zkEVM: add modexp attack #1523
Merged
zkEVM: add modexp attack #1523
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jsign
commented
May 1, 2025
marioevz
reviewed
May 2, 2025
|
Thanks @marioevz. I applied the suggestions, and double-checked again the run and has the same expected cycles. |
marioevz
reviewed
May 5, 2025
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
Co-authored-by: Mario Vega <marioevz@gmail.com>
Co-authored-by: Mario Vega <marioevz@gmail.com>
Co-authored-by: Mario Vega <marioevz@gmail.com>
|
Thanks @marioevz for the review, I think it is now ready! |
felix314159
pushed a commit
to felix314159/execution-spec-tests
that referenced
this pull request
May 16, 2025
* add modexp tests Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * leave only 36M gas limit Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * adjustments Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * lints Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * lints and cleanup Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * lints Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * Update tests/zkevm/test_worst_compute.py Co-authored-by: Mario Vega <marioevz@gmail.com> * Update tests/zkevm/test_worst_compute.py Co-authored-by: Mario Vega <marioevz@gmail.com> * Update tests/zkevm/test_worst_compute.py Co-authored-by: Mario Vega <marioevz@gmail.com> * feedback Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> --------- Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> Co-authored-by: Mario Vega <marioevz@gmail.com>
codeofcarson
pushed a commit
to codeofcarson/execution-spec-tests
that referenced
this pull request
Jul 1, 2025
* add modexp tests Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * leave only 36M gas limit Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * adjustments Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * lints Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * lints and cleanup Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * lints Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * Update tests/zkevm/test_worst_compute.py Co-authored-by: Mario Vega <marioevz@gmail.com> * Update tests/zkevm/test_worst_compute.py Co-authored-by: Mario Vega <marioevz@gmail.com> * Update tests/zkevm/test_worst_compute.py Co-authored-by: Mario Vega <marioevz@gmail.com> * feedback Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> --------- Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> Co-authored-by: Mario Vega <marioevz@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces an attack vector for the MODEXP precompile.
We assume 32-byte operands for the base, modulus, and exponent, anticipating the activation of EIP-7883 on mainnet in the near future (TM). Beyond the 32-byte boundary, the cost per unit of work rises, so it is valuable to model that limit from the outset.
The test suite is already parameterised for multiple gas limits (and can easily be extended to cover base/modulo/exp sizes), but for now we target 36M gas-limit since it is the relevant case for zkVMs today.
SP1 cycles: 36M gas limit -> ~27 billion cycles.
cc @kevaundray