-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix alt-bn128-multiplication syscall length check
- Loading branch information
1 parent
75f4c7c
commit 2c822b8
Showing
1 changed file
with
79 additions
and
0 deletions.
There are no files selected for viewing
79 changes: 79 additions & 0 deletions
79
proposals/0222-fix-alt-bn128-multiplication-length-check.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| --- | ||
| simd: "0222" | ||
| title: Fix alt-bn128 multiplication syscall length | ||
| authors: | ||
| - Sam Kim | ||
| category: Standard | ||
| type: Core | ||
| status: Review | ||
| created: 2025-01-10 | ||
| feature: | ||
| supersedes: | ||
| superseded-by: | ||
| extends: | ||
| --- | ||
|
|
||
| ## Summary | ||
|
|
||
| The `alt_bn128_multiplication` syscall takes in a byte slice as input, | ||
| interprets the bytes as a bn128 elliptic curve point/scalar pair, and applies | ||
| point-scalar multiplication. If the byte slice input has improper length then | ||
| the function terminates early. Specifically, if the byte slice has length | ||
| greater than 128, then the function terminates early with an error. | ||
|
|
||
| However, a bn128 curve point is 64 bytes and a scalar is 32 bytes. This means | ||
| that the function should check if the byte slice is 96 bytes in length rather | ||
| than 128 bytes. | ||
|
|
||
| This document proposes to fix this length check by checking for the correct | ||
| length. | ||
|
|
||
| ## Motivation | ||
|
|
||
| The `alt_bn128_multiplication` function still works with the incorrect 128 | ||
| length bound since a correct input of 96 bytes is still less than 128 bytes. | ||
| However, there could be successful inputs that are greater than 96 bytes and | ||
| smaller than 128 bytes in length. This could cause application logic harder to | ||
| debug. | ||
|
|
||
| ## Alternatives Considered | ||
|
|
||
| Leave as is. | ||
|
|
||
| ## New Terminology | ||
|
|
||
| N/A | ||
|
|
||
| ## Detailed Design | ||
|
|
||
| The fix is simple. | ||
|
|
||
| Currently, the constant `ALT_BN128_MULTIPLICATION_INPUT_LEN`, which is set to | ||
| 128 is used to sanity check the length of the input. | ||
|
|
||
| ```rust | ||
|
|
||
| pub fn alt_bn128_multiplication(input: &[u8]) -> Result<Vec<u8>, AltBn128Error> { | ||
| if input.len() > ALT_BN128_MULTIPLICATION_INPUT_LEN { | ||
| return Err(AltBn128Error::InvalidInputData); | ||
|
|
||
| // logic omitted... | ||
| } | ||
| ``` | ||
|
|
||
| A fix would entail updating the `ALT_BN128_MULTIPLICATION_INPUT_LEN` constant to | ||
| the correct length of 96. | ||
|
|
||
| ## Impact | ||
|
|
||
| This fix will prevent accidental misuse of the `alt_bn128_multiplication` | ||
| syscall function and make programs easier to debug. | ||
|
|
||
| ## Security Considerations | ||
|
|
||
| This does update the behavior of the syscall function and therefore, should be | ||
| properly feature-gated. | ||
|
|
||
| ## Drawbacks _(Optional)_ | ||
|
|
||
| None |