Tempering with proof is still validated by verifier #116

joelamouche · 2023-08-03T15:10:40Z

Describe the bug
Hey it's me again from #111
I was able to create and verify proof but now I want to test that the verifier wouldn't validate a proof that isn't valid.

To Reproduce
So I created this test that modifies the proof:

import {
  BjjProvider,
  CircuitId,
  CredentialStatusResolverRegistry,
  CredentialStatusType,
  CredentialStorage,
  CredentialWallet,
  defaultEthConnectionConfig,
  EthStateStorage,
  IdentityStorage,
  IdentityWallet,
  InMemoryDataSource,
  InMemoryMerkleTreeStorage,
  InMemoryPrivateKeyStore,
  IssuerResolver,
  KMS,
  KmsKeyType,
  ProofService,
  RHSResolver,
  type Identity,
  type Profile,
  type W3CCredential,
} from "@0xpolygonid/js-sdk";
import { expect } from "chai";

import { initCircuitStorageReadFile } from "@nexeraprotocol/did-vc-holder/src/initCircuitStorageReadFile";

import { testIssuerKeyPair, testKeyPair } from "./testConstants/testKeys";
import {
  kycAgeProofReqSig,
  testKYCAgeCredentialRequest,
} from "./testConstants/testKYCAgeConstant";
import { createIdentityDID } from "./testUtils/createIdentityDID";
import { formatKeyPair } from "./testUtils/formatKeyPair";

const POLYGON_ID_CONTRACT = "0x134B1BE34911E39A8397ec6289782989729807a4";
const MUMBAI_RPC_URL = "https://polygon-mumbai-bor.publicnode.com	";

describe("Test createProof without vc holder", () => {
  it.only("create Proof and verify tempered proof (should fail)", async () => {
    // Create key pairs for user and issuer
    const keyPair = formatKeyPair(testKeyPair);
    const issuerKeyPair = formatKeyPair(testIssuerKeyPair);

    console.log("creating wallet...");
    // DATA Storage
    const credentialStorage = new InMemoryDataSource<W3CCredential>();

    const config = defaultEthConnectionConfig;
    config.contractAddress = POLYGON_ID_CONTRACT;
    config.url = MUMBAI_RPC_URL;
    const dataStorage = {
      credential: new CredentialStorage(credentialStorage),
      identity: new IdentityStorage(
        new InMemoryDataSource<Identity>(),
        new InMemoryDataSource<Profile>(),
      ),
      mt: new InMemoryMerkleTreeStorage(40),
      states: new EthStateStorage(defaultEthConnectionConfig),
    };
    console.log("data storage created");

    // Credential Wallet
    const statusRegistry = new CredentialStatusResolverRegistry();
    statusRegistry.register(
      CredentialStatusType.SparseMerkleTreeProof,
      new IssuerResolver(),
    );
    statusRegistry.register(
      CredentialStatusType.Iden3ReverseSparseMerkleTreeProof,
      new RHSResolver(dataStorage.states),
    );
    const credentialWallet = new CredentialWallet(dataStorage, statusRegistry);
    console.log("credentialWallet created");

    // Identity Wallet
    const privateKeyStore = new InMemoryPrivateKeyStore();
    const bjjProvider = new BjjProvider(KmsKeyType.BabyJubJub, privateKeyStore);
    const kms = new KMS();
    kms.registerKeyProvider(KmsKeyType.BabyJubJub, bjjProvider);

    const identityWallet = new IdentityWallet(
      kms,
      dataStorage,
      credentialWallet,
    );
    console.log("identityWallet created");

    // create Identities / DIDs
    const userDID = await createIdentityDID(identityWallet, keyPair);
    console.log("userDID", userDID.toString());
    const issuerDID = await createIdentityDID(identityWallet, issuerKeyPair);
    console.log("issuerDID", issuerDID.toString());

    // Issue Credential
    console.log("issuing credential...");
    const credential = await identityWallet.issueCredential(
      issuerDID,
      testKYCAgeCredentialRequest,
    );
    console.log("credential issued check");

    // Save Credential
    await dataStorage.credential.saveCredential(credential);
    await credentialWallet.save(credential);

    // Circuit Storage
    const circuitStorage = await initCircuitStorageReadFile({
      circuitsFolder: "./circuits",
    });
    console.log("circuitStorage check");

    console.log("credential check");
    expect(credential);

    // GENERATE PROOF
    const proofService = new ProofService(
      identityWallet,
      credentialWallet,
      circuitStorage,
      dataStorage.states,
    );
    const proof = await proofService.generateProof(
      kycAgeProofReqSig,
      userDID,
      credential,
    );
    expect(proof.circuitId === "credentialAtomicQuerySigV2");

    // Temper proof
    const temperedProof = {
      ...proof,
      proof: {
        ...proof.proof,
        pi_a: [
          "99", //(Number(proof.proof.pi_a[0]) + 1).toString(),
          proof.proof.pi_a[1],
          proof.proof.pi_a[2],
        ],
      },
    };
    console.log("temperedProof", temperedProof);

    //Verify Proof should fail
    const validated = await proofService.verifyProof(
      temperedProof,
      CircuitId.AtomicQuerySigV2,
    );
    expect(validated).to.be.false;
  });
});

Expected behavior
The result from the verify function should be false. What am I missing? This was ran with mocha/chai

The text was updated successfully, but these errors were encountered:

Kolezhniuk · 2023-08-03T15:52:10Z

Hello @joelamouche! Thanks for reporting such a critical issue. Probably snarkjs api was changed not to throw an error... We'll fix this ASAP

joelamouche added the bug Something isn't working label Aug 3, 2023

joelamouche assigned Kolezhniuk and vmidyllic Aug 3, 2023

Kolezhniuk linked a pull request Aug 3, 2023 that will close this issue

return verification result #117

Merged

vmidyllic closed this as completed in #117 Aug 3, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tempering with proof is still validated by verifier #116

Tempering with proof is still validated by verifier #116

joelamouche commented Aug 3, 2023

Kolezhniuk commented Aug 3, 2023

Tempering with proof is still validated by verifier #116

Tempering with proof is still validated by verifier #116

Comments

joelamouche commented Aug 3, 2023

Kolezhniuk commented Aug 3, 2023