fix bug in ristretto elligator: it should be able to take improper field elements as inputv1.0.1

author: Mike Hamburg <mike@shiftleft.org> 2020-10-10 12:14:08 +0100
committer: Mike Hamburg <mike@shiftleft.org> 2020-10-10 12:14:08 +0100
commit: 0324a955696d3235b5700046a487f8a2086baf1f (patch)
tree: 1c06931b9564fa53e1e2bf4a4aa2a15c08454ad4
parent: fix malleability bug from https://eprint.iacr.org/2020/1244.pdf and add test vectors (diff)
download: goldilocks-0324a955696d3235b5700046a487f8a2086baf1f.tar.xz
goldilocks-0324a955696d3235b5700046a487f8a2086baf1f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/_aux/ristretto/ristretto.sage b/_aux/ristretto/ristretto.sage
index 9aaeaae..8fd8fbb 100644
--- a/_aux/ristretto/ristretto.sage
+++ b/_aux/ristretto/ristretto.sage
@@ -126,7 +126,7 @@ class QuotientEdwardsPoint(object):
     @classmethod
     def bytesToGf(cls,bytes,mustBeProper=True,mustBePositive=False,maskHiBits=False):
         """Convert little-endian bytes to field element, sanity check length"""
-        if len(bytes) != cls.encLen:
+        if len(bytes) != cls.encLen and mustBeProper:
             raise InvalidEncodingException("wrong length %d" % len(bytes))
         s = dec_le(bytes)
         if mustBeProper and s >= cls.F.order():
author	Mike Hamburg <mike@shiftleft.org>	2020-10-10 12:14:08 +0100
committer	Mike Hamburg <mike@shiftleft.org>	2020-10-10 12:14:08 +0100
commit	0324a955696d3235b5700046a487f8a2086baf1f (patch)
tree	1c06931b9564fa53e1e2bf4a4aa2a15c08454ad4
parent	fix malleability bug from https://eprint.iacr.org/2020/1244.pdf and add test vectors (diff)
download	goldilocks-0324a955696d3235b5700046a487f8a2086baf1f.tar.xz goldilocks-0324a955696d3235b5700046a487f8a2086baf1f.zip