From 70a02cee947fd1541d64836e8daa8babd98cfe7e Mon Sep 17 00:00:00 2001 From: Kevin Charm Date: Wed, 3 Apr 2024 22:11:05 +0200 Subject: [PATCH] clone point to avoid race condition in MakeAffine --- pairing/bn254/suite.go | 1 + pairing/bn254/twist.go | 26 ++++++++++++++------------ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/pairing/bn254/suite.go b/pairing/bn254/suite.go index 98e8f96bd..27478b59d 100644 --- a/pairing/bn254/suite.go +++ b/pairing/bn254/suite.go @@ -132,6 +132,7 @@ func (s *Suite) Pair(p1 kyber.Point, p2 kyber.Point) kyber.Point { return s.GT().Point().(*pointGT).Pair(p1, p2) } +// NB: Not safe for concurrent calls func (s *Suite) ValidatePairing(p1, p2, inv1, inv2 kyber.Point) bool { p2.(*pointG2).g.MakeAffine() inv2.(*pointG2).g.MakeAffine() diff --git a/pairing/bn254/twist.go b/pairing/bn254/twist.go index 69f58e6dd..866af4694 100644 --- a/pairing/bn254/twist.go +++ b/pairing/bn254/twist.go @@ -178,23 +178,25 @@ func (c *twistPoint) Mul(a *twistPoint, scalar *big.Int) { } func (c *twistPoint) MakeAffine() { - if c.z.IsOne() { + g := c.Clone() + if g.z.IsOne() { return - } else if c.z.IsZero() { - c.x.SetZero() - c.y.SetOne() - c.t.SetZero() + } else if g.z.IsZero() { + g.x.SetZero() + g.y.SetOne() + g.t.SetZero() return } - zInv := (&gfP2{}).Invert(&c.z) - t := (&gfP2{}).Mul(&c.y, zInv) + zInv := (&gfP2{}).Invert(&g.z) + t := (&gfP2{}).Mul(&g.y, zInv) zInv2 := (&gfP2{}).Square(zInv) - c.y.Mul(t, zInv2) - t.Mul(&c.x, zInv2) - c.x.Set(t) - c.z.SetOne() - c.t.SetOne() + g.y.Mul(t, zInv2) + t.Mul(&g.x, zInv2) + g.x.Set(t) + g.z.SetOne() + g.t.SetOne() + c.Set(g) } func (c *twistPoint) Neg(a *twistPoint) {