From 5c9f33cd9f515b5e32c71a73e5b855db78b56a77 Mon Sep 17 00:00:00 2001 From: Gregor Date: Tue, 16 Jul 2024 16:02:42 +0200 Subject: [PATCH] don't support small (unsound) curves --- src/lib/provable/crypto/foreign-curve.ts | 12 +++++++++++- src/lib/provable/gadgets/elliptic-curve.ts | 7 ++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/lib/provable/crypto/foreign-curve.ts b/src/lib/provable/crypto/foreign-curve.ts index 323478b87a..1c8ba95be2 100644 --- a/src/lib/provable/crypto/foreign-curve.ts +++ b/src/lib/provable/crypto/foreign-curve.ts @@ -11,7 +11,7 @@ import { Field3 } from '../gadgets/foreign-field.js'; import { assert } from '../gadgets/common.js'; import { Provable } from '../provable.js'; import { provableFromClass } from '../types/provable-derivers.js'; -import { multiRangeCheck } from '../gadgets/range-check.js'; +import { l2Mask, multiRangeCheck } from '../gadgets/range-check.js'; // external API export { @@ -307,6 +307,11 @@ class ForeignCurveV2 extends ForeignCurve { * @deprecated `createForeignCurve` is now deprecated and will be removed in a future release. Please use {@link createForeignCurveV2} instead. */ function createForeignCurve(params: CurveParams): typeof ForeignCurve { + assert( + params.modulus > l2Mask + 1n, + 'Base field moduli smaller than 2^176 are not supported' + ); + const FieldUnreduced = createForeignField(params.modulus); const ScalarUnreduced = createForeignField(params.order); class Field extends FieldUnreduced.AlmostReduced {} @@ -343,6 +348,11 @@ function createForeignCurve(params: CurveParams): typeof ForeignCurve { * {@link ForeignCurveV2} also includes to associated foreign fields: `ForeignCurve.Field` and `ForeignCurve.Scalar`, see {@link createForeignFieldV2}. */ function createForeignCurveV2(params: CurveParams): typeof ForeignCurveV2 { + assert( + params.modulus > l2Mask + 1n, + 'Base field moduli smaller than 2^176 are not supported' + ); + const FieldUnreduced = createForeignField(params.modulus); const ScalarUnreduced = createForeignField(params.order); class Field extends FieldUnreduced.AlmostReduced {} diff --git a/src/lib/provable/gadgets/elliptic-curve.ts b/src/lib/provable/gadgets/elliptic-curve.ts index afab631f6e..b6888d3187 100644 --- a/src/lib/provable/gadgets/elliptic-curve.ts +++ b/src/lib/provable/gadgets/elliptic-curve.ts @@ -3,7 +3,7 @@ import { Field } from '../field.js'; import { Provable } from '../provable.js'; import { assert } from './common.js'; import { Field3, ForeignField, split, weakBound } from './foreign-field.js'; -import { l, l2, multiRangeCheck } from './range-check.js'; +import { l, l2, l2Mask, multiRangeCheck } from './range-check.js'; import { sha256 } from 'js-sha256'; import { bigIntToBytes, @@ -65,6 +65,11 @@ function add(p1: Point, p2: Point, Curve: { modulus: bigint }) { return Point.from(p3); } + assert( + Curve.modulus > l2Mask + 1n, + 'Base field moduli smaller than 2^176 are not supported' + ); + // witness and range-check slope, x3, y3 let witnesses = exists(9, () => { let [x1_, x2_, y1_, y2_] = Field3.toBigints(x1, x2, y1, y2);