Skip to content

The constraint for mpt key is not sound #24

@noel2004

Description

@noel2004

Currently for N bits in the key as path part, we apply the constraint: resident * 2^N + path

The path part is constrainted to less than 2^N, while we have no constraint on resident so malice provider would be easy to manufacture a field setting part of its low N bit non-zero when being multiplied with 2^N, so as to detour the path part.

To resolve this issue, Additional constraint to restrict resident * 2^N less than Fp is required. A simple way is constraint resident not larger than 2^128 and N less than a suitable value, for example, 120. (Consider we have as much as 2^48 keys, we need ~100 bits, or say 2^100 slots avaliable to kept the chance of collision low enough according to the birthday principle)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions