logos-storage/gnark-plonky2-verifier
1
0
Fork 0
mirror of https://github.com/logos-storage/gnark-plonky2-verifier.git synced 2026-01-09 08:33:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove check that they say is unnecessary

Browse Source
This commit is contained in:
Jacob Jackson 2022-10-05 22:08:11 +00:00
parent ad21fd775f
commit d61e54c60e
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
edwards_curve/eddsa25519.go
View File

@ -56,16 +56,16 @@ func bits_to_scalar(c *EdCurve, s []frontend.Variable) EdCoordinate {
// }
func bits_to_element(c *EdCurve, input []frontend.Variable) EdPoint {
L := emulated.NewElement[Ed25519Scalars](rEd25519)
// L := emulated.NewElement[Ed25519Scalars](rEd25519)
unchecked_point := decodepoint(c, input)
// TODO: https://github.com/warner/python-pure25519 says this check is not necessary:
//
// > This library is conservative, and performs full subgroup-membership checks on decoded
// > points, which adds considerable overhead. The Curve25519/Ed25519 algorithms were
// > designed to not require these checks, so a careful application might be able to
// > improve on this slightly (Ed25519 verify down to 6.2ms, DH-finish to 3.2ms).
c.AssertIsZero(c.ScalarMul(unchecked_point, L))
// // TODO: https://github.com/warner/python-pure25519 says this check is not necessary:
// //
// // > This library is conservative, and performs full subgroup-membership checks on decoded
// // > points, which adds considerable overhead. The Curve25519/Ed25519 algorithms were
// // > designed to not require these checks, so a careful application might be able to
// // > improve on this slightly (Ed25519 verify down to 6.2ms, DH-finish to 3.2ms).
// c.AssertIsZero(c.ScalarMul(unchecked_point, L))
return unchecked_point
}