Replaced IsElement with IsPotentialElement and IsSafeElement

Author: lumip

CHANGELOG.txt

@@ -1,6 +1,8 @@
 - 2.0.0-alpha
-    - Added GenerateRandomElement to ICryptoGroupAlgebra interface
-    - Introduced generic type parameter for scalar types in major interfaces
+    - Added GenerateRandomElement to ICryptoGroupAlgebra interface.
+    - Introduced generic type parameter for scalar types in major interfaces.
     - MultiplicativeGroupAlgebra.Negate now works correctly for all elements in the prime field, not only the subgroup.
+    - Removed CryptoGroupAlgebra.IsElement in favor of new IsPotentialElement and IsSafeElement methods.
+        -- IsElement was supposed to admit only safe elements, which caused it to reject the neutral element, leading to potential failures during computation.
 
 - 1.0.0 Initial Release

CompactCryptoGroupAlgebra.OpenSsl/EllipticCurves/EllipticCurveAlgebra.cs

@@ -179,14 +179,20 @@ public ECPoint GenerateElement(SecureBigNumber index)
         }
 
         /// <inheritdocs />
-        public bool IsElement(ECPoint element)
+        public bool IsPotentialElement(ECPoint element)
         {
             using (var ctx = BigNumberContextHandle.Create())
             {
                 return ECPointHandle.IsOnCurve(Handle, element.Handle, ctx);
             }
         }
 
+        /// <inheritdocs />
+        public bool IsSafeElement(ECPoint element)
+        {
+            return IsPotentialElement(element);
+        }
+
         /// <inheritdocs />
         public ECPoint MultiplyScalar(ECPoint e, SecureBigNumber k)
         {

CompactCryptoGroupAlgebra.OpenSsl/Multiplicative/MultiplicativeGroupAlgebra.cs

@@ -54,7 +54,7 @@ public MultiplicativeGroupAlgebra(BigPrime prime, BigPrime order, BigNumber gene
             Generator = BigNumber.FromRawHandle(generator.Handle);
             Cofactor = (prime - 1) / order;
 
-            if (!IsElement(Generator))
+            if (!IsSafeElement(Generator))
                 throw new ArgumentException("The generator must be an element of the group.", nameof(generator));
         }
 
@@ -98,15 +98,21 @@ public BigNumber GenerateElement(SecureBigNumber index)
         }
 
         /// <inheritdocs />
-        public bool IsElement(BigNumber element)
+        public bool IsPotentialElement(BigNumber element)
         {
             // implementation-specific checks
             if (element.Equals(BigNumber.Zero) ||
                 BigNumberHandle.Compare(element.Handle, _modulo.Handle) >= 0)
             {
                 return false;
             }
+            return true;
+        }
 
+        public bool IsSafeElement(BigNumber element)
+        {
+            if (!IsPotentialElement(element)) return false;
+            
             // verifying that the point is not from a small subgroup of the whole curve (and thus outside
             // of the safe subgroup over which operations are considered)
             if (Cofactor > 1)

CompactCryptoGroupAlgebra.Tests/CryptoGroupAlgebraTests.cs

@@ -321,7 +321,46 @@ public void TestGenerateRandomElement()
         }
 
         [Test]
-        public void TestIsElement()
+        public void TestIsPotentialElement()
+        {
+            var order = BigPrime.CreateWithoutChecks(11);
+            int element = 7;
+
+            var generatorStub = 1;
+            var cofactor = new BigInteger(2);
+            var neutralElement = 0;
+            var elementBitLength = 8;
+
+            var algebraMock = new Mock<CryptoGroupAlgebra<int>>(generatorStub, order, cofactor, neutralElement, elementBitLength) { CallBase = true };
+            algebraMock.Protected().As<ICryptoGroupAlgebraProtectedMembers>()
+                .Setup(alg => alg.IsElementDerived(It.IsAny<int>()))
+                .Returns(true);
+
+            Assert.IsTrue(algebraMock.Object.IsPotentialElement(element));
+        }
+
+
+        [Test]
+        public void TestIsPotentialElementFalseIfDerivedIsFalse()
+        {
+            var order = BigPrime.CreateWithoutChecks(11);
+            int element = 7;
+
+            var generatorStub = 1;
+            var cofactor = new BigInteger(2);
+            var neutralElement = 0;
+            var elementBitLength = 8;
+
+            var algebraMock = new Mock<CryptoGroupAlgebra<int>>(generatorStub, order, cofactor, neutralElement, elementBitLength) { CallBase = true };
+            algebraMock.Protected().As<ICryptoGroupAlgebraProtectedMembers>()
+                .Setup(alg => alg.IsElementDerived(It.IsAny<int>()))
+                .Returns(false);
+
+            Assert.IsFalse(algebraMock.Object.IsPotentialElement(element));
+        }
+
+        [Test]
+        public void TestIsSafeElement()
         {
             var order = BigPrime.CreateWithoutChecks(11);
             int element = 7;
@@ -343,11 +382,12 @@ public void TestIsElement()
                 .Returns(neutralElement);
 
 
-            Assert.IsTrue(algebraMock.Object.IsElement(element));
+            Assert.IsTrue(algebraMock.Object.IsSafeElement(element));
         }
 
+
         [Test]
-        public void TestIsElementFalseForUnsafeSubgroup()
+        public void TestIsSafeElementFalseIfDerivedIsFalse()
         {
             var order = BigPrime.CreateWithoutChecks(11);
             int element = 7;
@@ -360,19 +400,17 @@ public void TestIsElementFalseForUnsafeSubgroup()
             var algebraMock = new Mock<CryptoGroupAlgebra<int>>(generatorStub, order, cofactor, neutralElement, elementBitLength) { CallBase = true };
             algebraMock.Protected().As<ICryptoGroupAlgebraProtectedMembers>()
                 .Setup(alg => alg.IsElementDerived(It.IsAny<int>()))
-                .Returns(true);
-
-            // an element is in an unsafe subgroup if it results in neutral element when multiplied by cofactor
-            algebraMock.Protected().As<ICryptoGroupAlgebraProtectedMembers>()
-                .Setup(alg => alg.MultiplyScalarUnchecked(It.IsAny<int>(), It.Is<BigInteger>(x => x.Equals(cofactor)), It.IsAny<int>()))
-                .Returns(neutralElement);
+                .Returns(false);
+            // algebraMock.Protected().As<ICryptoGroupAlgebraProtectedMembers>()
+            //     .Setup(alg => alg.MultiplyScalarUnchecked(It.IsAny<int>(), It.IsAny<BigInteger>(), It.IsAny<int>()))
+            //     .Returns(1);
 
 
-            Assert.IsFalse(algebraMock.Object.IsElement(element));
+            Assert.IsFalse(algebraMock.Object.IsSafeElement(element));
         }
 
         [Test]
-        public void TestIsElementFalseIfDerivedIsFalse()
+        public void TestIsSafeElementFalseForUnsafeSubgroup()
         {
             var order = BigPrime.CreateWithoutChecks(11);
             int element = 7;
@@ -385,14 +423,17 @@ public void TestIsElementFalseIfDerivedIsFalse()
             var algebraMock = new Mock<CryptoGroupAlgebra<int>>(generatorStub, order, cofactor, neutralElement, elementBitLength) { CallBase = true };
             algebraMock.Protected().As<ICryptoGroupAlgebraProtectedMembers>()
                 .Setup(alg => alg.IsElementDerived(It.IsAny<int>()))
-                .Returns(false);
+                .Returns(true);
+
+            // an element is in an unsafe subgroup if it results in neutral element when multiplied by cofactor
             algebraMock.Protected().As<ICryptoGroupAlgebraProtectedMembers>()
-                .Setup(alg => alg.MultiplyScalarUnchecked(It.IsAny<int>(), It.IsAny<BigInteger>(), It.IsAny<int>()))
-                .Returns(1);
+                .Setup(alg => alg.MultiplyScalarUnchecked(It.IsAny<int>(), It.Is<BigInteger>(x => x.Equals(cofactor)), It.IsAny<int>()))
+                .Returns(neutralElement);
 
 
-            Assert.IsFalse(algebraMock.Object.IsElement(element));
+            Assert.IsFalse(algebraMock.Object.IsSafeElement(element));
         }
 
+
     }
 }