Reject identity keys in Schnorr/Chaum proofs

firoorg · Jan 2, 2024 · 625e2af · 625e2af
1 parent ab389d8
commit 625e2af
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/src/libspark/chaum.cpp b/src/libspark/chaum.cpp
@@ -93,6 +93,11 @@ bool Chaum::verify(
     if (!(T.size() == n && proof.A2.size() == n && proof.t1.size() == n)) {
         throw std::invalid_argument("Bad Chaum semantics!");
     }
+    for (std::size_t i = 0; i < n; i++) {
+        if (S[i].isInfinity()) {
+            throw std::invalid_argument("Bad Chaum input!");
+        }
+    }
 
     Scalar c = challenge(mu, S, T, proof.A1, proof.A2);
     if (c.isZero()) {

diff --git a/src/libspark/schnorr.cpp b/src/libspark/schnorr.cpp
@@ -64,6 +64,12 @@ bool Schnorr::verify(const GroupElement& Y, const SchnorrProof& proof) {
 bool Schnorr::verify(const std::vector<GroupElement>& Y, const SchnorrProof& proof) {
     const std::size_t n = Y.size();
 
+    for (std::size_t i = 0; i < n; i++) {
+        if (Y[i].isInfinity()) {
+            throw std::invalid_argument("Bad Schnorr input key!");
+        }
+    }
+
     std::vector<GroupElement> points;
     points.reserve(n + 2);
     std::vector<Scalar> scalars;