ec pairing panic
for inputs like (G1::gen, G2::gen), (-G1::gen, G2::gen), (G1::gen, G2::gen), (-G1::gen, G2::gen) or (G1::gen, G2::gen), (-G1::gen, G2::gen), the final_exp function will panic. We fixed this by disabling Karabina cyclotomic optimization. 33b3b4d
ecdsa verfication, msg == 0
when msghash == 0, this function will panic.
|
pub fn ecdsa_verify_no_pubkey_check<F: PrimeField, CF: PrimeField, SF: PrimeField, GA>( |
we forked this function and specially checked the inputs.
https://github.com/scroll-tech/zkevm-circuits/blob/develop/zkevm-circuits/src/sig_circuit/ecdsa.rs
ecmul scalar == -1
panics too. fixed here 7058817
other issues
halo2-lib does not support infinity points well, so we also use load_random_points widely. It is more like a designed feature instead of a bug?
ec pairing panic
for inputs like
(G1::gen, G2::gen), (-G1::gen, G2::gen), (G1::gen, G2::gen), (-G1::gen, G2::gen)or(G1::gen, G2::gen), (-G1::gen, G2::gen), thefinal_expfunction will panic. We fixed this by disabling Karabina cyclotomic optimization. 33b3b4decdsa verfication, msg == 0
when msghash == 0, this function will panic.
halo2-lib/halo2-ecc/src/ecc/ecdsa.rs
Line 19 in 7058817
ecmul scalar == -1
panics too. fixed here 7058817
other issues
halo2-lib does not support infinity points well, so we also use load_random_points widely. It is more like a designed feature instead of a bug?