|
| 1 | +--- |
| 2 | +simd: "0222" |
| 3 | +title: Fix alt-bn128 multiplication syscall length |
| 4 | +authors: |
| 5 | + - Sam Kim |
| 6 | +category: Standard |
| 7 | +type: Core |
| 8 | +status: Review |
| 9 | +created: 2025-01-10 |
| 10 | +feature: |
| 11 | +supersedes: |
| 12 | +superseded-by: |
| 13 | +extends: |
| 14 | +--- |
| 15 | + |
| 16 | +## Summary |
| 17 | + |
| 18 | +The `alt_bn128_multiplication` syscall takes in a byte slice as input, |
| 19 | +interprets the bytes as a bn128 elliptic curve point/scalar pair, and applies |
| 20 | +point-scalar multiplication. If the byte slice input has improper length then |
| 21 | +the function terminates early. Specifically, if the byte slice has length |
| 22 | +greater than 128, then the function terminates early with an error. |
| 23 | + |
| 24 | +However, a bn128 curve point is 64 bytes and a scalar is 32 bytes. This means |
| 25 | +that the function should check if the byte slice is 96 bytes in length rather |
| 26 | +than 128 bytes. |
| 27 | + |
| 28 | +This document proposes to fix this length check by checking for the correct |
| 29 | +length. |
| 30 | + |
| 31 | +## Motivation |
| 32 | + |
| 33 | +The `alt_bn128_multiplication` function still works with the incorrect 128 |
| 34 | +length bound since a correct input of 96 bytes is still less than 128 bytes. |
| 35 | +However, there could be successful inputs that are greater than 96 bytes and |
| 36 | +smaller than 128 bytes in length. This could cause application logic harder to |
| 37 | +debug. |
| 38 | + |
| 39 | +## Alternatives Considered |
| 40 | + |
| 41 | +Leave as is. |
| 42 | + |
| 43 | +## New Terminology |
| 44 | + |
| 45 | +N/A |
| 46 | + |
| 47 | +## Detailed Design |
| 48 | + |
| 49 | +The fix is simple. |
| 50 | + |
| 51 | +Currently, the constant `ALT_BN128_MULTIPLICATION_INPUT_LEN`, which is set to |
| 52 | +128 is used to sanity check the length of the input. |
| 53 | + |
| 54 | +```rust |
| 55 | + |
| 56 | +pub fn alt_bn128_multiplication(input: &[u8]) -> Result<Vec<u8>, AltBn128Error> { |
| 57 | + if input.len() > ALT_BN128_MULTIPLICATION_INPUT_LEN { |
| 58 | + return Err(AltBn128Error::InvalidInputData); |
| 59 | + |
| 60 | + // logic omitted... |
| 61 | +} |
| 62 | +``` |
| 63 | + |
| 64 | +A fix would entail updating the `ALT_BN128_MULTIPLICATION_INPUT_LEN` constant to |
| 65 | +the correct length of 96. |
| 66 | + |
| 67 | +## Impact |
| 68 | + |
| 69 | +This fix will prevent accidental misuse of the `alt_bn128_multiplication` |
| 70 | +syscall function and make programs easier to debug. |
| 71 | + |
| 72 | +## Security Considerations |
| 73 | + |
| 74 | +This does update the behavior of the syscall function and therefore, should be |
| 75 | +properly feature-gated. |
| 76 | + |
| 77 | +## Drawbacks _(Optional)_ |
| 78 | + |
| 79 | +None |
0 commit comments