From 8cea69d94598bd3039c7ac87d27e72ed8a7bf7e4 Mon Sep 17 00:00:00 2001 From: Oleksandr Brezhniev Date: Fri, 22 Mar 2024 15:46:43 +0000 Subject: [PATCH] Restrict input values for exists operator to 0 and 1 --- circuits/lib/query/processQueryWithModifiers.circom | 12 ++++++++++-- circuits/lib/query/query.circom | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/circuits/lib/query/processQueryWithModifiers.circom b/circuits/lib/query/processQueryWithModifiers.circom index 5a08391..4dd0fb4 100644 --- a/circuits/lib/query/processQueryWithModifiers.circom +++ b/circuits/lib/query/processQueryWithModifiers.circom @@ -29,9 +29,11 @@ template ProcessQueryWithModifiers(claimLevels, maxValueArraySize){ signal isOpNoop <== IsZero()(operator); signal merklizedAndEnabled <== AND()(enabled, merklized); + signal isOpExists <== IsEqual()([operator, 11]); + // if operator == exists and value[0] == 0 ($exists == false), then claimPathNotExists = 1 (check non-inclusion), // otherwise claimPathNotExists = 0 (check inclusion) - signal claimPathNotExists <== AND()(IsEqual()([operator, 11]), IsZero()(value[0])); + signal claimPathNotExists <== AND()(isOpExists, IsZero()(value[0])); // check path/in node exists in merkle tree specified by jsonldRoot SMTVerifier(claimLevels)( @@ -58,12 +60,18 @@ template ProcessQueryWithModifiers(claimLevels, maxValueArraySize){ ); // For non-merklized credentials exists / non-exist operators should always fail - signal isOpExists <== IsEqual()([operator, 11]); ForceEqualIfEnabled()( AND()(enabled, NOT()(merklized)), [isOpExists, 0] ); + // Restrict exists operator input values to 0 and 1 + ForceEqualIfEnabled()( + AND()(enabled, isOpExists), + [value[0] * (value[0] - 1), 0] + ); + + ///////////////////////////////////////////////////////////////// // Query Operator Processing ///////////////////////////////////////////////////////////////// diff --git a/circuits/lib/query/query.circom b/circuits/lib/query/query.circom index eff2a9c..27216e7 100644 --- a/circuits/lib/query/query.circom +++ b/circuits/lib/query/query.circom @@ -20,7 +20,7 @@ include "comparators.circom"; 8 - greater than or equal 9 - between (value[0] <= in <= value[1]) 10 - not between - 11 - exist (true / false) + 11 - exists (true / false) Modifier/computation operators: 16 - selective disclosure (16 = 10000 binary) */