Skip to content

Instantly share code, notes, and snippets.

@TrapdoorHeader

TrapdoorHeader/puzzle-gamma-ray (writeup).md Secret

Created January 19, 2024 14:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save TrapdoorHeader/19f76578cf9a24854c3c36d4d6388f46 to your computer and use it in GitHub Desktop.
Save TrapdoorHeader/19f76578cf9a24854c3c36d4d6388f46 to your computer and use it in GitHub Desktop.
Download ZIP
puzzle1-writeup
Raw
puzzle-gamma-ray (writeup).md

puzzle-gamma-ray

This issue aims to construct a "secret_hack" and "nullifier_hack" to pass the circuit checking.

What are constraints of the circuit?

  1. The circuit related operation is defined on MNT6.

  2. The nullifier is generated by the secret through poseidon. $$nullifier = Poseidon(secret)$$

  3. The generation of leaf_g.

    • Calculate $pk$, which is a point on curve MNT6 $$pk = secret * G_{MNT6}$$
    • Calculate leaf_g, which is the $x$ of $pk$ $$leaf_g = pk.x$$

  4. leaf_g is on the Merkle tree with specified root.

How to construct hacking secret?

So the key is to construct the secret_hack. Clearly, there are two points on curve with the same x, which is the symmetric point of $pk$, noted as $pk'$. $$pk' = -pk$$

So $$secret_hack = -secret \ nullifier_hack = Poseidon(secret_hack) $$

All the calculation is on MNT6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment