From f2665debce7f21bc46a6a76a236ba602423f5616 Mon Sep 17 00:00:00 2001
From: James Campbell <james.campbell@tanti.org.uk>
Date: Sat, 5 Nov 2022 16:51:42 +0000
Subject: [PATCH 1/2] Check that ciphertext is valid before decrypting

---
 tpke/src/ciphertext.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tpke/src/ciphertext.rs b/tpke/src/ciphertext.rs
index 6e8afc91..7249cdcc 100644
--- a/tpke/src/ciphertext.rs
+++ b/tpke/src/ciphertext.rs
@@ -81,6 +81,9 @@ pub fn decrypt<E: PairingEngine>(
     ciphertext: &Ciphertext<E>,
     privkey: E::G2Affine,
 ) -> Vec<u8> {
+    if !check_ciphertext_validity(ciphertext) {
+        panic!("Ciphertext is invalid");
+    }
     let s = E::product_of_pairings(&[(
         E::G1Prepared::from(ciphertext.nonce),
         E::G2Prepared::from(privkey),

From 4500c8be2cad1fafc5268c4cdd2fcd5a2e8b48e1 Mon Sep 17 00:00:00 2001
From: James Campbell <james.campbell@tanti.org.uk>
Date: Mon, 7 Nov 2022 16:29:25 +0000
Subject: [PATCH 2/2] Add test for cypher text validity

---
 tpke/src/lib.rs | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tpke/src/lib.rs b/tpke/src/lib.rs
index c448b3ed..13c3efd0 100644
--- a/tpke/src/lib.rs
+++ b/tpke/src/lib.rs
@@ -217,4 +217,24 @@ mod tests {
         let plaintext = decrypt_with_shared_secret(&ciphertext, &s);
         assert!(plaintext == msg)
     }
+
+    #[test]
+    fn ciphertext_validity_check() {
+        let mut rng = test_rng();
+        let threshold = 3;
+        let shares_num = 5;
+        let num_entities = 5;
+        let msg: &[u8] = "abc".as_bytes();
+
+        let (pubkey, _privkey, _) =
+            setup::<E>(threshold, shares_num, num_entities);
+        let mut ciphertext = encrypt::<_, E>(msg, pubkey, &mut rng);
+
+        // So far, the ciphertext is valid
+        assert!(check_ciphertext_validity(&ciphertext));
+
+        // Malformed the ciphertext
+        ciphertext.ciphertext[0] += 1;
+        assert!(!check_ciphertext_validity(&ciphertext));
+    }
 }