Skip to content

Commit 9882425

Browse files
lucasxia01Rumata888
lucasxia01
authored and
Rumata888
committed
Fixing tests and bugs triggered by the Origin Tags Security Mechanism
1 parent 1dadb08 commit 9882425

File tree

15 files changed

+204
-41
lines changed

15 files changed

+204
-41
lines changed

barretenberg/cpp/origin_tag_checks_notes.txt

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
Notes:
2+
3+
ShplonkRecursionTest: from_witness in test
4+
FAILED (http://ci.aztec-labs.com/6336ebb85d71106d): barretenberg/cpp/scripts/run_test.sh commitment_schemes_recursion_tests ShplonkRecursionTest/0.Simple (1s) (code: 1)
5+
FAILED (http://ci.aztec-labs.com/26c1ac9af2220322): barretenberg/cpp/scripts/run_test.sh commitment_schemes_recursion_tests ShplonkRecursionTest/1.Simple (1s) (code: 1)
6+
FAILED (http://ci.aztec-labs.com/21103d255242572d): barretenberg/cpp/scripts/run_test.sh commitment_schemes_recursion_tests ShplonkRecursionTest/1.LinearlyDependent (1s) (code: 1)
7+
FAILED (http://ci.aztec-labs.com/1e40141387fdd37a): barretenberg/cpp/scripts/run_test.sh commitment_schemes_recursion_tests ShplonkRecursionTest/0.LinearlyDependent (1s) (code: 1)
8+
9+
ShpleminiRecursionTest: from_witness in test
10+
FAILED (http://ci.aztec-labs.com/0cd1bad973243d4e): barretenberg/cpp/scripts/run_test.sh commitment_schemes_recursion_tests ShpleminiRecursionTest.ProveAndVerifySingle (1s) (code: 1)
11+
12+
AcirHonkRecursionConstraint: ZK padding indicator causes different child tags
13+
FAILED (http://ci.aztec-labs.com/3aa2f1dc1650a738): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/3.TestHonkRecursionConstraintVKGeneration (0s) (code: 1)
14+
FAILED (http://ci.aztec-labs.com/fa6a390280d71d04): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/3.TestBasicSingleHonkRecursionConstraint (0s) (code: 1)
15+
FAILED (http://ci.aztec-labs.com/d776fb7868f782ae): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/3.TestOneOuterRecursiveCircuit (0s) (code: 1)
16+
FAILED (http://ci.aztec-labs.com/dbd605134a70afdf): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/3.TestFullRecursiveComposition (0s) (code: 1)
17+
FAILED (http://ci.aztec-labs.com/ad26c2fa8720b7d6): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/4.TestHonkRecursionConstraintVKGeneration (0s) (code: 1)
18+
FAILED (http://ci.aztec-labs.com/67ff89cbcee7d780): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/4.TestBasicSingleHonkRecursionConstraint (0s) (code: 1)
19+
FAILED (http://ci.aztec-labs.com/ea6c957a386d4303): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/4.TestOneOuterRecursiveCircuit (0s) (code: 1)
20+
FAILED (http://ci.aztec-labs.com/53896e219f1d6458): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/4.TestFullRecursiveComposition (0s) (code: 1)
21+
FAILED (http://ci.aztec-labs.com/8eea2063dae7c28e): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/3.TestBasicDoubleHonkRecursionConstraints (1s) (code: 1)
22+
FAILED (http://ci.aztec-labs.com/d49e08c9622614e1): barretenberg/cpp/scripts/run_test.sh dsl_tests AcirHonkRecursionConstraint/4.TestBasicDoubleHonkRecursionConstraints (1s) (code: 1)
23+
24+
RecursiveVerifierTest: ZK padding indicator causes different child tags
25+
FAILED (http://ci.aztec-labs.com/51c58c9aeba28cd6): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/4.SingleRecursiveVerification (0s) (code: 1)
26+
FAILED (http://ci.aztec-labs.com/779f52f1c6315ce4): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/4.IndependentVKHash (0s) (code: 1)
27+
FAILED (http://ci.aztec-labs.com/aaa681f1c792f568): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/4.SingleRecursiveVerificationFailure (0s) (code: 1)
28+
FAILED (http://ci.aztec-labs.com/e9a47c110031ef3d): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/5.SingleRecursiveVerification (0s) (code: 1)
29+
FAILED (http://ci.aztec-labs.com/b7f3548ade204420): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/5.SingleRecursiveVerificationFailure (0s) (code: 1)
30+
FAILED (http://ci.aztec-labs.com/7df71347a3d730ec): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/7.SingleRecursiveVerification (1s) (code: 1)
31+
FAILED (http://ci.aztec-labs.com/dfb61912affebfb8): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/7.SingleRecursiveVerificationFailure (1s) (code: 1)
32+
FAILED (http://ci.aztec-labs.com/133421b1ffb802a3): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/8.SingleRecursiveVerification (0s) (code: 1)
33+
FAILED (http://ci.aztec-labs.com/85533421ab159cd6): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/8.IndependentVKHash (0s) (code: 1)
34+
FAILED (http://ci.aztec-labs.com/5cf52f7d857cafbf): barretenberg/cpp/scripts/run_test.sh stdlib_honk_verifier_tests RecursiveVerifierTest/8.SingleRecursiveVerificationFailure (0s) (code: 1)
35+
36+
RecursiveMergeVerifierTest: from_witness in test
37+
FAILED (http://ci.aztec-labs.com/5356d25b9f5567f2): barretenberg/cpp/scripts/run_test.sh stdlib_merge_verifier_tests RecursiveMergeVerifierTest/0.DegreeCheckFailure (1s) (code: 1)
38+
FAILED (http://ci.aztec-labs.com/03662308a22e2848): barretenberg/cpp/scripts/run_test.sh stdlib_merge_verifier_tests RecursiveMergeVerifierTest/0.SingleRecursiveVerification (1s) (code: 1)
39+
FAILED (http://ci.aztec-labs.com/b951cc597e2c1b8b): barretenberg/cpp/scripts/run_test.sh stdlib_merge_verifier_tests RecursiveMergeVerifierTest/0.MergeFailure (0s) (code: 1)
40+
FAILED (http://ci.aztec-labs.com/1341256539cedc59): barretenberg/cpp/scripts/run_test.sh stdlib_merge_verifier_tests RecursiveMergeVerifierTest/0.EvalFailure (0s) (code: 1)
41+
FAILED (http://ci.aztec-labs.com/fa4de7aab8853a47): barretenberg/cpp/scripts/run_test.sh stdlib_merge_verifier_tests RecursiveMergeVerifierTest/1.SingleRecursiveVerification (0s) (code: 1)
42+
FAILED (http://ci.aztec-labs.com/2167da1dc5e3fe62): barretenberg/cpp/scripts/run_test.sh stdlib_merge_verifier_tests RecursiveMergeVerifierTest/1.MergeFailure (0s) (code: 1)
43+
FAILED (http://ci.aztec-labs.com/991c5ac4ddb1a7e6): barretenberg/cpp/scripts/run_test.sh stdlib_merge_verifier_tests RecursiveMergeVerifierTest/1.DegreeCheckFailure (0s) (code: 1)
44+
FAILED (http://ci.aztec-labs.com/660c3a018f9ee02a): barretenberg/cpp/scripts/run_test.sh stdlib_merge_verifier_tests RecursiveMergeVerifierTest/1.EvalFailure (0s) (code: 1)
45+
46+
ECCVMRecursiveTests: different child tags (unknown reason)
47+
FAILED (http://ci.aztec-labs.com/41fa7d0e7ef45de0): barretenberg/cpp/scripts/run_test.sh stdlib_eccvm_verifier_tests ECCVMRecursiveTests.SingleRecursiveVerificationFailure (5s) (code: 1)
48+
FAILED (http://ci.aztec-labs.com/6be93eae873ff4bc): barretenberg/cpp/scripts/run_test.sh stdlib_eccvm_verifier_tests ECCVMRecursiveTests.SingleRecursiveVerificationFailureTamperedProof (5s) (code: 1)
49+
FAILED (http://ci.aztec-labs.com/ff0808ac297cad4c): barretenberg/cpp/scripts/run_test.sh stdlib_eccvm_verifier_tests ECCVMRecursiveTests.SingleRecursiveVerification (5s) (code: 1)
50+
FAILED (http://ci.aztec-labs.com/62780480afefecf5): barretenberg/cpp/scripts/run_test.sh stdlib_eccvm_verifier_tests ECCVMRecursiveTests.IndependentVKHash (7s) (code: 1)
51+
52+
stdlib_bigfield: suspicious failure... possible bug
53+
FAILED (http://ci.aztec-labs.com/a689f474d60be0a7): barretenberg/cpp/scripts/run_test.sh stdlib_primitives_tests stdlib_bigfield/0.assert_is_in_field_success (0s) (code: 1)
54+
55+
GoblinRecursiveVerifierTests/BoomerangGoblinRecursiveVerifierTests: fails from different child tags in small subgroup IPA on:
56+
diff += lagrange_last * (grand_sum_eval - inner_product_eval_claim) - vanishing_poly_eval * quotient_eval;
57+
FAILED (http://ci.aztec-labs.com/26f12ee316eb9649): barretenberg/cpp/scripts/run_test.sh boomerang_value_detection_tests BoomerangGoblinRecursiveVerifierTests.graph_description_basic (11s) (code: 1)
58+
FAILED (http://ci.aztec-labs.com/361f78f79421f061): barretenberg/cpp/scripts/run_test.sh stdlib_goblin_verifier_tests GoblinRecursiveVerifierTests.Basic (11s) (code: 1)
59+
FAILED (http://ci.aztec-labs.com/455fb7686e32bfff): barretenberg/cpp/scripts/run_test.sh stdlib_goblin_verifier_tests GoblinRecursiveVerifierTests.IndependentVKHash (11s) (code: 1)
60+
FAILED (http://ci.aztec-labs.com/d4b5f43b0dc15445): barretenberg/cpp/scripts/run_test.sh stdlib_goblin_verifier_tests GoblinRecursiveVerifierTests.TranslatorFailure (11s) (code: 1)
61+
FAILED (http://ci.aztec-labs.com/8986757f54244bc5): barretenberg/cpp/scripts/run_test.sh stdlib_goblin_verifier_tests GoblinRecursiveVerifierTests.TranslatorMergeConsistencyFailure (12s) (code: 1)
62+
FAILED (http://ci.aztec-labs.com/9c34b02748152894): barretenberg/cpp/scripts/run_test.sh stdlib_goblin_verifier_tests GoblinRecursiveVerifierTests.TranslationEvaluationsFailure (12s) (code: 1)
63+
FAILED (http://ci.aztec-labs.com/e914211bdf232c25): barretenberg/cpp/scripts/run_test.sh stdlib_goblin_verifier_tests GoblinRecursiveVerifierTests.ECCVMFailure (12s) (code: 1)
64+
65+
ProtogalaxyRecursiveTests: we don't fiat-shamir accumulator
66+
FAILED (http://ci.aztec-labs.com/4f52197c17c4597e): barretenberg/cpp/scripts/run_test.sh stdlib_protogalaxy_verifier_tests ProtogalaxyRecursiveTests.RecursiveFoldingTest (2s) (code: 1)
67+
FAILED (http://ci.aztec-labs.com/89bd1d3c92ed60ce): barretenberg/cpp/scripts/run_test.sh stdlib_protogalaxy_verifier_tests ProtogalaxyRecursiveTests.RecursiveFoldingTwiceTest (2s) (code: 1)
68+
FAILED (http://ci.aztec-labs.com/8c40b59809078764): barretenberg/cpp/scripts/run_test.sh stdlib_protogalaxy_verifier_tests ProtogalaxyRecursiveTests.ConstantVerifierCircuit (2s) (code: 1)
69+
FAILED (http://ci.aztec-labs.com/e7e0a46be85da1b9): barretenberg/cpp/scripts/run_test.sh stdlib_protogalaxy_verifier_tests ProtogalaxyRecursiveTests.FullProtogalaxyRecursiveTest (2s) (code: 1)
70+
FAILED (http://ci.aztec-labs.com/563a9d102568e80f): barretenberg/cpp/scripts/run_test.sh stdlib_protogalaxy_verifier_tests ProtogalaxyRecursiveTests.TamperedDeciderProof (3s) (code: 1)
71+
FAILED (http://ci.aztec-labs.com/f5771c2558668b0f): barretenberg/cpp/scripts/run_test.sh stdlib_protogalaxy_verifier_tests ProtogalaxyRecursiveTests.TamperedAccumulator (3s) (code: 1)
72+
73+
TranslatorRecursiveTests: suspicious from_witness in test but fails with different child tags
74+
FAILED (http://ci.aztec-labs.com/5bee7e69afcf28fb): barretenberg/cpp/scripts/run_test.sh stdlib_translator_vm_verifier_tests TranslatorRecursiveTests.IndependentVKHash (7s) (code: 1)
75+
FAILED (http://ci.aztec-labs.com/e2e1ac98738276bf): barretenberg/cpp/scripts/run_test.sh stdlib_translator_vm_verifier_tests TranslatorRecursiveTests.SingleRecursiveVerification (7s) (code: 1)
76+
77+
CivcRecursionConstraintTest: fails with different child tags in zk recursive verifier
78+
FAILED (http://ci.aztec-labs.com/1f6db6eb0bc24ae3): barretenberg/cpp/scripts/run_test.sh dsl_tests CivcRecursionConstraintTest.GenerateRecursiveCivcVerifierVKFromConstraints (85s) (code: 1)
79+
80+
ClientIVCRecursionTests: ZK padding indicator causes different child tags
81+
FAILED (http://ci.aztec-labs.com/28dafc2785419cbd): barretenberg/cpp/scripts/run_test.sh stdlib_client_ivc_verifier_tests ClientIVCRecursionTests.TubeVKIndependentOfInputCircuits (64s) (code: 1)
82+
FAILED (http://ci.aztec-labs.com/3fcb979b91b08b0c): barretenberg/cpp/scripts/run_test.sh stdlib_client_ivc_verifier_tests ClientIVCRecursionTests.Basic (65s) (code: 1)

barretenberg/cpp/src/barretenberg/boomerang_value_detection/graph_description_goblin.test.cpp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,8 @@ TEST_F(BoomerangGoblinRecursiveVerifierTests, graph_description_basic)
9191
RecursiveCommitment::from_witness(&builder, merge_commitments.t_commitments[idx]);
9292
recursive_merge_commitments.T_prev_commitments[idx] =
9393
RecursiveCommitment::from_witness(&builder, merge_commitments.T_prev_commitments[idx]);
94+
recursive_merge_commitments.t_commitments[idx].unset_free_witness_tag();
95+
recursive_merge_commitments.T_prev_commitments[idx].unset_free_witness_tag();
9496
}
9597

9698
GoblinRecursiveVerifier verifier{ &builder, verifier_input };

barretenberg/cpp/src/barretenberg/commitment_schemes/ipa/ipa.hpp

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -156,9 +156,6 @@ template <typename Curve_, size_t log_poly_length = CONST_ECCVM_LOG_N> class IPA
156156
{
157157
const bb::Polynomial<Fr>& polynomial = opening_claim.polynomial;
158158

159-
// TODO(https://github.com/AztecProtocol/barretenberg/issues/1150): Hash more things here.
160-
// TODO(https://github.com/AztecProtocol/barretenberg/issues/1408): Make IPA fuzzer compatible with `add_to_hash_buffer`.
161-
//
162159
// Step 1.
163160
// Add the commitment, challenge, and evaluation to the hash buffer.
164161
// NOTE:

barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplemini.test.cpp

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -83,15 +83,23 @@ TEST(ShpleminiRecursionTest, ProveAndVerifySingle)
8383
commitments.end(),
8484
commitments_in_biggroup.begin(),
8585
[&builder](const auto& native_commitment) {
86-
return Commitment::from_witness(&builder, native_commitment);
86+
auto comm = Commitment::from_witness(&builder, native_commitment);
87+
// Removing the free witness tag, since the commitment in the full scheme are supposed to
88+
// be fiat-shamirred earlier
89+
comm.unset_free_witness_tag();
90+
return comm;
8791
});
8892
return commitments_in_biggroup;
8993
};
9094
const auto elements_to_witness = [&](const auto& elements) {
9195
std::vector<Fr> elements_in_circuit(elements.size());
9296
std::transform(
9397
elements.begin(), elements.end(), elements_in_circuit.begin(), [&builder](const auto& native_element) {
94-
return Fr::from_witness(&builder, native_element);
98+
auto element = Fr::from_witness(&builder, native_element);
99+
// Removing the free witness tag, since the element in the full scheme are supposed to
100+
// be fiat-shamirred earlier
101+
element.unset_free_witness_tag();
102+
return element;
95103
});
96104
return elements_in_circuit;
97105
};
@@ -111,6 +119,9 @@ TEST(ShpleminiRecursionTest, ProveAndVerifySingle)
111119

112120
for (auto u : u_challenge) {
113121
u_challenge_in_circuit.emplace_back(Fr::from_witness(&builder, u));
122+
// Removing the free witness tag, since the u_challenge in the full scheme are supposed to
123+
// be derived from the transcript earlier
124+
u_challenge_in_circuit.back().unset_free_witness_tag();
114125
}
115126

116127
ClaimBatcher claim_batcher{

barretenberg/cpp/src/barretenberg/commitment_schemes_recursion/shplonk.test.cpp

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,11 @@ template <class Builder> class ShplonkRecursionTest : public CommitmentTest<type
2626
auto r = Fr::from_witness(builder, opening_claims[idx].opening_pair.challenge);
2727
auto eval = Fr::from_witness(builder, opening_claims[idx].opening_pair.evaluation);
2828
auto commit = Commitment::from_witness(builder, opening_claims[idx].commitment);
29+
// Removing the free witness tag, since the opening claims in the full scheme are supposed to
30+
// be fiat-shamirred or derived from the transcript earlier
31+
r.unset_free_witness_tag();
32+
eval.unset_free_witness_tag();
33+
commit.unset_free_witness_tag();
2934
stdlib_opening_claims.emplace_back(OpeningClaim<Curve>({ r, eval }, commit));
3035
}
3136

@@ -42,6 +47,11 @@ template <class Builder> class ShplonkRecursionTest : public CommitmentTest<type
4247
auto r = Fr::from_witness(builder, opening_claim.opening_pair.challenge);
4348
auto eval = Fr::from_witness(builder, opening_claim.opening_pair.evaluation);
4449
auto commit = Commitment::from_witness(builder, opening_claim.commitment);
50+
// Removing the free witness tag, since the opening pairs and commitments in the full scheme are supposed to
51+
// be fiat-shamirred or derived from the transcript earlier
52+
r.unset_free_witness_tag();
53+
eval.unset_free_witness_tag();
54+
commit.unset_free_witness_tag();
4555
stdlib_opening_pairs.emplace_back(OpeningPair<Curve>(r, eval));
4656
stdlib_commitments.emplace_back(commit);
4757
}
@@ -95,7 +105,7 @@ TYPED_TEST(ShplonkRecursionTest, Simple)
95105
EXPECT_TRUE(CircuitChecker::check(builder));
96106
}
97107

98-
TYPED_TEST(ShplonkRecursionTest, LineralyDependent)
108+
TYPED_TEST(ShplonkRecursionTest, LinearlyDependent)
99109
{
100110
using Builder = TypeParam;
101111
using Curve = stdlib::bn254<TypeParam>;
@@ -136,6 +146,10 @@ TYPED_TEST(ShplonkRecursionTest, LineralyDependent)
136146

137147
auto coeff1 = Fr::from_witness(&builder, coefficients[0]);
138148
auto coeff2 = Fr::from_witness(&builder, coefficients[1]);
149+
// Removing the free witness tag, since the coefficients in the full scheme are supposed to
150+
// be fiat-shamirred or derived from the transcript earlier
151+
coeff1.unset_free_witness_tag();
152+
coeff2.unset_free_witness_tag();
139153

140154
// Convert opening claims to witnesses
141155
auto stdlib_opening_claims =
@@ -148,6 +162,10 @@ TYPED_TEST(ShplonkRecursionTest, LineralyDependent)
148162
// Opening pair for the linear combination as it would be received by the Verifier from the Prover
149163
Fr r = Fr::from_witness(&builder, native_opening_claims[2].opening_pair.challenge);
150164
Fr eval = Fr::from_witness(&builder, native_opening_claims[2].opening_pair.evaluation);
165+
// Removing the free witness tag, since the opening pairs in the full scheme are supposed to
166+
// be fiat-shamirred or derived from the transcript earlier
167+
r.unset_free_witness_tag();
168+
eval.unset_free_witness_tag();
151169

152170
// Opening claim for the linear combination
153171
stdlib_opening_claims.emplace_back(OpeningClaim({ r, eval }, commit));
@@ -176,6 +194,10 @@ TYPED_TEST(ShplonkRecursionTest, LineralyDependent)
176194

177195
auto coeff1 = Fr::from_witness(&builder, coefficients[0]);
178196
auto coeff2 = Fr::from_witness(&builder, coefficients[1]);
197+
// Removing the free witness tag, since the coefficients in the full scheme are supposed to
198+
// be fiat-shamirred or derived from the transcript earlier
199+
coeff1.unset_free_witness_tag();
200+
coeff2.unset_free_witness_tag();
179201

180202
// Convert opening claims to witnesses
181203
auto [stdlib_commitments, stdlib_opening_pairs] = this->native_to_stdlib_pairs_and_commitments(
@@ -184,6 +206,10 @@ TYPED_TEST(ShplonkRecursionTest, LineralyDependent)
184206
// Opening pair for the linear combination as it would be received by the Verifier from the Prover
185207
Fr r = Fr::from_witness(&builder, native_opening_claims[2].opening_pair.challenge);
186208
Fr eval = Fr::from_witness(&builder, native_opening_claims[2].opening_pair.evaluation);
209+
// Removing the free witness tag, since the opening pairs in the full scheme are supposed to
210+
// be fiat-shamirred or derived from the transcript earlier
211+
r.unset_free_witness_tag();
212+
eval.unset_free_witness_tag();
187213

188214
// Update data
189215
std::vector<typename ShplonkVerifier::LinearCombinationOfClaims> update_data = {

0 commit comments

Comments
 (0)