From 908a7f58159e17a775f1eedb23476bd56cee57c7 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 13:37:00 +0000 Subject: [PATCH 01/14] fix: only read commitment keys to input limit --- .../zkpschemes/groth16/groth16.marshal.go.tmpl | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl index 5f11ac043..fe6a4f420 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl @@ -3,6 +3,8 @@ import ( {{ template "import_pedersen" . }} "github.com/consensys/gnark/internal/utils" "github.com/consensys/gnark-crypto/utils/unsafe" + + "fmt" "io" ) @@ -186,22 +188,26 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { vk.PublicAndCommitmentCommitted = utils.Uint64SliceSliceToIntSliceSlice(publicCommitted) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, nbCommitments) var n int64 - for i := range vk.CommitmentKeys { + for i := 0; i < int(nbCommitments); i++ { var ( m int64 err error ) + commitmentKey := pedersen.VerifyingKey{} if raw { - m, err = vk.CommitmentKeys[i].UnsafeReadFrom(r) + m, err = commitmentKey.UnsafeReadFrom(r) } else { - m, err = vk.CommitmentKeys[i].ReadFrom(r) + m, err = commitmentKey.ReadFrom(r) } n += m if err != nil { return n + dec.BytesRead(), err } + vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) + } + if len(vk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys") } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 From 7d9c49cb5f1356928ca088cb57936a9a271758e8 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 13:37:38 +0000 Subject: [PATCH 02/14] chore: more expressive errors --- .../zkpschemes/groth16/groth16.marshal.go.tmpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl index fe6a4f420..fd923f8d5 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl @@ -180,9 +180,9 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { &nbCommitments, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err + return dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } @@ -202,17 +202,17 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { } n += m if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) } if len(vk.CommitmentKeys) != int(nbCommitments) { - return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys") + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(vk.CommitmentKeys)) } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 if err := vk.Precompute(); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("precompute: %w", err) } return n + dec.BytesRead(), nil From a00fc783c9cd27e4803dcf9183a49db3f71cece0 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 13:38:24 +0000 Subject: [PATCH 03/14] chore: generate --- backend/groth16/bls12-377/marshal.go | 22 ++++++++++++++-------- backend/groth16/bls12-381/marshal.go | 22 ++++++++++++++-------- backend/groth16/bls24-315/marshal.go | 22 ++++++++++++++-------- backend/groth16/bls24-317/marshal.go | 22 ++++++++++++++-------- backend/groth16/bn254/marshal.go | 22 ++++++++++++++-------- backend/groth16/bw6-633/marshal.go | 22 ++++++++++++++-------- backend/groth16/bw6-761/marshal.go | 22 ++++++++++++++-------- 7 files changed, 98 insertions(+), 56 deletions(-) diff --git a/backend/groth16/bls12-377/marshal.go b/backend/groth16/bls12-377/marshal.go index d0e0f295c..d3516a03e 100644 --- a/backend/groth16/bls12-377/marshal.go +++ b/backend/groth16/bls12-377/marshal.go @@ -22,6 +22,8 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/pedersen" "github.com/consensys/gnark-crypto/utils/unsafe" "github.com/consensys/gnark/internal/utils" + + "fmt" "io" ) @@ -196,35 +198,39 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { &nbCommitments, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err + return dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } vk.PublicAndCommitmentCommitted = utils.Uint64SliceSliceToIntSliceSlice(publicCommitted) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, nbCommitments) var n int64 - for i := range vk.CommitmentKeys { + for i := 0; i < int(nbCommitments); i++ { var ( m int64 err error ) + commitmentKey := pedersen.VerifyingKey{} if raw { - m, err = vk.CommitmentKeys[i].UnsafeReadFrom(r) + m, err = commitmentKey.UnsafeReadFrom(r) } else { - m, err = vk.CommitmentKeys[i].ReadFrom(r) + m, err = commitmentKey.ReadFrom(r) } n += m if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) + } + if len(vk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(vk.CommitmentKeys)) } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 if err := vk.Precompute(); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("precompute: %w", err) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bls12-381/marshal.go b/backend/groth16/bls12-381/marshal.go index 8a34d864f..078a10d59 100644 --- a/backend/groth16/bls12-381/marshal.go +++ b/backend/groth16/bls12-381/marshal.go @@ -22,6 +22,8 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/pedersen" "github.com/consensys/gnark-crypto/utils/unsafe" "github.com/consensys/gnark/internal/utils" + + "fmt" "io" ) @@ -196,35 +198,39 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { &nbCommitments, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err + return dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } vk.PublicAndCommitmentCommitted = utils.Uint64SliceSliceToIntSliceSlice(publicCommitted) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, nbCommitments) var n int64 - for i := range vk.CommitmentKeys { + for i := 0; i < int(nbCommitments); i++ { var ( m int64 err error ) + commitmentKey := pedersen.VerifyingKey{} if raw { - m, err = vk.CommitmentKeys[i].UnsafeReadFrom(r) + m, err = commitmentKey.UnsafeReadFrom(r) } else { - m, err = vk.CommitmentKeys[i].ReadFrom(r) + m, err = commitmentKey.ReadFrom(r) } n += m if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) + } + if len(vk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(vk.CommitmentKeys)) } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 if err := vk.Precompute(); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("precompute: %w", err) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bls24-315/marshal.go b/backend/groth16/bls24-315/marshal.go index 32cbca836..535aa7a6d 100644 --- a/backend/groth16/bls24-315/marshal.go +++ b/backend/groth16/bls24-315/marshal.go @@ -22,6 +22,8 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/pedersen" "github.com/consensys/gnark-crypto/utils/unsafe" "github.com/consensys/gnark/internal/utils" + + "fmt" "io" ) @@ -196,35 +198,39 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { &nbCommitments, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err + return dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } vk.PublicAndCommitmentCommitted = utils.Uint64SliceSliceToIntSliceSlice(publicCommitted) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, nbCommitments) var n int64 - for i := range vk.CommitmentKeys { + for i := 0; i < int(nbCommitments); i++ { var ( m int64 err error ) + commitmentKey := pedersen.VerifyingKey{} if raw { - m, err = vk.CommitmentKeys[i].UnsafeReadFrom(r) + m, err = commitmentKey.UnsafeReadFrom(r) } else { - m, err = vk.CommitmentKeys[i].ReadFrom(r) + m, err = commitmentKey.ReadFrom(r) } n += m if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) + } + if len(vk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(vk.CommitmentKeys)) } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 if err := vk.Precompute(); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("precompute: %w", err) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bls24-317/marshal.go b/backend/groth16/bls24-317/marshal.go index c1aa622e0..c0f8fd340 100644 --- a/backend/groth16/bls24-317/marshal.go +++ b/backend/groth16/bls24-317/marshal.go @@ -22,6 +22,8 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/pedersen" "github.com/consensys/gnark-crypto/utils/unsafe" "github.com/consensys/gnark/internal/utils" + + "fmt" "io" ) @@ -196,35 +198,39 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { &nbCommitments, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err + return dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } vk.PublicAndCommitmentCommitted = utils.Uint64SliceSliceToIntSliceSlice(publicCommitted) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, nbCommitments) var n int64 - for i := range vk.CommitmentKeys { + for i := 0; i < int(nbCommitments); i++ { var ( m int64 err error ) + commitmentKey := pedersen.VerifyingKey{} if raw { - m, err = vk.CommitmentKeys[i].UnsafeReadFrom(r) + m, err = commitmentKey.UnsafeReadFrom(r) } else { - m, err = vk.CommitmentKeys[i].ReadFrom(r) + m, err = commitmentKey.ReadFrom(r) } n += m if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) + } + if len(vk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(vk.CommitmentKeys)) } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 if err := vk.Precompute(); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("precompute: %w", err) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bn254/marshal.go b/backend/groth16/bn254/marshal.go index d1c6ba186..f3f83fb6d 100644 --- a/backend/groth16/bn254/marshal.go +++ b/backend/groth16/bn254/marshal.go @@ -22,6 +22,8 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254/fr/pedersen" "github.com/consensys/gnark-crypto/utils/unsafe" "github.com/consensys/gnark/internal/utils" + + "fmt" "io" ) @@ -196,35 +198,39 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { &nbCommitments, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err + return dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } vk.PublicAndCommitmentCommitted = utils.Uint64SliceSliceToIntSliceSlice(publicCommitted) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, nbCommitments) var n int64 - for i := range vk.CommitmentKeys { + for i := 0; i < int(nbCommitments); i++ { var ( m int64 err error ) + commitmentKey := pedersen.VerifyingKey{} if raw { - m, err = vk.CommitmentKeys[i].UnsafeReadFrom(r) + m, err = commitmentKey.UnsafeReadFrom(r) } else { - m, err = vk.CommitmentKeys[i].ReadFrom(r) + m, err = commitmentKey.ReadFrom(r) } n += m if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) + } + if len(vk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(vk.CommitmentKeys)) } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 if err := vk.Precompute(); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("precompute: %w", err) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bw6-633/marshal.go b/backend/groth16/bw6-633/marshal.go index d0d6ff380..0393654ea 100644 --- a/backend/groth16/bw6-633/marshal.go +++ b/backend/groth16/bw6-633/marshal.go @@ -22,6 +22,8 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/pedersen" "github.com/consensys/gnark-crypto/utils/unsafe" "github.com/consensys/gnark/internal/utils" + + "fmt" "io" ) @@ -196,35 +198,39 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { &nbCommitments, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err + return dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } vk.PublicAndCommitmentCommitted = utils.Uint64SliceSliceToIntSliceSlice(publicCommitted) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, nbCommitments) var n int64 - for i := range vk.CommitmentKeys { + for i := 0; i < int(nbCommitments); i++ { var ( m int64 err error ) + commitmentKey := pedersen.VerifyingKey{} if raw { - m, err = vk.CommitmentKeys[i].UnsafeReadFrom(r) + m, err = commitmentKey.UnsafeReadFrom(r) } else { - m, err = vk.CommitmentKeys[i].ReadFrom(r) + m, err = commitmentKey.ReadFrom(r) } n += m if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) + } + if len(vk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(vk.CommitmentKeys)) } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 if err := vk.Precompute(); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("precompute: %w", err) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bw6-761/marshal.go b/backend/groth16/bw6-761/marshal.go index a5766ae5b..6df327170 100644 --- a/backend/groth16/bw6-761/marshal.go +++ b/backend/groth16/bw6-761/marshal.go @@ -22,6 +22,8 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/pedersen" "github.com/consensys/gnark-crypto/utils/unsafe" "github.com/consensys/gnark/internal/utils" + + "fmt" "io" ) @@ -196,35 +198,39 @@ func (vk *VerifyingKey) readFrom(r io.Reader, raw bool) (int64, error) { &nbCommitments, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return dec.BytesRead(), err + return dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } vk.PublicAndCommitmentCommitted = utils.Uint64SliceSliceToIntSliceSlice(publicCommitted) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, nbCommitments) var n int64 - for i := range vk.CommitmentKeys { + for i := 0; i < int(nbCommitments); i++ { var ( m int64 err error ) + commitmentKey := pedersen.VerifyingKey{} if raw { - m, err = vk.CommitmentKeys[i].UnsafeReadFrom(r) + m, err = commitmentKey.UnsafeReadFrom(r) } else { - m, err = vk.CommitmentKeys[i].ReadFrom(r) + m, err = commitmentKey.ReadFrom(r) } n += m if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + vk.CommitmentKeys = append(vk.CommitmentKeys, commitmentKey) + } + if len(vk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(vk.CommitmentKeys)) } // recompute vk.e (e(α, β)) and -[δ]2, -[γ]2 if err := vk.Precompute(); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("precompute: %w", err) } return n + dec.BytesRead(), nil From 4d56bb1f93f9cce10c30685fbffcf8b2623cb9cd Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 14:39:34 +0000 Subject: [PATCH 04/14] fix: do not initialize commitment keys in roundtrip test --- .../template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl index 76046dc5e..7cc284a5c 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl @@ -82,7 +82,6 @@ func TestVerifyingKeySerialization(t *testing.T) { vk.G1.K[i] = p1 } - vk.CommitmentKeys = []pedersen.VerifyingKey{} if withCommitment { vk.PublicAndCommitmentCommitted = test_utils.Random2DIntSlice(5, 10) // TODO: Use gopter randomization bases := make([][]curve.G1Affine, len(vk.PublicAndCommitmentCommitted)) From 918cb458a8a5c8781da295dce06fedbd626b78fb Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 14:39:48 +0000 Subject: [PATCH 05/14] chore: go generate --- backend/groth16/bls12-377/marshal_test.go | 1 - backend/groth16/bls12-381/marshal_test.go | 1 - backend/groth16/bls24-315/marshal_test.go | 1 - backend/groth16/bls24-317/marshal_test.go | 1 - backend/groth16/bn254/marshal_test.go | 1 - backend/groth16/bw6-633/marshal_test.go | 1 - backend/groth16/bw6-761/marshal_test.go | 1 - 7 files changed, 7 deletions(-) diff --git a/backend/groth16/bls12-377/marshal_test.go b/backend/groth16/bls12-377/marshal_test.go index e2228b143..02eb97cc5 100644 --- a/backend/groth16/bls12-377/marshal_test.go +++ b/backend/groth16/bls12-377/marshal_test.go @@ -98,7 +98,6 @@ func TestVerifyingKeySerialization(t *testing.T) { vk.G1.K[i] = p1 } - vk.CommitmentKeys = []pedersen.VerifyingKey{} if withCommitment { vk.PublicAndCommitmentCommitted = test_utils.Random2DIntSlice(5, 10) // TODO: Use gopter randomization bases := make([][]curve.G1Affine, len(vk.PublicAndCommitmentCommitted)) diff --git a/backend/groth16/bls12-381/marshal_test.go b/backend/groth16/bls12-381/marshal_test.go index 3f8e9ab0c..edb30277b 100644 --- a/backend/groth16/bls12-381/marshal_test.go +++ b/backend/groth16/bls12-381/marshal_test.go @@ -98,7 +98,6 @@ func TestVerifyingKeySerialization(t *testing.T) { vk.G1.K[i] = p1 } - vk.CommitmentKeys = []pedersen.VerifyingKey{} if withCommitment { vk.PublicAndCommitmentCommitted = test_utils.Random2DIntSlice(5, 10) // TODO: Use gopter randomization bases := make([][]curve.G1Affine, len(vk.PublicAndCommitmentCommitted)) diff --git a/backend/groth16/bls24-315/marshal_test.go b/backend/groth16/bls24-315/marshal_test.go index bf667dc18..80209b946 100644 --- a/backend/groth16/bls24-315/marshal_test.go +++ b/backend/groth16/bls24-315/marshal_test.go @@ -98,7 +98,6 @@ func TestVerifyingKeySerialization(t *testing.T) { vk.G1.K[i] = p1 } - vk.CommitmentKeys = []pedersen.VerifyingKey{} if withCommitment { vk.PublicAndCommitmentCommitted = test_utils.Random2DIntSlice(5, 10) // TODO: Use gopter randomization bases := make([][]curve.G1Affine, len(vk.PublicAndCommitmentCommitted)) diff --git a/backend/groth16/bls24-317/marshal_test.go b/backend/groth16/bls24-317/marshal_test.go index 816c340d3..d5b5d3e7a 100644 --- a/backend/groth16/bls24-317/marshal_test.go +++ b/backend/groth16/bls24-317/marshal_test.go @@ -98,7 +98,6 @@ func TestVerifyingKeySerialization(t *testing.T) { vk.G1.K[i] = p1 } - vk.CommitmentKeys = []pedersen.VerifyingKey{} if withCommitment { vk.PublicAndCommitmentCommitted = test_utils.Random2DIntSlice(5, 10) // TODO: Use gopter randomization bases := make([][]curve.G1Affine, len(vk.PublicAndCommitmentCommitted)) diff --git a/backend/groth16/bn254/marshal_test.go b/backend/groth16/bn254/marshal_test.go index 567371f1f..be51a46ba 100644 --- a/backend/groth16/bn254/marshal_test.go +++ b/backend/groth16/bn254/marshal_test.go @@ -98,7 +98,6 @@ func TestVerifyingKeySerialization(t *testing.T) { vk.G1.K[i] = p1 } - vk.CommitmentKeys = []pedersen.VerifyingKey{} if withCommitment { vk.PublicAndCommitmentCommitted = test_utils.Random2DIntSlice(5, 10) // TODO: Use gopter randomization bases := make([][]curve.G1Affine, len(vk.PublicAndCommitmentCommitted)) diff --git a/backend/groth16/bw6-633/marshal_test.go b/backend/groth16/bw6-633/marshal_test.go index d3e7e1262..72710154b 100644 --- a/backend/groth16/bw6-633/marshal_test.go +++ b/backend/groth16/bw6-633/marshal_test.go @@ -98,7 +98,6 @@ func TestVerifyingKeySerialization(t *testing.T) { vk.G1.K[i] = p1 } - vk.CommitmentKeys = []pedersen.VerifyingKey{} if withCommitment { vk.PublicAndCommitmentCommitted = test_utils.Random2DIntSlice(5, 10) // TODO: Use gopter randomization bases := make([][]curve.G1Affine, len(vk.PublicAndCommitmentCommitted)) diff --git a/backend/groth16/bw6-761/marshal_test.go b/backend/groth16/bw6-761/marshal_test.go index 7538b33fd..d4bb3d35b 100644 --- a/backend/groth16/bw6-761/marshal_test.go +++ b/backend/groth16/bw6-761/marshal_test.go @@ -98,7 +98,6 @@ func TestVerifyingKeySerialization(t *testing.T) { vk.G1.K[i] = p1 } - vk.CommitmentKeys = []pedersen.VerifyingKey{} if withCommitment { vk.PublicAndCommitmentCommitted = test_utils.Random2DIntSlice(5, 10) // TODO: Use gopter randomization bases := make([][]curve.G1Affine, len(vk.PublicAndCommitmentCommitted)) From 4dea06ca241c5fbe9315ec6279cb2f4cc05793f0 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 22:02:23 +0000 Subject: [PATCH 06/14] fix: only allocate slice if has commitments --- .../template/zkpschemes/groth16/groth16.setup.go.tmpl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.setup.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.setup.go.tmpl index ae86a7c39..c184bb282 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.setup.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.setup.go.tmpl @@ -273,8 +273,10 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { if err != nil { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + if len(commitmentBases) > 0 { + pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) + vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + } for i := range commitmentBases { comPKey, comVKey, err := pedersen.Setup(commitmentBases[i:i+1], pedersen.WithG2Point(cG2)) if err != nil { From a83470df5f9767c8ed2a9bb29deeb5b1d988c95e Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 22:24:37 +0000 Subject: [PATCH 07/14] fix: do not allocate slice beforehand --- .../zkpschemes/groth16/groth16.marshal.go.tmpl | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl index fd923f8d5..c100051b6 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl @@ -353,14 +353,17 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) if err := dec.Decode(&nbCommitments); err != nil { return n + dec.BytesRead(), err } - - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - n2, err := pk.CommitmentKeys[i].ReadFrom(r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { return n, err } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return n + dec.BytesRead(), nil From 00a47063a252c615edd7a62ddd8eb0c18a796bab Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 22:25:04 +0000 Subject: [PATCH 08/14] fix: return correct number of read bytes --- .../backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl index c100051b6..cd7570c38 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl @@ -358,7 +358,7 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n, err + return n + dec.BytesRead(), err } pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) } From f51194549016a832b784206bd3e35234583cfc2f Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 22:27:28 +0000 Subject: [PATCH 09/14] chore: descriptive errors --- .../zkpschemes/groth16/groth16.marshal.go.tmpl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl index cd7570c38..e8d2c0bac 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl @@ -312,7 +312,7 @@ func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error) { func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) (int64, error) { n, err := pk.Domain.ReadFrom(r) if err != nil { - return n, err + return n, fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, decOptions...) @@ -336,29 +336,29 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read nbCommitments: %w", err) } for i := 0; i < int(nbCommitments); i++ { cpkey := pedersen.ProvingKey{} n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) } From b151c7a8dea0e82ee49a624b7a75ce284345356f Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 22:28:11 +0000 Subject: [PATCH 10/14] chore: go generate --- backend/groth16/bls12-377/marshal.go | 25 ++++++++++++++----------- backend/groth16/bls12-377/setup.go | 6 ++++-- backend/groth16/bls12-381/marshal.go | 25 ++++++++++++++----------- backend/groth16/bls12-381/setup.go | 6 ++++-- backend/groth16/bls24-315/marshal.go | 25 ++++++++++++++----------- backend/groth16/bls24-315/setup.go | 6 ++++-- backend/groth16/bls24-317/marshal.go | 25 ++++++++++++++----------- backend/groth16/bls24-317/setup.go | 6 ++++-- backend/groth16/bn254/marshal.go | 25 ++++++++++++++----------- backend/groth16/bn254/setup.go | 6 ++++-- backend/groth16/bw6-633/marshal.go | 25 ++++++++++++++----------- backend/groth16/bw6-633/setup.go | 6 ++++-- backend/groth16/bw6-761/marshal.go | 25 ++++++++++++++----------- backend/groth16/bw6-761/setup.go | 6 ++++-- 14 files changed, 126 insertions(+), 91 deletions(-) diff --git a/backend/groth16/bls12-377/marshal.go b/backend/groth16/bls12-377/marshal.go index d3516a03e..f4afac2d6 100644 --- a/backend/groth16/bls12-377/marshal.go +++ b/backend/groth16/bls12-377/marshal.go @@ -326,7 +326,7 @@ func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error) { func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) (int64, error) { n, err := pk.Domain.ReadFrom(r) if err != nil { - return n, err + return n, fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, decOptions...) @@ -350,31 +350,34 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read nbCommitments: %w", err) } - - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - n2, err := pk.CommitmentKeys[i].ReadFrom(r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n, err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bls12-377/setup.go b/backend/groth16/bls12-377/setup.go index 5b6b3af78..24efac699 100644 --- a/backend/groth16/bls12-377/setup.go +++ b/backend/groth16/bls12-377/setup.go @@ -291,8 +291,10 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { if err != nil { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + if len(commitmentBases) > 0 { + pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) + vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + } for i := range commitmentBases { comPKey, comVKey, err := pedersen.Setup(commitmentBases[i:i+1], pedersen.WithG2Point(cG2)) if err != nil { diff --git a/backend/groth16/bls12-381/marshal.go b/backend/groth16/bls12-381/marshal.go index 078a10d59..80024ecc6 100644 --- a/backend/groth16/bls12-381/marshal.go +++ b/backend/groth16/bls12-381/marshal.go @@ -326,7 +326,7 @@ func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error) { func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) (int64, error) { n, err := pk.Domain.ReadFrom(r) if err != nil { - return n, err + return n, fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, decOptions...) @@ -350,31 +350,34 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read nbCommitments: %w", err) } - - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - n2, err := pk.CommitmentKeys[i].ReadFrom(r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n, err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bls12-381/setup.go b/backend/groth16/bls12-381/setup.go index 5c2f198ff..bd0511a58 100644 --- a/backend/groth16/bls12-381/setup.go +++ b/backend/groth16/bls12-381/setup.go @@ -291,8 +291,10 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { if err != nil { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + if len(commitmentBases) > 0 { + pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) + vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + } for i := range commitmentBases { comPKey, comVKey, err := pedersen.Setup(commitmentBases[i:i+1], pedersen.WithG2Point(cG2)) if err != nil { diff --git a/backend/groth16/bls24-315/marshal.go b/backend/groth16/bls24-315/marshal.go index 535aa7a6d..9dd8be821 100644 --- a/backend/groth16/bls24-315/marshal.go +++ b/backend/groth16/bls24-315/marshal.go @@ -326,7 +326,7 @@ func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error) { func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) (int64, error) { n, err := pk.Domain.ReadFrom(r) if err != nil { - return n, err + return n, fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, decOptions...) @@ -350,31 +350,34 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read nbCommitments: %w", err) } - - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - n2, err := pk.CommitmentKeys[i].ReadFrom(r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n, err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bls24-315/setup.go b/backend/groth16/bls24-315/setup.go index 6b3f19399..7f8147b3c 100644 --- a/backend/groth16/bls24-315/setup.go +++ b/backend/groth16/bls24-315/setup.go @@ -291,8 +291,10 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { if err != nil { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + if len(commitmentBases) > 0 { + pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) + vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + } for i := range commitmentBases { comPKey, comVKey, err := pedersen.Setup(commitmentBases[i:i+1], pedersen.WithG2Point(cG2)) if err != nil { diff --git a/backend/groth16/bls24-317/marshal.go b/backend/groth16/bls24-317/marshal.go index c0f8fd340..df9802338 100644 --- a/backend/groth16/bls24-317/marshal.go +++ b/backend/groth16/bls24-317/marshal.go @@ -326,7 +326,7 @@ func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error) { func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) (int64, error) { n, err := pk.Domain.ReadFrom(r) if err != nil { - return n, err + return n, fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, decOptions...) @@ -350,31 +350,34 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read nbCommitments: %w", err) } - - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - n2, err := pk.CommitmentKeys[i].ReadFrom(r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n, err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bls24-317/setup.go b/backend/groth16/bls24-317/setup.go index 53628f4c5..c8db3321c 100644 --- a/backend/groth16/bls24-317/setup.go +++ b/backend/groth16/bls24-317/setup.go @@ -291,8 +291,10 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { if err != nil { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + if len(commitmentBases) > 0 { + pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) + vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + } for i := range commitmentBases { comPKey, comVKey, err := pedersen.Setup(commitmentBases[i:i+1], pedersen.WithG2Point(cG2)) if err != nil { diff --git a/backend/groth16/bn254/marshal.go b/backend/groth16/bn254/marshal.go index f3f83fb6d..07fd44edd 100644 --- a/backend/groth16/bn254/marshal.go +++ b/backend/groth16/bn254/marshal.go @@ -326,7 +326,7 @@ func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error) { func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) (int64, error) { n, err := pk.Domain.ReadFrom(r) if err != nil { - return n, err + return n, fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, decOptions...) @@ -350,31 +350,34 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read nbCommitments: %w", err) } - - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - n2, err := pk.CommitmentKeys[i].ReadFrom(r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n, err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bn254/setup.go b/backend/groth16/bn254/setup.go index 13ddcd61d..0af907355 100644 --- a/backend/groth16/bn254/setup.go +++ b/backend/groth16/bn254/setup.go @@ -291,8 +291,10 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { if err != nil { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + if len(commitmentBases) > 0 { + pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) + vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + } for i := range commitmentBases { comPKey, comVKey, err := pedersen.Setup(commitmentBases[i:i+1], pedersen.WithG2Point(cG2)) if err != nil { diff --git a/backend/groth16/bw6-633/marshal.go b/backend/groth16/bw6-633/marshal.go index 0393654ea..5bf461f28 100644 --- a/backend/groth16/bw6-633/marshal.go +++ b/backend/groth16/bw6-633/marshal.go @@ -326,7 +326,7 @@ func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error) { func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) (int64, error) { n, err := pk.Domain.ReadFrom(r) if err != nil { - return n, err + return n, fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, decOptions...) @@ -350,31 +350,34 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read nbCommitments: %w", err) } - - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - n2, err := pk.CommitmentKeys[i].ReadFrom(r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n, err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bw6-633/setup.go b/backend/groth16/bw6-633/setup.go index d26cd7c32..a569df46f 100644 --- a/backend/groth16/bw6-633/setup.go +++ b/backend/groth16/bw6-633/setup.go @@ -291,8 +291,10 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { if err != nil { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + if len(commitmentBases) > 0 { + pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) + vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + } for i := range commitmentBases { comPKey, comVKey, err := pedersen.Setup(commitmentBases[i:i+1], pedersen.WithG2Point(cG2)) if err != nil { diff --git a/backend/groth16/bw6-761/marshal.go b/backend/groth16/bw6-761/marshal.go index 6df327170..d51681963 100644 --- a/backend/groth16/bw6-761/marshal.go +++ b/backend/groth16/bw6-761/marshal.go @@ -326,7 +326,7 @@ func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error) { func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) (int64, error) { n, err := pk.Domain.ReadFrom(r) if err != nil { - return n, err + return n, fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, decOptions...) @@ -350,31 +350,34 @@ func (pk *ProvingKey) readFrom(r io.Reader, decOptions ...func(*curve.Decoder)) &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return n + dec.BytesRead(), err + return n + dec.BytesRead(), fmt.Errorf("read nbCommitments: %w", err) } - - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - n2, err := pk.CommitmentKeys[i].ReadFrom(r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + n2, err := cpkey.ReadFrom(r) n += n2 if err != nil { - return n, err + return n + dec.BytesRead(), fmt.Errorf("read commitment key %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return n + dec.BytesRead(), fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return n + dec.BytesRead(), nil diff --git a/backend/groth16/bw6-761/setup.go b/backend/groth16/bw6-761/setup.go index 0988613d3..aeb2483c1 100644 --- a/backend/groth16/bw6-761/setup.go +++ b/backend/groth16/bw6-761/setup.go @@ -291,8 +291,10 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { if err != nil { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) - vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + if len(commitmentBases) > 0 { + pk.CommitmentKeys = make([]pedersen.ProvingKey, len(commitmentBases)) + vk.CommitmentKeys = make([]pedersen.VerifyingKey, len(commitmentBases)) + } for i := range commitmentBases { comPKey, comVKey, err := pedersen.Setup(commitmentBases[i:i+1], pedersen.WithG2Point(cG2)) if err != nil { From 27642e9f0c42e6ee6b6a4c36bea963660b2d0b4b Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 22:49:38 +0000 Subject: [PATCH 11/14] fix: do not preallocate slice in readdump --- .../zkpschemes/groth16/groth16.marshal.go.tmpl | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl index e8d2c0bac..573f84afb 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl @@ -516,16 +516,20 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { return err } - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - pk.CommitmentKeys[i].Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + for i := 0; i < int(nbCommitments); i++{ + cpkey := pedersen.ProvingKey{} + cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { return err } - pk.CommitmentKeys[i].BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { return err } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return nil From 1a83d7b2ce1ddd056a76cf3ce5d5c5f7d17a17ca Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 23:01:52 +0000 Subject: [PATCH 12/14] chore: better errors in readDump --- .../groth16/groth16.marshal.go.tmpl | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl index 573f84afb..4a839d36b 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.marshal.go.tmpl @@ -447,11 +447,11 @@ func (pk *ProvingKey) WriteDump(w io.Writer) error { func (pk *ProvingKey) ReadDump(r io.Reader) error { // read the marker to fail early in case of malformed input if err := unsafe.ReadMarker(r); err != nil { - return err + return fmt.Errorf("read marker: %w", err) } if _, err := pk.Domain.ReadFrom(r); err != nil { - return err + return fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, curve.NoSubgroupChecks()) @@ -475,56 +475,56 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return err + return fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return err + return fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return err + return fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return err + return fmt.Errorf("read nbCommitments: %w", err) } // read slices of points var err error pk.G1.A, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.A: %w", err) } pk.G1.B, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.B: %w", err) } pk.G1.Z, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.Z: %w", err) } pk.G1.K, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.K: %w", err) } pk.G2.B, _, err = unsafe.ReadSlice[[]curve.G2Affine](r) if err != nil { - return err + return fmt.Errorf("read G2.B: %w", err) } for i := 0; i < int(nbCommitments); i++{ cpkey := pedersen.ProvingKey{} cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basis %d: %w", i, err) } cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basisExpSigma %d: %w", i, err) } pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) } From 227eb5226833d41942c77e92638ab38e7437b056 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 23:02:10 +0000 Subject: [PATCH 13/14] test: do not allocate in test if not commitments --- .../groth16/tests/groth16.marshal.go.tmpl | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl index 7cc284a5c..2e51218f0 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl @@ -160,17 +160,18 @@ func TestProvingKeySerialization(t *testing.T) { pk.InfinityB = make([]bool, nbWires) pk.InfinityA[2] = true - pedersenBasis := make([]curve.G1Affine, nbCommitment) - pedersenBases := make([][]curve.G1Affine, nbCommitment) - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitment) - for i := range pedersenBasis { - pedersenBasis[i] = p1 - pedersenBases[i] = pedersenBasis[:i+1] - } - { - var err error - pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) - require.NoError(t, err) + if nbCommitment > 0 { + pedersenBasis := make([]curve.G1Affine, nbCommitment) + pedersenBases := make([][]curve.G1Affine, nbCommitment) + for i := range pedersenBasis { + pedersenBasis[i] = p1 + pedersenBases[i] = pedersenBasis[:i+1] + } + { + var err error + pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) + require.NoError(t, err) + } } if err := io.RoundTripCheck(&pk, func() any {return new(ProvingKey)}); err != nil { From 55b06c28441fe4a3d8f9bb7d58a3f4ab35f23f3c Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 30 Oct 2024 23:02:51 +0000 Subject: [PATCH 14/14] chore: generate --- backend/groth16/bls12-377/marshal.go | 40 +++++++++++++---------- backend/groth16/bls12-377/marshal_test.go | 23 ++++++------- backend/groth16/bls12-381/marshal.go | 40 +++++++++++++---------- backend/groth16/bls12-381/marshal_test.go | 23 ++++++------- backend/groth16/bls24-315/marshal.go | 40 +++++++++++++---------- backend/groth16/bls24-315/marshal_test.go | 23 ++++++------- backend/groth16/bls24-317/marshal.go | 40 +++++++++++++---------- backend/groth16/bls24-317/marshal_test.go | 23 ++++++------- backend/groth16/bn254/marshal.go | 40 +++++++++++++---------- backend/groth16/bn254/marshal_test.go | 23 ++++++------- backend/groth16/bw6-633/marshal.go | 40 +++++++++++++---------- backend/groth16/bw6-633/marshal_test.go | 23 ++++++------- backend/groth16/bw6-761/marshal.go | 40 +++++++++++++---------- backend/groth16/bw6-761/marshal_test.go | 23 ++++++------- 14 files changed, 238 insertions(+), 203 deletions(-) diff --git a/backend/groth16/bls12-377/marshal.go b/backend/groth16/bls12-377/marshal.go index f4afac2d6..3d0d9ea30 100644 --- a/backend/groth16/bls12-377/marshal.go +++ b/backend/groth16/bls12-377/marshal.go @@ -460,11 +460,11 @@ func (pk *ProvingKey) WriteDump(w io.Writer) error { func (pk *ProvingKey) ReadDump(r io.Reader) error { // read the marker to fail early in case of malformed input if err := unsafe.ReadMarker(r); err != nil { - return err + return fmt.Errorf("read marker: %w", err) } if _, err := pk.Domain.ReadFrom(r); err != nil { - return err + return fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, curve.NoSubgroupChecks()) @@ -488,57 +488,61 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return err + return fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return err + return fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return err + return fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return err + return fmt.Errorf("read nbCommitments: %w", err) } // read slices of points var err error pk.G1.A, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.A: %w", err) } pk.G1.B, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.B: %w", err) } pk.G1.Z, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.Z: %w", err) } pk.G1.K, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.K: %w", err) } pk.G2.B, _, err = unsafe.ReadSlice[[]curve.G2Affine](r) if err != nil { - return err + return fmt.Errorf("read G2.B: %w", err) } - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - pk.CommitmentKeys[i].Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basis %d: %w", i, err) } - pk.CommitmentKeys[i].BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basisExpSigma %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return nil diff --git a/backend/groth16/bls12-377/marshal_test.go b/backend/groth16/bls12-377/marshal_test.go index 02eb97cc5..4ad4a8719 100644 --- a/backend/groth16/bls12-377/marshal_test.go +++ b/backend/groth16/bls12-377/marshal_test.go @@ -174,17 +174,18 @@ func TestProvingKeySerialization(t *testing.T) { pk.InfinityB = make([]bool, nbWires) pk.InfinityA[2] = true - pedersenBasis := make([]curve.G1Affine, nbCommitment) - pedersenBases := make([][]curve.G1Affine, nbCommitment) - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitment) - for i := range pedersenBasis { - pedersenBasis[i] = p1 - pedersenBases[i] = pedersenBasis[:i+1] - } - { - var err error - pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) - require.NoError(t, err) + if nbCommitment > 0 { + pedersenBasis := make([]curve.G1Affine, nbCommitment) + pedersenBases := make([][]curve.G1Affine, nbCommitment) + for i := range pedersenBasis { + pedersenBasis[i] = p1 + pedersenBases[i] = pedersenBasis[:i+1] + } + { + var err error + pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) + require.NoError(t, err) + } } if err := io.RoundTripCheck(&pk, func() any { return new(ProvingKey) }); err != nil { diff --git a/backend/groth16/bls12-381/marshal.go b/backend/groth16/bls12-381/marshal.go index 80024ecc6..57e0af99f 100644 --- a/backend/groth16/bls12-381/marshal.go +++ b/backend/groth16/bls12-381/marshal.go @@ -460,11 +460,11 @@ func (pk *ProvingKey) WriteDump(w io.Writer) error { func (pk *ProvingKey) ReadDump(r io.Reader) error { // read the marker to fail early in case of malformed input if err := unsafe.ReadMarker(r); err != nil { - return err + return fmt.Errorf("read marker: %w", err) } if _, err := pk.Domain.ReadFrom(r); err != nil { - return err + return fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, curve.NoSubgroupChecks()) @@ -488,57 +488,61 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return err + return fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return err + return fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return err + return fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return err + return fmt.Errorf("read nbCommitments: %w", err) } // read slices of points var err error pk.G1.A, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.A: %w", err) } pk.G1.B, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.B: %w", err) } pk.G1.Z, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.Z: %w", err) } pk.G1.K, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.K: %w", err) } pk.G2.B, _, err = unsafe.ReadSlice[[]curve.G2Affine](r) if err != nil { - return err + return fmt.Errorf("read G2.B: %w", err) } - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - pk.CommitmentKeys[i].Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basis %d: %w", i, err) } - pk.CommitmentKeys[i].BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basisExpSigma %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return nil diff --git a/backend/groth16/bls12-381/marshal_test.go b/backend/groth16/bls12-381/marshal_test.go index edb30277b..1f62e8465 100644 --- a/backend/groth16/bls12-381/marshal_test.go +++ b/backend/groth16/bls12-381/marshal_test.go @@ -174,17 +174,18 @@ func TestProvingKeySerialization(t *testing.T) { pk.InfinityB = make([]bool, nbWires) pk.InfinityA[2] = true - pedersenBasis := make([]curve.G1Affine, nbCommitment) - pedersenBases := make([][]curve.G1Affine, nbCommitment) - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitment) - for i := range pedersenBasis { - pedersenBasis[i] = p1 - pedersenBases[i] = pedersenBasis[:i+1] - } - { - var err error - pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) - require.NoError(t, err) + if nbCommitment > 0 { + pedersenBasis := make([]curve.G1Affine, nbCommitment) + pedersenBases := make([][]curve.G1Affine, nbCommitment) + for i := range pedersenBasis { + pedersenBasis[i] = p1 + pedersenBases[i] = pedersenBasis[:i+1] + } + { + var err error + pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) + require.NoError(t, err) + } } if err := io.RoundTripCheck(&pk, func() any { return new(ProvingKey) }); err != nil { diff --git a/backend/groth16/bls24-315/marshal.go b/backend/groth16/bls24-315/marshal.go index 9dd8be821..2684cca41 100644 --- a/backend/groth16/bls24-315/marshal.go +++ b/backend/groth16/bls24-315/marshal.go @@ -460,11 +460,11 @@ func (pk *ProvingKey) WriteDump(w io.Writer) error { func (pk *ProvingKey) ReadDump(r io.Reader) error { // read the marker to fail early in case of malformed input if err := unsafe.ReadMarker(r); err != nil { - return err + return fmt.Errorf("read marker: %w", err) } if _, err := pk.Domain.ReadFrom(r); err != nil { - return err + return fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, curve.NoSubgroupChecks()) @@ -488,57 +488,61 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return err + return fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return err + return fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return err + return fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return err + return fmt.Errorf("read nbCommitments: %w", err) } // read slices of points var err error pk.G1.A, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.A: %w", err) } pk.G1.B, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.B: %w", err) } pk.G1.Z, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.Z: %w", err) } pk.G1.K, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.K: %w", err) } pk.G2.B, _, err = unsafe.ReadSlice[[]curve.G2Affine](r) if err != nil { - return err + return fmt.Errorf("read G2.B: %w", err) } - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - pk.CommitmentKeys[i].Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basis %d: %w", i, err) } - pk.CommitmentKeys[i].BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basisExpSigma %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return nil diff --git a/backend/groth16/bls24-315/marshal_test.go b/backend/groth16/bls24-315/marshal_test.go index 80209b946..849c5f684 100644 --- a/backend/groth16/bls24-315/marshal_test.go +++ b/backend/groth16/bls24-315/marshal_test.go @@ -174,17 +174,18 @@ func TestProvingKeySerialization(t *testing.T) { pk.InfinityB = make([]bool, nbWires) pk.InfinityA[2] = true - pedersenBasis := make([]curve.G1Affine, nbCommitment) - pedersenBases := make([][]curve.G1Affine, nbCommitment) - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitment) - for i := range pedersenBasis { - pedersenBasis[i] = p1 - pedersenBases[i] = pedersenBasis[:i+1] - } - { - var err error - pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) - require.NoError(t, err) + if nbCommitment > 0 { + pedersenBasis := make([]curve.G1Affine, nbCommitment) + pedersenBases := make([][]curve.G1Affine, nbCommitment) + for i := range pedersenBasis { + pedersenBasis[i] = p1 + pedersenBases[i] = pedersenBasis[:i+1] + } + { + var err error + pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) + require.NoError(t, err) + } } if err := io.RoundTripCheck(&pk, func() any { return new(ProvingKey) }); err != nil { diff --git a/backend/groth16/bls24-317/marshal.go b/backend/groth16/bls24-317/marshal.go index df9802338..d322edd46 100644 --- a/backend/groth16/bls24-317/marshal.go +++ b/backend/groth16/bls24-317/marshal.go @@ -460,11 +460,11 @@ func (pk *ProvingKey) WriteDump(w io.Writer) error { func (pk *ProvingKey) ReadDump(r io.Reader) error { // read the marker to fail early in case of malformed input if err := unsafe.ReadMarker(r); err != nil { - return err + return fmt.Errorf("read marker: %w", err) } if _, err := pk.Domain.ReadFrom(r); err != nil { - return err + return fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, curve.NoSubgroupChecks()) @@ -488,57 +488,61 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return err + return fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return err + return fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return err + return fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return err + return fmt.Errorf("read nbCommitments: %w", err) } // read slices of points var err error pk.G1.A, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.A: %w", err) } pk.G1.B, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.B: %w", err) } pk.G1.Z, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.Z: %w", err) } pk.G1.K, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.K: %w", err) } pk.G2.B, _, err = unsafe.ReadSlice[[]curve.G2Affine](r) if err != nil { - return err + return fmt.Errorf("read G2.B: %w", err) } - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - pk.CommitmentKeys[i].Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basis %d: %w", i, err) } - pk.CommitmentKeys[i].BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basisExpSigma %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return nil diff --git a/backend/groth16/bls24-317/marshal_test.go b/backend/groth16/bls24-317/marshal_test.go index d5b5d3e7a..092b3beb4 100644 --- a/backend/groth16/bls24-317/marshal_test.go +++ b/backend/groth16/bls24-317/marshal_test.go @@ -174,17 +174,18 @@ func TestProvingKeySerialization(t *testing.T) { pk.InfinityB = make([]bool, nbWires) pk.InfinityA[2] = true - pedersenBasis := make([]curve.G1Affine, nbCommitment) - pedersenBases := make([][]curve.G1Affine, nbCommitment) - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitment) - for i := range pedersenBasis { - pedersenBasis[i] = p1 - pedersenBases[i] = pedersenBasis[:i+1] - } - { - var err error - pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) - require.NoError(t, err) + if nbCommitment > 0 { + pedersenBasis := make([]curve.G1Affine, nbCommitment) + pedersenBases := make([][]curve.G1Affine, nbCommitment) + for i := range pedersenBasis { + pedersenBasis[i] = p1 + pedersenBases[i] = pedersenBasis[:i+1] + } + { + var err error + pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) + require.NoError(t, err) + } } if err := io.RoundTripCheck(&pk, func() any { return new(ProvingKey) }); err != nil { diff --git a/backend/groth16/bn254/marshal.go b/backend/groth16/bn254/marshal.go index 07fd44edd..5005269eb 100644 --- a/backend/groth16/bn254/marshal.go +++ b/backend/groth16/bn254/marshal.go @@ -460,11 +460,11 @@ func (pk *ProvingKey) WriteDump(w io.Writer) error { func (pk *ProvingKey) ReadDump(r io.Reader) error { // read the marker to fail early in case of malformed input if err := unsafe.ReadMarker(r); err != nil { - return err + return fmt.Errorf("read marker: %w", err) } if _, err := pk.Domain.ReadFrom(r); err != nil { - return err + return fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, curve.NoSubgroupChecks()) @@ -488,57 +488,61 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return err + return fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return err + return fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return err + return fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return err + return fmt.Errorf("read nbCommitments: %w", err) } // read slices of points var err error pk.G1.A, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.A: %w", err) } pk.G1.B, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.B: %w", err) } pk.G1.Z, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.Z: %w", err) } pk.G1.K, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.K: %w", err) } pk.G2.B, _, err = unsafe.ReadSlice[[]curve.G2Affine](r) if err != nil { - return err + return fmt.Errorf("read G2.B: %w", err) } - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - pk.CommitmentKeys[i].Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basis %d: %w", i, err) } - pk.CommitmentKeys[i].BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basisExpSigma %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return nil diff --git a/backend/groth16/bn254/marshal_test.go b/backend/groth16/bn254/marshal_test.go index be51a46ba..65ded1d4b 100644 --- a/backend/groth16/bn254/marshal_test.go +++ b/backend/groth16/bn254/marshal_test.go @@ -174,17 +174,18 @@ func TestProvingKeySerialization(t *testing.T) { pk.InfinityB = make([]bool, nbWires) pk.InfinityA[2] = true - pedersenBasis := make([]curve.G1Affine, nbCommitment) - pedersenBases := make([][]curve.G1Affine, nbCommitment) - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitment) - for i := range pedersenBasis { - pedersenBasis[i] = p1 - pedersenBases[i] = pedersenBasis[:i+1] - } - { - var err error - pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) - require.NoError(t, err) + if nbCommitment > 0 { + pedersenBasis := make([]curve.G1Affine, nbCommitment) + pedersenBases := make([][]curve.G1Affine, nbCommitment) + for i := range pedersenBasis { + pedersenBasis[i] = p1 + pedersenBases[i] = pedersenBasis[:i+1] + } + { + var err error + pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) + require.NoError(t, err) + } } if err := io.RoundTripCheck(&pk, func() any { return new(ProvingKey) }); err != nil { diff --git a/backend/groth16/bw6-633/marshal.go b/backend/groth16/bw6-633/marshal.go index 5bf461f28..48b6ff149 100644 --- a/backend/groth16/bw6-633/marshal.go +++ b/backend/groth16/bw6-633/marshal.go @@ -460,11 +460,11 @@ func (pk *ProvingKey) WriteDump(w io.Writer) error { func (pk *ProvingKey) ReadDump(r io.Reader) error { // read the marker to fail early in case of malformed input if err := unsafe.ReadMarker(r); err != nil { - return err + return fmt.Errorf("read marker: %w", err) } if _, err := pk.Domain.ReadFrom(r); err != nil { - return err + return fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, curve.NoSubgroupChecks()) @@ -488,57 +488,61 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return err + return fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return err + return fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return err + return fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return err + return fmt.Errorf("read nbCommitments: %w", err) } // read slices of points var err error pk.G1.A, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.A: %w", err) } pk.G1.B, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.B: %w", err) } pk.G1.Z, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.Z: %w", err) } pk.G1.K, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.K: %w", err) } pk.G2.B, _, err = unsafe.ReadSlice[[]curve.G2Affine](r) if err != nil { - return err + return fmt.Errorf("read G2.B: %w", err) } - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - pk.CommitmentKeys[i].Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basis %d: %w", i, err) } - pk.CommitmentKeys[i].BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basisExpSigma %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return nil diff --git a/backend/groth16/bw6-633/marshal_test.go b/backend/groth16/bw6-633/marshal_test.go index 72710154b..e85f3eefc 100644 --- a/backend/groth16/bw6-633/marshal_test.go +++ b/backend/groth16/bw6-633/marshal_test.go @@ -174,17 +174,18 @@ func TestProvingKeySerialization(t *testing.T) { pk.InfinityB = make([]bool, nbWires) pk.InfinityA[2] = true - pedersenBasis := make([]curve.G1Affine, nbCommitment) - pedersenBases := make([][]curve.G1Affine, nbCommitment) - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitment) - for i := range pedersenBasis { - pedersenBasis[i] = p1 - pedersenBases[i] = pedersenBasis[:i+1] - } - { - var err error - pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) - require.NoError(t, err) + if nbCommitment > 0 { + pedersenBasis := make([]curve.G1Affine, nbCommitment) + pedersenBases := make([][]curve.G1Affine, nbCommitment) + for i := range pedersenBasis { + pedersenBasis[i] = p1 + pedersenBases[i] = pedersenBasis[:i+1] + } + { + var err error + pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) + require.NoError(t, err) + } } if err := io.RoundTripCheck(&pk, func() any { return new(ProvingKey) }); err != nil { diff --git a/backend/groth16/bw6-761/marshal.go b/backend/groth16/bw6-761/marshal.go index d51681963..4aebb1deb 100644 --- a/backend/groth16/bw6-761/marshal.go +++ b/backend/groth16/bw6-761/marshal.go @@ -460,11 +460,11 @@ func (pk *ProvingKey) WriteDump(w io.Writer) error { func (pk *ProvingKey) ReadDump(r io.Reader) error { // read the marker to fail early in case of malformed input if err := unsafe.ReadMarker(r); err != nil { - return err + return fmt.Errorf("read marker: %w", err) } if _, err := pk.Domain.ReadFrom(r); err != nil { - return err + return fmt.Errorf("read domain: %w", err) } dec := curve.NewDecoder(r, curve.NoSubgroupChecks()) @@ -488,57 +488,61 @@ func (pk *ProvingKey) ReadDump(r io.Reader) error { &pk.NbInfinityB, } - for _, v := range toDecode { + for i, v := range toDecode { if err := dec.Decode(v); err != nil { - return err + return fmt.Errorf("read field %d: %w", i, err) } } pk.InfinityA = make([]bool, nbWires) pk.InfinityB = make([]bool, nbWires) if err := dec.Decode(&pk.InfinityA); err != nil { - return err + return fmt.Errorf("read InfinityA: %w", err) } if err := dec.Decode(&pk.InfinityB); err != nil { - return err + return fmt.Errorf("read InfinityB: %w", err) } if err := dec.Decode(&nbCommitments); err != nil { - return err + return fmt.Errorf("read nbCommitments: %w", err) } // read slices of points var err error pk.G1.A, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.A: %w", err) } pk.G1.B, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.B: %w", err) } pk.G1.Z, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.Z: %w", err) } pk.G1.K, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read G1.K: %w", err) } pk.G2.B, _, err = unsafe.ReadSlice[[]curve.G2Affine](r) if err != nil { - return err + return fmt.Errorf("read G2.B: %w", err) } - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitments) - for i := range pk.CommitmentKeys { - pk.CommitmentKeys[i].Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + for i := 0; i < int(nbCommitments); i++ { + cpkey := pedersen.ProvingKey{} + cpkey.Basis, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basis %d: %w", i, err) } - pk.CommitmentKeys[i].BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) + cpkey.BasisExpSigma, _, err = unsafe.ReadSlice[[]curve.G1Affine](r) if err != nil { - return err + return fmt.Errorf("read commitment basisExpSigma %d: %w", i, err) } + pk.CommitmentKeys = append(pk.CommitmentKeys, cpkey) + } + if len(pk.CommitmentKeys) != int(nbCommitments) { + return fmt.Errorf("invalid number of commitment keys. Expected %d got %d", nbCommitments, len(pk.CommitmentKeys)) } return nil diff --git a/backend/groth16/bw6-761/marshal_test.go b/backend/groth16/bw6-761/marshal_test.go index d4bb3d35b..36e299d5c 100644 --- a/backend/groth16/bw6-761/marshal_test.go +++ b/backend/groth16/bw6-761/marshal_test.go @@ -174,17 +174,18 @@ func TestProvingKeySerialization(t *testing.T) { pk.InfinityB = make([]bool, nbWires) pk.InfinityA[2] = true - pedersenBasis := make([]curve.G1Affine, nbCommitment) - pedersenBases := make([][]curve.G1Affine, nbCommitment) - pk.CommitmentKeys = make([]pedersen.ProvingKey, nbCommitment) - for i := range pedersenBasis { - pedersenBasis[i] = p1 - pedersenBases[i] = pedersenBasis[:i+1] - } - { - var err error - pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) - require.NoError(t, err) + if nbCommitment > 0 { + pedersenBasis := make([]curve.G1Affine, nbCommitment) + pedersenBases := make([][]curve.G1Affine, nbCommitment) + for i := range pedersenBasis { + pedersenBasis[i] = p1 + pedersenBases[i] = pedersenBasis[:i+1] + } + { + var err error + pk.CommitmentKeys, _, err = pedersen.Setup(pedersenBases) + require.NoError(t, err) + } } if err := io.RoundTripCheck(&pk, func() any { return new(ProvingKey) }); err != nil {