From ca83ad2d0ee6bdadbf436b8226b524f05c8a2e8a Mon Sep 17 00:00:00 2001 From: qd-qd Date: Thu, 7 Mar 2024 23:17:18 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20implement=20isOnCurve=20function?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This function checks if a point is on the p256r1 curve. --- src/ECDSA256r1.sol | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/ECDSA256r1.sol b/src/ECDSA256r1.sol index 804e995..1f051d7 100644 --- a/src/ECDSA256r1.sol +++ b/src/ECDSA256r1.sol @@ -1,7 +1,7 @@ // SPDX-License-Identifier: MIT pragma solidity >=0.8.19 <0.9.0; -import { ECDSA, Curve, p, gx, gy, n, MINUS_2, MINUS_1, MODEXP_PRECOMPILE } from "./utils/ECDSA.sol"; +import { ECDSA, Curve, p, gx, gy, n, MINUS_2, MINUS_1, MODEXP_PRECOMPILE, a, b } from "./utils/ECDSA.sol"; /// @title ECDSA256r1 /// @notice A library to verify ECDSA signatures made on the secp256r1 curve @@ -14,6 +14,27 @@ import { ECDSA, Curve, p, gx, gy, n, MINUS_2, MINUS_1, MODEXP_PRECOMPILE } from library ECDSA256r1 { using { Curve.nModInv } for uint256; + /// @notice Verifies that a point is on the secp256r1 curve + /// @param x The x-coordinate of the point + /// @param y The y-coordinate of the point + /// @return bool True if the point is on the curve, false otherwise + function isPointValid(uint256 x, uint256 y) internal pure returns (bool) { + if (((0 == x) && (0 == y)) || x == p || y == p) { + return false; + } + + unchecked { + // y^2 + uint256 lhs = mulmod(y, y, p); + // x^3+ax + uint256 rhs = addmod(mulmod(mulmod(x, x, p), x, p), mulmod(x, a, p), p); + // x^3 + a*x + b + rhs = addmod(rhs, b, p); + + return lhs == rhs; + } + } + //// @notice Computes uG + vQ using Strauss-Shamir's trick on the secp256r1 elliptic curve, where G is the basepoint /// and Q is the public key. /// @param Q0 x-coordinate of the input point Q