From 5555dbd8ac8e04b078804f02e4acbc45afb8ccc0 Mon Sep 17 00:00:00 2001 From: feltroidprime Date: Tue, 6 Aug 2024 06:31:56 +0200 Subject: [PATCH] add on curve check on groth16 proof points --- src/cairo/src/definitions.cairo | 5 ----- src/cairo/src/ec_ops.cairo | 5 +++-- src/cairo/src/groth16.cairo | 10 +++++++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/cairo/src/definitions.cairo b/src/cairo/src/definitions.cairo index e72572b8..07df7fd4 100644 --- a/src/cairo/src/definitions.cairo +++ b/src/cairo/src/definitions.cairo @@ -30,11 +30,6 @@ struct G2Line { r1a1: u384, } - -trait G2PointTrait { - fn is_on_curve(self: @G2Point, curve_index: usize) -> bool; -} - #[derive(Copy, Drop, Debug, PartialEq)] struct G1G2Pair { p: G1Point, diff --git a/src/cairo/src/ec_ops.cairo b/src/cairo/src/ec_ops.cairo index b289e524..d81d5304 100644 --- a/src/cairo/src/ec_ops.cairo +++ b/src/cairo/src/ec_ops.cairo @@ -6,8 +6,8 @@ use core::circuit::{ AddInputResultTrait, CircuitInputs, CircuitDefinition, CircuitData, CircuitInputAccumulator }; use garaga::definitions::{ - get_a, get_b, get_p, get_g, get_min_one, get_b2, get_n, G1Point, G2Point, G2PointTrait, - BLS_X_SEED_SQ_EPNS, G1PointInfinity, THIRD_ROOT_OF_UNITY_BLS12_381_G1 + get_a, get_b, get_p, get_g, get_min_one, get_b2, get_n, G1Point, G2Point, BLS_X_SEED_SQ_EPNS, + G1PointInfinity, THIRD_ROOT_OF_UNITY_BLS12_381_G1 }; use core::option::Option; use core::poseidon::hades_permutation; @@ -66,6 +66,7 @@ impl G1PointImpl of G1PointTrait { } } +#[generate_trait] impl G2PointImpl of G2PointTrait { fn is_on_curve(self: @G2Point, curve_index: usize) -> bool { let (b20, b21) = get_b2(curve_index).unwrap(); diff --git a/src/cairo/src/groth16.cairo b/src/cairo/src/groth16.cairo index 6a70c1cd..5ba53513 100644 --- a/src/cairo/src/groth16.cairo +++ b/src/cairo/src/groth16.cairo @@ -37,7 +37,7 @@ use core::poseidon::hades_permutation; use garaga::basic_field_ops::{neg_mod_p}; -use garaga::ec_ops::{msm_g1, MSMHint, DerivePointFromXHint}; +use garaga::ec_ops::{msm_g1, MSMHint, DerivePointFromXHint, G1PointTrait, G2PointTrait}; use garaga::pairing_check::{MPCheckHintBN254, MPCheckHintBLS12_381}; @@ -97,7 +97,9 @@ fn verify_groth16_bn254( public_inputs_msm_derive_point_from_x_hint.unbox(), 0 ); - + assert!(proof.a.is_in_subgroup(0, Option::None, Option::None)); + assert!(proof.b.is_on_curve(0)); + assert!(proof.c.is_in_subgroup(0, Option::None, Option::None)); return multi_pairing_check_bn254_3P_2F_with_extra_miller_loop_result( G1G2Pair { p: vk_x, q: verification_key.gamma_g2 }, G1G2Pair { p: proof.c, q: verification_key.delta_g2 }, @@ -143,7 +145,9 @@ fn verify_groth16_bls12_381( public_inputs_msm_derive_point_from_x_hint.unbox(), 1 ); - + assert!(proof.a.is_in_subgroup(1, Option::None, Option::None)); + assert!(proof.b.is_on_curve(1)); + assert!(proof.c.is_in_subgroup(1, Option::None, Option::None)); return multi_pairing_check_bls12_381_3P_2F_with_extra_miller_loop_result( G1G2Pair { p: vk_x, q: verification_key.gamma_g2 }, G1G2Pair { p: proof.c, q: verification_key.delta_g2 },