From: Matt Corallo Date: Tue, 7 May 2024 19:38:38 +0000 (+0000) Subject: Write out "Point at Infinity" X-Git-Tag: v0.5.4~5 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=b1bba8969d4df1f9e1f6acb7417e559df1f40d6c;p=dnssec-prover Write out "Point at Infinity" --- diff --git a/src/crypto/ec.rs b/src/crypto/ec.rs index 0908e33..f116767 100644 --- a/src/crypto/ec.rs +++ b/src/crypto/ec.rs @@ -173,7 +173,7 @@ impl Point { let s1 = self.y.mul(&o.z.mul(&o_z_2)); let s2 = o.y.mul(&self.z.mul(&self_z_2)); if u1 == u2 { - if s1 != s2 { /* PAI */ return Err(()); } + if s1 != s2 { /* Point at Infinity */ return Err(()); } return self.double(); } let h = u2.sub(&u1); @@ -218,11 +218,11 @@ fn add_two_mul(i: C::ScalarField, I: &Point, j: C::ScalarField, J: } if i_bit { if let Ok(res) = res_opt.as_mut() { - // The wycheproof tests expect to see signatures pass even if we hit PAI on an - // intermediate result. While that's fine, I'm too lazy to go figure out if all - // our PAI definitions are right and the probability of this happening at - // random is, basically, the probability of guessing a private key anyway, so - // its not really worth actually handling outside of tests. + // The wycheproof tests expect to see signatures pass even if we hit Point at + // Infinity (PAI) on an intermediate result. While that's fine, I'm too lazy to + // go figure out if all our PAI definitions are right and the probability of + // this happening at random is, basically, the probability of guessing a private + // key anyway, so its not really worth actually handling outside of tests. #[cfg(test)] { res_opt = res.add(I); } @@ -235,11 +235,11 @@ fn add_two_mul(i: C::ScalarField, I: &Point, j: C::ScalarField, J: } if j_bit { if let Ok(res) = res_opt.as_mut() { - // The wycheproof tests expect to see signatures pass even if we hit PAI on an - // intermediate result. While that's fine, I'm too lazy to go figure out if all - // our PAI definitions are right and the probability of this happening at - // random is, basically, the probability of guessing a private key anyway, so - // its not really worth actually handling outside of tests. + // The wycheproof tests expect to see signatures pass even if we hit Point at + // Infinity (PAI) on an intermediate result. While that's fine, I'm too lazy to + // go figure out if all our PAI definitions are right and the probability of + // this happening at random is, basically, the probability of guessing a private + // key anyway, so its not really worth actually handling outside of tests. #[cfg(test)] { res_opt = res.add(J); }