Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Underconstrained div and mod #607

Closed
emmorais opened this issue Aug 15, 2023 · 3 comments
Closed

Underconstrained div and mod #607

emmorais opened this issue Aug 15, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@emmorais
Copy link
Contributor

emmorais commented Aug 15, 2023
edited
Loading

When we compute div and mod we use the non-deterministic equation a = b.div + mod, and we constraint mod < b. However, in the field we can easily (if non-zero b) compute div = (a - mod)*inv(b), then an attacker could choose any mod he wants, and set div as before. What is wrong? We also need to check div and mod are u64, and this check is lacking in the old circuit.

Implement a gadget that attests correct u64 range showing a non-deterministic 64-bit decomposition.
@emmorais emmorais closed this as completed Sep 9, 2023
@emmorais emmorais reopened this Sep 10, 2023
@emmorais emmorais self-assigned this Sep 10, 2023
@emmorais
Copy link
Contributor Author

This must also be fixed in the old circuit.

@huitseeker
Copy link
Member

See #664

@huitseeker huitseeker added the bug Something isn't working label Oct 23, 2023
@arthurpaulino
Copy link
Member

No longer relevant in LEM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@huitseeker @arthurpaulino @emmorais