-
Notifications
You must be signed in to change notification settings - Fork 314
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: remove challenge seed from NI-PoRep SnarkPack transcript #1755
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -352,6 +352,8 @@ pub fn seal_commit_phase1<T: AsRef<Path>, Tree: 'static + MerkleTreeTrait>( | |
prover_id: ProverId, | ||
sector_id: SectorId, | ||
ticket: Ticket, | ||
// Note: when using NI-PoRep the PoRep challenge generation seed is ignored, thus any value can | ||
// be passed in here for `seed`. | ||
seed: Ticket, | ||
pre_commit: SealPreCommitOutput, | ||
piece_infos: &[PieceInfo], | ||
|
@@ -740,13 +742,22 @@ pub fn aggregate_seal_commit_proofs<Tree: 'static + MerkleTreeTrait>( | |
// If we're not at the pow2 target, duplicate the last proof until we are. | ||
pad_proofs_to_target(&mut proofs, target_proofs_len)?; | ||
|
||
// Hash all of the seeds and comm_r's pair-wise into a digest for the aggregate proof method. | ||
// For standard PoRep, the SnarkPack transcript should include a hash of each aggregated PoRep's | ||
// challenge seed and comm_r (pair-wise); however since NI-PoRep does not use a seed to generate | ||
// it's challenges, any challenge seeds provided as arguments to this function should be ignored | ||
// (and thus not be included in an NI-PoRep's SnarkPack transcript). | ||
let hashed_seeds_and_comm_rs: [u8; 32] = { | ||
let mut hasher = Sha256::new(); | ||
for cur in seeds.iter().zip(comm_rs.iter()) { | ||
let (seed, comm_r) = cur; | ||
hasher.update(seed); | ||
hasher.update(comm_r); | ||
if porep_config.feature_enabled(ApiFeature::NonInteractivePoRep) { | ||
for comm_r in comm_rs.iter() { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think for Non-interactive PoRep, it's always only a single There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, I wasn't totally sure what to do here. The way that it's currently written leaves open the possibility of aggregating multiple NI-PoReps into a single SnarkPack proof, however I don't know if that behavior should be allowed. |
||
hasher.update(comm_r); | ||
} | ||
} else { | ||
for cur in seeds.iter().zip(comm_rs.iter()) { | ||
let (seed, comm_r) = cur; | ||
hasher.update(seed); | ||
hasher.update(comm_r); | ||
} | ||
} | ||
hasher.finalize().into() | ||
}; | ||
|
@@ -834,13 +845,21 @@ pub fn verify_aggregate_seal_commit_proofs<Tree: 'static + MerkleTreeTrait>( | |
let srs_verifier_key = | ||
get_stacked_srs_verifier_key::<Tree>(porep_config, aggregated_proofs_len)?; | ||
|
||
// Hash all of the seeds and comm_r's pair-wise into a digest for the aggregate proof method. | ||
// For standard PoRep, the SnarkPack transcript should include a hash of each aggregated PoRep's | ||
// challenge seed and comm_r (pair-wise); however NI-PoRep's transcript should only include | ||
// comm_r (as NI-PoRep does not use a seed to generate its challenges). | ||
let hashed_seeds_and_comm_rs: [u8; 32] = { | ||
let mut hasher = Sha256::new(); | ||
for cur in seeds.iter().zip(comm_rs.iter()) { | ||
let (seed, comm_r) = cur; | ||
hasher.update(seed); | ||
hasher.update(comm_r); | ||
if porep_config.feature_enabled(ApiFeature::NonInteractivePoRep) { | ||
for comm_r in comm_rs.iter() { | ||
hasher.update(comm_r); | ||
} | ||
} else { | ||
for cur in seeds.iter().zip(comm_rs.iter()) { | ||
let (seed, comm_r) = cur; | ||
hasher.update(seed); | ||
hasher.update(comm_r); | ||
} | ||
} | ||
hasher.finalize().into() | ||
}; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a note (feel free to ignore). I know we don't really use API docs here (their building is even broken). Though it could make sense to put it into the top of the function (or another note there) as a doc comment, in case we ever properly generate those.