Skip to content

Commit

Permalink
remove overflow check in aggregation
Browse files Browse the repository at this point in the history
  • Loading branch information
@b-wagn
b-wagn committed Jan 29, 2024
1 parent b4142c3 commit 96a6e9d
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 23 deletions.
13 changes: 2 additions & 11 deletions src/modules/schnorrsig_halfagg/main_impl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ void secp256k1_schnorrsig_sha256_tagged_aggregation(secp256k1_sha256 *sha) {
int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned char *aggsig, size_t *aggsig_len, const secp256k1_xonly_pubkey *all_pubkeys, const unsigned char *all_msgs32, const unsigned char *new_sigs64, size_t n_before, size_t n_new) {
size_t i;
size_t n;
int overflow;
secp256k1_sha256 hash;
secp256k1_scalar s;

Expand Down Expand Up @@ -64,12 +63,7 @@ int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned ch
/* Compute s = s_old + sum_{i = n_before}^{n} z_i*s_i */
/* where s_old = 0 if n_before = 0 */
secp256k1_scalar_set_int(&s, 0);
if (n_before > 0) {
secp256k1_scalar_set_b32(&s, &aggsig[n_before*32], &overflow);
if (overflow) {
return 0;
}
}
if (n_before > 0) secp256k1_scalar_set_b32(&s, &aggsig[n_before*32], NULL);
for (i = n_before; i < n; ++i) {
unsigned char pk_ser[32];
unsigned char hashoutput[32];
Expand All @@ -96,10 +90,7 @@ int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned ch

/* Step 2: s := s + zi*si */
/* except if i == 0, then zi = 1 implicitly */
secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], &overflow);
if (overflow) {
return 0;
}
secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], NULL);
if (i != 0) secp256k1_scalar_mul(&si, &si, &zi);
secp256k1_scalar_add(&s, &s, &si);
}
Expand Down
13 changes: 1 addition & 12 deletions src/modules/schnorrsig_halfagg/tests_impl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,18 +304,7 @@ static void test_schnorrsig_aggregate_overflow(void) {
unsigned char aggsig[32*(N_MAX + 1)];
size_t n = secp256k1_testrand_int(N_MAX + 1);

/* Test 1: We check that aggregation returns 0 if one s overflows. */
test_schnorrsig_aggregate_input_helper(pubkeys, msgs32, sigs64, n);
if (n > 0) {
size_t aggsig_len = sizeof(aggsig);
size_t k = secp256k1_testrand_int(n);
/* Make one randomly chosen s overflow */
memset(&sigs64[k*64+32], 0xFF, 32);
/* Check that aggregating fails */
CHECK(secp256k1_schnorrsig_aggregate(CTX, aggsig, &aggsig_len, pubkeys, msgs32, sigs64, n) == 0);
}

/* Test 2: We check that verification returns 0 if the s in aggsig overflows. */
/* We check that verification returns 0 if the s in aggsig overflows. */
test_schnorrsig_aggregate_input_helper(pubkeys, msgs32, sigs64, n);
{
size_t aggsig_len = sizeof(aggsig);
Expand Down

0 comments on commit 96a6e9d

Please sign in to comment.