Inconsistent gate ordering #797
Comments
moCello
added a commit
that referenced
this issue
Dec 18, 2023
This PR also renames output wire from `c` to `o` internally to remove confusion with `q_c`, the constant wire selector. Resolves #797
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Within the proof system, variables are not always listed in the same order. One place where this could lead to a problem is in the arithmetic proving and verifying keys. The arithmetic prover key has “q_c before q_4”, unlike the arithmetic verifier key struct which stores “q_4 before q_c”, and strangely the verifier key serialization stores “q_c before q_4”.
The arithmetic verifier key does correctly swap q_c and q_4 in from_bytes, so there are no bugs present currently. However, swapping the order throughout the codebase is very unexpected and may lead to bugs in the future.
Recommendation: pick one ordering and stick to it throughout the library. In particular, please serialize things in the same order they are stored in the struct.
Relevant Context
Finding 2 of the audit.
The text was updated successfully, but these errors were encountered: