From 914b80bdb1bbd2bfb06d2ca1ebdc030c498ae615 Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Mon, 6 Jan 2025 15:27:38 -0500 Subject: [PATCH] Avoid `to_repr`/`to_bytes` in `read_scalar`/`read_point` --- .../src/transcript.rs | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/crypto/generalized-bulletproofs/src/transcript.rs b/crypto/generalized-bulletproofs/src/transcript.rs index 80757fae..5902c29b 100644 --- a/crypto/generalized-bulletproofs/src/transcript.rs +++ b/crypto/generalized-bulletproofs/src/transcript.rs @@ -132,18 +132,30 @@ impl<'a> VerifierTranscript<'a> { } pub(crate) fn read_scalar(&mut self) -> io::Result { - let scalar = C::read_F(&mut self.transcript)?; + // Read the scalar onto the transcript using the serialization present in the transcript self.digest.update([SCALAR]); - let bytes = scalar.to_repr(); - self.digest.update(bytes); + let scalar_len = ::Repr::default().as_ref().len(); + if self.transcript.len() < scalar_len { + Err(io::Error::new(io::ErrorKind::Other, "not enough bytes to read_scalar"))?; + } + self.digest.update(&self.transcript[.. scalar_len]); + + // Read the actual scalar, where `read_F` ensures its canonically serialized + let scalar = C::read_F(&mut self.transcript)?; Ok(scalar) } pub(crate) fn read_point(&mut self) -> io::Result { - let point = C::read_G(&mut self.transcript)?; + // Read the point onto the transcript using the serialization present in the transcript self.digest.update([POINT]); - let bytes = point.to_bytes(); - self.digest.update(bytes); + let point_len = ::Repr::default().as_ref().len(); + if self.transcript.len() < point_len { + Err(io::Error::new(io::ErrorKind::Other, "not enough bytes to read_point"))?; + } + self.digest.update(&self.transcript[.. point_len]); + + // Read the actual point, where `read_G` ensures its canonically serialized + let point = C::read_G(&mut self.transcript)?; Ok(point) }