Add robustness tests for proof tampering and malformed encodings #55
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nipulations (on BLS) on dlog and pedersen proofs - flip LSB - add trailing bytes - flip bytes at the GroupEncoding index (also for Ristretto)
… of real witness for dlog
…l cases - bitflips for dlog bls, pedersen bls, and dlog ristretto - extra-bytes for dlog bls and dlog ristretto
Co-authored-by: GOURIOU Lénaïck <[email protected]>
Move to the keccak crate Change visibility and implementation of some structures Add from_iv for codecs to initialize directly the sponge --- Co-Authored-By: nougzarm <[email protected]>
Closes sigma-rs#46. Adds tests for inter-operability with other implementations. Co-authored-by: Michele Orrù <[email protected]> Co-authored-by: nougzarm <[email protected]>
Signed-off-by: Michele Orrù <[email protected]>
…les (sigma-rs#48) Co-authored-by: Michele Orrù <[email protected]>
…Add<GroupVar> for Term (sigma-rs#53) Co-authored-by: Michele Orrù <[email protected]>
Co-authored-by: Michele Orrù <[email protected]>
…nipulations (on BLS) on dlog and pedersen proofs - flip LSB - add trailing bytes - flip bytes at the GroupEncoding index (also for Ristretto)
…ror:VerificationFailure
Contributor
Author
|
The conflict is debug_assert (old) vs throwing an Error (new) if the fiat-shamir prove() is done with a wrong witness. I'm unsure which design is the proper one. If we keep the old design, just remove the test discrete_log_invalid_witness_should_fail() in tests/robustness_tests.rs |
Contributor
Author
|
Removed this branch and replace with a new one with clean history |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces a set of robustness tests to ensure the verifier rejects tampered or invalid proofs.
It covers:
Apply these to DLog, Pedersen with both BLS and Ristretto proofs.