0

I want to implement scalar multiplication in which I have to multiply a point of elliptic curve with a negative number using CRYPTOPP library, but I'm getting an error while doing this.

Am I supposed to take the mod of that negative number manually and then multiply it with the point? or is there any function which will perform that task for me?

ECP::Point ECP::ScalarMultiply(const Point &    a,
const Integer & e)const

As the parameter is integer so it should take negative value as well but it is giving an error:

Algebra.cpp CRYPTOPP_ASSERT(expBegin->NotNegative())

Jared Forth
  • 1,577
  • 6
  • 17
  • 32
  • 1
    Why would you ever do such a thing? I'm not aware of any protocol or scheme where scalar multiplication with a negative number would occur. – President James K. Polk Jul 24 '19 at 12:37
  • Yes, you are supposed to do. However, as James K Polk said, why would you need that? – kelalaka Jul 24 '19 at 22:09
  • You would take it mod the order of the curve group if you insisted on allowing negative scalars. – President James K. Polk Jul 24 '19 at 23:35
  • @JamesKPolk Uh, then it would not allow positive scalars anymore, or they would at least generate the same result. It's probably better to simply define part of the elements in the order of the group and assume they are negative (split the order in two, or say that anything above a certain value should be assumed negative). – Maarten Bodewes Aug 22 '19 at 14:12
  • @MaartenBodewes: I don't understand your comment. By "mod the order of the group" I meant the positive remainder after dividing by the group order. – President James K. Polk Aug 22 '19 at 14:15
  • I get what you're saying, you're saying that the negative value is equivalent to the mod value, if you see the scalar as a number. However that equivalence can come back and bite you if you're not careful. You can map integers to the elements of the group in various ways after all. You don't want an RSA signature to match *both* -1 and N - 1 if you use that as input. The way to map integers to group elements must be clear from the start. – Maarten Bodewes Aug 22 '19 at 14:19

0 Answers0