Skip to content

Affine infinity fix #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lucidLuckylee merged 7 commits into from
Dec 2, 2024
Merged

Affine infinity fix #139

lucidLuckylee merged 7 commits into from
Dec 2, 2024

Conversation

@Hakkush-07
Copy link
Collaborator

@Hakkush-07 Hakkush-07 commented Nov 29, 2024
edited
Loading

This PR fixes the issue with affine infinity as the inputs of affine_add and affine_double functions. Also, T+(2^w-1)T logic is changed to w times doubling in G1 scalar multiplication. Slightly (around %6) increases the script size. This error occurs mainly for small public inputs so some tests covering this are added. Closes #137

lucidLuckylee
lucidLuckylee reviewed Nov 29, 2024
View reviewed changes
manishbista28
manishbista28 reviewed Nov 30, 2024
View reviewed changes
src/chunker/chunk_scalar_mul.rs

type_acc = update;

for _ in (i_step / 3)..(2 * i_step / 3) {
Copy link
Contributor

@manishbista28 manishbista28 Nov 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could there be a case where depth > (i_step/3) but less than (2* i_step / 3) ? in that case it seems like execution of this loop will not be necessary.
for i_step = 12, it will not be the case, as the final loop has depth = 2 (=254 - 12n) so control won't flow to this branch so is not a problem.

Copy link
Collaborator Author

@Hakkush-07 Hakkush-07 Dec 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes you are right. I knew it will not be problem for i_step=12 as you indicated but better include all possible cases properly. done.

@lucidLuckylee
Copy link
Contributor

lucidLuckylee commented Dec 2, 2024

Thank you for looking into the issue!

@lucidLuckylee lucidLuckylee merged commit 9332a09 into BitVM:main Dec 2, 2024
@Hakkush-07 Hakkush-07 deleted the affine-infinity-fix branch December 4, 2024 11:07
@wz14 wz14 mentioned this pull request Dec 7, 2024
Merged
wz14 pushed a commit to bitlayer-org/BitVM that referenced this pull request Dec 16, 2024
@Hakkush-07 @sevkett12 @wz14
Affine infinity fix (BitVM#139)
c2ded98 
* add unsuccessful tests with small scalars

* add affine infinity if checks to native groth16 and change doubling method

* add affine infinity if checks to hinted groth16 and change doubling method

* add affine infinity if checks to chunked groth16 and change doubling method

* move if infinity checks in scalar mul to check_add and check_double functions

* fix G1:affine is_zero_keep_element

* fix the segment if-checks comparing depth and i_step in chunked scalar mul and refactor

---------

Co-authored-by: sevkett12 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucidLuckylee lucidLuckylee lucidLuckylee left review comments

+1 more reviewer

@manishbista28 manishbista28 manishbista28 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Proofs with Bad Scalar format in MSM

4 participants

@Hakkush-07 @lucidLuckylee @manishbista28 @sevkett12