Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potentially overconstrained leaf balances #14

Open
kiseln opened this issue Feb 28, 2024 · 0 comments
Open

Potentially overconstrained leaf balances #14

kiseln opened this issue Feb 28, 2024 · 0 comments

Comments

@kiseln
Copy link
Collaborator

kiseln commented Feb 28, 2024

Describe the bug
There is a range check constraint performed on the leaf node balances of the user that's requesting Proof of Inclusion.
This may be redundant because falsifying these balances will change the hash of the leaf node which is a public input to the circuit.

Additional context
Range check is used in the summa circuit to guard against overflow errors. Malicious prover can artificially increase user balances as well as fill the MST with fake balances to create overflow on the way of calculating the root. This way the prover can underreport liabilities in the MST.

Range check is required for most of the balances in the MST circuit. However, it may be redundant for user's leaf balances. https://github.com/zBlock-2/summa-solvency-diffie/blob/master/zk_prover/src/circuits/merkle_sum_tree.rs#L351

Hash of the leaf node is exposed as a public input of the circuit. User that requests proof of inclusion needs to validate that this public hash equals to hash(user_name, [user_balances]). Therefore if malicious prover tries to modify user balances to a value outside of the range check it will also affect the hash calculations. User will see that the hash doesn't match meaning their balances (or username) has been meddled with. User will not accept such proof.

Impact
Removing the range check on the user's leaf node may slightly increase performance while not weakening security of the circuit,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant