Missing checks on membership of r in multiplicative group

[xiangfeimco]

This issue refers to https://github.com/ZenGo-X/rust-paillier/blob/57fc04d28ac58bfde387305e44715aa95cc3033d/src/core.rs#L325

Ideally, the r chosen here should be coprime to N in general Paillier scheme. The sampling here does not check if this is true.

There are other places using sample_below without this check.

There are two ways to address this issue. One is to check if r is coprime to N every time. Or we need to ensure that when decrypting the ballots we reject 0 and restart the protocol.

cc @dingxiangfei2009

[omershlo]

Thank you @xiangfeimco for this issue. I would argue that the missing co primality check is not a concern in this case : if r is not co-prime to N it means that it is either a multiply of q or a multiply of p. either way , if found - it means we factored N which happens only with negligible probability. Therefore it is safe to assume that random r is co prime to N