verify passes when it should fail

[mattcollier]

Here's the result in CI: https://ci.digitalbazaar.com/job/equihash/6/console

The test is here: https://github.com/digitalbazaar/equihash/blob/implementation/test/test.js#L75-L99

The issue can be produced with a variety of strings that are not properly Base64 encoded.

[msporny]

Wow, that's all sorts of bad. I'll look into it when I get some spare cycles.

[msporny]

I've implemented a temporary "fix" that requires inputs be the proper length (at least 128 bytes in length). That said, I have my doubts that the implementation is valid and we should check the solutions this library creates with solutions from other libraries.

[mattcollier]

@msporny I was doing work in other test suites and discovered this:
https://ci.digitalbazaar.com/job/bedrock-ledger-validator-equihash/6/

I have found that if I roll back the latest commit in this module that the test will pass again.

[msporny]

There are two more issues with the Equihash implementation we're using that MUST be fixed before production:

1. Inputs less than k in size automatically pass.
2. Inputs with repeating hashes (e.g. 1, 2, 3, 42, 42, 5) automatically pass.

These bugs exist because the implementation doesn't implement some parts of the Equihash paper.

[dlongley]

The solution size can be computed based on the parameters n and k; we should have a sanity check in the verify function that enforces the proper size before doing any other work to check the solution.

Other implementations address repeating hashes via a function that checks for distinct hash values for every index of the solution (i.e. equihash solution verification calls for every element in the solution to be combined with the input to produce a hash; these hashes should all be unique and ordered lexicographically).