[zk-token-sdk] Restrict a single-bit of 256-bit batched range proof to 128 (#34803)
* fix previous typo * restrict single-bit of 256-bit batched range proof to 128
This commit is contained in:
parent
747df9c105
commit
e2c2029ac4
|
@ -41,7 +41,7 @@ impl BatchedRangeProofU128Data {
|
|||
bit_lengths: Vec<usize>,
|
||||
openings: Vec<&PedersenOpening>,
|
||||
) -> Result<Self, ProofGenerationError> {
|
||||
// the sum of the bit lengths must be 64
|
||||
// the sum of the bit lengths must be 128
|
||||
let batched_bit_length = bit_lengths
|
||||
.iter()
|
||||
.try_fold(0_usize, |acc, &x| acc.checked_add(x))
|
||||
|
|
|
@ -5,7 +5,7 @@ use {
|
|||
crate::{
|
||||
encryption::pedersen::{PedersenCommitment, PedersenOpening},
|
||||
errors::{ProofGenerationError, ProofVerificationError},
|
||||
instruction::batched_range_proof::MAX_COMMITMENTS,
|
||||
instruction::batched_range_proof::{MAX_COMMITMENTS, MAX_SINGLE_BIT_LENGTH},
|
||||
range_proof::RangeProof,
|
||||
},
|
||||
std::convert::TryInto,
|
||||
|
@ -44,7 +44,15 @@ impl BatchedRangeProofU256Data {
|
|||
bit_lengths: Vec<usize>,
|
||||
openings: Vec<&PedersenOpening>,
|
||||
) -> Result<Self, ProofGenerationError> {
|
||||
// the sum of the bit lengths must be 64
|
||||
// each bit length must be at most 128
|
||||
if bit_lengths
|
||||
.iter()
|
||||
.any(|length| *length > MAX_SINGLE_BIT_LENGTH)
|
||||
{
|
||||
return Err(ProofGenerationError::IllegalCommitmentLength);
|
||||
}
|
||||
|
||||
// the sum of the bit lengths must be 256
|
||||
let batched_bit_length = bit_lengths
|
||||
.iter()
|
||||
.try_fold(0_usize, |acc, &x| acc.checked_add(x))
|
||||
|
@ -77,6 +85,13 @@ impl ZkProofData<BatchedRangeProofContext> for BatchedRangeProofU256Data {
|
|||
let (commitments, bit_lengths) = self.context.try_into()?;
|
||||
let num_commitments = commitments.len();
|
||||
|
||||
if bit_lengths
|
||||
.iter()
|
||||
.any(|length| *length > MAX_SINGLE_BIT_LENGTH)
|
||||
{
|
||||
return Err(ProofVerificationError::IllegalCommitmentLength);
|
||||
}
|
||||
|
||||
if num_commitments > MAX_COMMITMENTS || num_commitments != bit_lengths.len() {
|
||||
return Err(ProofVerificationError::IllegalCommitmentLength);
|
||||
}
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
//! the sum of all bit-lengths.
|
||||
//!
|
||||
//! The maximum number of commitments is fixed at 8. Each bit-length in `[n_1, ..., n_N]` must be a
|
||||
//! power-of-two positive integer less than 256.
|
||||
//! power-of-two positive integer less than 128.
|
||||
|
||||
pub mod batched_range_proof_u128;
|
||||
pub mod batched_range_proof_u256;
|
||||
|
@ -38,6 +38,13 @@ use {
|
|||
|
||||
const MAX_COMMITMENTS: usize = 8;
|
||||
|
||||
/// A bit length in a batched range proof must be at most 128.
|
||||
///
|
||||
/// A 256-bit range proof on a single Pedersen commitment is meaningless and hence enforce an upper
|
||||
/// bound as the largest power-of-two number less than 256.
|
||||
#[cfg(not(target_os = "solana"))]
|
||||
const MAX_SINGLE_BIT_LENGTH: usize = 128;
|
||||
|
||||
/// The context data needed to verify a range-proof for a Pedersen committed value.
|
||||
///
|
||||
/// The context data is shared by all `VerifyBatchedRangeProof{N}` instructions.
|
||||
|
|
Loading…
Reference in New Issue