search

lambdaclass / zksync_era_precompiles

Yul precompile library to speedup elliptic curves operations.
Apache License 2.0
51 stars 19 forks source link

G2 subgroup check is mandatory #252

Closed IAvecilla closed 6 months ago

IAvecilla commented 7 months ago

Context: EcPairing.yul#L1634

Description:

The G2 point inputs to the precompile must be checked if on the curve E(F_p^2) but also if in the G2 subgroup.

This is required by the specification of the EIP-197 and implemented in common EVMs (geth, revm, evmone, besu).

The ecpairing_fuzz_invalid_g2_subgroup test from lambdaclass/zksync_era_precompiles#234 should fail in case the subgroup check is missing in the implementation.

Recommendation:

Keep the G2 subgroup check in the implementation.

zkSync:

Spearbit:

IAvecilla commented 6 months ago

We merged #234 that contained the new tests, now we can asure that several tests will fail if subgroup check is removed.