Assertion Error in ECDSAVerifyPubKeyToAddr Compilation #11
Description
I encountered an assertion failure while building the ECDSAVerifyPubKeyToAddr template from zk-efficient-ecdsa that uses circom libs from the original project circom-ecdsa, using circom version 2.1.9. This issue occurs with a circuit that includes various dependencies, such as ecdsa_verify.circom, circom-ecdsa/zk-identity/eth.circom, and ../../circomlib/circuits/mimcsponge.circom.
The relevant snippet causing the issue is in bigint_func.circom, specifically the long_gt function (source).
main header: ECDSAVerifyPubKeyToAddr_203
thread 'main' panicked at src/bin/build-circuit.rs:1312:21:
assertion `left == right` failed: expected a ternary operation but it doesn't look like one as the 'else' branch is not of length 1:
0: ECDSAVerifyPubKeyToAddr_203 -> ECDSAVerify_31 -> Secp256K1ScalarMultCachedWindowed_30 -> Secp256k1AddUnequal_29 -> secp256k1_addunequal_func -> long_sub_mod_p -> long_gt
left: 0
right: 1
and the full circuit is the following:
pragma circom 2.1.9;
include "./ecdsa_verify.circom";
include "./circom-ecdsa/zk-identity/eth.circom";
include "../../circomlib/circuits/mimcsponge.circom";
template ECDSAVerifyPubKeyToAddr(n, k) {
signal input electionId;
signal input vote;
signal input s[k];
signal input TPreComputes[32][256][2][4]; // T = r^-1 * R
signal input U[2][k]; // -(m * r^-1 * G)
signal input THashes[32];
signal input UHashes[2];
signal output addr;
signal output hash;
signal output root;
var stride = 8;
var num_strides = div_ceil(n * k, stride);
component ecdsaVerify = ECDSAVerify(n, k);
for (var i = 0; i < num_strides; i++) {
for (var j = 0; j < 2 ** stride; j++) {
ecdsaVerify.TPreComputes[i][j][0][0] <== TPreComputes[i][j][0][0];
ecdsaVerify.TPreComputes[i][j][0][1] <== TPreComputes[i][j][0][1];
ecdsaVerify.TPreComputes[i][j][0][2] <== TPreComputes[i][j][0][2];
ecdsaVerify.TPreComputes[i][j][0][3] <== TPreComputes[i][j][0][3];
ecdsaVerify.TPreComputes[i][j][1][0] <== TPreComputes[i][j][1][0];
ecdsaVerify.TPreComputes[i][j][1][1] <== TPreComputes[i][j][1][1];
ecdsaVerify.TPreComputes[i][j][1][2] <== TPreComputes[i][j][1][2];
ecdsaVerify.TPreComputes[i][j][1][3] <== TPreComputes[i][j][1][3];
}
}
for (var i = 0; i < k; i++) {
ecdsaVerify.s[i] <== s[i];
}
for (var i = 0; i < k; i++) {
ecdsaVerify.U[0][i] <== U[0][i];
ecdsaVerify.U[1][i] <== U[1][i];
}
component flattenPub = FlattenPubkey(n, k);
for (var i = 0; i < k; i++) {
flattenPub.chunkedPubkey[0][i] <== ecdsaVerify.pubKey[0][i];
flattenPub.chunkedPubkey[1][i] <== ecdsaVerify.pubKey[1][i];
}
component pubToAddr = PubkeyToAddress();
for (var i = 0; i < 512; i++) {
pubToAddr.pubkeyBits[i] <== flattenPub.pubkeyBits[i];
}
component merkleTreeTHashes = CheckRoot(5);
for (var i = 0; i < 32; i++) {
merkleTreeTHashes.leaves[i] <== THashes[i];
}
component rootHash = HashLeftRight();
rootHash.left <== UHashes[0];
rootHash.right <== UHashes[1];
rootHash.key <== merkleTreeTHashes.root;
component msgHash = HashLeftRight();
msgHash.left <== electionId;
msgHash.right <== vote;
msgHash.key <== 0;
addr <== pubToAddr.address;
hash <== msgHash.hash;
root <== rootHash.hash;
}
template HashLeftRight() {
signal input left;
signal input right;
signal input key;
signal output hash;
component hasher = MiMCSponge(2, 220, 1);
hasher.ins[0] <== left;
hasher.ins[1] <== right;
hasher.k <== key;
hash <== hasher.outs[0];
}
template CheckRoot(levels) {
var totalLeaves = 2 ** levels;
var numLeafHashers = totalLeaves / 2;
var numIntermediateHashers = numLeafHashers - 1;
signal input leaves[totalLeaves];
signal output root;
var numHashers = totalLeaves - 1;
component hashers[numHashers];
for (var i = 0; i < numHashers; i++) {
hashers[i] = HashLeftRight();
}
for (var i = 0; i < numLeafHashers; i++){
hashers[i].left <== leaves[2 * i];
hashers[i].right <== leaves[2 * i + 1];
hashers[i].key <== 0;
}
var k = 0;
for (var i = numLeafHashers; i < numLeafHashers + numIntermediateHashers; i++) {
hashers[i].left <== hashers[2 * k].hash;
hashers[i].right <== hashers[2 * k + 1].hash;
hashers[i].key <== 0;
k++;
}
root <== hashers[numHashers - 1].hash;
}
component main = ECDSAVerifyPubKeyToAddr(64, 4);Steps to Reproduce:
Include the provided circuit dependencies.
Use the ECDSAVerifyPubKeyToAddr template.
Run the circom compiler (cargo run --package circom_witnesscalc --bin build-circuit <path_to_circuit.circom> <path_to_circuit_graph.bin>)
Observe the panic error during the build process.
Environment:
Circom version: 2.2.1, but change to 2.1.9 to silence initial compilers errors from circom-witnesscalc
Rust compiler version: rustc 1.85.0-nightly (7442931d4 2024-11-30)
OS: Ubuntu Linux 24.10
Please let me know if additional details are needed.
Metadata
Metadata
Assignees
Labels
No labels