You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
LessThan(n) is unsafe with n = 254, and there are multiple uses of it. this is because it uses under the hood Num2Bits(2*n+1), which is only safe for 2*n+1 < 254, since after that you can overflow.
LessThan(n) is unsafe with n = 254, and there are multiple uses of it. this is because it uses under the hood Num2Bits(2*n+1), which is only safe for 2*n+1 < 254, since after that you can overflow.
here's a script that shows a concrete problem: https://github.com/kobigurk/circom-less-than/blob/master/tester.js
same inputs, same constraints but two satisfying witnesses where in one the output of LessThan is 0 and for the other it's 1.
After checking with Jordi, LessThan will be fixed to work up until n=252, and then we can use it with n=252 which should be enough. This is the fix: fix: improve LessThan and adds assert iden3/circomlib#48.
We also need to assert that the inputs are indeed less than or equal to 252 bits using
Num2Bits
.An alternative way is to just use
Num2Bits
with, let's say, 245 on the inputs to assert their size. This is my suggested way.by @kobigurk
The text was updated successfully, but these errors were encountered: