Try   HackMD

circom-bigint audit

Goals

  • Security focused review of circom-bigint library.
  • Deliver an audit report at the end.
  • Establish a reference for Circom focused audits.
  • Veridise working on its formal verification.

What is bigint?

  • All operations are in
    Fp     where
    p     is a prime.
  • All numbers are integers in
    [0,p)     (signals).
  • We need the capability to work with bigger numbers, hence bigint library.
  • A "bigint" number is represented as an array of
    k     signals, each of which has
    n     bits.
  • Basically, a
    k     digit number in base
    2n    .

Updates

Interesting findings

  • Need to document circuit templates.
  • Need to document assumptions on input size.
  • One constraint optimization in BigSubModP.

Next meeting milestone

Freeze bigint.circom.

  • Create a new branch with documented code.
  • Create github issues for bigint.circom, and move on to bigint_4x64_mult.circom.
Last changed by 
blockdev
0
581

Read more

Identifying if secret has to be explicitly constrained to 251 bits

we want a secret that is in range [r, 2^253-1] since BabyPbk constrains secret to 253 bits.

Apr 16, 2024
Just Enough Elliptic Curve for Ethereum

The goal of this post is to get through just enough theory to understand the key generation process in Ethereum.

Apr 1, 2024
Tips for secure circom

View the slide with "Slide Mode".

Feb 4, 2024
Read more from blockdev
Published on HackMD