Multiplying G2 elements fails if scalar is bigger than group order

[wouterl]

It seems that g2_mul misbehaves if the scalar is larger than the group order. Here is a failing test for a scalar that is twice the group order. I would expect the test to pass, and in fact it does for G1.

diff --git a/test/test_pc.c b/test/test_pc.c
index ab83deca..0b5f86e3 100755
--- a/test/test_pc.c
+++ b/test/test_pc.c
@@ -930,6 +930,14 @@ static int multiplication2(void) {
                        g2_mul(r, p, n);
                        TEST_ASSERT(g2_is_infty(r) == 1, end);
                } TEST_END;
+
+               TEST_BEGIN("reduction by group order is correct") {
+                       bn_set_dig(k, 2);
+                       bn_mul(k, k, n);
+                       // k = 2 * order
+                       g2_mul(r, p, k);
+                       TEST_ASSERT(g2_is_infty(r) == 1, end);
+               } TEST_END;
        }
        CATCH_ANY {
                util_print("FATAL ERROR!\n");

At least when using presets/x64-pbc-bls638.sh this fails. Tested on latest master.

[dfaranha]

Thanks for notifying!

This was tentatively fixed in the latest version in the repository. Can you please check?

It is still a problem for lower level interfaces (f.x. see issue #64), but the PC module now always reduces the exponent/scalar.

[wouterl]

Yes, fixed! Many thanks.