maci icon indicating copy to clipboard operation
maci copied to clipboard

Published 20 hours ago verified publisher icon privacy-scaling-explorations

Ciphertext elements generated by encrypt() can be larger than the field size

Open weijiekoh opened this issue 2 years ago • 1 comments

This branch demonstrates the issue:

https://github.com/privacy-scaling-explorations/maci/compare/master...weijiekoh:maci:issue/ciphertext-size?expand=1#diff-c594eb0d370b319c8d21098d9c1a73f5e6b3a98895588dff46120ed9298b7e28

More often than not, the test should fail with the message The ciphertext should be smaller than the snark field size.

The reason is as such:

encrypt() in maci-crypto with large enough plaintexts can lead to ciphertexts that exceed the prime field. See:

https://github.com/privacy-scaling-explorations/maci/blob/master/crypto/ts/index.ts#L256

    const ciphertext: Ciphertext = {
        iv,
        data: plaintext.map((e: BigInt, i: number): BigInt => {
            return e + mimc7.hash(
                sharedKey,
                iv + BigInt(i),
            )
        }),
    }

I'm not sure how this issue bubbles up the stack and whether it's resolved at a higher level. Thanks @cryptopapi997 for raising this issue in the iden3 Telegram group!

weijiekoh avatar Oct 31 '22 08:10 weijiekoh

This is most likely related to issue #460 as well. Ensuring the correctness here between the two implementations would probably squash this.

corydickson avatar Nov 29 '22 19:11 corydickson

in v1 we are using poseidon Encryption, thus I believe this can be closed as v0.x is not supported anymore.

ctrlc03 avatar Nov 17 '23 09:11 ctrlc03