fix: minor bigfield fixes - take 2#22415
Merged
suyash67 merged 6 commits intomerge-train/barretenbergfrom Apr 8, 2026
Merged
Conversation
batch_mul's default with_edgecases=false caused an unsatisfiable circuit (DoS) when input points are linearly dependent. Callers that previously relied on the safe default were unintentionally unsafe. Change the default to true so the public API is safe by default. Callers with provably non-colliding points (single-point scalar_mul, KZG verifier, ECDSA with generator-equality guard) are updated to pass with_edgecases=false explicitly. AztecProtocol/barretenberg-claude#2238
If the low lo_bits of field_modulus are all zero, the borrow logic has two bugs: `r_lo - 1` underflows in uint256_t arithmetic (wrong prover hint, completeness), and `r_lo - fr(1)` wraps to a large field element (lo_diff constraint checks the wrong thing, soundness). All standard moduli (bn254 Fr/Fq, secp256k1 Fq) satisfy r_lo != 0, so the assertion has no impact in practice. Fixes AztecProtocol/barretenberg-claude#714
…ield_double_width_limb Move the `low + hi * 2^NUM_LIMB_BITS == original` circuit constraint into the function itself rather than relying on each caller to add it. Remove the now-redundant evaluate_linear_identity calls at the two callsites in the bigfield constructor. Fixes AztecProtocol/barretenberg-claude#2222
iakovenkos
approved these changes
Apr 8, 2026
Contributor
iakovenkos
left a comment
iakovenkos
left a comment
There was a problem hiding this comment.
thanks for these fixes!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
List of fixes (none of them should change circuits):
decompose_non_native_field_double_width_limbto ensure the reconstructed value matches the original input.r_lois nonzero invalidate_split_in_field_unsafe, closing a soundness gap where a zero low limb could pass unchecked.batch_muldefault towith_edgecases=trueto avoid incorrect results on edge-case inputs.resolves https://github.com/AztecProtocol/barretenberg-claude/issues/2433