Constrain bits after max len to be 0

Question

Constrain bits after max len to be 0

Divide-By-0 opened this issue a year ago · 1 comments

Fix this line: https://github.com/zkemail/zk-email-verify/blob/03cf8c66472ce3ac177a0089c56c0e78481d3391/packages/circuits/helpers/extract.circom#L114

    // Note that this technically doesn't constrain the rest øf the bits after the max_substr_len to be 0/unmatched/unrevealed
    // Because of the constraints on signed inputs, it seems this should be OK security wise
    // But still, TODO unconstrained assert to double check they are 0
    for (var i = 0; i < max_substr_len; i++) {
        packer.in[i] <== shifter.out[i];
    }
    for (var i = 0; i < max_substr_len_packed; i++) {
        out[i] <== packer.out[i];
    }

Answer 1 · 2024-07-18T14:04:52.000Z

Hi @Divide-By-0,

I would like to work on this issue. To ensure that the bits after the max_substr_len are constrained to zero, I propose the following solution:

Add Assertion: Introduce an assertion after the loops to ensure that all bits beyond max_substr_len are zero.
Code Modification: Modify the extract.circom file to include this check. Here’s how we can achieve this:

    for (var i = max_substr_len; i < in_array_len; i++) {
        assert(in[i] == 0, "Bit out of range must be 0");
    }