Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libzcash::PHGRProof (SproutProofVerifier) don't work when libsnark compiled with enabled optimisations on gcc 11.x #591

Open
DeckerSU opened this issue Jul 11, 2023 · 0 comments
Open

libzcash::PHGRProof (SproutProofVerifier) don't work when libsnark compiled with enabled optimisations on gcc 11.x #591

DeckerSU opened this issue Jul 11, 2023 · 0 comments

Comments

@DeckerSU
Copy link

A very deeply hidden bug appears only on GCC/G++ 11.x when the internal libsnark is compiled using highly optimized assembly implementations. It is not the default compilation behavior for Komodod from the KomodoPlatform, but it was always (implicitly) the default build behavior for KomodoOcean.

Steps to reproduce:

  1. Install Ubuntu 22.04.2 LTS, which have g++ (Ubuntu 11.3.0-1ubuntu1~22.04.1) 11.3.0 by default.
  2. Clone https://github.com/KomodoPlatform/komodo repo, master branch.
  3. Enable assembly optimisations for libsnark build by build daemon with:
CONFIGURE_FLAGS='CXXFLAGS=-DUSE_ASM=1' zcutil/build.sh -j$(nproc)

Preprocessor directive USE_ASM is default for KomodoOcean, as it used in other sources, not libsnark only, and it set from config/bitcoin-config.h by default.

  1. Try to sync SUPERNET assetchain or any other chain which have sprout involved transactions:
./src/komodod -ac_name=SUPERNET -ac_supply=816061
  1. You will get an error like this:
2023-07-11 15:01:07 receive version message: /MagicBean:0.8.0beta1/: version 170012, blocks=2600141, us=1.1.1.1:53908, peer=13
2023-07-11 15:01:07 Added time data, samples 13, offset +0 (+0 minutes)
2023-07-11 15:01:07 UpdateTip: new best=000114edf65c405771c40e90b8ac5d626a50c8d497b28b0814dbc0863df4d3ea  height=28746  log2_work=29.498648  tx=41966  date=2018-01-02 21:14:21 progress=0.011056  cache=0.6MiB(2766tx)
2023-07-11 15:01:07 UpdateTip: new best=0001a6c23d96b6a2217040bd5c501b1591481ade182994cac84e5ba826cb9101  height=28747  log2_work=29.498712  tx=41967  date=2018-01-02 21:14:50 progress=0.011056  cache=0.6MiB(2767tx)
2023-07-11 15:01:07 UpdateTip: new best=000078d5165eafa590b7fe09cd9d88643b9da07153705c4e768266e20065406a  height=28748  log2_work=29.498776  tx=41969  date=2018-01-02 21:16:27 progress=0.011056  cache=0.6MiB(2769tx)
2023-07-11 15:01:07 ERROR: CheckTransaction(): joinsplit does not verify
2023-07-11 15:01:07 ERROR: CheckBlock: CheckTransaction failed
2023-07-11 15:01:07 Misbehaving: 8.8.8.8:11340 (0 -> 100)
2023-07-11 15:01:07 InvalidChainFound: invalid block=0000179a03788e84f5853240a1255816ace966732cf302c1be0869da931f1885  height=28749  log2_work=29.49884  date=2018-01-02 21:17:27
2023-07-11 15:01:07 InvalidChainFound:  current best=000078d5165eafa590b7fe09cd9d88643b9da07153705c4e768266e20065406a  height=28748  log2_work=29.498776  date=2018-01-02 21:16:27
2023-07-11 15:01:07 ERROR: ConnectTip(): ConnectBlock 0000179a03788e84f5853240a1255816ace966732cf302c1be0869da931f1885 failed
2023-07-11 15:01:07 InvalidChainFound: invalid block=0000179a03788e84f5853240a1255816ace966732cf302c1be0869da931f1885  height=28749  log2_work=29.49884  date=2018-01-02 21:17:27
2023-07-11 15:01:07 InvalidChainFound:  current best=000078d5165eafa590b7fe09cd9d88643b9da07153705c4e768266e20065406a  height=28748  log2_work=29.498776  date=2018-01-02 21:16:27
2023-07-11 15:01:14 receive version message: /MagicBean:0.8.0beta1/: version 170012, blocks=2600141, us=1.1.1.1:52914, peer=14
2023-07-11 15:01:14 Added time data, samples 14, offset +0 (+0 minutes)

Which means that:

bool operator()(const libzcash::PHGRProof& proof) const
    {
// ...
    }

return false on valid transaction, i.e. ProofVerifier::check on perform_verification returns false from r1cs_ppzksnark_online_verifier_strong_IC.

Of course, the chances that somebody will try to use assembly optimisations for libsnark are very low, but the fact is that in KomodoOcean they are used by default. Furthermore, libsnark compiled even with these optimisations has not had any issues when compiled with gcc 10 from Debian 11. However, gcc 11 seems to have introduced some bug in the library. Additionally, we (and it seems ZCash as well) do not have any proper tests to catch this libsnark behavior and that is the point to consider.
DeckerSU added a commit to DeckerSU/KomodoOcean that referenced this issue Jul 11, 2023
@DeckerSU
fix libsnark build with optimisations on gcc/g++ 11.x
197475f 
It always was default behavior to build KomodoOcean with `-DUSE_ASM=1`
which is set by default through `config/bitcoin-config.h`. This flag
used not only by `libsnark`, but also by the hardrware SHA256 optimisations
in other sources, etc. However, it turns out that on g++ 11.3.0 enabled
optimisations for libsnark makes ibzcash::PHGRProof (SproutProofVerifier)
not working, and as a result when users tried to sync old chains which
had `sprout` transactions in history, like `SUPERNET`, the verification
of valid transactions throw an error:

```
2023-07-11 15:01:07 ERROR: CheckTransaction(): joinsplit does not verify
2023-07-11 15:01:07 ERROR: CheckBlock: CheckTransaction failed
```

While on gcc/g++ 10.x there was no such error. That's why we decided to
disable `libsnark` optimisations at all, by "shadowing" `USE_ASM` in
internal libnark implementation and rename it to `USE_ASM_SNARK`, to
avoid build with ASM optimisations, which are "unstable" on modern compilers.

More details here:

KomodoPlatform/komodo#591
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DeckerSU