Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent hypothetical overflow #2192

Merged
merged 3 commits into from
Jan 20, 2024
Merged

Prevent hypothetical overflow #2192

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fcf3f5e
Prevent hypothetical overflow
vicsn Nov 23, 2023
2be8d08
Improve error messages
vicsn Nov 24, 2023
07b7f08
Ensure we update highest_degree_bound
vicsn Nov 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 24 additions & 12 deletions algorithms/src/polycommit/sonic_pc/data_structures.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -309,18 +309,26 @@ impl<E: PairingEngine> CommitterKey<E> {
self.enforced_degree_bounds = None;
}
Some(enforced_degree_bounds) => {
// Retrieve new highest degree bound
let new_highest_degree_bound =
*enforced_degree_bounds.last().ok_or(anyhow!("expecting new degree_bounds"))?;
*enforced_degree_bounds.last().ok_or(anyhow!("No degree bound found"))?;
ensure!(new_highest_degree_bound < supported_degree);

// Retrieve current degree bounds and shifted powers
let degree_bounds = self.enforced_degree_bounds.take().unwrap_or_default();
let highest_degree_bound =
degree_bounds.iter().copied().sorted().last().map(|b| b + 1).unwrap_or_default();
let mut highest_degree_bound = degree_bounds.iter().copied().sorted().last().unwrap_or_default();
let mut shifted_powers_of_beta_g = self.shifted_powers_of_beta_g.take().unwrap_or_default();
let mut shifted_powers_of_beta_times_gamma_g =
self.shifted_powers_of_beta_times_gamma_g.take().unwrap_or_default();

// We add 1 to any existing upper bound, in congruence with `max_degree + 1` below.
// This is because the proof system assumes we need this extra degree.
// This can optionally be refactored to ensure the extra degree is already encoded in degree_bounds.
if highest_degree_bound > 0 {
highest_degree_bound =
highest_degree_bound.checked_add(1).ok_or(error("Overflow highest_degree_bound"))?;
}

let shifted_ck_time = start_timer!(|| "Constructing `shifted_powers_of_beta_g`");
match new_highest_degree_bound.cmp(&highest_degree_bound) {
Ordering::Greater => {
Expand Down Expand Up @@ -351,7 +359,10 @@ impl<E: PairingEngine> CommitterKey<E> {
let shift_degree = max_degree - *degree_bound;
let mut powers_for_degree_bound =
Vec::with_capacity((max_degree + 2).saturating_sub(shift_degree));
for i in 0..=supported_hiding_bound + 1 {
for i in 0..=supported_hiding_bound
.checked_add(1)
.ok_or(anyhow!("Overflow supported_hiding_bound"))?
{
// We have an additional degree in `powers_of_beta_times_gamma_g` beyond `powers_of_beta_g`.
if shift_degree + i < max_degree + 2 {
powers_for_degree_bound
Expand Down Expand Up @@ -383,14 +394,15 @@ impl<E: PairingEngine> CommitterKey<E> {
}

// Set powers_of_beta_times_gamma_g
self.powers_of_beta_times_gamma_g = (0..=(supported_hiding_bound + 1))
.map(|i| {
srs.powers_of_beta_times_gamma_g()
.get(&i)
.copied()
.ok_or(PCError::HidingBoundToolarge { hiding_poly_degree: supported_hiding_bound, num_powers: 0 })
})
.collect::<Result<Vec<_>, _>>()?;
self.powers_of_beta_times_gamma_g =
(0..=(supported_hiding_bound.checked_add(1).ok_or(anyhow!("Overflow supported_hiding_bound"))?))
.map(|i| {
srs.powers_of_beta_times_gamma_g().get(&i).copied().ok_or(PCError::HidingBoundToolarge {
hiding_poly_degree: supported_hiding_bound,
num_powers: 0,
})
})
.collect::<Result<Vec<_>, _>>()?;

// Update lagrange_bases_at_beta_g
let mut lagrange_bases_at_beta_g = BTreeMap::new();
Expand Down