Skip to content

[BUG] Fix HyperKZG verify ignoring pairing check result #316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jsemldonado wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[BUG] Fix HyperKZG verify ignoring pairing check result #316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions poly_commit/src/kzg/uni_kzg/hyper_kzg.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,9 +252,7 @@ where
tau,
lagrange_eval,
opening.quotient_delta_x_commitment,
);

true
)
}

pub fn multiple_points_batch_open_impl<E, PCS>(
Expand Down
47 changes: 46 additions & 1 deletion poly_commit/tests/test_uni_kzg.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,10 @@ mod common;
use arith::{Field, Fr};
use ark_std::test_rng;
use gkr_engine::ExpanderPCS;
use gkr_engine::{BN254Config, ExpanderSingleVarChallenge, MPIConfig, MPIEngine, Transcript};
use gkr_engine::{BN254Config, ExpanderSingleVarChallenge, MPIConfig, MPIEngine, StructuredReferenceString, Transcript};
use halo2curves::group::prime::PrimeCurveAffine;
use halo2curves::group::Curve;
use poly_commit::PolynomialCommitmentScheme;
use gkr_hashers::Keccak256hasher;
use halo2curves::bn256::Bn256;
use poly_commit::HyperUniKZGPCS;
Expand Down Expand Up @@ -99,3 +102,45 @@ fn test_uni_kzg_batch_open() {
HyperUniKZGPCS<Bn256>,
>(true);
}

#[test]
fn test_hyperkzg_rejects_corrupted_proof() {
let mut rng = test_rng();
let num_vars = 4;

let (srs, _) =
<HyperUniKZGPCS<Bn256> as PolynomialCommitmentScheme<Fr>>::gen_srs_for_testing(
&num_vars, &mut rng,
);
let (proving_key, verification_key) = srs.into_keys();

let poly = MultiLinearPoly::<Fr>::random(num_vars, &mut rng);
let x: Vec<Fr> = (0..num_vars).map(|_| Fr::random_unsafe(&mut rng)).collect();

let mut scratch_pad = ();
let commitment =
<HyperUniKZGPCS<Bn256> as PolynomialCommitmentScheme<Fr>>::commit(
&num_vars, &proving_key, &poly, &mut scratch_pad,
);

let mut transcript = BytesHashTranscript::<Keccak256hasher>::new();
let (eval, opening) = <HyperUniKZGPCS<Bn256> as PolynomialCommitmentScheme<Fr>>::open(
&num_vars, &proving_key, &poly, &x, &scratch_pad, &mut transcript,
);

// Valid proof should pass
let mut transcript_v = BytesHashTranscript::<Keccak256hasher>::new();
assert!(<HyperUniKZGPCS<Bn256> as PolynomialCommitmentScheme<Fr>>::verify(
&num_vars, &verification_key, &commitment, &x, eval, &opening, &mut transcript_v,
));

// Corrupted proof should fail
let mut corrupted = opening.clone();
corrupted.quotient_delta_x_commitment =
(corrupted.quotient_delta_x_commitment.to_curve() * Fr::from(2u64)).to_affine();

let mut transcript_c = BytesHashTranscript::<Keccak256hasher>::new();
assert!(!<HyperUniKZGPCS<Bn256> as PolynomialCommitmentScheme<Fr>>::verify(
&num_vars, &verification_key, &commitment, &x, eval, &corrupted, &mut transcript_c,
));
}