tornadocontrib/noble-curves
1
0
Fork 0
forked from tornado-packages/noble-curves
Code Pull Requests Activity

weierstrass, bls: improve randomPrivateKey security and decrease bias

Browse Source
This commit is contained in:
Paul Miller 2023-08-11 10:22:37 +00:00
parent ca5583f713
commit 05794c0283
No known key found for this signature in database
GPG Key ID: 697079DA6878B89B
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/abstract/bls.ts
View File

@ -189,7 +189,10 @@ export function bls<Fp2, Fp6, Fp12>(
const utils = {
randomPrivateKey: (): Uint8Array => {
return Fr.toBytes(hashToPrivateScalar(CURVE.randomBytes(groupLen + 8), CURVE.params.r));
const bytesTaken = groupLen + Math.ceil(groupLen / 2); // e.g. 48b for 32b field
const rand = CURVE.randomBytes(bytesTaken);
const num = hashToPrivateScalar(rand, Fr.ORDER);
return Fr.toBytes(num);
},
calcPairingPrecomputes,
};

10
src/abstract/weierstrass.ts
View File

@ -845,13 +845,15 @@ export function weierstrass(curveDef: CurveType): CurveFn {
normPrivateKeyToScalar: normPrivateKeyToScalar,
/**
* Produces cryptographically secure private key from random of size (nBitLength+64)
* as per FIPS 186 B.4.1 with modulo bias being neglible.
* Produces cryptographically secure private key from random of size
* (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.
*/
randomPrivateKey: (): Uint8Array => {
const rand = CURVE.randomBytes(Fp.BYTES + 8);
const groupLen = CURVE.nByteLength;
const bytesTaken = groupLen + Math.ceil(groupLen / 2); // e.g. 48b for 32b field
const rand = CURVE.randomBytes(bytesTaken);
const num = mod.hashToPrivateScalar(rand, CURVE_ORDER);
return ut.numberToBytesBE(num, CURVE.nByteLength);
return ut.numberToBytesBE(num, groupLen);
},
/**