Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Bug: multiplication of Point by negative const produces wrong results
See original GitHub issuefrom fastecdsa.curve import P256
from fastecdsa.point import Point
xs = 0xde2444bebc8d36e682edd27e0f271508617519b3221a8fa0b77cab3989da97c9
ys = 0xc093ae7ff36e5380fc01a5aad1e66659702de80f53cec576b6350b243042a256
S = Point(xs, ys, curve=P256)
print(S)
# X: 0xde2444bebc8d36e682edd27e0f271508617519b3221a8fa0b77cab3989da97c9
# Y: 0xc093ae7ff36e5380fc01a5aad1e66659702de80f53cec576b6350b243042a256
# (On curve <P256>)
print((-1)*S)
# X: 0xde2444bebc8d36e682edd27e0f271508617519b3221a8fa0b77cab3989da97c9
# Y: 0xc093ae7ff36e5380fc01a5aad1e66659702de80f53cec576b6350b243042a256
# (On curve <P256>)
print(-S)
# X: 0xde2444bebc8d36e682edd27e0f271508617519b3221a8fa0b77cab3989da97c9
# Y: 0x3f6c517f0c91ac8003fe5a552e1999a68fd217f1ac313a8949caf4dbcfbd5da9
# (On curve <P256>)
print((-1-P256.q)*S)
# X: 0x2754ffb5ff6ff19af1bb2fe0ef25a22d3a28731031d319afa9bf707c3595d58d
# Y: 0x3832af93a61dc91177c094f3c1723e5a3f4e29cc9fbc862da05be393b54a9a9e
# (On curve <P256>)
version 2.1.5
Issue Analytics
- State:
- Created 2 years ago
- Comments:15 (14 by maintainers)
Top Results From Across the Web
How to deal with floating point number precision in JavaScript?
I believe it's due to a floating point precision error with Math.round() . precisionRound(1.005, 2) // produces 1, incorrect, should be 1.01.
Read more >What Every Computer Scientist Should Know About Floating ...
Requiring that a floating-point representation be normalized makes the ... Multiplying two quantities with a small relative error results in a product with ......
Read more >decimal — Decimal fixed point and floating point arithmetic ...
In binary floating point, the result is 5.5511151231257827e-017 . ... Construction from an integer or a float performs an exact conversion of the...
Read more >INT32-C. Ensure that operations on signed integers do not ...
This noncompliant code example can result in a signed integer overflow during the multiplication of the signed operands si_a and si_b :.
Read more >Why Fixed-Point Right-Shifts Are Just Fine - Jason Sachs
It's pretty easy to see the results; in the case of truncation the error band is essentially between 0 and 1 count; in...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Revisiting this issue - given that the fallback code is needed anyway I’m in favor of keeping things as they are and not introducing an additional cofactor field. If anyone has objections we can discuss here.
Just to be clear: you cannot always calculate the cofactor like I give in the pointer. So in the end, you need the fallback code anyway – i.e. no scalar reduction, and sign considerations – which is what you’ve merged already.
For curves already built into fastecdsa, this doesn’t matter because
his a precomputed constant. It’s only a question of custom curves instantiated with theCurveclass.