fix(sigmap-EDAP-06): Missing IsOnCurve & IsInSubgroup Checks For Elli…

…ptic Curve Point
Layr-Labs · Jan 9, 2025 · 0700450 · 0700450
1 parent 0fb5ae8
commit 0700450
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/verify/verifier.go b/verify/verifier.go
@@ -132,9 +132,30 @@ func (v *Verifier) VerifyCommitment(expectedCommit *common.G1Commitment, blob []
 
 	expectedX := &fp.Element{}
 	expectedX.Unmarshal(expectedCommit.X)
+
+	// map field elements to G1 point and ensure it exists within G1 subgroup &
+	// exists on the curve
+	xAffine := bn254.MapToG1(*expectedX)
+	if !xAffine.IsInSubGroup() {
+		return fmt.Errorf("expected x is not in the subgroup: %x", expectedX.Marshal())
+	}
+
+	if !xAffine.IsOnCurve() {
+		return fmt.Errorf("expected x is not on the curve: %x", expectedX.Marshal())
+	}
+
 	expectedY := &fp.Element{}
 	expectedY.Unmarshal(expectedCommit.Y)
 
+	yAffine := bn254.MapToG1(*expectedY)
+	if !yAffine.IsInSubGroup() {
+		return fmt.Errorf("expected y is not in the subgroup: %x", expectedY.Marshal())
+	}
+
+	if !yAffine.IsOnCurve() {
+		return fmt.Errorf("expected y is not on the curve: %x", expectedY.Marshal())
+	}
+
 	errMsg := ""
 	if !actualCommit.X.Equal(expectedX) || !actualCommit.Y.Equal(expectedY) {
 		errMsg += fmt.Sprintf("field elements do not match, x actual commit: %x, x expected commit: %x, ", actualCommit.X.Marshal(), expectedX.Marshal())