-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Endian issue in handling eddsa private key scalar #199
Comments
@gbotrel |
@tyGavinZJU you are correct, j should be initialized with |
gbotrel
added a commit
that referenced
this issue
May 31, 2022
gbotrel
added a commit
that referenced
this issue
May 31, 2022
fix: closes #199 correct bound in eddsa key gen template
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/ConsenSys/gnark-crypto/blob/master/ecc/bn254/twistededwards/eddsa/eddsa.go#L89
code reference
explanation
h
is[64]byte
, and ineddsa
h[:32]
is scalar andh[32:]
is random source.As the annotation describes, if
reverse first bytes because setBytes interpret stream as big endian
.We should swap
h[0]
withh[31]
but noth[sizeFr] = h[32]
.Please correct me if I understand wrongly. I can create a pr for this issue later.
The text was updated successfully, but these errors were encountered: