Mux1.circom doesn't check that selector is either 0 or 1

iden3 / circomlib

Library of basic circuits for circom

601 stars 209 forks source link

Mux1.circom doesn't check that selector is either 0 or 1 #24

Open poma opened 4 years ago

poma commented 4 years ago

In circomlib/circuits/mux1.circom it is possible to specify an input that is not equal 0 or 1 and get an arbitrary output instead of one of inputs. The following check should be added at line 24:

s * (1 - s) === 0

Possibly other multiplexer implementations are also affected

HarryR commented 4 years ago

This would also work:

s*s === s

khovratovich commented 4 years ago

This might be suboptimal because a caller may already have input of proper type (for example, output of num2bits), and an extra constraint will increase the complexity for nothing.

poma commented 4 years ago

if the constraint is the same as in num2bits, the optimizer will remove it as duplicate