Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Biconomy Secp256r1>Threat Model>_modifiedJacobianDouble
GeneralOverview
Findings
High (3)
Informational (2)
DiscussionImpact of signature inconsistencyAddition bug analysisModular subtraction trickDocumentationPossible gas savings in `_jAdd`
Threat ModelWhat are threat models?
Secp256r1.solSecp256r1 constants_jAdd_modifiedJacobianDouble
Threat ModelVerification of correctness of elliptic curve arithmetic
Audit ResultsSummary

Function: _modifiedJacobianDouble(uint256 x, uint256 y, uint256 z)

This function takes as parameters Jacobian coordinates (x:y:z) of a point on the elliptic curve secp256r1 and returns Jacobian coordinates representing double that point. Additionally, when passed (0,0,0), the function should return (0,0,0). (See Finding ref.)

Inputs

  • (x, y, z):

Validation: No checks in this function.

Impact: Caller should ensure that (x:y:z) are valid Jacobian coordinates for a point on the secp256r1 curve, or (x,y,z)=(0,0,0).

Correctness:

Detailed steps taken to check correctness of the result: Assuming (x,y,z) are valid Jacobian coordinates for a point on the secp256r1 curve, we compare each of the steps of the computation done in the function with the reference book. Equality is here to be taken modulo pd.

Zellic © 2024Back to top ↑