diff --git a/src/Reducer.h b/src/Reducer.h index fd040f50..913d747a 100644 --- a/src/Reducer.h +++ b/src/Reducer.h @@ -229,7 +229,8 @@ bool bLZCHasHW=false; // The condition (abs(v_) | abs(x_)) <= THRESH protects against // overflow - below_threshold = (labs(v_) | labs(x_)) <= THRESH ? 1 : 0; + // must use llabs() as labs() is undefined for too large numbers + below_threshold = (llabs(v_) | llabs(x_)) <= THRESH ? 1 : 0; } while (below_threshold && a > c && c > 0); if (below_threshold) { diff --git a/src/bqfc.c b/src/bqfc.c index c277b48e..7e3ae35e 100644 --- a/src/bqfc.c +++ b/src/bqfc.c @@ -120,7 +120,10 @@ static void bqfc_export(uint8_t *out_str, size_t *offset, size_t size, { size_t bytes; + // mpz_export can overflow out_str if reduction bug but this should never happen mpz_export(&out_str[*offset], &bytes, -1, 1, 0, 0, n); + if (bytes > size) + gmp_printf("bqfc_export overflow offset %d size %d n %Zd\n", *offset, size, n); if (bytes < size) memset(&out_str[*offset + bytes], 0, size - bytes); *offset += size; diff --git a/src/proof_common.h b/src/proof_common.h index 694c0df6..c2410584 100644 --- a/src/proof_common.h +++ b/src/proof_common.h @@ -27,8 +27,9 @@ integer HashPrime(std::vector seed, int length, vector bitmask) { break; } picosha2::hash256(sprout.begin(), sprout.end(), hash.begin(), hash.end()); + // Visual Studio doesn't like pointer arithmetic past the bounds blob.insert(blob.end(), hash.begin(), - std::min(hash.end(), hash.begin() + length / 8 - blob.size())); + hash.begin() + std::min(hash.size(), length / 8 - blob.size())); } assert ((int) blob.size() * 8 == length); diff --git a/src/prover_slow.h b/src/prover_slow.h index 5552d574..872ce426 100644 --- a/src/prover_slow.h +++ b/src/prover_slow.h @@ -26,7 +26,9 @@ uint64_t GetBlock(uint64_t i, uint64_t k, uint64_t T, integer& B) { mpz_mul_2exp(res.impl, res.impl, k); res = res / B; auto res_vector = res.to_vector(); - return res_vector[0]; + // 0 value results in empty vector from mpz_export + // https://gmplib.org/list-archives/gmp-bugs/2009-July/001534.html + return res_vector.empty() ? 0 : res_vector[0]; } form GenerateWesolowski(form &y, form &x_init, @@ -47,28 +49,28 @@ form GenerateWesolowski(form &y, form &x_init, for (int64_t j = l - 1; j >= 0; j--) { x = FastPowFormNucomp(x, D, integer(1 << k), L, reducer); - std::vector
ys((1 << k)); - for (uint64_t i = 0; i < (1UL << k); i++) + std::vector ys((1ULL << k)); + for (uint64_t i = 0; i < (1ULL << k); i++) ys[i] = form::identity(D); - for (uint64_t i = 0; i < ceil(double(num_iterations) / (k * l)); i++) { + for (uint64_t i = 0; i < (num_iterations + k * l - 1) / (k * l); i++) { if (num_iterations >= k * (i * l + j + 1)) { uint64_t b = GetBlock(i*l + j, k, num_iterations, B); nucomp_form(ys[b], ys[b], intermediates[i], D, L); } } - for (uint64_t b1 = 0; b1 < (1UL << k1); b1++) { + for (uint64_t b1 = 0; b1 < (1ULL << k1); b1++) { form z = form::identity(D); - for (uint64_t b0 = 0; b0 < (1UL << k0); b0++) { - nucomp_form(z, z, ys[b1 * (1 << k0) + b0], D, L); + for (uint64_t b0 = 0; b0 < (1ULL << k0); b0++) { + nucomp_form(z, z, ys[b1 * (1ULL << k0) + b0], D, L); } z = FastPowFormNucomp(z, D, integer(b1 * (1 << k0)), L, reducer); nucomp_form(x, x, z, D, L); } - for (uint64_t b0 = 0; b0 < (1UL << k0); b0++) { + for (uint64_t b0 = 0; b0 < (1ULL << k0); b0++) { form z = form::identity(D); - for (uint64_t b1 = 0; b1 < (1UL << k1); b1++) { - nucomp_form(z, z, ys[b1 * (1 << k0) + b0], D, L); + for (uint64_t b1 = 0; b1 < (1ULL << k1); b1++) { + nucomp_form(z, z, ys[b1 * (1ULL << k0) + b0], D, L); } z = FastPowFormNucomp(z, D, integer(b0), L, reducer); nucomp_form(x, x, z, D, L); diff --git a/src/verifier_test.cpp b/src/verifier_test.cpp index 93d36792..a06f933e 100644 --- a/src/verifier_test.cpp +++ b/src/verifier_test.cpp @@ -1,5 +1,7 @@ #include "verifier.h" #include "create_discriminant.h" +#include "c_bindings/c_wrapper.h" +#include "prover_slow.h" void assertm(bool expr, std::string msg, bool verbose=false) { if (expr && verbose) { @@ -22,13 +24,47 @@ std::vector HexToBytes(const char *hex_proof) { return result; } +ByteArray prove_wrapper(const uint8_t* challenge_hash, size_t challenge_size, const uint8_t* x_s, size_t x_s_size, size_t discriminant_size_bits, uint64_t num_iterations) { + try { + std::vector challenge_hash_bytes(challenge_hash, challenge_hash + challenge_size); + integer discriminant = CreateDiscriminant(challenge_hash_bytes, discriminant_size_bits); + form x = DeserializeForm(discriminant, x_s, x_s_size); + std::vector result = ProveSlow(discriminant, x, num_iterations, ""); + + // Allocate memory for the result and copy data + uint8_t* resultData = new uint8_t[result.size()]; + std::copy(result.begin(), result.end(), resultData); + + return ByteArray { resultData, result.size() }; + } catch (...) { + return ByteArray { nullptr, 0 }; + } +} + int main() { - uint8_t arr[10000]; - std::vector result=HexToBytes("003f360be667de706fe886f766fe20240de04fe2c2f91207f1bbdddf20c554ab8d168b2ce9664d75f4613375a0ab12bf8158983574c9f5cd61c6b8a905fd3fa6bbffc5401b4ccedbe093b560293263a226e46302e720726586251116bc689ef09dc70d99e0a090c4409f928e218e85032fdbee02fedd563073be555b75a70a2d6a430033bc7a4926e3504e87698a0ace0dee6364cced2e9142b4e4cbe55a6371aab41e501ceed21d79d3a0dbbd82ce913c5de40b13eb7c59b1b52b6ef270ee603bd5e7fffcc9f5fae6dbd5aeec394181af130c0fdd195b22be745449b7a584ac80fc75ed49acfdb4d650f5cd344f86377ebbbaef5b19a0af3ae08101d1697f5656a52193000000000071c6f40024c342868a0c2a201b1b26a5d52c5d2f92a106c19ff926deb3fba1e74a444ecee3f8f507c062b949a2eaadd442b049417f82e8811526fa83c6d099d75323e068ffeca9dcd163761000c65d21dede72787ac350f25bdd3d29db6e9cb0e22c8124c724db33660c88784e2871b62ecf816846db7b469c71cad9a5dcfc5548ed2dd781006fa15b968facf4d79219646267eb187a670306d1ff1a59fc28ae00d36bb5a1cba659f48aa64a9022711a66105ef14401ff3948add265240aaad329ee76ba4c2300496746b86bcccacff5947c3fcb956cde2cffae10435960d7097f989aac742cf1047887f11584d20297958385e1715fe0f9b69141750c20d8134420eafec68fd10000000001555540006958aabfe4cc5d870e61fef82bcf1f2c3859e2bd8b1177e8a8872376b5cabace5dcb59b6fecada7e522d05f6f0e352939a6bfdf8c454fbe822cfa5ce97d17be0ffde44a4812cde9d04ec5c08dce6f9146586fdc8e081e05ec690b7effe24ea756f3d300f361203b61e1a39220c6eafa7852842674e317dcae5549c78c7144296ff004a6d0d2854c55e4c1de2f17dc4480b81652cfec37124ef41560a28c853482732434d1c006763b2e341528ae0bcc29fb76f1a4dafd99ade4fd75ec9cc9ca3f3d7001bcb6eb71e43eb22169ab721637551a8ec93838eb0825e9ecba9175297a00b146e9fdd244c5b722f29d3c46ec38840ba18f1f06ddec3dea844867386c2e1ac95"); + // Test overflow for slow prover (part of challenge b'\xa6\xc4%X\x17O\xb1\xee\xdcd') + int l,k; + ApproximateParameters(90909, l, k); + + cout << "ApproximateParameters for 90909 l: " << l << " k: " << k << endl; + + std::vector challenge_hash=HexToBytes("a6c42558174fb1eedc64"); + std::vector x_s=HexToBytes("0300aca4849458af5c557710c80f21519f196907764d2d55c9b70581a90d49ca7b3201ad6a9da836429e6592c200e965434f0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"); + + ByteArray ba=prove_wrapper(challenge_hash.data(), challenge_hash.size(), x_s.data(), x_s.size(), 512, 90909); + + for (size_t i = 0; i < ba.length; i++) + printf( "%02x", ba.data[i]); + printf("\n"); + + delete[] ba.data; + + uint8_t arr[10000]; + std::vector result=HexToBytes("003f360be667de706fe886f766fe20240de04fe2c2f91207f1bbdddf20c554ab8d168b2ce9664d75f4613375a0ab12bf8158983574c9f5cd61c6b8a905fd3fa6bbffc5401b4ccedbe093b560293263a226e46302e720726586251116bc689ef09dc70d99e0a090c4409f928e218e85032fdbee02fedd563073be555b75a70a2d6a430033bc7a4926e3504e87698a0ace0dee6364cced2e9142b4e4cbe55a6371aab41e501ceed21d79d3a0dbbd82ce913c5de40b13eb7c59b1b52b6ef270ee603bd5e7fffcc9f5fae6dbd5aeec394181af130c0fdd195b22be745449b7a584ac80fc75ed49acfdb4d650f5cd344f86377ebbbaef5b19a0af3ae08101d1697f5656a52193000000000071c6f40024c342868a0c2a201b1b26a5d52c5d2f92a106c19ff926deb3fba1e74a444ecee3f8f507c062b949a2eaadd442b049417f82e8811526fa83c6d099d75323e068ffeca9dcd163761000c65d21dede72787ac350f25bdd3d29db6e9cb0e22c8124c724db33660c88784e2871b62ecf816846db7b469c71cad9a5dcfc5548ed2dd781006fa15b968facf4d79219646267eb187a670306d1ff1a59fc28ae00d36bb5a1cba659f48aa64a9022711a66105ef14401ff3948add265240aaad329ee76ba4c2300496746b86bcccacff5947c3fcb956cde2cffae10435960d7097f989aac742cf1047887f11584d20297958385e1715fe0f9b69141750c20d8134420eafec68fd10000000001555540006958aabfe4cc5d870e61fef82bcf1f2c3859e2bd8b1177e8a8872376b5cabace5dcb59b6fecada7e522d05f6f0e352939a6bfdf8c454fbe822cfa5ce97d17be0ffde44a4812cde9d04ec5c08dce6f9146586fdc8e081e05ec690b7effe24ea756f3d300f361203b61e1a39220c6eafa7852842674e317dcae5549c78c7144296ff004a6d0d2854c55e4c1de2f17dc4480b81652cfec37124ef41560a28c853482732434d1c006763b2e341528ae0bcc29fb76f1a4dafd99ade4fd75ec9cc9ca3f3d7001bcb6eb71e43eb22169ab721637551a8ec93838eb0825e9ecba9175297a00b146e9fdd244c5b722f29d3c46ec38840ba18f1f06ddec3dea844867386c2e1ac95"); std::copy(result.begin(), result.end(), arr); - bool is_valid = CheckProofOfTimeNWesolowski( + bool is_valid = CheckProofOfTimeNWesolowski( integer("-131653324254138636653163861414331698305531090221496467927360326686715180966094250598321899621249972220387687148397451395672779897144571112116763666653213748473909547482437246405018707472153290116227072825447643324530509016778432769802300913461285128339119844239772697652504835780459732685000796733645621728639"), DEFAULT_ELEMENT, arr, diff --git a/tests/test_n_weso_verifier.py b/tests/test_n_weso_verifier.py index 91135a4e..07f105fa 100644 --- a/tests/test_n_weso_verifier.py +++ b/tests/test_n_weso_verifier.py @@ -66,6 +66,7 @@ def test_prove_n_weso_and_verify(): discriminant_challenge = secrets.token_bytes(10) discriminant_size = 512 discriminant = create_discriminant(discriminant_challenge, discriminant_size) + print(f"discriminant_challenge {discriminant_challenge.hex()} discriminant {discriminant}") form_size = 100 initial_el = b"\x08" + (b"\x00" * 99)