Incorrect len
for dummy BatchEntry
Description
The BatchEntry::dummy
function in circuits/src/batch_verify/universal/types.rs file
is implemented as follows:
/// Creates a dummy [`BatchEntry`] for `config`.
pub fn dummy(config: &UniversalBatchVerifierConfig) -> Self {
let num_public_inputs = config.max_num_public_inputs as usize;
let len = F::from(num_public_inputs as u64);
// There's no difference passing `true` or `false` here.
let has_commitment = true;
let vk = VerificationKey::default_with_length(
num_public_inputs,
has_commitment,
);
let proof = Proof::default_with_commitment(has_commitment);
let inputs = PublicInputs::default_with_length(num_public_inputs);
Self {
len,
has_commitment,
vk,
proof,
inputs,
commitment_hash: Default::default(),
}
}
In the BatchEntry
that is returned, len
is set to config.max_num_public_inputs
, which is also how many entries inputs
has. However, has_commitments
is true, so inputs
should also include the hash of the commitment. From the rest of the code (for example, from_ubv_input_and_config
) it can be seen that len
should instead be only the number of public inputs apart from the hash of the commitment.
Impact
The BatchEntry::dummy
returns BatchEntry
s that are malformed. Due to the way BatchEntry::dummy
is used in practice (for key generation), this should not have any actual impact, however.
Recommendations
To ensure the return value of BatchEntry::dummy
is consistent with the rest of the code, reduce len
by one:
let num_public_inputs = config.max_num_public_inputs as usize;
- let len = F::from(num_public_inputs as u64);
+ let len = F::from((num_public_inputs - 1) as u64);
Remediation
This issue has been acknowledged by Nebra, and a fix was implemented in commit 3af8a51e↗.