You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The template SegmentMulFix() computes in Montgomery form the point V*base where V = (3*nWindows-bit input_value) + 2^(3*nWindows+1)+2^(3*nWindows-3)+2^(3*nWindows-6)+..+1. Therefore, for nWindows>82 we can have input_value as big as 2^(249)-1 and the value of V exceeding 2^(250)+2^(249)+2^(246), which is bigger than the prime subgroup order, possibly causing an overflow and infinity point computation in Montgomery. For such inputs the template is satisfied for some invalid input-output tuples and thus is flawed. Thus the nWindow value should not exceed 82. Currently it is set to 83 for many inputs in EscalarMulFix.
The simplest way to fix it is to use at most 246-bit segments and thus at most 82 windows.
The text was updated successfully, but these errors were encountered:
The template
SegmentMulFix()computes in Montgomery form the pointV*basewhereV = (3*nWindows-bit input_value) + 2^(3*nWindows+1)+2^(3*nWindows-3)+2^(3*nWindows-6)+..+1. Therefore, fornWindows>82we can have input_value as big as2^(249)-1and the value ofVexceeding2^(250)+2^(249)+2^(246), which is bigger than the prime subgroup order, possibly causing an overflow and infinity point computation in Montgomery. For such inputs the template is satisfied for some invalid input-output tuples and thus is flawed. Thus thenWindowvalue should not exceed 82. Currently it is set to 83 for many inputs inEscalarMulFix.The simplest way to fix it is to use at most 246-bit segments and thus at most 82 windows.
The text was updated successfully, but these errors were encountered: