chore: reject non-canonical x coordinate (native affine_element)#24029
Merged
Conversation
The from_compressed fix changes ~62% of derived grumpkin SRS points, so the regenerated SRS is published as grumpkin_g1_v2.dat (sha256 87fe782860dd58f0 9a81f797b56346398aabe6e0ed98e0a5ccf14604dd8baee2). Local cache filenames and the browser IndexedDB key are bumped as well so stale caches are not reused. Also fix format.sh staging tracked files as deletions when the pre-commit hook runs in a linked git worktree (GIT_DIR must be unset).
The fixed ECCVM VK commitments (lagrange_first/lagrange_last) and vk_hash are MSMs over the grumpkin SRS, so the v2 SRS changes them. Stale values made the verifier transcript diverge from the prover, failing fresh prove+verify at the IPA G_0 check. Values regenerated via ECCVMTests.FixedVK.
AztecBot
added
ci-draft
…update The committed pinned-build.tar.gz artifacts freeze the rollup circuit VKs. Updating the hardcoded ECCVM VK (baked into the rollup circuits as fixed witnesses via the chonk recursive verifier) changed those circuits' VKs, but the stale pins kept the old values, so proving verified the new circuit against the old VK and failed at the pairing check (rollup_ivc_integration and avm_integration: 'Failed to verify proof from key!'). Regenerated both pins with the updated bb.
iakovenkos
approved these changes
Jun 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rebase of #22908 onto
v5-next(the original targetedmerge-train/barretenberg).The 3 commits from
sb/ecc-finding-2replayed cleanly ontov5-nextwith an identical diff (11 files, +65/-24):finding 2: reject non-canonical x coordinate.(suyash67)chore: point grumpkin CRS at regenerated grumpkin_g1_v2.datchore: update hardcoded ECCVM VK for grumpkin SRS v2Fix for finding 2 from the ecc-groups audit:
affine_element::from_compressednow rejects non-canonical x-coordinate encodings (x >= modulus). Because grumpkin SRS generation used this function, the grumpkin SRS is regenerated and published asgrumpkin_g1_v2.dat, and the hardcoded ECCVM VK is updated to match.There were no conflicts during the rebase — every touched file was identical on
v5-nextand the original PR base, so the regenerated SRS-v2 / ECCVM-VK values apply verbatim. Still worth confirming the ECCVM prove+verify CI is green onv5-nextso those hardcoded commitments are validated against this line.Supersedes #22908 for the
v5-nextrelease line.Created by claudebox · group:
slackbot