Fix: edge cases in the Karabina cyclotomic square decompression #868

yelhousni · 2023-10-17T17:20:53Z

Description

Fixes #858

TODO:

Emulated BW6-671
Native BLS12-377
Native BLS24-315

Type of change

Bug fix (non-breaking change which fixes an issue)

How has this been tested?

The multi-pairing computation e(P,Q)*e(-P,Q) returns 1. In this case the g3 == g2 == 0 edge case is triggered. The function PairingCheck() and corresponding test were added to emulated bw6-761 and 2-chains.

How has this been benchmarked?

1 pairing	BW6-761	BLS12-377	BLS24-315
R1CS	2,764,966	11,842	29,033
SCS	28,191,311	52,843	14,1870

The edge case fix introduces some constraints counting regression.

Checklist:

I have performed a self-review of my code
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have added tests that prove my fix is effective or that my feature works
I did not modify files generated from templates
golangci-lint does not output errors locally
New and existing unit tests pass locally with my changes
Any dependent changes have been merged and published in downstream modules

github-actions · 2023-10-17T17:24:43Z

📦 github.com/consensys/gnark/internal/stats
❌ TestCircuitStatistics 5.53s

❌ TestCircuitStatistics/pairing_bls12377/bw6_761/groth16 660ms

    stats_test.go:44: 
        	Error Trace:	/home/runner/work/gnark/gnark/internal/stats/stats_test.go:44
        	Error:      	unexpected stats count
        	Test:       	TestCircuitStatistics/pairing_bls12377/bw6_761/groth16
        	Messages:   	expected nbConstraints: 11570, nbInternalWires: 11570 (reference), got nbConstraints: 10920, nbInternalWires: 10840. pairing_bls12377 - groth16 - bw6_761

❌ TestCircuitStatistics/pairing_bls12377/bw6_761/plonk 170ms

    stats_test.go:44: 
        	Error Trace:	/home/runner/work/gnark/gnark/internal/stats/stats_test.go:44
        	Error:      	unexpected stats count
        	Test:       	TestCircuitStatistics/pairing_bls12377/bw6_761/plonk
        	Messages:   	expected nbConstraints: 52371, nbInternalWires: 52371 (reference), got nbConstraints: 48587, nbInternalWires: 48507. pairing_bls12377 - plonk - bw6_761

❌ TestCircuitStatistics/pairing_bls12377/bw6_761/plonkFRI 130ms

    stats_test.go:44: 
        	Error Trace:	/home/runner/work/gnark/gnark/internal/stats/stats_test.go:44
        	Error:      	unexpected stats count
        	Test:       	TestCircuitStatistics/pairing_bls12377/bw6_761/plonkFRI
        	Messages:   	expected nbConstraints: 52371, nbInternalWires: 52371 (reference), got nbConstraints: 48587, nbInternalWires: 48507. pairing_bls12377 - plonkFRI - bw6_761

📦 github.com/consensys/gnark/std/algebra/native/fields_bls12377
❌ TestExpFixedExpoFp12 10ms

❌ TestExpFixedExpoFp12/bw6_761 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 184909269003686133834341529556281141591155036527951209168783223395148680004358951120617467172878460811797522879500 == 70967034724043155285157668488213175502316040982013731324071722145516834416133965079471651394907343436349415094866
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:574
        	            	fields_bls12377.(*fp12FixedExpo).Define
        	            		e12_test.go:385
        	            	
        	            	witness:{"A":{"C0":{"B0":{"A0":"184909269003686133834341529556281141591155036527951209168783223395148680004358951120617467172878460811797522879500","A1":"252362111679834027792938604723566816482916737448949229215297642681412939635706377870387908937478462261770993981259"},"B1":{"A0":"183416055451936470263699867485710659179511564611092752466773724584786510622123698722703689852975693654088254371386","A1":"18536113093420553449478631626173890599592511657299776953617810084541244119058692297564821262983139326826570418453"},"B2":{"A0":"64835498928582587865836772829004310003252241857748085463211841006491042263473806722709371871812971242417281083333","A1":"179457173387373462078904989221275399031589646995134636701431574888912008968375087560846035349006297347826276420111"}},"C1":{"B0":{"A0":"225946834058592760515881600720532984254535659331138341102566436739194908749877887884930265286222017536258625056276","A1":"201268550324704869065962075363581640278832605286770434133295998414093661727366558218768800
958645943224570302938920"},"B1":{"A0":"148385516290888831861837281506085348322352410954981846481196666735928170865737929295475778472429394003259278497556","A1":"172549749469125985191494854775636859173502599487505276770612919360559475565041551960678006952368811981138360684692"},"B2":{"A0":"2643074056458308681365327166236142811654627957217592894801991520428073250550154758915982379870198462431149892262","A1":"166390393251022268552430446593779699033156264349099505544470393124902598159827688266437512821435436054641110598064"}}},"C":{"C0":{"B0":{"A0":"70967034724043155285157668488213175502316040982013731324071722145516834416133965079471651394907343436349415094866","A1":"14492341339040313773116834478496214361586999447787864245028443748981913230819230680550658245047656206332369058533"},"B1":{"A0":"200013273155800447898719895154588398850255307092712893075699292300446813908096567306005711751109586485339720686783","A1":"19794264179677054216408085295219707880513948803334542628331797378422495361223799636861765951330482759
497188280304"},"B2":{"A0":"126989691415147927221561264989858364568586645570893099071778229246166009301622983358379743802395370535029148581802","A1":"249212686923757683908455217872950912155072974389618775753340957238895473553059522986084253937152896056777451457063"}},"C1":{"B0":{"A0":"89417189577498407534580755325406748306397989023389478775771348350755705535411366183707041845995151405017081430861","A1":"173273292856254725559048557274927899567078833805010606460504027485417506738259480399186127799656497358863674625401"},"B1":{"A0":"228290617142744742913667425219873030891270276043703179208048933979327540761017152096837614642009132495923992397748","A1":"95183751870851431385664250058250319263883123819472663706147134095052334127341053844181316935949673537729729049823"},"B2":{"A0":"230235226481708973890855020648134980019451355763357345214752671492021817253415960267161572262447928841176585558098","A1":"204140011376882629718825299137427780187855204188937244083259701574744094458407212438181111702047805270895372566714"}}
}}
        	Test:       	TestExpFixedExpoFp12/bw6_761

❌ TestFp12CyclotomicSquareCompressed 0s

❌ TestFp12CyclotomicSquareCompressed/bw6_761 0s

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 104116063703682330365231559663545929381210084058672404506520031768670958249347680130082759945457008179147862462733 == 1
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:574
        	            	fields_bls12377.(*fp12CycloSquareCompressed).Define
        	            		e12_test.go:212
        	            	
        	            	witness:{"A":{"C0":{"B0":{"A0":"13754603327723585643481021309947559231145884300560378620576279490435020607858851006108720372911168056008142071646","A1":"169411991631542959893360783608096301573958537414875400835943699034713436406447992272205639045074170826300695528589"},"B1":{"A0":"237795380536327775147868365422742053020507493074605515421395379223268602955687635752331679256000755469001989121523","A1":"179066815663423665747632716323299795598688833410087841278633508537614722970777826341001543726346493115971855637567"},"B2":{"A0":"243108331338241682654231123834870423904404874810760675477890500532072259673008467439087005975097379200662117416653","A1":"148865336539105252914902051754634643893502795857180611252798475268055572919960218304748307280481139157186627649083"}},"C1":{"B0":{"A0":"35740588401016730058266524629576931161490222280616669304630364665003288326675428491989054911540758287149204707127","A1":"459087406596119985878754461377050450860553412447376990334809228786415216933672338224934138
38982916197126563415328"},"B1":{"A0":"218089662919197074512294307365663801114361457888023564038496804291020391416565260061353876602269898981529702867115","A1":"106027589047985127567814482137406823366120766829045624037564008020587422299617468539529723698544917431064945634768"},"B2":{"A0":"125136270961179612364931696559701627548286323699989573763877609878948620685702205732878802530419182935648573691269","A1":"220403057010594104399404856505723312076122881482678320233894890527818911193181256107939244106982851106136773369138"}}},"B":{"C0":{"B0":{"A0":"104116063703682330365231559663545929381210084058672404506520031768670958249347680130082759945457008179147862462733","A1":"68176575176322630679280292302294785177487060969818281279996249957599886145849898740593503367810779162194615242925"},"B1":{"A0":"161439317759926376482833372899474671658522672515473255926954248569691201858945770267702699507669424532989582530202","A1":"220822987208130212346575051527987211523460051145528962882361148604656894340275113950524379980678133
07766534051362"},"B2":{"A0":"59186961882167590196819611951815540068839606985769492750251396145395002707957588858956498225799142002275541919044","A1":"32830109559986570241123734609217959096521523608448220084345435714172287416324467036960470527385815468033442571458"}},"C1":{"B0":{"A0":"71600896046631762517523056045013309021112514839441956128407409409009160428461290896586745817586674163653893417401","A1":"90633618826325188551717547599361742138850799561805004699826787251168406861389171085041670301455088899864820040304"},"B1":{"A0":"196492580748714568813499918997636554357074091480419754476285563179821325473611812290839492600671892862641815848261","A1":"248850265723122811003555327894836965921769821562349826555283301333723992862033725949893061778235398846889969069631"},"B2":{"A0":"63495843570038751470732169942553780811092186281448547094878336337261793220991663291368310306268411857758815815004","A1":"776515825761225428067174610584599367960196386363171754345407958780547491828114833446559296880240585011606784007"}}}}
        	Test:       	TestFp12CyclotomicSquareCompressed/bw6_761

🚧 TestFrobeniusFp12 0s

    e12_test.go:303: @yelhousni restore

🚧 TestMulByFp2Fp6 0s

    e6_test.go:220: missing e6.MulByE2

🚧 TestMulByNonResidueFp2 0s

    e2_test.go:247: missing e2.MulByNonSquare

📦 github.com/consensys/gnark/std/algebra/native/sw_bls12377
❌ TestFinalExp 10ms

❌ TestFinalExp/bw6_761 10ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 201945352062882390573867211355637078307155706882974244628856075848948214910782477265968930012716031702469547123451 == 110083230830723987109655696820214910916273706674572586634856969551308702305356658303775506237961573154771378344140
        	            	sw_bls12377.mustbeEq
        	            		pairing_test.go:230
        	            	sw_bls12377.(*finalExp).Define
        	            		pairing_test.go:40
        	            	
        	            	witness:{"ML":{"C0":{"B0":{"A0":"165683976457670154566794432598049659405832432568954166779650695071730459601697470829594640214140545543777837697841","A1":"53138497929763186528168436889381576054336883934797811407863584481883792594843861345352009565413600979970887386233"},"B1":{"A0":"83354983065928260636696663125126772919012914404520454249981249301193869160810865197697190260857781194458620364968","A1":"29814273072263850051096537456253507687188308804393650687885874955273160298062448290831006283886337903204955713065"},"B2":{"A0":"85099054634972462099812555669907504888350316795027882455428343935349701957133324632304504274153567697664891488325","A1":"229963488306269255260959283100805972042820444742060777187986486653255451901232712472585251414766824180736102711518"}},"C1":{"B0":{"A0":"150504815573184277162492565508291016270667413289406090846282210491232649872821596065401419306255743012865856059290","A1":"2238363487666835790654667748085967232094641323231818991313080469378393527155979441493812210
55470085408602065098621"},"B1":{"A0":"169588752705398336462209549143995808658517734814110552029411970577255882958311353651107588938307369389330481568743","A1":"208827036000650280807641219675061725841797254525384726854398060568397954933522806572734537201305992605826112789092"},"B2":{"A0":"36032785054151049600333938976003162629248213421173499982193118907523716345595772190083253292290227049563813232699","A1":"256666019755545309453512557482672000052980324049661056766757768035660437732828380191889642568780292510260908097588"}}}}
        	Test:       	TestFinalExp/bw6_761

❌ TestPairingBLS377 70ms

❌ TestPairingBLS377/bw6_761 70ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 201945352062882390573867211355637078307155706882974244628856075848948214910782477265968930012716031702469547123451 == 110083230830723987109655696820214910916273706674572586634856969551308702305356658303775506237961573154771378344140
        	            	sw_bls12377.mustbeEq
        	            		pairing_test.go:230
        	            	sw_bls12377.(*pairingBLS377).Define
        	            		pairing_test.go:69
        	            	
        	            	witness:{"P":{"X":"81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695","Y":"241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030"},"Q":{"X":{"A0":"233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294","A1":"140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118"},"Y":{"A0":"63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423","A1":"149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491"}}}
        	Test:       	TestPairingBLS377/bw6_761

❌ TestPairingFixedBLS377 50ms

❌ TestPairingFixedBLS377/bw6_761 50ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 201945352062882390573867211355637078307155706882974244628856075848948214910782477265968930012716031702469547123451 == 110083230830723987109655696820214910916273706674572586634856969551308702305356658303775506237961573154771378344140
        	            	sw_bls12377.mustbeEq
        	            		pairing_test.go:230
        	            	sw_bls12377.(*pairingFixedBLS377).Define
        	            		pairing_test.go:138
        	            	
        	            	witness:{"P":{"X":"81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695","Y":"241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030"}}
        	Test:       	TestPairingFixedBLS377/bw6_761

❌ TestTriplePairingBLS377 120ms

❌ TestTriplePairingBLS377/bw6_761 110ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 149812693994735144267477364770485130685038123470882297510938074752355285397202541516680219467916009511851544900195 == 240814050158349486061777451681249145875699651541212374485581578995008001188591327885751482956234244681652268475495
        	            	sw_bls12377.mustbeEq
        	            		pairing_test.go:230
        	            	sw_bls12377.(*triplePairingBLS377).Define
        	            		pairing_test.go:102
        	            	
        	            	witness:{"P1":{"X":"81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695","Y":"241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030"},"P2":{"X":"248776458280412046396442148200376128465053532695369294118003645862935010887966473827468894571677027755590890435968","Y":"44686645175103446724593386428212278929452205290013955492748962143729865557380388555977817171961429787183736713089"},"P3":{"X":"51074201094171461498106364851624049719568819291007346795812600702098861812351486612750954534722011458655237930738","Y":"184378535944371129336770566736017652483497301351174254790043192159809914705534911863562984187994657004308104047623"},"Q1":{"X":{"A0":"233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294","A1":"14091315038020735583747765252104215727454179689105306858914716762754165177529982460415485214131566635724155606
9118"},"Y":{"A0":"63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423","A1":"149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491"}},"Q2":{"X":{"A0":"44207334933189800188631667881792939527905254895957592598858487131121545349274912766512755361222745689006841826679","A1":"85069674711209190296830204644500485231888785480271986176288651436543608566575028738100014483950441673700721973452"},"Y":{"A0":"131441239334936754775202653186342464770617808563497798988910868796628888304601894968494546678880059554174525062699","A1":"130221776016039832247468051633003084189184764526671765385765040026027373339978395458023872867243737797427077144045"}},"Q3":{"X":{"A0":"241729850081982570102424808559324104649277289427814382422880553363280710971921488823217996669604641125009541435867","A1":"72905286705939005517996889045420358416963374067297056029648087923956927923705160803629987093114838197386711363658"},"Y":{"A
0":"231901275279526773464184414773669280257795288614142602588202085153585490156680159057185828731194104489635002627193","A1":"29136292387530525070995957313028962990569134362711613987189592077089073685816665602353298525185493968322029092540"}}}
        	Test:       	TestTriplePairingBLS377/bw6_761

📦 github.com/consensys/gnark/std/commitments/kzg
❌ Example_native 8.02s

panic: proving failed: constraint #17315 is not satisfied: 1 ⋅ 121248054135284713470073718360052743969142615617568914210828750265545826729578381112160105791671462176349219901345 != 1 [recovered]
	panic: proving failed: constraint #17315 is not satisfied: 1 ⋅ 121248054135284713470073718360052743969142615617568914210828750265545826729578381112160105791671462176349219901345 != 1

goroutine 1 [running]:
testing.(*InternalExample).processRunResult(0xc038a41bd8, {0x0, 0x0}, 0xc0237f2000?, 0x0, {0xdf4ca0, 0xc000696010})
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/example.go:95 +0x645
testing.runExample.func2()
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/run_example.go:59 +0x11a
panic({0xdf4ca0?, 0xc000696010?})
	/opt/hostedtoolcache/go/1.21.1/x64/src/runtime/panic.go:914 +0x21f
github.com/consensys/gnark/std/commitments/kzg_test.Example_native()
	/home/runner/work/gnark/gnark/std/commitments/kzg/native_doc_test.go:121 +0x81c
testing.runExample({{0xf2ffde, 0xe}, 0xfa9710, {0xf2cb43, 0x5}, 0x0})
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/run_example.go:63 +0x2cd
testing.runExamples(0xc038a41d98, {0x1628680?, 0x2, 0x5?})
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/example.go:44 +0x171
testing.(*M).Run(0xc0001a5180)
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/testing.go:1927 +0x6e6
main.main()
	_testmain.go:61 +0x19c

❌ TestKZGVerificationTwoChain 40ms

❌ TestKZGVerificationTwoChain/bw6_761 40ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 83632114170593162252135583286888980342683043067939145610936931025854373904470283537533980016445953690667184016791 == 1
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:574
        	            	sw_bls12377.(*Pairing).PairingCheck
        	            		pairing2.go:157
        	            	kzg.(*Verifier[...]).AssertProof
        	            		verifier.go:228
        	            	kzg.(*KZGVerificationCircuit[...]).Define
        	            		verifier_test.go:51
        	            	
        	            	witness:schema is inconsistent with Witness
        	Test:       	TestKZGVerificationTwoChain/bw6_761

📦 github.com/consensys/gnark/std/recursion/groth16
❌ Example_native 8.35s

panic: proving failed: constraint #19140 is not satisfied: 1 ⋅ 154165226229233081799129937101640966028252233431224627318238218811492480082441247243166958035015548717305617302250 != 53295542252659487879863579284799419611709276513441866697308971618195026823180545218155000713705442616806516955723 [recovered]
	panic: proving failed: constraint #19140 is not satisfied: 1 ⋅ 154165226229233081799129937101640966028252233431224627318238218811492480082441247243166958035015548717305617302250 != 53295542252659487879863579284799419611709276513441866697308971618195026823180545218155000713705442616806516955723

goroutine 1 [running]:
testing.(*InternalExample).processRunResult(0xc03ff49bd8, {0x0, 0x0}, 0x0?, 0x0, {0xe0b0a0, 0xc000452d30})
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/example.go:95 +0x645
testing.runExample.func2()
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/run_example.go:59 +0x11a
panic({0xe0b0a0?, 0xc000452d30?})
	/opt/hostedtoolcache/go/1.21.1/x64/src/runtime/panic.go:914 +0x21f
github.com/consensys/gnark/std/recursion/groth16_test.Example_native()
	/home/runner/work/gnark/gnark/std/recursion/groth16/native_doc_test.go:79 +0x6b4
testing.runExample({{0xf46eb4, 0xe}, 0xfc0718, {0xf43a27, 0x5}, 0x0})
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/run_example.go:63 +0x2cd
testing.runExamples(0xc03ff49d98, {0x1648700?, 0x2, 0x5?})
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/example.go:44 +0x171
testing.(*M).Run(0xc0001b3180)
	/opt/hostedtoolcache/go/1.21.1/x64/src/testing/testing.go:1927 +0x6e6
main.main()
	_testmain.go:61 +0x19c

❌ TestBLS12InBW6 50ms

❌ TestBLS12InBW6/bw6_761 40ms

    assert.go:200: 
        	Error Trace:	/home/runner/work/gnark/gnark/test/assert.go:200
        	            				/home/runner/work/gnark/gnark/test/assert_checkcircuit.go:50
        	            				/home/runner/work/gnark/gnark/test/assert.go:66
        	Error:      	[assertIsEqual] 193084594708030344063978371343814922099163845957448815034777516223510288044455346065863695480075624152544123406282 == 63420999972811571950138964074080621547046389627340038166120490505348090683080992948317511766977473750813575074516
        	            	fields_bls12377.(*E2).AssertIsEqual
        	            		e2.go:237
        	            	fields_bls12377.(*E6).AssertIsEqual
        	            		e6.go:299
        	            	fields_bls12377.(*E12).AssertIsEqual
        	            		e12.go:574
        	            	sw_bls12377.(*Pairing).AssertIsEqual
        	            		pairing2.go:163
        	            	groth16.(*Verifier[...]).AssertProof
        	            		verifier.go:301
        	            	groth16.(*OuterCircuit[...]).Define
        	            		verifier_test.go:126
        	            	
        	            	witness:{"Proof":{"Ar":{"X":"87907820362791620939388706858281391390898568467201138417646098350618440471439585752392642204505761782409444174536","Y":"123858083402764950145703010364311018933728785313980315090226184012208206889857460388993210330347724074412655147742"},"Krs":{"X":"70321460212866787330442490910012290209985988933283676271792418922557856753483526850082997905345692766812573167770","Y":"236375315346794144707949963231217623327364176027017379599331985259068687939565724480258283838913841240447766307849"},"Bs":{"X":{"A0":"212012463672708010599404902167730214162172903438529099529249758015276601596530394972151382767281614795773379102424","A1":"151984100281593726975648152476534098184558746399071684801527392886112236465852133478025876015898620932799468749857"},"Y":{"A0":"173350164528628423359053914134830944426522751222155278782958297181635474220273716127008436428760801514478609132316","A1":"10776737530455714643656104976814883803960356266995513540065138419836117091759360911562911844035943
3918581020879183"}}},"VerifyingKey":{"E":{"C0":{"B0":{"A0":"63420999972811571950138964074080621547046389627340038166120490505348090683080992948317511766977473750813575074516","A1":"24231403661106644155876150654817030638318799544621762797091895423786833495142719724868767637472516096255895428871"},"B1":{"A0":"96000007275961074605512726703543471005391140030264216047530693455841708836145895551669934784817397802719696576055","A1":"114366970857377191911256155077128202556188950410444888527878022190509397673147077969147579725870307009705506094613"},"B2":{"A0":"218989512265427937715079789781053690328407827808938468978456653480195024173153415533024045731501586172889380683824","A1":"205301993334134941921911324396015253070955455239219538810289907303835058573933088768949315838695106547804287385480"}},"C1":{"B0":{"A0":"146402138664674471530005998869985805890049286783258445804050987972103521509008399845161603460256441103830369363300","A1":"8643018757972870752531125173339291640290366162946479845942267260327018122581790799162
6721056633659439975161327911"},"B1":{"A0":"53013186997304067576209768590545704804566685950157637280958468236823098980673077919996187987391166147788394660267","A1":"40052397960939682849887403978393846110570032100954041569183489632017091492270007250576245371721802688886707042593"},"B2":{"A0":"32800091798441076001745939512578113395110798637122357473322765907519001933282040336562177272110038940048806783978","A1":"64185498713917468065266578998640342928998053927711648231446317202430067823239906416370086996778622466175870639442"}}},"G1":{"K":[{"X":"121449917371808894621859513531871822285023330666415591895835796649866011468393527912095201139895674635697046014880","Y":"213592727966441128780943005628699275329900354473968059731389858728747878104570446496789688300614159917888025149450"},{"X":"59483560687634734373663186303102546762991937699221521951539324988983977259637519600998965437829442312857020247997","Y":"1612579886347244699959702508893235985231278226828474455148404360795394652743082069605813313791261148785205586816
35"}]},"G2":{"GammaNeg":{"X":{"A0":"149088525179186918513345291707018163221185833651310074912893120215030570413749926748102957806580921275775796907479","A1":"189313876927847715603609621039645128975158554853012179882388513912599457777695613712180088624715961051535933493887"},"Y":{"A0":"72297426920032341803165050172008188917919162425096683622671394427726365056765279335855691154675127498630877686749","A1":"117703529227944583067862016044173696464755387691271302504426267315561663969788680599747432874547452121068244009501"}},"DeltaNeg":{"X":{"A0":"204609103313733705318980584827578852980659495468204078945605397555730398813282952114032308163906022086749549207868","A1":"103226401098368155215649042958505415867486127200503084994850381405531317618724446544734232437671624922083863569877"},"Y":{"A0":"101841358093665958436940645525333567262626600977997583981082725308405303085254265968930078885616843614819464074775","A1":"85362232545137597636172872687638220991962723381414608517721792782797349508328232658236566885354051934564
40880821"}}}},"InnerWitness":{"Public":[15]}}
        	Test:       	TestBLS12InBW6/bw6_761

ivokub

I'm not sure if g4=0 is relevant for two-chains. But otherwise looks good.

std/algebra/native/fields_bls24315/e24.go

std/algebra/native/fields_bls12377/e12.go

yelhousni · 2023-10-18T13:45:54Z

I'm not sure if g4=0 is relevant for two-chains. But otherwise looks good.

It is covered implicitly to save some constraints. When g3==g2==0 we should return 1 but we do nothing because the result, in 2-chains, happen to be 1 implicitly. First, g4 is set to 0 because g4=e.C1.B1.DivUnchecked(api, t[0], t[1]) uses E2 Inverse which is a fp.Element Inverse which returns conventionally 0 when denominator is 0. Then the remaining computation returns E * (2 * g4² + g3 * g5 - 3 * g2 * g1) + 1 which is exactly 1 because g2==g3==g4==0. We cannot do the same implicit trick in emulated BW6-761 because there the hinted division uses big.Int ModInverse. There is a comment explaining this here:

gnark/std/algebra/native/fields_bls12377/e12.go

Line 295 in baaf4ba

// if g2 == g3 == 0 we do nothing as DivUnchecked sets g4 to 0

ivokub · 2023-10-18T13:48:54Z

I'm not sure if g4=0 is relevant for two-chains. But otherwise looks good.

It is covered implicitly to save some constraints. When g3==g2==0 we should return 1 but we do nothing because the result, in 2-chains, happen to be 1 implicitly. First, g4 is set to 0 because g4=e.C1.B1.DivUnchecked(api, t[0], t[1]) uses E2 Inverse which is a fp.Element Inverse which returns conventionally 0 when denominator is 0. Then the remaining computation returns E * (2 * g4² + g3 * g5 - 3 * g2 * g1) + 1 which is exactly 1 because g2==g3==g4==0. We cannot do the same implicit trick in emulated BW6-761 because there the hinted division uses big.Int ModInverse. There is a comment explaining this here:

gnark/std/algebra/native/fields_bls12377/e12.go

Line 295 in baaf4ba

// if g2 == g3 == 0 we do nothing as DivUnchecked sets g4 to 0

Makes sense!

yelhousni added 2 commits October 17, 2023 12:36

fix(bw6): DecompressKarabina edge cases

0584eab

fix(2-chain/bls12): DecompressKarabina edge cases

1ecf7d7

yelhousni added the bug Something isn't working label Oct 17, 2023

yelhousni requested a review from ivokub October 17, 2023 17:20

yelhousni self-assigned this Oct 17, 2023

yelhousni marked this pull request as draft October 17, 2023 20:16

yelhousni added 2 commits October 17, 2023 16:49

fix(2-chain/bls24): DecompressKarabina edge cases

227d229

fix: update latest.stats

baaf4ba

yelhousni marked this pull request as ready for review October 17, 2023 21:06

ivokub approved these changes Oct 17, 2023

View reviewed changes

std/algebra/native/fields_bls24315/e24.go Show resolved Hide resolved

std/algebra/native/fields_bls12377/e12.go Show resolved Hide resolved

yelhousni merged commit 275d4e9 into master Oct 18, 2023
7 checks passed

yelhousni deleted the fix/decompressKarabina branch October 18, 2023 13:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix: edge cases in the Karabina cyclotomic square decompression #868

Fix: edge cases in the Karabina cyclotomic square decompression #868

yelhousni commented Oct 17, 2023 •

edited

github-actions bot commented Oct 17, 2023

ivokub left a comment

yelhousni commented Oct 18, 2023 •

edited

ivokub commented Oct 18, 2023

Fix: edge cases in the Karabina cyclotomic square decompression #868

Fix: edge cases in the Karabina cyclotomic square decompression #868

Conversation

yelhousni commented Oct 17, 2023 • edited

Description

Type of change

How has this been tested?

How has this been benchmarked?

Checklist:

github-actions bot commented Oct 17, 2023

ivokub left a comment

Choose a reason for hiding this comment

yelhousni commented Oct 18, 2023 • edited

ivokub commented Oct 18, 2023

yelhousni commented Oct 17, 2023 •

edited

yelhousni commented Oct 18, 2023 •

edited