Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

veridise audit fix: redc field is manipulable #24

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

veridise audit fix: redc field is manipulable #24

wants to merge 9 commits into from

Conversation

jp4g
Copy link
Contributor

@jp4g jp4g commented Nov 28, 2024

Addresses Veredise Audit Issue: redc field is manipulable

The recommendation was to constrain that redc = floor((1 << (2 * Params::modulus_bits())) / modulus). However, this would greatly negatively impact the efficiency of the circuit so we want to avoid this measure. Since the ultimate goal is to constrain the outputted dkim_key_hash, we bind the redc to the modulus by hashing the two together. The verifier will still need to do this work themselves (only once) to get the expected dkim_key_hash, but it is far more efficient this way and ultimately addresses the core vulnerability.

Since this adds a couple thousand constraints of work we also compose the limbs of the modulus and redcs from two 120 bit numbers into one 240 bit number to negate this increase. In order to do this we had to move pubkey hashing into the pubkey struct since there are different impls for even and odd (1024/2048 bit) limb lengths

Stack order: 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jp4g