crypto/mta: include U in hash for ProofBobWC (#43)

2026-01-10 22:38:17 -05:00 · 2019-09-11 16:24:06 +08:00
parent 31c67c55cf
commit f90989ed35
1 changed files with 3 additions and 3 deletions
--- a/crypto/mta/proofs.go
+++ b/crypto/mta/proofs.go
@@ -54,7 +54,7 @@ func ProveBobWC(pk *paillier.PublicKey, NTilde, h1, h2, c1, c2, x, y, r *big.Int
 	gamma := random.GetRandomPositiveRelativelyPrimeInt(pk.N)

 	// 5.
-	var u *crypto.ECPoint
+	u := crypto.NewECPoint(tss.EC(), zero, zero) // initialization suppresses an IDE warning
 	if X != nil {
 		u = crypto.ScalarBaseMult(tss.EC(), alpha)
 	}
@@ -90,7 +90,7 @@ func ProveBobWC(pk *paillier.PublicKey, NTilde, h1, h2, c1, c2, x, y, r *big.Int
 		if X == nil {
 			eHash = common.SHA512_256i(append(pk.AsInts(), c1, c2, z, zPrm, t, v, w)...)
 		} else {
-			eHash = common.SHA512_256i(append(pk.AsInts(), X.X(), X.Y(), c1, c2, z, zPrm, t, v, w)...)
+			eHash = common.SHA512_256i(append(pk.AsInts(), X.X(), X.Y(), c1, c2, u.X(), u.Y(), z, zPrm, t, v, w)...)
 		}
 		e = common.RejectionSample(q, eHash)
 	}
@@ -158,7 +158,7 @@ func (pf *ProofBobWC) Verify(pk *paillier.PublicKey, NTilde, h1, h2, c1, c2 *big
 		if X == nil {
 			eHash = common.SHA512_256i(append(pk.AsInts(), c1, c2, pf.Z, pf.ZPrm, pf.T, pf.V, pf.W)...)
 		} else {
-			eHash = common.SHA512_256i(append(pk.AsInts(), X.X(), X.Y(), c1, c2, pf.Z, pf.ZPrm, pf.T, pf.V, pf.W)...)
+			eHash = common.SHA512_256i(append(pk.AsInts(), X.X(), X.Y(), c1, c2, pf.U.X(), pf.U.Y(), pf.Z, pf.ZPrm, pf.T, pf.V, pf.W)...)
 		}
 		e = common.RejectionSample(q, eHash)
 	}