circom-bigint audit

Goals

• Security focused review of circom-bigint library.
• Deliver an audit report at the end.
• Establish a reference for Circom focused audits.
• Veridise working on its formal verification.

What is bigint?

• All operations are in
  ${\mathbb{F}}_p$ where
  $p$ is a prime.
• All numbers are integers in
  $[0,p)$ (signals).
• We need the capability to work with bigger numbers, hence bigint library.
• A "bigint" number is represented as an array of
  $k$ signals, each of which has
  $n$ bits.
• Basically, a
  $k$ digit number in base
  $2^n$.

Updates

• https://github.com/0xbok/circom-bigint
• Each file is a separate PR where we leave comments as we review. Follow along.
• Create github issues for each finding, combine them in a report.
• Currently reviewing bigint.circom.

Interesting findings

• Need to document circuit templates.
• Need to document assumptions on input size.
• One constraint optimization in BigSubModP.

Next meeting milestone

Freeze bigint.circom.

• Create a new branch with documented code.
• Create github issues for bigint.circom, and move on to bigint_4x64_mult.circom.