crypto-primitives icon indicating copy to clipboard operation
crypto-primitives copied to clipboard
verified publisher icon arkworks-rs

Pedersen CRH and Commitment always fails

Open rozbb opened this issue 3 years ago • 1 comments

There's a check that's done in the constraints impl of Pedersen CRH and commitment that appears here and here. It asserts that padded_input.len() * 8 == W::WINDOW_SIZE * W::NUM_WINDOWS.

In most windows, however, this check fails and the program panics. The problem is that you cannot always pad bytes to a specific bitlength. In particular, if W::WINDOW_SIZE * W::NUM_WINDOWS is not divisible by 8, then Pedersen computations are guaranteed to fail every time.

This isn't a PR bc I'm not sure the best way to fix this. Currently my hacky workaround is to just pick NUM_WINDOWS = 8, but that makes things multiple times slower in the benchmarks for my current project.

rozbb avatar Feb 06 '22 06:02 rozbb

Actually here's a simple solution: rather than padding the input bytes, pad the input bits. The bits conversion is done anyway in both instances, so this is 0 overhead. I can make a PR for this

rozbb avatar Feb 15 '22 16:02 rozbb