Create assertions for non-strict comparison. (#1)

* Import merkle tree package to fix tests. * Fix minor grammatical errors. * Add comparison constraint for non-strict case. The assert does not produce a constraint, it just stops witness generation. So an adversarial prover could remove the assert line and generate an invalid proof that the verifier would accept. Also, simplify the sourceValue === claimedValue line by removing the IsZero circuit. * Prevent overlow of comparator range * Fix overflow check. Was passing a single signal to compconstant where it required a 254 bit binary decomposition. * Revert "Import merkle tree package to fix tests." This reverts commit c5ac5ac. * Simplify overflow check.
sismo-core · Jun 23, 2022 · cd73902 · cd73902
1 parent 7037594
commit cd73902
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 7 deletions.
diff --git a/circuits/common/verify-hydra-commitment.circom b/circuits/common/verify-hydra-commitment.circom
@@ -14,7 +14,7 @@ template VerifyHydraCommitment() {
   signal input commitmentMapperPubKey[2];
   signal input commitmentReceipt[3];
 
-  // Verify that the user have the right commitment secret
+  // Verify that the user has the right commitment secret
   // This is a Proof Of Commitment Ownership
   component commitment = Poseidon(1);
   commitment.inputs[0] <== secret;

diff --git a/circuits/common/verify-merkle-path.circom b/circuits/common/verify-merkle-path.circom
@@ -18,7 +18,7 @@ template PositionSwitcher() {
 }
 
 
-// Verifies that merkle path is correct for given merkle root and a leaf
+// Verifies that merkle path is correct for a given merkle root and leaf
 // pathIndices input is an array of 0/1 selectors telling whether given 
 // pathElement is on the left or right side of merkle path
 template VerifyMerklePath(levels) {

diff --git a/circuits/hydra-s1.circom b/circuits/hydra-s1.circom
@@ -1,9 +1,12 @@
 pragma circom 2.0.0;
 
+include "../node_modules/circomlib/circuits/compconstant.circom";
+include "../node_modules/circomlib/circuits/comparators.circom";
 include "../node_modules/circomlib/circuits/poseidon.circom";
 include "../node_modules/circomlib/circuits/bitify.circom";
 include "../node_modules/circomlib/circuits/mux1.circom";
 include "../node_modules/circomlib/circuits/babyjub.circom";
+
 include "./common/verify-merkle-path.circom";
 include "./common/verify-hydra-commitment.circom";
 
@@ -94,13 +97,19 @@ template hydraS1(registryTreeHeight, accountsTreeHeight) {
   }
 
   // Verify claimed value validity
+  // Prevent overflow of comparator range
+  component sourceInRange = Num2Bits(252);
+  sourceInRange.in <== sourceValue;
+  component claimedInRange = Num2Bits(252);
+  claimedInRange.in <== claimedValue;
+  // 0 <= claimedValue <= sourceValue
+  component leq = LessEqThan(252);
+  leq.in[0] <== claimedValue;
+  leq.in[1] <== sourceValue;
+  leq.out === 1;
   // If isStrict == 1 then claimedValue == sourceValue
-  // If isStrict == 0 then 0 <= claimedValue <= sourceValue
-  assert(claimedValue<=sourceValue);
   0 === (isStrict-1)*isStrict;
-  component iszero = IsZero();
-  iszero.in <== isStrict;
-  sourceValue === claimedValue+((sourceValue-claimedValue)*iszero.out);
+  sourceValue === sourceValue+((claimedValue-sourceValue)*isStrict);
 
   // Verify the userTicket is valid
   // compute the sourceSecretHash using the hash of the sourceSecret