error handing for `verify()` functions

EspressoSystems / jellyfish

A Rust Implementation of the PLONK ZKP System and Extensions

https://jellyfish.docs.espressosys.com

MIT License

408 stars 106 forks source link

error handing for `verify()` functions #569

Open mrain opened 7 months ago

mrain commented 7 months ago

A lot of verification functions (e.g. in signature, commitment, merkle tree, etc) are returning a wrapped Result<VerificationResult, Error> that provides some detailed information about internal error. This could lead to a side-channel attack.

We should simply return a bool or Result<(), ()> which indicated whether the verification is successful, and nothing else. Detailed internal error shouldn't only be provided in debug mode.

mahmudsudo commented 6 months ago

can i take on this ?

mrain commented 5 months ago

can i take on this ?

Thanks for volunteering. However, we need an internal meeting to make some design decisions. Thus we'll take care by our own.

mahmudsudo commented 5 months ago

Can I contribute to another issue then ?