From 715846814f5b9489ee11fa4e0aa6a6012a9c397a Mon Sep 17 00:00:00 2001
From: Ricard Borrell <75077385+rickb80@users.noreply.github.com>
Date: Thu, 31 Aug 2023 13:11:37 +0000
Subject: [PATCH 1/2] Fixed Jacobian coordinates bug ECRecover

---
 src/ecrecover/ecrecover.cpp | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/src/ecrecover/ecrecover.cpp b/src/ecrecover/ecrecover.cpp
index d3b0b8a77..d11ba4543 100644
--- a/src/ecrecover/ecrecover.cpp
+++ b/src/ecrecover/ecrecover.cpp
@@ -837,6 +837,10 @@ void generalAddPointEcJacobian(const RawFec::Element &x1, const RawFec::Element
                                RawFec::Element &x3, RawFec::Element &y3, RawFec::Element &z3,
                                bool &p3_empty)
 {
+    RawFec::Element z1_2 = fec.mul(z1, z1);
+    RawFec::Element z2_2 = fec.mul(z2, z2);
+    RawFec::Element z1_3 = fec.mul(z1_2, z1);
+    RawFec::Element z2_3 = fec.mul(z2_2, z2);
 
     if (p1_empty && p2_empty)
     {
@@ -865,7 +869,7 @@ void generalAddPointEcJacobian(const RawFec::Element &x1, const RawFec::Element
             }
             else
             {
-                if (fec.eq(fec.mul(x1, z2), fec.mul(x2, z1)) == 0)
+                if (fec.eq(fec.mul(x1, z2_2), fec.mul(x2, z1_2)) == 0)
                 {
                     addPointEcJacobian(x1, y1, z1, x2, y2, z2, x3, y3, z3);
                     if (fec.isZero(z3) == 1)
@@ -879,7 +883,7 @@ void generalAddPointEcJacobian(const RawFec::Element &x1, const RawFec::Element
                 }
                 else
                 {
-                    if (fec.eq(fec.mul(y1, z2), fec.mul(y2, z1)) == 0)
+                    if (fec.eq(fec.mul(y1, z2_3), fec.mul(y2, z1_3)) == 0)
                     {
                         p3_empty = true;
                     }
@@ -909,6 +913,11 @@ void generalAddPointEcJacobianZ2Is1(const RawFec::Element &x1, const RawFec::Ele
                                bool &p3_empty)
 {
 
+    RawFec::Element z1_2 = fec.mul(z1, z1);
+    RawFec::Element z2_2 = fec.mul(z2, z2);
+    RawFec::Element z1_3 = fec.mul(z1_2, z1);
+    RawFec::Element z2_3 = fec.mul(z2_2, z2);
+
     if (p1_empty && p2_empty)
     {
         p3_empty = true;
@@ -936,7 +945,7 @@ void generalAddPointEcJacobianZ2Is1(const RawFec::Element &x1, const RawFec::Ele
             }
             else
             {
-                if (fec.eq(fec.mul(x1, z2), fec.mul(x2, z1)) == 0)
+                if (fec.eq(fec.mul(x1, z2_2), fec.mul(x2, z1_2)) == 0)
                 {
                     addPointEcJacobianZ2Is1(x1, y1, z1, x2, y2, z2, x3, y3, z3);
                     if (fec.isZero(z3) == 1)
@@ -950,7 +959,7 @@ void generalAddPointEcJacobianZ2Is1(const RawFec::Element &x1, const RawFec::Ele
                 }
                 else
                 {
-                    if (fec.eq(fec.mul(y1, z2), fec.mul(y2, z1)) == 0)
+                    if (fec.eq(fec.mul(y1, z2_3), fec.mul(y2, z1_3)) == 0)
                     {
                         p3_empty = true;
                     }
@@ -981,6 +990,11 @@ void generalAddPointEcJacobian(const RawFec::Element &x1, const RawFec::Element
                                bool &p3_empty)
 {
 
+    RawFec::Element z1_2 = fec.mul(z1, z1);
+    RawFec::Element z2_2 = fec.mul(z2, z2);
+    RawFec::Element z1_3 = fec.mul(z1_2, z1);
+    RawFec::Element z2_3 = fec.mul(z2_3, z2);
+
     if (p1_empty && p2_empty)
     {
         p3_empty = true;
@@ -1008,7 +1022,7 @@ void generalAddPointEcJacobian(const RawFec::Element &x1, const RawFec::Element
             }
             else
             {
-                if (fec.eq(fec.mul(x1, z2), fec.mul(x2, z1)) == 0)
+                if (fec.eq(fec.mul(x1, z2_2), fec.mul(x2, z1_2)) == 0)
                 {
                     addPointEcJacobian(x1, y1, z1, zz1, zzz1, x2, y2, z2, x3, y3, z3);
                     if (fec.isZero(z3) == 1)
@@ -1022,7 +1036,7 @@ void generalAddPointEcJacobian(const RawFec::Element &x1, const RawFec::Element
                 }
                 else
                 {
-                    if (fec.eq(fec.mul(y1, z2), fec.mul(y2, z1)) == 0)
+                    if (fec.eq(fec.mul(y1, z2_3), fec.mul(y2, z1_3)) == 0)
                     {
                         p3_empty = true;
                     }

From 36326cfae4020131f018aae2bc8f8cc435c102f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A9ctor=20Masip?= <hmasip@polygon.technology>
Date: Thu, 31 Aug 2023 17:42:07 +0200
Subject: [PATCH 2/2] Typo corrected

---
 src/ecrecover/ecrecover.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ecrecover/ecrecover.cpp b/src/ecrecover/ecrecover.cpp
index d11ba4543..b416f771d 100644
--- a/src/ecrecover/ecrecover.cpp
+++ b/src/ecrecover/ecrecover.cpp
@@ -993,7 +993,7 @@ void generalAddPointEcJacobian(const RawFec::Element &x1, const RawFec::Element
     RawFec::Element z1_2 = fec.mul(z1, z1);
     RawFec::Element z2_2 = fec.mul(z2, z2);
     RawFec::Element z1_3 = fec.mul(z1_2, z1);
-    RawFec::Element z2_3 = fec.mul(z2_3, z2);
+    RawFec::Element z2_3 = fec.mul(z2_2, z2);
 
     if (p1_empty && p2_empty)
     {