From 51cb164bf2b52184187ac8e8e46f70d0023c4cb0 Mon Sep 17 00:00:00 2001 From: David Nevado Date: Wed, 3 Jan 2024 17:55:51 +0100 Subject: [PATCH 1/5] Add check for `k` in vk deserialization --- halo2_proofs/src/plonk.rs | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/halo2_proofs/src/plonk.rs b/halo2_proofs/src/plonk.rs index 5506f94a68..3de3548fcc 100644 --- a/halo2_proofs/src/plonk.rs +++ b/halo2_proofs/src/plonk.rs @@ -120,9 +120,21 @@ where "unexpected version byte", )); } + // Maximum allowed value for parameter `k`, the log-size of the circuit. + const MAX_CIRCUIT_SIZE: u32 = 32; + let mut k = [0u8; 4]; reader.read_exact(&mut k)?; - let k = u32::from_le_bytes(k); + let k = u32::from_be_bytes(k); + if k > MAX_CIRCUIT_SIZE { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + format!( + "circuit size value (k): {} exceeds maxium: {}", + k, MAX_CIRCUIT_SIZE + ), + )); + } let mut compress_selectors = [0u8; 1]; reader.read_exact(&mut compress_selectors)?; if compress_selectors[0] != 0 && compress_selectors[0] != 1 { From 6c2c57a51b64c4b127c05dfeaf266185fde060b5 Mon Sep 17 00:00:00 2001 From: David Nevado Date: Wed, 3 Jan 2024 18:22:47 +0100 Subject: [PATCH 2/5] Change k from u32 to u8 Update write accordingly Update version number --- halo2_proofs/src/plonk.rs | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/halo2_proofs/src/plonk.rs b/halo2_proofs/src/plonk.rs index 3de3548fcc..f765891f84 100644 --- a/halo2_proofs/src/plonk.rs +++ b/halo2_proofs/src/plonk.rs @@ -60,6 +60,11 @@ pub struct VerifyingKey { compress_selectors: bool, } +// Current version of the VK +const VERSION: u8 = 0x03; +// Maximum allowed value for parameter `k`, the log-size of the circuit. +const MAX_CIRCUIT_SIZE: u8 = 32; + impl VerifyingKey where C::Scalar: SerdePrimeField + FromUniformBytes<64>, @@ -75,8 +80,11 @@ where /// WITHOUT performing the expensive Montgomery reduction. pub fn write(&self, writer: &mut W, format: SerdeFormat) -> io::Result<()> { // Version byte that will be checked on read. - writer.write_all(&[0x02])?; - writer.write_all(&self.domain.k().to_le_bytes())?; + writer.write_all(&[VERSION])?; + let k = &self.domain.k(); + assert!(*k <= MAX_CIRCUIT_SIZE as u32); + // k value fits in 1 byte + writer.write_all(&[k.to_le_bytes()[0]])?; writer.write_all(&[self.compress_selectors as u8])?; writer.write_all(&(self.fixed_commitments.len() as u32).to_le_bytes())?; for commitment in &self.fixed_commitments { @@ -114,18 +122,16 @@ where ) -> io::Result { let mut version_byte = [0u8; 1]; reader.read_exact(&mut version_byte)?; - if 0x02 != version_byte[0] { + if VERSION != version_byte[0] { return Err(io::Error::new( io::ErrorKind::InvalidData, "unexpected version byte", )); } - // Maximum allowed value for parameter `k`, the log-size of the circuit. - const MAX_CIRCUIT_SIZE: u32 = 32; - let mut k = [0u8; 4]; + let mut k = [0u8; 1]; reader.read_exact(&mut k)?; - let k = u32::from_be_bytes(k); + let k = u8::from_le_bytes(k); if k > MAX_CIRCUIT_SIZE { return Err(io::Error::new( io::ErrorKind::InvalidData, @@ -145,7 +151,7 @@ where } let compress_selectors = compress_selectors[0] == 1; let (domain, cs, _) = keygen::create_domain::( - k, + k as u32, #[cfg(feature = "circuit-params")] params, ); From 2fadf612750e3545fba82d75c57cad4acab2aa99 Mon Sep 17 00:00:00 2001 From: David Nevado Date: Mon, 8 Jan 2024 10:17:57 +0100 Subject: [PATCH 3/5] Use Field::S for max circuit size --- halo2_proofs/src/plonk.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/halo2_proofs/src/plonk.rs b/halo2_proofs/src/plonk.rs index f765891f84..41c0b98e69 100644 --- a/halo2_proofs/src/plonk.rs +++ b/halo2_proofs/src/plonk.rs @@ -62,8 +62,6 @@ pub struct VerifyingKey { // Current version of the VK const VERSION: u8 = 0x03; -// Maximum allowed value for parameter `k`, the log-size of the circuit. -const MAX_CIRCUIT_SIZE: u8 = 32; impl VerifyingKey where @@ -82,7 +80,7 @@ where // Version byte that will be checked on read. writer.write_all(&[VERSION])?; let k = &self.domain.k(); - assert!(*k <= MAX_CIRCUIT_SIZE as u32); + assert!(*k <= C::Scalar::S as u32); // k value fits in 1 byte writer.write_all(&[k.to_le_bytes()[0]])?; writer.write_all(&[self.compress_selectors as u8])?; @@ -132,12 +130,13 @@ where let mut k = [0u8; 1]; reader.read_exact(&mut k)?; let k = u8::from_le_bytes(k); - if k > MAX_CIRCUIT_SIZE { + if k as u32 > C::Scalar::S { return Err(io::Error::new( io::ErrorKind::InvalidData, format!( "circuit size value (k): {} exceeds maxium: {}", - k, MAX_CIRCUIT_SIZE + k, + C::Scalar::S ), )); } From 630e5a694c62af340cfea923b9dd75892b0f70c8 Mon Sep 17 00:00:00 2001 From: David Nevado Date: Mon, 8 Jan 2024 10:18:24 +0100 Subject: [PATCH 4/5] Update halo2_proofs/src/plonk.rs Co-authored-by: Han --- halo2_proofs/src/plonk.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/halo2_proofs/src/plonk.rs b/halo2_proofs/src/plonk.rs index 41c0b98e69..1a8acf44ba 100644 --- a/halo2_proofs/src/plonk.rs +++ b/halo2_proofs/src/plonk.rs @@ -82,7 +82,7 @@ where let k = &self.domain.k(); assert!(*k <= C::Scalar::S as u32); // k value fits in 1 byte - writer.write_all(&[k.to_le_bytes()[0]])?; + writer.write_all(&[*k as u8])?; writer.write_all(&[self.compress_selectors as u8])?; writer.write_all(&(self.fixed_commitments.len() as u32).to_le_bytes())?; for commitment in &self.fixed_commitments { From 76a86f029566c51ba19881bccb5fba33fecec4fb Mon Sep 17 00:00:00 2001 From: David Nevado Date: Mon, 8 Jan 2024 10:24:39 +0100 Subject: [PATCH 5/5] Fix clippy --- halo2_proofs/src/plonk.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/halo2_proofs/src/plonk.rs b/halo2_proofs/src/plonk.rs index 1a8acf44ba..78bfc21501 100644 --- a/halo2_proofs/src/plonk.rs +++ b/halo2_proofs/src/plonk.rs @@ -80,7 +80,7 @@ where // Version byte that will be checked on read. writer.write_all(&[VERSION])?; let k = &self.domain.k(); - assert!(*k <= C::Scalar::S as u32); + assert!(*k <= C::Scalar::S); // k value fits in 1 byte writer.write_all(&[*k as u8])?; writer.write_all(&[self.compress_selectors as u8])?;