You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to NIST and BSI, during signature verification, the calculated point after shamirs trick should be checked. If it is the identity element or a multiple of it, further evaluation should be aborted. This check is missing and should be included here:
According to NIST and BSI, during signature verification, the calculated point after shamirs trick should be checked. If it is the identity element or a multiple of it, further evaluation should be aborted. This check is missing and should be included here:
micro-ecc/uECC.c
Line 1588 in b335ee8
For reference see these links:
NIST: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf (Section 6.4.2 Step 6)
BSI: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03111/BSI-TR-03111_V-2-1_pdf.pdf?__blob=publicationFile&v=1 (Section 4.2.1.2 Step 4)
The text was updated successfully, but these errors were encountered: