alxiong
commented
1 month ago we didn't really use it in plonk verifier, but as a library, we will implement the suggestion.
Closed philippecamacho closed 1 month ago
alxiong
commented
1 month ago we didn't really use it in plonk verifier, but as a library, we will implement the suggestion.
Affected Code: BN254.sol (line 331) Summary: As the field order is smaller than $2^{256}$, there are multiple valid representations of the same field element. Traditionally, the smallest non-negative integer is used as the canonical representation. The
g1Deserializefunction currently does not validate whether the x-coordinate is canonical. For example, both $1$ and $1 + fieldOrder$ are deserialized to the same point $(1, 2)$. This can lead to unexpected behavior for higher-level applications that rely on the library for the uniqueness of deserialize operation. Suggestion: We suggest that the function reverts if the x-coordinate is not canonical. Status: Pending