fix(eddsa-poseidon): add mod reduction of secret scalar

The secret scalar is used to derive the public key and it must be > l, where l is the sub order used in baby jubjub. Adding a mod reduction ensures it always stays in the right range by keeping it compatible with the existing public keys. re #239
privacy-scaling-explorations · Apr 23, 2024 · a8c6d3d · a8c6d3d
1 parent 5ef9e74
commit a8c6d3d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/packages/eddsa-poseidon/src/eddsa-poseidon.ts b/packages/eddsa-poseidon/src/eddsa-poseidon.ts
@@ -53,7 +53,7 @@ export function deriveSecretScalar(privateKey: Buffer | Uint8Array | string): bi
     hash = hash.slice(0, 32)
     hash = pruneBuffer(hash)
 
-    return scalar.shiftRight(leBufferToBigInt(hash), BigInt(3))
+    return scalar.shiftRight(leBufferToBigInt(hash), BigInt(3)) % subOrder
 }
 
 /**