Projective vs Affine representation #7
Description
Make sure that we are using the right representation based on context. Anything that is being serialized or sent to external code should be converted to affine coordinates to guarantee that no information leaks and that points have a unique representation.
This issue may cause some proofs to fail. We add points to our Fiat-Shamir transcripts using the to_bytes macro. Given two different projective coordinates for the same point, to_bytes will produce different bytes. This would lead our Fiat-Shamir hash function to produce different challenges even though it is hashing the same point, thus failing to verify a proof.
The main questions are: at what point do we convert to affine coordinates? how much does it degrade performance?
References:
leaky projective coordinates https://eprint.iacr.org/2003/191