Skip to content
This repository was archived by the owner on Apr 18, 2025. It is now read-only.

ecrecover soundness (address not recovered) #930

Merged
lispc merged 10 commits into from
Sep 13, 2023
Merged

ecrecover soundness (address not recovered) #930

lispc merged 10 commits into from
Sep 13, 2023

Conversation

@roynalnaruto
Copy link

@roynalnaruto roynalnaruto commented Sep 11, 2023
edited
Loading

Description

Ecrecover "address not recovered" case to be supported by SigCircuit.

Key Changes
  • SigCircuit processes all ecrecover inputs except:
    • sig_r overflowing (not canonical)
    • sig_s overflowing (not canonical)
    • sig_v is invalid, i.e. sig_v != 27 && sig_v != 28
    • The 2 above cases are handled directly in EVM circuit by the ecrecover gadget
  • We add more tests for SigCircuit to check panic issues because of these edge cases
    • msg_hash == 0
    • sig_r == 0
    • sig_s == 0
    • address could not be recovered
  • EVM Circuit's ecrecover gadget does a lookup to SigTable in all cases except:
    • sig_r overflowing (not canonical)
    • sig_s overflowing (not canonical)
    • sig_v is invalid, i.e. sig_v != 27 && sig_v != 28

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

@roynalnaruto roynalnaruto marked this pull request as ready for review September 11, 2023 21:50
@roynalnaruto roynalnaruto mentioned this pull request Sep 12, 2023
Merged
4 tasks
@lispc
Copy link

lispc commented Sep 12, 2023

we may need to change the par_bridge into something like this

TEST_VECTOR
    .par_iter() // parallelize TEST_VECTOR
    .for_each(|test| {
        for kind in &call_kinds {
            // call_kinds is sequential
            test_one(test, kind); 
        }
    });

@lispc lispc merged commit 68d18f9 into develop Sep 13, 2023
@lispc lispc deleted the fix/ecrecover-soundness branch September 13, 2023 01:12
@KimiWu123 KimiWu123 mentioned this pull request Oct 16, 2023
Closed
@KimiWu123 KimiWu123 mentioned this pull request Oct 23, 2023
Closed
@KimiWu123 KimiWu123 mentioned this pull request Jan 30, 2024
Merged
github-merge-queue bot pushed a commit to privacy-ethereum/zkevm-circuits that referenced this pull request Feb 19, 2024
@KimiWu123 @roynalnaruto @lispc
feat/#1665 Precompile ECRECOVER (#1720)
e19d163 
closed #1665 

This PR was ported from 
- scroll-tech#529
- scroll-tech#930

which manly includes,
1. the main logic in ecrecover gadget (`ecrecover.rs`)
2. signature verifcation circuiit (`sig_circuit.rs`). What I did is to
change rlc to word lo/hi.
3. a new table, `sig_table.rs`
4. ecc circuit (`ecc_circuit.rs`). It's not be used in `ecRecover`, but
it was implemented in Scroll's PR. If I removed ecc_circuit, it would be
inconvienent for people porting `ecAdd`, `ecMul` or `ecPairing`. That's
why I keep it here.
5. dependencies update, using `halo2lib` (includes `halo2-base` and
`halo2-ecc`)

---------

Co-authored-by: Rohit Narurkar <rohit.narurkar@protonmail.com>
Co-authored-by: Zhang Zhuo <mycinbrin@gmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lispc lispc Awaiting requested review from lispc

@zhenfeizhang zhenfeizhang Awaiting requested review from zhenfeizhang

Assignees

No one assigned

Labels

crate-bus-mapping crate-eth-types crate-zkevm-circuits

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@roynalnaruto @lispc