Constrain bits after max len to be 0

zkemail / zk-regex

A library to do regex verification in circom, adapted from the original zk-email. It additionally generates lookup tables for halo2-regex.

GNU General Public License v3.0

79 stars 27 forks source link

Constrain bits after max len to be 0 #54

Open Divide-By-0 opened 9 months ago

Divide-By-0 commented 9 months ago

Fix this line: https://github.com/zkemail/zk-email-verify/blob/03cf8c66472ce3ac177a0089c56c0e78481d3391/packages/circuits/helpers/extract.circom#L114

    // Note that this technically doesn't constrain the rest øf the bits after the max_substr_len to be 0/unmatched/unrevealed
    // Because of the constraints on signed inputs, it seems this should be OK security wise
    // But still, TODO unconstrained assert to double check they are 0
    for (var i = 0; i < max_substr_len; i++) {
        packer.in[i] <== shifter.out[i];
    }
    for (var i = 0; i < max_substr_len_packed; i++) {
        out[i] <== packer.out[i];
    }

brolag commented 3 months ago

Hi @Divide-By-0,

I would like to work on this issue. To ensure that the bits after themax_substr_len are constrained to zero, I propose the following solution:

Add Assertion: Introduce an assertion after the loops to ensure that all bits beyond max_substr_len are zero.
Code Modification: Modify the extract.circom file to include this check. Here’s how we can achieve this:

    for (var i = max_substr_len; i < in_array_len; i++) {
        assert(in[i] == 0, "Bit out of range must be 0");
    }