search

privacy-scaling-explorations / zk-kit

A monorepo of reusable libraries for zero-knowledge technologies.
https://zkkit.pse.dev
MIT License
295 stars 80 forks source link

Restrict types of `message` in eddsa-poseidon's `signMessage` #230

Open artwyman opened 8 months ago

artwyman commented 8 months ago

Describe the improvement you're thinking about

This issue is conceptually similar to #188, now applied to the message argument to eddsa-poseidon's signMessage rather than the private key. This argument is typed as BigNumberish and the docs don't say anything special about how it's interpreted. The message of the underlying Poseidon algorithm is expected to be a single field element (bigint mod r).

The checkMessage function used to check this input allows arbitrary strings. If a string is valid decimal or hex, it'll be converted to a bigint as digits. Otherwise it'll be converted to a Buffer as raw bytes. This works so long as the string isn't more than 32 characters. If it's longer, it'll trigger an exception later from leBigIntToBuffer which uses a size argument.

This might be intended to be a convenience feature for signing string messages. If so, it would need to be more clearly documented. I think the size limitation and the potential for confusion about whether a small string should be treated as digits or bytes suggests it would be better to remove this case and reject string inputs which can't be interpreted as stringified bigints.

Additional context I came across this when writing tests for handling of bad inputs in the Zupass repo. I passed a string expecting a TypeError and was surprised to get no exception. I've added my own type check to avoid the potential confusion here, so I'm not blocked by this issue.

f3r10 commented 3 months ago

hi @cedoor could I take this issue? I am part of the PSE 2024 core program

cedoor commented 3 months ago

@f3r10 sure! Is there enough information?

f3r10 commented 3 months ago

@f3r10 sure! Is there enough information?

thanks @cedoor. for now, I think I understand the issue. I will let you know if something is missing.

f3r10 commented 3 months ago

@cedoor the only type supported for the message parameter should be bitint or bigint | number | Buffer | Uint8Array?

cedoor commented 3 months ago

@cedoor the only type supported for the message parameter should be bitint or bigint | number | Buffer | Uint8Array?

message is limited to 32 bytes and is converted to bigint internally, so one simple option (which would make it more consistent with the other types) would be to have BigNumber imo. In case we need to add documentation to explain how devs can convert text or buffers to bigint tho (should happen rarely).

Tagging @artwyman here. Wdyt?

f3r10 commented 3 months ago

oh ok, using a BigNumber I created an additional unit test with

        const message = Buffer.from(crypto.getRandomValues(31))

with 31 as an example, the test passes but with 34 the test fails. Would be that ok?

cedoor commented 2 months ago

Would be that ok?

Yes, please make sure to update/add tests to check the correct type. BigNumber is either bigint or string (string must still be a stringified bigint).

f3r10 commented 2 months ago

hi! @cedoor I just opened a PR about this issue, please let me know if that would be ok or if something else has to be done.