mirror of
https://github.com/tornadocash/snarkjs.git
synced 2024-10-31 23:35:40 +01:00
Merge pull request #26 from kobigurk/fix/public_inputs_size
Ensures public inputs are less than the scalar field size
This commit is contained in:
commit
0349d90824
@ -182,11 +182,13 @@ contract Verifier {
|
|||||||
<%vk_ic_pts%>
|
<%vk_ic_pts%>
|
||||||
}
|
}
|
||||||
function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
|
function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
|
||||||
|
uint256 snark_scalar_field = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
|
||||||
VerifyingKey memory vk = verifyingKey();
|
VerifyingKey memory vk = verifyingKey();
|
||||||
require(input.length + 1 == vk.IC.length,"verifier-bad-input");
|
require(input.length + 1 == vk.IC.length,"verifier-bad-input");
|
||||||
// Compute the linear combination vk_x
|
// Compute the linear combination vk_x
|
||||||
Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0);
|
Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0);
|
||||||
for (uint i = 0; i < input.length; i++)
|
for (uint i = 0; i < input.length; i++)
|
||||||
|
require(input[i] < snark_scalar_field);
|
||||||
vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i]));
|
vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i]));
|
||||||
vk_x = Pairing.addition(vk_x, vk.IC[0]);
|
vk_x = Pairing.addition(vk_x, vk.IC[0]);
|
||||||
if (!Pairing.pairingProd4(
|
if (!Pairing.pairingProd4(
|
||||||
|
@ -173,11 +173,13 @@ contract Verifier {
|
|||||||
<%vk_ic_pts%>
|
<%vk_ic_pts%>
|
||||||
}
|
}
|
||||||
function verify(uint[] input, Proof proof) view internal returns (uint) {
|
function verify(uint[] input, Proof proof) view internal returns (uint) {
|
||||||
|
uint256 snark_scalar_field = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
|
||||||
VerifyingKey memory vk = verifyingKey();
|
VerifyingKey memory vk = verifyingKey();
|
||||||
require(input.length + 1 == vk.IC.length);
|
require(input.length + 1 == vk.IC.length);
|
||||||
// Compute the linear combination vk_x
|
// Compute the linear combination vk_x
|
||||||
Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0);
|
Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0);
|
||||||
for (uint i = 0; i < input.length; i++)
|
for (uint i = 0; i < input.length; i++)
|
||||||
|
require(input[i] < snark_scalar_field);
|
||||||
vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i]));
|
vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i]));
|
||||||
vk_x = Pairing.addition(vk_x, vk.IC[0]);
|
vk_x = Pairing.addition(vk_x, vk.IC[0]);
|
||||||
if (!Pairing.pairingProd4(
|
if (!Pairing.pairingProd4(
|
||||||
|
@ -183,11 +183,13 @@ contract Verifier {
|
|||||||
<%vk_ic_pts%>
|
<%vk_ic_pts%>
|
||||||
}
|
}
|
||||||
function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
|
function verify(uint[] memory input, Proof memory proof) internal view returns (uint) {
|
||||||
|
uint256 snark_scalar_field = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
|
||||||
VerifyingKey memory vk = verifyingKey();
|
VerifyingKey memory vk = verifyingKey();
|
||||||
require(input.length + 1 == vk.IC.length,"verifier-bad-input");
|
require(input.length + 1 == vk.IC.length,"verifier-bad-input");
|
||||||
// Compute the linear combination vk_x
|
// Compute the linear combination vk_x
|
||||||
Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0);
|
Pairing.G1Point memory vk_x = Pairing.G1Point(0, 0);
|
||||||
for (uint i = 0; i < input.length; i++)
|
for (uint i = 0; i < input.length; i++)
|
||||||
|
require(input[i] < snark_scalar_field);
|
||||||
vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i]));
|
vk_x = Pairing.addition(vk_x, Pairing.scalar_mul(vk.IC[i + 1], input[i]));
|
||||||
vk_x = Pairing.addition(vk_x, vk.IC[0]);
|
vk_x = Pairing.addition(vk_x, vk.IC[0]);
|
||||||
if (!Pairing.pairingProd2(proof.A, vk.A, Pairing.negate(proof.A_p), Pairing.P2())) return 1;
|
if (!Pairing.pairingProd2(proof.A, vk.A, Pairing.negate(proof.A_p), Pairing.P2())) return 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user