Skip to content

Commit

Permalink
Grootle verification hardening
Browse files Browse the repository at this point in the history
  • Loading branch information
@AaronFeickert
AaronFeickert committed Jan 2, 2024
1 parent ab389d8 commit b9eaf43
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions src/libspark/grootle.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,11 @@ void Grootle::prove(
for (std::size_t k = 0; k < S_offset.size(); k++) {
S_offset[k] += S1_inverse;
V_offset[k] += V1_inverse;

// Neither should be zero
if (S_offset[k].isInfinity() || V_offset[k].isInfinity()) {
throw std::invalid_argument("Commitment offset should not be zero");
}
}

// Generate masks
Expand Down Expand Up @@ -405,6 +410,16 @@ bool Grootle::verify(
return false;
}

// Check for zero inputs
for (std::size_t t = 0; t < S1.size(); t++) {
for (std::size_t i = 0; i < S.size(); i++) {
if (S[i] == S1[t] || V[i] == V1[t]) {
LogPrintf("Invalid offset commitment");
return false;
}
}
}

// Check proof semantics
for (std::size_t t = 0; t < M; t++) {
GrootleProof proof = proofs[t];
Expand Down Expand Up @@ -545,6 +560,10 @@ bool Grootle::verify(
points.emplace_back(proof.X[j] + proof.X1[j] * bind_weight);
scalars.emplace_back(x_powers.negate() * w2);
x_powers *= x;
if (x_powers.isZero()) {
LogPrintf("Challenge power is zero");
return false;
}
}
}

Expand Down

0 comments on commit b9eaf43

Please sign in to comment.