aug 29, 14:32

still not able to arc patch this one, which could mean we see issues when it is landed. may want to wait until this is next off the rank.

did points at infinity or not on curve not being properly handled impact app performance? why was this not handled before this diff?

This revision is now accepted and ready to land.Thu, Aug 29, 14:32
PiRK added a comment.Fri, Aug 30, 07:02
In D16681#378434, @bytesofman wrote:

still not able to arc patch this one, which could mean we see issues when it is landed. may want to wait until this is next off the rank.

did points at infinity or not on curve not being properly handled impact app performance? why was this not handled before this diff?

It wasn't properly handled in this class because the code guarding against this problem is currently still using the ecdsa.ellipticalcurve.Point objects we want to get rid of. You could for instance have a sum of elliptical curve points result in point at inifinity which would be an unsecure or unusuable key to use in the cryptography in Cash Fusion code. If we want the Cash Fusion code to not lose any security features when switching to using this ECPubkey class in D16682, I need to implement it. But it is unlikely to ever be triggered except in tests where it is done on purpose.

Wrt to points not on curve, this diff basically just catches existing exceptions that would be raised when constructing the ecdsa.ellipticcurve.Point object and raise our custom exception instead. So later when we move away from using ecdsa.ellipticcurve.Point we can maintain the same behavior by client code by manually raising that exception depending on the return value of some libsecp256k1 function. See D16689 in the _x_and_y_from_pubkey_bytes function for instance.

PiRK updated this revision to Diff 49415.Fri, Aug 30, 07:36

rebase

Harbormaster completed remote builds in B30135: Diff 49415.Fri, Aug 30, 07:39
Closed by commit rABCc60c8fbc7d46: [electrum] properly handle point at infinity and point not on curve (authored by PiRK). · Explain WhyTue, Sep 3, 06:19
This revision was automatically updated to reflect the committed changes.
PiRK added a commit: rABCc60c8fbc7d46: [electrum] properly handle point at infinity and point not on curve.

Revision Contents
Changeset List

PathSize
electrum/
electrumabc/
49 lines
tests/
57 lines

Diff 49443

View Options

electrum/electrumabc/ecc.py

Loading...
View Options

electrum/electrumabc/tests/test_ecc.py

Loading...