Skip to content

fix: scalarmul by 0 on twisted edwards curves#1551

Merged
ivokub merged 3 commits intomasterfrom
fix/ted-scalarmul-0
Jul 21, 2025
Merged

fix: scalarmul by 0 on twisted edwards curves#1551
ivokub merged 3 commits intomasterfrom
fix/ted-scalarmul-0

Conversation

@ivokub
Copy link
Copy Markdown
Collaborator

@ivokub ivokub commented Jul 21, 2025

Description

When requesting for decomposition of zero scalar, then add hot path which avoids calling ecc.PrecomputeLattice directly as it panics due to division by zero. Checked that this unsafe way of calling ecc.PrecomputeLattice was only done here, everywhere else the parameters are either constants (through curve parameters) or we explicitly set the scalar to be 1 if it is 0 and later switch between actual and dummy result.

Fixes #1547

Thanks for @lucasmenendez and @p4u for reporting!

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How has this been tested?

Expanded current tests to include zero inputs.

Checklist:

  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I did not modify files generated from templates
  • golangci-lint does not output errors locally
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@ivokub ivokub requested review from Copilot and yelhousni July 21, 2025 14:16
@ivokub ivokub self-assigned this Jul 21, 2025
Copilot AI reviewed Jul 21, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a division by zero panic that occurs when performing scalar multiplication by zero on twisted Edwards curves. The issue was in the halfGCD function which calls ecc.PrecomputeLattice without handling the zero scalar case.

  • Adds a hot path in halfGCD to handle zero scalar inputs by returning all zero outputs
  • Expands test coverage to include zero scalar inputs across all curve configurations
  • Removes unused test code that was no longer needed

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
std/algebra/native/twistededwards/hints.go Adds zero scalar check to prevent division by zero in halfGCD function
std/algebra/native/twistededwards/curve_test.go Enhances tests to cover zero scalar cases and removes unused varScalarMul struct

@ivokub ivokub mentioned this pull request Jul 21, 2025
Closed
@yelhousni yelhousni mentioned this pull request Jul 21, 2025
Closed
9 tasks
yelhousni
yelhousni approved these changes Jul 21, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@yelhousni yelhousni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@ivokub ivokub merged commit 256cb98 into master Jul 21, 2025
7 checks passed
@ivokub ivokub deleted the fix/ted-scalarmul-0 branch July 21, 2025 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@yelhousni yelhousni yelhousni approved these changes

Assignees

@ivokub ivokub

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: Error multiplying a twistededwards point by scalar zero

3 participants

@ivokub @yelhousni