Projective vs Affine representation #7
Labels
bug
Something isn't working
Comments
|
My intuition tells me that it's fine to keep everything in projective coordinates inside the code but any I/O (including outputting to the Fiat-Shamir transcript) must first convert to affine coordinates |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Make sure that we are using the right representation based on context. Anything that is being serialized or sent to external code should be converted to affine coordinates to guarantee that no information leaks and that points have a unique representation.
This issue may cause some proofs to fail. We add points to our Fiat-Shamir transcripts using the
to_bytesmacro. Given two different projective coordinates for the same point,to_byteswill produce different bytes. This would lead our Fiat-Shamir hash function to produce different challenges even though it is hashing the same point, thus failing to verify a proof.The main questions are: at what point do we convert to affine coordinates? how much does it degrade performance?
References:
leaky projective coordinates https://eprint.iacr.org/2003/191
The text was updated successfully, but these errors were encountered: