[zk-token-sdk] Restrict a single-bit of 256-bit batched range proof to 128 (#34803)
* fix previous typo * restrict single-bit of 256-bit batched range proof to 128
This commit is contained in:
parent
747df9c105
commit
e2c2029ac4
|
@ -41,7 +41,7 @@ impl BatchedRangeProofU128Data {
|
||||||
bit_lengths: Vec<usize>,
|
bit_lengths: Vec<usize>,
|
||||||
openings: Vec<&PedersenOpening>,
|
openings: Vec<&PedersenOpening>,
|
||||||
) -> Result<Self, ProofGenerationError> {
|
) -> Result<Self, ProofGenerationError> {
|
||||||
// the sum of the bit lengths must be 64
|
// the sum of the bit lengths must be 128
|
||||||
let batched_bit_length = bit_lengths
|
let batched_bit_length = bit_lengths
|
||||||
.iter()
|
.iter()
|
||||||
.try_fold(0_usize, |acc, &x| acc.checked_add(x))
|
.try_fold(0_usize, |acc, &x| acc.checked_add(x))
|
||||||
|
|
|
@ -5,7 +5,7 @@ use {
|
||||||
crate::{
|
crate::{
|
||||||
encryption::pedersen::{PedersenCommitment, PedersenOpening},
|
encryption::pedersen::{PedersenCommitment, PedersenOpening},
|
||||||
errors::{ProofGenerationError, ProofVerificationError},
|
errors::{ProofGenerationError, ProofVerificationError},
|
||||||
instruction::batched_range_proof::MAX_COMMITMENTS,
|
instruction::batched_range_proof::{MAX_COMMITMENTS, MAX_SINGLE_BIT_LENGTH},
|
||||||
range_proof::RangeProof,
|
range_proof::RangeProof,
|
||||||
},
|
},
|
||||||
std::convert::TryInto,
|
std::convert::TryInto,
|
||||||
|
@ -44,7 +44,15 @@ impl BatchedRangeProofU256Data {
|
||||||
bit_lengths: Vec<usize>,
|
bit_lengths: Vec<usize>,
|
||||||
openings: Vec<&PedersenOpening>,
|
openings: Vec<&PedersenOpening>,
|
||||||
) -> Result<Self, ProofGenerationError> {
|
) -> Result<Self, ProofGenerationError> {
|
||||||
// the sum of the bit lengths must be 64
|
// each bit length must be at most 128
|
||||||
|
if bit_lengths
|
||||||
|
.iter()
|
||||||
|
.any(|length| *length > MAX_SINGLE_BIT_LENGTH)
|
||||||
|
{
|
||||||
|
return Err(ProofGenerationError::IllegalCommitmentLength);
|
||||||
|
}
|
||||||
|
|
||||||
|
// the sum of the bit lengths must be 256
|
||||||
let batched_bit_length = bit_lengths
|
let batched_bit_length = bit_lengths
|
||||||
.iter()
|
.iter()
|
||||||
.try_fold(0_usize, |acc, &x| acc.checked_add(x))
|
.try_fold(0_usize, |acc, &x| acc.checked_add(x))
|
||||||
|
@ -77,6 +85,13 @@ impl ZkProofData<BatchedRangeProofContext> for BatchedRangeProofU256Data {
|
||||||
let (commitments, bit_lengths) = self.context.try_into()?;
|
let (commitments, bit_lengths) = self.context.try_into()?;
|
||||||
let num_commitments = commitments.len();
|
let num_commitments = commitments.len();
|
||||||
|
|
||||||
|
if bit_lengths
|
||||||
|
.iter()
|
||||||
|
.any(|length| *length > MAX_SINGLE_BIT_LENGTH)
|
||||||
|
{
|
||||||
|
return Err(ProofVerificationError::IllegalCommitmentLength);
|
||||||
|
}
|
||||||
|
|
||||||
if num_commitments > MAX_COMMITMENTS || num_commitments != bit_lengths.len() {
|
if num_commitments > MAX_COMMITMENTS || num_commitments != bit_lengths.len() {
|
||||||
return Err(ProofVerificationError::IllegalCommitmentLength);
|
return Err(ProofVerificationError::IllegalCommitmentLength);
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
//! the sum of all bit-lengths.
|
//! the sum of all bit-lengths.
|
||||||
//!
|
//!
|
||||||
//! The maximum number of commitments is fixed at 8. Each bit-length in `[n_1, ..., n_N]` must be a
|
//! The maximum number of commitments is fixed at 8. Each bit-length in `[n_1, ..., n_N]` must be a
|
||||||
//! power-of-two positive integer less than 256.
|
//! power-of-two positive integer less than 128.
|
||||||
|
|
||||||
pub mod batched_range_proof_u128;
|
pub mod batched_range_proof_u128;
|
||||||
pub mod batched_range_proof_u256;
|
pub mod batched_range_proof_u256;
|
||||||
|
@ -38,6 +38,13 @@ use {
|
||||||
|
|
||||||
const MAX_COMMITMENTS: usize = 8;
|
const MAX_COMMITMENTS: usize = 8;
|
||||||
|
|
||||||
|
/// A bit length in a batched range proof must be at most 128.
|
||||||
|
///
|
||||||
|
/// A 256-bit range proof on a single Pedersen commitment is meaningless and hence enforce an upper
|
||||||
|
/// bound as the largest power-of-two number less than 256.
|
||||||
|
#[cfg(not(target_os = "solana"))]
|
||||||
|
const MAX_SINGLE_BIT_LENGTH: usize = 128;
|
||||||
|
|
||||||
/// The context data needed to verify a range-proof for a Pedersen committed value.
|
/// The context data needed to verify a range-proof for a Pedersen committed value.
|
||||||
///
|
///
|
||||||
/// The context data is shared by all `VerifyBatchedRangeProof{N}` instructions.
|
/// The context data is shared by all `VerifyBatchedRangeProof{N}` instructions.
|
||||||
|
|
Loading…
Reference in New Issue