From 19712af6231144d0d86401f826834c287b383eb8 Mon Sep 17 00:00:00 2001 From: Kevin Charm Date: Wed, 3 Apr 2024 22:00:07 +0200 Subject: [PATCH] clone point to avoid race condition in MakeAffine --- pairing/bn254/suite.go | 1 + pairing/bn254/twist.go | 26 ++++++++++++++------------ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/pairing/bn254/suite.go b/pairing/bn254/suite.go index 98e8f96bd..27478b59d 100644 --- a/pairing/bn254/suite.go +++ b/pairing/bn254/suite.go @@ -132,6 +132,7 @@ func (s *Suite) Pair(p1 kyber.Point, p2 kyber.Point) kyber.Point { return s.GT().Point().(*pointGT).Pair(p1, p2) } +// NB: Not safe for concurrent calls func (s *Suite) ValidatePairing(p1, p2, inv1, inv2 kyber.Point) bool { p2.(*pointG2).g.MakeAffine() inv2.(*pointG2).g.MakeAffine() diff --git a/pairing/bn254/twist.go b/pairing/bn254/twist.go index 69f58e6dd..ac010871b 100644 --- a/pairing/bn254/twist.go +++ b/pairing/bn254/twist.go @@ -178,23 +178,25 @@ func (c *twistPoint) Mul(a *twistPoint, scalar *big.Int) { } func (c *twistPoint) MakeAffine() { - if c.z.IsOne() { + res := c.Clone() + if res.z.IsOne() { return - } else if c.z.IsZero() { - c.x.SetZero() - c.y.SetOne() - c.t.SetZero() + } else if res.z.IsZero() { + res.x.SetZero() + res.y.SetOne() + res.t.SetZero() return } - zInv := (&gfP2{}).Invert(&c.z) - t := (&gfP2{}).Mul(&c.y, zInv) + zInv := (&gfP2{}).Invert(&res.z) + t := (&gfP2{}).Mul(&res.y, zInv) zInv2 := (&gfP2{}).Square(zInv) - c.y.Mul(t, zInv2) - t.Mul(&c.x, zInv2) - c.x.Set(t) - c.z.SetOne() - c.t.SetOne() + res.y.Mul(t, zInv2) + t.Mul(&res.x, zInv2) + res.x.Set(t) + res.z.SetOne() + res.t.SetOne() + c.Set(res) } func (c *twistPoint) Neg(a *twistPoint) {