Multiple bugs involving infinity implementation #23
Description
There is a serious bug in the implementation of "infinity" in this package.
Steps to reproduce
from ecpy.curves import Curve, Point
curve = Curve.get_curve("Ed25519")
G = curve.generator
n = curve.order
print((G*n) == (G*(n-1) + G) ) #false - "incorrect"
print((G*n).is_infinity) #true - "correct"
print((G*(n-1) + G).is_infinity) #false - "incorrect"
torsion = curve.decode_point(bytearray.fromhex("c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa"))
print((torsion*n).is_infinity) #true - "incorrect"Expected output
- Obviously we would expect Gn and G(n-1)+G to be equal,
- and we would expect them both to be "infinity".
- We would also expect, that multiplying a torsion point, that is not in the same subgroup as G, with n would lead to a point that is NOT infinity.
Observed Output
- Gn and G(n+1)+G is not equal
- For the Point G*(n+1) + G "is_infinity" is set to false (the result is numerically correct though).
- (torsion*n).is_infinity result is "True"
Suggested Fix
Replace the current complex "hard coded" implementation of "infinity" with a simple dynamic check.
curve.generator * curve.order should always result in infinity, thus we can easily check points against that result, if we want to check wether they are in fact infinity.