From f35e190455f071b2b12ae6f55581ae18d5d127f0 Mon Sep 17 00:00:00 2001
From: therealyingtong <yingtong@z.cash>
Date: Wed, 17 Feb 2021 11:32:14 +0800
Subject: [PATCH] Hash in field modulus, curve parameters

---
 src/plonk.rs         | 47 ++++++++++++++++++++++++++++++++++++++++++++
 src/plonk/circuit.rs |  2 ++
 src/poly/domain.rs   |  5 +++++
 3 files changed, 54 insertions(+)

diff --git a/src/plonk.rs b/src/plonk.rs
index 95ad65e..b3da309 100644
--- a/src/plonk.rs
+++ b/src/plonk.rs
@@ -85,6 +85,53 @@ impl<C: CurveAffine> VerifyingKey<C> {
             .personal(C::BLAKE2B_PERSONALIZATION)
             .to_state();
 
+        // Hash in curve parameters
+        hasher.update(&C::Scalar::ROOT_OF_UNITY.to_bytes());
+        hasher.update(&C::Scalar::ROOT_OF_UNITY_INV.to_bytes());
+        hasher.update(
+            &(C::Scalar::T_MINUS1_OVER2
+                .iter()
+                .fold(Vec::new(), |mut res, word| {
+                    res.extend_from_slice(&word.to_le_bytes());
+                    res
+                })),
+        );
+        hasher.update(&C::Scalar::DELTA.to_bytes());
+        hasher.update(&C::Scalar::TWO_INV.to_bytes());
+        hasher.update(&C::Scalar::RESCUE_ALPHA.to_le_bytes());
+        hasher.update(
+            &(C::Scalar::RESCUE_INVALPHA
+                .iter()
+                .fold(Vec::new(), |mut res, word| {
+                    res.extend_from_slice(&word.to_le_bytes());
+                    res
+                })),
+        );
+        hasher.update(&C::Base::ZETA.to_bytes());
+
+        hasher.update(&C::Base::ROOT_OF_UNITY.to_bytes());
+        hasher.update(&C::Base::ROOT_OF_UNITY_INV.to_bytes());
+        hasher.update(
+            &(C::Base::T_MINUS1_OVER2
+                .iter()
+                .fold(Vec::new(), |mut res, word| {
+                    res.extend_from_slice(&word.to_le_bytes());
+                    res
+                })),
+        );
+        hasher.update(&C::Base::DELTA.to_bytes());
+        hasher.update(&C::Base::TWO_INV.to_bytes());
+        hasher.update(&C::Base::RESCUE_ALPHA.to_le_bytes());
+        hasher.update(
+            &(C::Base::RESCUE_INVALPHA
+                .iter()
+                .fold(Vec::new(), |mut res, word| {
+                    res.extend_from_slice(&word.to_le_bytes());
+                    res
+                })),
+        );
+        hasher.update(&C::Base::ZETA.to_bytes());
+
         // Hash in constants in the domain which influence the proof
         self.domain.hash_into(&mut hasher);
 
diff --git a/src/plonk/circuit.rs b/src/plonk/circuit.rs
index 0d2dbf0..c65514d 100644
--- a/src/plonk/circuit.rs
+++ b/src/plonk/circuit.rs
@@ -30,6 +30,7 @@ impl<C: ColumnType> Column<C> {
     }
 
     pub(crate) fn hash_into(&self, hasher: &mut Blake2bState) {
+        hasher.update(&format!("{:?}", self).as_bytes().len().to_le_bytes());
         hasher.update(&format!("{:?}", self).as_bytes());
     }
 }
@@ -325,6 +326,7 @@ impl<F: Field> Expression<F> {
 
     /// Hash an Expression into a Blake2bState
     pub fn hash_into(&self, hasher: &mut Blake2bState) {
+        hasher.update(&format!("{:?}", self).as_bytes().len().to_le_bytes());
         hasher.update(&format!("{:?}", self).as_bytes());
     }
 }
diff --git a/src/poly/domain.rs b/src/poly/domain.rs
index 04eaea9..141c002 100644
--- a/src/poly/domain.rs
+++ b/src/poly/domain.rs
@@ -381,6 +381,11 @@ impl<G: Group> EvaluationDomain<G> {
 
     /// Hashes the constants in the domain which influence the proof into a Blake2bState
     pub fn hash_into(&self, hasher: &mut Blake2bState) {
+        // Hash in field modulus
+        let modulus = G::Scalar::char_le_bits();
+        hasher.update(&modulus.len().to_le_bytes());
+        hasher.update(format!("{:?}", modulus).as_bytes());
+
         hasher.update(b"k");
         hasher.update(&self.k.to_le_bytes());