Skip to content

fix hint for pairing result #140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lucidLuckylee merged 3 commits into from
Dec 2, 2024
Merged

fix hint for pairing result #140

lucidLuckylee merged 3 commits into from
Dec 2, 2024

Conversation

@freddi8e
Copy link
Contributor

@freddi8e freddi8e commented Dec 2, 2024
edited
Loading

Current implementation needs to compare accumulator with c^(q^3), it doesn't follow the algorithm 9 in "on proving pairing" and give attacker a chance to put a fake hint.
Special thanks to @wz14 . This work is from bitlayer.org.

@lucidLuckylee lucidLuckylee merged commit 105a207 into BitVM:main Dec 2, 2024
@PayneJoe
Copy link
Contributor

PayneJoe commented Dec 3, 2024

Good catch! Actually the original hint equals c_inv^{p^3}, it's a variant of witness c, and it is computed by verifier itself not provided by prover. So I should have forgotten putting c_inv^{p^3} into script, it's a bug on verifier script.

wz14 pushed a commit to bitlayer-org/BitVM that referenced this pull request Dec 16, 2024
@freddi8e @wz14
fix hint for pairing result (BitVM#140)
a4ca13d 
* fix hinted f proof

* chunker hinted f

* make compile pass

---------

Co-authored-by: freddie <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@freddi8e @PayneJoe @lucidLuckylee