Inconsistent gate ordering
moCello opened this issue · 0 comments
Summary
Within the proof system, variables are not always listed in the same order. One place where this could lead to a problem is in the arithmetic proving and verifying keys. The arithmetic prover key has “q_c before q_4”, unlike the arithmetic verifier key struct which stores “q_4 before q_c”, and strangely the verifier key serialization stores “q_c before q_4”.
The arithmetic verifier key does correctly swap q_c and q_4 in from_bytes, so there are no bugs present currently. However, swapping the order throughout the codebase is very unexpected and may lead to bugs in the future.
Recommendation: pick one ordering and stick to it throughout the library. In particular, please serialize things in the same order they are stored in the struct.
Relevant Context
Finding 2 of the audit.