search

noir-lang / noir

Noir is a domain specific language for zero knowledge proofs
https://noir-lang.org
Apache License 2.0
822 stars 177 forks source link

`PedersenCommitment` blackbox function should allow the point at infinity as an output #5196

Open TomAFrench opened 4 weeks ago

TomAFrench commented 4 weeks ago

Consider the code:

 let pedersen_commitment_to_zero = std::hash::pedersen_commitment([0]);
println(pedersen_commitment_to_zero);

executing this code gets the panic

% nargo execute   ~/noir/test_programs/execution_success/pedersen_check gd/issue_4931 + tom-box
The application panicked (crashed).
Message:  should not commit to point at infinity
Location: acvm-repo/bn254_blackbox_solver/src/lib.rs:48

This is because we assume that the pedersen commitment returns a point which lies on the curve https://github.com/noir-lang/noir/blob/070d7e71d6587679721437dd5b996478bd17ed85/acvm-repo/bn254_blackbox_solver/src/lib.rs#L47-L50

We should update this blackbox function so it has 3 return witnesses so that we can represent the point at infinity.

guipublic commented 3 weeks ago

This is resolved by #5221