Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix groth16 template public signals check bug #518

Merged
merged 3 commits into from
Oct 18, 2024
Merged

Conversation

Arvolear
Copy link
Contributor

@Arvolear Arvolear commented Aug 16, 2024

This pull request fixes a minor bug in the groth16 verifier template in which the extra public signal (beyond calldata) was read and checked against the field size.

I will be using this verifier as an example to demonstrate the bug.

The verifier accepts 5 public signals:

function verifyProof(
    uint[2] calldata _pA,
    uint[2][2] calldata _pB,
    uint[2] calldata _pC,
    uint[5] calldata _pubSignals
) public view returns (bool) {
    . . .
}

However, 6 elements are checked against the field size:

. . .

// Validate that all evaluations ∈ F

checkField(calldataload(add(_pubSignals, 0)))

checkField(calldataload(add(_pubSignals, 32)))

checkField(calldataload(add(_pubSignals, 64)))

checkField(calldataload(add(_pubSignals, 96)))

checkField(calldataload(add(_pubSignals, 128)))

checkField(calldataload(add(_pubSignals, 160)))

. . .

The last call to checkField() function reads the element beyond the provided calldata, which may lead to unexpected proof verification results.

@jbaylina jbaylina merged commit 6519198 into iden3:master Oct 18, 2024
13 checks passed
andrewcoder666 added a commit to andrewcoder666/risc0-ethereum that referenced this pull request Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants