fix(sigmap-EDAP-06): Missing IsOnCurve & IsInSubgroup Checks For Elli… (

#229) * fix(sigmap-EDAP-06): Missing IsOnCurve & IsInSubgroup Checks For Elliptic Curve Point * fix(sigmap-EDAP-06): Missing IsOnCurve & IsInSubgroup Checks For Elliptic Curve Point - remove unnecessary function * fix(sigmap-EDAP-06): Missing IsOnCurve & IsInSubgroup Checks For Elliptic Curve Point - address PR feedback * fix(sigmap-EDAP-06): Missing IsOnCurve & IsInSubgroup Checks For Elliptic Curve Point - address PR feedback
Layr-Labs · Jan 9, 2025 · ad9c855 · ad9c855
1 parent f34d87a
commit ad9c855
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/verify/verifier.go b/verify/verifier.go
@@ -124,21 +124,33 @@ func (v *Verifier) Commit(blob []byte) (*bn254.G1Affine, error) {
 // Verify regenerates a commitment from the blob and asserts equivalence
 // to the commitment in the certificate
 // TODO: Optimize implementation by opening a point on the commitment instead
-func (v *Verifier) VerifyCommitment(expectedCommit *common.G1Commitment, blob []byte) error {
+func (v *Verifier) VerifyCommitment(certCommitment *common.G1Commitment, blob []byte) error {
 	actualCommit, err := v.Commit(blob)
 	if err != nil {
 		return err
 	}
 
-	expectedX := &fp.Element{}
-	expectedX.Unmarshal(expectedCommit.X)
-	expectedY := &fp.Element{}
-	expectedY.Unmarshal(expectedCommit.Y)
+	certCommitmentX := &fp.Element{}
+	certCommitmentX.Unmarshal(certCommitment.X)
+
+	// map coordinates to G1 and ensure they are on the curve
+	xAffine := bn254.MapToG1(*certCommitmentX)
+	if !xAffine.IsOnCurve() {
+		return fmt.Errorf("commitment x field element is not on the curve: %x", certCommitmentX.Marshal())
+	}
+
+	certCommitmentY := &fp.Element{}
+	certCommitmentY.Unmarshal(certCommitment.Y)
+
+	yAffine := bn254.MapToG1(*certCommitmentY)
+	if !yAffine.IsOnCurve() {
+		return fmt.Errorf("commitment y field element is not on the curve: %x", certCommitmentY.Marshal())
+	}
 
 	errMsg := ""
-	if !actualCommit.X.Equal(expectedX) || !actualCommit.Y.Equal(expectedY) {
-		errMsg += fmt.Sprintf("field elements do not match, x actual commit: %x, x expected commit: %x, ", actualCommit.X.Marshal(), expectedX.Marshal())
-		errMsg += fmt.Sprintf("y actual commit: %x, y expected commit: %x", actualCommit.Y.Marshal(), expectedY.Marshal())
+	if !actualCommit.X.Equal(certCommitmentX) || !actualCommit.Y.Equal(certCommitmentY) {
+		errMsg += fmt.Sprintf("field elements do not match, x actual commit: %x, x expected commit: %x, ", actualCommit.X.Marshal(), certCommitmentX.Marshal())
+		errMsg += fmt.Sprintf("y actual commit: %x, y expected commit: %x", actualCommit.Y.Marshal(), certCommitmentY.Marshal())
 		return fmt.Errorf("%s", errMsg)
 	}