Superfluous subgroup check on `PublicKey` in `FastAggregateVerify()`
kirk-baird opened this issue · 2 comments
kirk-baird commented
What is the issue
FastAggregateVerify() calls CoreVerify() with an aggregated public key and an aggregated signature which will then perform a subgroup check on both of these.
As FastAggregateVerify() is can only be called after PoPVerify() for each of the public keys they are already confirmed to be in the correct subgroup. Thus the aggregate public key subgroup check is unnecessary.
I'm not sure if this is a worthwhile update as it would add some extra bloat to the standard and is not overly expensive.
kwantam commented
You're right, there is a small optimization here. But probably, as you say, it would bloat things a bit to make this optimization explicit...
kirk-baird commented
Yea easiest just to leave this as an optional client optimisation.