Possible Bug: Under constraint #118
Description
Underconstrained selector
Vulnerable File: circuits/aes-gcm/utils.circom
commit: 65f823fc5606fca74440fb0de939ae07a3c39a80
ArrayMux(n)
sel is never constrained to be boolean. As written, out[i] = a[i] + sel·(b[i] − a[I]) allows arbitrary affine mixtures for non-binary sel. Constrain sel with sel·(sel−1) = 0 (or a Bool/IsBoolean component).