ZenGo-X · nskybytskyi · Nov 9, 2021 · Nov 10, 2021 · Nov 15, 2021 · Nov 16, 2021
diff --git a/src/arithmetic/big_native.rs b/src/arithmetic/big_native.rs
@@ -44,8 +44,8 @@ impl ZeroizeBN for BigInt {
 
 impl zeroize::Zeroize for BigInt {
     fn zeroize(&mut self) {
-        use std::{ptr, sync::atomic};
-        unsafe { ptr::write_volatile(&mut self.num, Zero::zero()) };
+        use std::sync::atomic;
+        self.num *= 0;
         atomic::fence(atomic::Ordering::SeqCst);
         atomic::compiler_fence(atomic::Ordering::SeqCst);
     }

diff --git a/src/cryptographic_primitives/commitments/pedersen_commitment.rs b/src/cryptographic_primitives/commitments/pedersen_commitment.rs
@@ -6,6 +6,7 @@
 */
 
 use std::marker::PhantomData;
+use zeroize::Zeroizing;
 
 use super::traits::Commitment;
 use super::SECURITY_BITS;
@@ -29,9 +30,9 @@ impl<E: Curve> Commitment<Point<E>> for PedersenCommitment<E> {
         let h = Point::base_point2();
         let message_scalar: Scalar<E> = Scalar::from(message);
         let blinding_scalar: Scalar<E> = Scalar::from(blinding_factor);
-        let mg = g * message_scalar;
-        let rh = h * blinding_scalar;
-        mg + rh
+        let mg = Zeroizing::new(g * message_scalar);
+        let rh = Zeroizing::new(h * blinding_scalar);
+        &*mg + &*rh
     }
 
     fn create_commitment(message: &BigInt) -> (Point<E>, BigInt) {

diff --git a/src/cryptographic_primitives/proofs/sigma_correct_homomorphic_elgamal_enc.rs b/src/cryptographic_primitives/proofs/sigma_correct_homomorphic_elgamal_enc.rs
@@ -9,6 +9,8 @@
 use digest::Digest;
 use serde::{Deserialize, Serialize};
 
+use zeroize::Zeroizing;
+
 use crate::cryptographic_primitives::hashing::DigestExt;
 use crate::elliptic::curves::{Curve, Point, Scalar};
 use crate::marker::HashChoice;
@@ -56,10 +58,10 @@ impl<E: Curve, H: Digest + Clone> HomoELGamalProof<E, H> {
     ) -> HomoELGamalProof<E, H> {
         let s1: Scalar<E> = Scalar::random();
         let s2: Scalar<E> = Scalar::random();
-        let A1 = &delta.H * &s1;
-        let A2 = &delta.Y * &s2;
+        let A1 = Zeroizing::new(&delta.H * &s1);
+        let A2 = Zeroizing::new(&delta.Y * &s2);
         let A3 = &delta.G * &s2;
-        let T = A1 + A2;
+        let T = &*A1 + &*A2;
         let e = H::new()
             .chain_point(&T)
             .chain_point(&A3)

diff --git a/src/cryptographic_primitives/secret_sharing/feldman_vss.rs b/src/cryptographic_primitives/secret_sharing/feldman_vss.rs
@@ -24,8 +24,8 @@ pub struct ShamirSecretSharing {
 /// Feldman VSS, based on  Paul Feldman. 1987. A practical scheme for non-interactive verifiable secret sharing.
 /// In Foundations of Computer Science, 1987., 28th Annual Symposium on.IEEE, 427–43
 ///
-/// implementation details: The code is using FE and GE. Each party is given an index from 1,..,n and a secret share of type FE.
-/// The index of the party is also the point on the polynomial where we treat this number as u32 but converting it to FE internally.
+/// Implementation details: The code is generic over the curve. Each party is given an index from `1,..,n` and a secret share of type `Scalar<E>`.
+/// The index of the party is also the point on the polynomial where we treat this number as `u32` but converting it to `Scalar<E>` internally.
 #[derive(Clone, PartialEq, Debug, Serialize, Deserialize)]
 #[serde(bound = "")]
 pub struct VerifiableSS<E: Curve> {

diff --git a/src/cryptographic_primitives/twoparty/coin_flip_optimal_rounds.rs b/src/cryptographic_primitives/twoparty/coin_flip_optimal_rounds.rs
@@ -15,7 +15,7 @@ use crate::cryptographic_primitives::proofs::sigma_valid_pedersen_blind::Pederse
 use crate::elliptic::curves::{Curve, Point, Scalar};
 
 /// based on How To Simulate It – A Tutorial on the Simulation
-/// Proof Technique. protocol 7.3: Multiple coin tossing. which provide simulatble constant round
+/// Proof Technique. protocol 7.3: Multiple coin tossing. which provide simulatable constant round
 /// coin toss
 #[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
 #[serde(bound = "")]

diff --git a/src/elliptic/curves/test.rs b/src/elliptic/curves/test.rs
@@ -4,6 +4,8 @@ use std::iter;
 
 use rand::{rngs::OsRng, Rng};
 
+use zeroize::Zeroize;
+
 use crate::arithmetic::*;
 use crate::test_for_all_curves;
 
@@ -358,3 +360,14 @@ fn scalar_assign_negation<E: Curve>() {
     };
     assert_eq!(s_neg_1, s_neg_2);
 }
+
+test_for_all_curves!(point_zeroize);
+fn point_zeroize<E: Curve>() {
+    let mut first_point = E::Point::generator().scalar_mul(&random_nonzero_scalar());
+    let first_copy = first_point.clone();
+    first_point.zeroize();
+    assert_ne!(first_point, first_copy);
+    let mut second_point = E::Point::generator().scalar_mul(&random_nonzero_scalar());
+    second_point.zeroize();
+    assert_eq!(first_point, second_point);
+}
diff --git a/src/elliptic/curves/wrappers/point.rs b/src/elliptic/curves/wrappers/point.rs
@@ -1,5 +1,7 @@
 use std::{fmt, iter};
 
+use zeroize::Zeroize;
+
 use crate::elliptic::curves::traits::*;
 use crate::BigInt;
 
@@ -307,3 +309,9 @@ impl<'p, E: Curve> iter::Sum<&'p Point<E>> for Point<E> {
         iter.fold(Point::zero(), |acc, p| acc + p)
     }
 }
+
+impl<E: Curve> Zeroize for Point<E> {
+    fn zeroize(&mut self) {
+        self.raw_point.zeroize();
+    }
+}