Hey folks,

ECDSA verify

accepts all-zero hash aka (0, 0, 0 ....). Is this a valid behavior? Seems like it could enable fault attacks. The algorithm is as follows, as per https://www.secg.org/sec1-v2.pdf 4.1.4:

1. u1 = es^−1 mod n and u2 = rs^−1 mod n
2. R = (xR, yR) = u1 * G + u2 * Q * U
3. e == 0, then u1 == 0, then u1 * G is invalid because you cannot multiply G by 0