Skip to content

bkomuves/constantine_G2_msm_bug_report

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
ark-msm
ark-msm
 
 
data
data
 
 
nim-constantine
nim-constantine
 
 
outputs
outputs
 
 
zikkurat
zikkurat
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

This is a collection of files demonstrating a bug in G2 multi-scalar-multiplication (specifically, multiScalarMul_vartime) in constantine.

Unfortunately I don't have a small example; this particular example has size 24101.

The actual coefficients and G2 points are in the data subdirectory. The curve is BN254, the coefficients are in the scalar field Fr, in Montgomery representation, little-endian; and the G2 affine curve point coordinates are also in Montgomery. Since different backends use slightly different representations (in particular for the point at infinity), there are 3 versions for the G2 points.

Both arkworks and my implementation gives the correct result. Constantine also gives the correct result for smaller prefixes, like for example the first 10,000 points, but incorrect result for the full array.

  • machine used for the testing: macbook pro M2 (arm)
  • constantine commit used: latest commit c7979b0 (but the bug should be present for at least a few months)
  • nim version: 1.6.18

About

files demonstrating a bug in constantine

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages