and ran the corresponding test test_hyperplonk_e2e, with the result _verify in line 716 being true. In my understanding, the permutation check shouldn't pass and we should have the result as false. I guess there might be vulnerability in the batch opening part of HyperPlonkSNARK::verify. Please let me know if I made any mistake here. Looking forward to your reply.
Hi @zhenfeizhang , this does seem to be a bad permutation given that the witness is w1 := [0, 1, 2, 3] and w2 := [0^5, 1^5, 2^5, 3^5]. Do you have time to take a look? Thanks!
I substituted the 673 line in
hyperplonk/src/snark.rs
withand ran the corresponding test
test_hyperplonk_e2e
, with the result_verify
in line 716 being true. In my understanding, the permutation check shouldn't pass and we should have the result as false. I guess there might be vulnerability in the batch opening part ofHyperPlonkSNARK::verify
. Please let me know if I made any mistake here. Looking forward to your reply.