Skip to content

fix: add canonical checks for fr/fq in U256Codec::deserialize_from_fields#21811

Merged
iakovenkos merged 1 commit intomerge-train/barretenbergfrom
claudebox/fix-u256codec-canonical-check
Mar 20, 2026
Merged

fix: add canonical checks for fr/fq in U256Codec::deserialize_from_fields#21811
iakovenkos merged 1 commit intomerge-train/barretenbergfrom
claudebox/fix-u256codec-canonical-check

Conversation

@AztecBot
Copy link
Collaborator

@AztecBot AztecBot commented Mar 19, 2026
edited by iakovenkos
Loading

Summary

Reject non-canonical field elements (>= modulus) in U256Codec::deserialize_from_fields.

  • Split the bb::fr/fq deserialization from uint32_t/uint64_t/uint256_t to add BB_ASSERT_LT canonical checks
  • Matches existing behavior of FrCodec and the Solidity verifier (require(v < MODULUS))
  • Added tests verifying acceptance of canonical values and rejection of non-canonical values

@AztecBot
fix: add canonical checks for fr/fq in U256Codec::deserialize_from_fi…
e21b7f5 
…elds

Reject non-canonical field elements (>= modulus) in the Keccak transcript
path to prevent Fiat-Shamir challenge grinding. A malicious prover could
submit v+p instead of v, producing different Keccak hashes but identical
algebraic values.

Matches existing behavior of FrCodec (BB_ASSERT_LT) and the Solidity
verifier (require(v < MODULUS)).

Closes AztecProtocol/barretenberg-claude#452
@AztecBot AztecBot added ci-draft Run CI on draft PRs. claudebox Owned by claudebox. it can push to this PR. labels Mar 19, 2026
@ludamad ludamad removed ci-draft Run CI on draft PRs. claudebox Owned by claudebox. it can push to this PR. labels Mar 19, 2026
@ludamad ludamad marked this pull request as ready for review March 19, 2026 21:01
@iakovenkos iakovenkos added the ci-full Run all master checks. label Mar 20, 2026
@iakovenkos iakovenkos enabled auto-merge (squash) March 20, 2026 10:36
@iakovenkos iakovenkos merged commit 748b902 into merge-train/barretenberg Mar 20, 2026
53 of 57 checks passed
@iakovenkos iakovenkos deleted the claudebox/fix-u256codec-canonical-check branch March 20, 2026 11:34
@AztecBot AztecBot mentioned this pull request Mar 20, 2026
Merged
github-merge-queue bot pushed a commit that referenced this pull request Mar 20, 2026
@AztecBot
feat: merge-train/barretenberg (#21835)
0e05235 
BEGIN_COMMIT_OVERRIDE
chore!: dyadic circuit size constants update (#21762)
chore: minor pcs fixes (#21727)
fix: add canonical checks for fr/fq in
U256Codec::deserialize_from_fields (#21811)
chore: update Chonk README and audit scopes for batched
hiding+translator flow (#21695)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ludamad ludamad ludamad approved these changes

Assignees

No one assigned

Labels

ci-full Run all master checks.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AztecBot @ludamad @iakovenkos