Fix VDF prover failures on Windows (#216)

use llabs instead of labs

Author: wjblanke

src/Reducer.h

@@ -229,7 +229,8 @@ bool bLZCHasHW=false;
 
       // The condition (abs(v_) | abs(x_)) <= THRESH protects against
       // overflow
-      below_threshold = (labs(v_) | labs(x_)) <= THRESH ? 1 : 0;
+      // must use llabs() as labs() is undefined for too large numbers
+      below_threshold = (llabs(v_) | llabs(x_)) <= THRESH ? 1 : 0;
     } while (below_threshold && a > c && c > 0);
 
     if (below_threshold) {

src/bqfc.c

@@ -120,7 +120,10 @@ static void bqfc_export(uint8_t *out_str, size_t *offset, size_t size,
 {
     size_t bytes;
 
+    // mpz_export can overflow out_str if reduction bug but this should never happen
     mpz_export(&out_str[*offset], &bytes, -1, 1, 0, 0, n);
+    if (bytes > size)
+        gmp_printf("bqfc_export overflow offset %d size %d n %Zd\n", *offset, size, n);
     if (bytes < size)
         memset(&out_str[*offset + bytes], 0, size - bytes);
     *offset += size;

src/proof_common.h

@@ -27,8 +27,9 @@ integer HashPrime(std::vector<uint8_t> seed, int length, vector<int> bitmask) {
                     break;
             }
             picosha2::hash256(sprout.begin(), sprout.end(), hash.begin(), hash.end());
+            // Visual Studio doesn't like pointer arithmetic past the bounds
             blob.insert(blob.end(), hash.begin(),
-                std::min(hash.end(), hash.begin() + length / 8 - blob.size()));
+                hash.begin() + std::min(hash.size(), length / 8 - blob.size()));
         }
 
         assert ((int) blob.size() * 8 == length);

src/prover_slow.h

@@ -26,7 +26,9 @@ uint64_t GetBlock(uint64_t i, uint64_t k, uint64_t T, integer& B) {
     mpz_mul_2exp(res.impl, res.impl, k);
     res = res / B;
     auto res_vector = res.to_vector();
-    return res_vector[0];
+    // 0 value results in empty vector from mpz_export
+    // https://gmplib.org/list-archives/gmp-bugs/2009-July/001534.html
+    return res_vector.empty() ? 0 : res_vector[0];
 }
 
 form GenerateWesolowski(form &y, form &x_init,
@@ -47,28 +49,28 @@ form GenerateWesolowski(form &y, form &x_init,
     for (int64_t j = l - 1; j >= 0; j--) {
         x = FastPowFormNucomp(x, D, integer(1 << k), L, reducer);
 
-        std::vector<form> ys((1 << k));
-        for (uint64_t i = 0; i < (1UL << k); i++)
+        std::vector<form> ys((1ULL << k));
+        for (uint64_t i = 0; i < (1ULL << k); i++)
             ys[i] = form::identity(D);
 
-        for (uint64_t i = 0; i < ceil(double(num_iterations)  / (k * l)); i++) {
+        for (uint64_t i = 0; i < (num_iterations + k * l - 1)  / (k * l); i++) {
             if (num_iterations >= k * (i * l + j + 1)) {
                 uint64_t b = GetBlock(i*l + j, k, num_iterations, B);
                 nucomp_form(ys[b], ys[b], intermediates[i], D, L);
             }
         }
-        for (uint64_t b1 = 0; b1 < (1UL << k1); b1++) {
+        for (uint64_t b1 = 0; b1 < (1ULL << k1); b1++) {
             form z = form::identity(D);
-            for (uint64_t b0 = 0; b0 < (1UL << k0); b0++) {
-                nucomp_form(z, z, ys[b1 * (1 << k0) + b0], D, L);
+            for (uint64_t b0 = 0; b0 < (1ULL << k0); b0++) {
+                nucomp_form(z, z, ys[b1 * (1ULL << k0) + b0], D, L);
             }
             z = FastPowFormNucomp(z, D, integer(b1 * (1 << k0)), L, reducer);
             nucomp_form(x, x, z, D, L);
         }
-        for (uint64_t b0 = 0; b0 < (1UL << k0); b0++) {
+        for (uint64_t b0 = 0; b0 < (1ULL << k0); b0++) {
             form z = form::identity(D);
-            for (uint64_t b1 = 0; b1 < (1UL << k1); b1++) {
-                nucomp_form(z, z, ys[b1 * (1 << k0) + b0], D, L);
+            for (uint64_t b1 = 0; b1 < (1ULL << k1); b1++) {
+                nucomp_form(z, z, ys[b1 * (1ULL << k0) + b0], D, L);
             }
             z = FastPowFormNucomp(z, D, integer(b0), L, reducer);
             nucomp_form(x, x, z, D, L);

src/verifier_test.cpp

@@ -1,5 +1,7 @@
 #include "verifier.h"
 #include "create_discriminant.h"
+#include "c_bindings/c_wrapper.h"
+#include "prover_slow.h"
 
 void assertm(bool expr, std::string msg, bool verbose=false) {
     if (expr && verbose) {
@@ -22,13 +24,47 @@ std::vector<uint8_t> HexToBytes(const char *hex_proof) {
     return result;
 }
 
+ByteArray prove_wrapper(const uint8_t* challenge_hash, size_t challenge_size, const uint8_t* x_s, size_t x_s_size, size_t discriminant_size_bits, uint64_t num_iterations) {
+    try {
+        std::vector<uint8_t> challenge_hash_bytes(challenge_hash, challenge_hash + challenge_size);
+        integer discriminant = CreateDiscriminant(challenge_hash_bytes, discriminant_size_bits);
+        form x = DeserializeForm(discriminant, x_s, x_s_size);
+        std::vector<uint8_t> result = ProveSlow(discriminant, x, num_iterations, "");
+
+        // Allocate memory for the result and copy data
+        uint8_t* resultData = new uint8_t[result.size()];
+        std::copy(result.begin(), result.end(), resultData);
+
+        return ByteArray  { resultData, result.size() };
+    } catch (...) {
+        return ByteArray { nullptr, 0 };
+    }
+}
+
 int main()
 {
-	uint8_t arr[10000];
-	std::vector<uint8_t> result=HexToBytes("003f360be667de706fe886f766fe20240de04fe2c2f91207f1bbdddf20c554ab8d168b2ce9664d75f4613375a0ab12bf8158983574c9f5cd61c6b8a905fd3fa6bbffc5401b4ccedbe093b560293263a226e46302e720726586251116bc689ef09dc70d99e0a090c4409f928e218e85032fdbee02fedd563073be555b75a70a2d6a430033bc7a4926e3504e87698a0ace0dee6364cced2e9142b4e4cbe55a6371aab41e501ceed21d79d3a0dbbd82ce913c5de40b13eb7c59b1b52b6ef270ee603bd5e7fffcc9f5fae6dbd5aeec394181af130c0fdd195b22be745449b7a584ac80fc75ed49acfdb4d650f5cd344f86377ebbbaef5b19a0af3ae08101d1697f5656a52193000000000071c6f40024c342868a0c2a201b1b26a5d52c5d2f92a106c19ff926deb3fba1e74a444ecee3f8f507c062b949a2eaadd442b049417f82e8811526fa83c6d099d75323e068ffeca9dcd163761000c65d21dede72787ac350f25bdd3d29db6e9cb0e22c8124c724db33660c88784e2871b62ecf816846db7b469c71cad9a5dcfc5548ed2dd781006fa15b968facf4d79219646267eb187a670306d1ff1a59fc28ae00d36bb5a1cba659f48aa64a9022711a66105ef14401ff3948add265240aaad329ee76ba4c2300496746b86bcccacff5947c3fcb956cde2cffae10435960d7097f989aac742cf1047887f11584d20297958385e1715fe0f9b69141750c20d8134420eafec68fd10000000001555540006958aabfe4cc5d870e61fef82bcf1f2c3859e2bd8b1177e8a8872376b5cabace5dcb59b6fecada7e522d05f6f0e352939a6bfdf8c454fbe822cfa5ce97d17be0ffde44a4812cde9d04ec5c08dce6f9146586fdc8e081e05ec690b7effe24ea756f3d300f361203b61e1a39220c6eafa7852842674e317dcae5549c78c7144296ff004a6d0d2854c55e4c1de2f17dc4480b81652cfec37124ef41560a28c853482732434d1c006763b2e341528ae0bcc29fb76f1a4dafd99ade4fd75ec9cc9ca3f3d7001bcb6eb71e43eb22169ab721637551a8ec93838eb0825e9ecba9175297a00b146e9fdd244c5b722f29d3c46ec38840ba18f1f06ddec3dea844867386c2e1ac95");
+    // Test overflow for slow prover (part of challenge b'\xa6\xc4%X\x17O\xb1\xee\xdcd')
+    int l,k;
+    ApproximateParameters(90909, l, k);
+
+    cout << "ApproximateParameters for 90909 l: " << l << " k: " << k << endl;
+
+    std::vector<uint8_t> challenge_hash=HexToBytes("a6c42558174fb1eedc64");
+    std::vector<uint8_t> x_s=HexToBytes("0300aca4849458af5c557710c80f21519f196907764d2d55c9b70581a90d49ca7b3201ad6a9da836429e6592c200e965434f0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");
+
+    ByteArray ba=prove_wrapper(challenge_hash.data(), challenge_hash.size(), x_s.data(), x_s.size(), 512, 90909);
+
+    for (size_t i = 0; i < ba.length; i++)
+        printf( "%02x", ba.data[i]);
+    printf("\n");
+
+    delete[] ba.data;
+
+    uint8_t arr[10000];
+    std::vector<uint8_t> result=HexToBytes("003f360be667de706fe886f766fe20240de04fe2c2f91207f1bbdddf20c554ab8d168b2ce9664d75f4613375a0ab12bf8158983574c9f5cd61c6b8a905fd3fa6bbffc5401b4ccedbe093b560293263a226e46302e720726586251116bc689ef09dc70d99e0a090c4409f928e218e85032fdbee02fedd563073be555b75a70a2d6a430033bc7a4926e3504e87698a0ace0dee6364cced2e9142b4e4cbe55a6371aab41e501ceed21d79d3a0dbbd82ce913c5de40b13eb7c59b1b52b6ef270ee603bd5e7fffcc9f5fae6dbd5aeec394181af130c0fdd195b22be745449b7a584ac80fc75ed49acfdb4d650f5cd344f86377ebbbaef5b19a0af3ae08101d1697f5656a52193000000000071c6f40024c342868a0c2a201b1b26a5d52c5d2f92a106c19ff926deb3fba1e74a444ecee3f8f507c062b949a2eaadd442b049417f82e8811526fa83c6d099d75323e068ffeca9dcd163761000c65d21dede72787ac350f25bdd3d29db6e9cb0e22c8124c724db33660c88784e2871b62ecf816846db7b469c71cad9a5dcfc5548ed2dd781006fa15b968facf4d79219646267eb187a670306d1ff1a59fc28ae00d36bb5a1cba659f48aa64a9022711a66105ef14401ff3948add265240aaad329ee76ba4c2300496746b86bcccacff5947c3fcb956cde2cffae10435960d7097f989aac742cf1047887f11584d20297958385e1715fe0f9b69141750c20d8134420eafec68fd10000000001555540006958aabfe4cc5d870e61fef82bcf1f2c3859e2bd8b1177e8a8872376b5cabace5dcb59b6fecada7e522d05f6f0e352939a6bfdf8c454fbe822cfa5ce97d17be0ffde44a4812cde9d04ec5c08dce6f9146586fdc8e081e05ec690b7effe24ea756f3d300f361203b61e1a39220c6eafa7852842674e317dcae5549c78c7144296ff004a6d0d2854c55e4c1de2f17dc4480b81652cfec37124ef41560a28c853482732434d1c006763b2e341528ae0bcc29fb76f1a4dafd99ade4fd75ec9cc9ca3f3d7001bcb6eb71e43eb22169ab721637551a8ec93838eb0825e9ecba9175297a00b146e9fdd244c5b722f29d3c46ec38840ba18f1f06ddec3dea844867386c2e1ac95");
 std::copy(result.begin(), result.end(), arr);
 
-        bool is_valid = CheckProofOfTimeNWesolowski(
+   bool is_valid = CheckProofOfTimeNWesolowski(
             integer("-131653324254138636653163861414331698305531090221496467927360326686715180966094250598321899621249972220387687148397451395672779897144571112116763666653213748473909547482437246405018707472153290116227072825447643324530509016778432769802300913461285128339119844239772697652504835780459732685000796733645621728639"),
             DEFAULT_ELEMENT,
             arr,

tests/test_n_weso_verifier.py

@@ -66,6 +66,7 @@ def test_prove_n_weso_and_verify():
     discriminant_challenge = secrets.token_bytes(10)
     discriminant_size = 512
     discriminant = create_discriminant(discriminant_challenge, discriminant_size)
+    print(f"discriminant_challenge {discriminant_challenge.hex()} discriminant {discriminant}")
     form_size = 100
     initial_el = b"\x08" + (b"\x00" * 99)