chore: Update Noir to nightly-2026-04-10 (#22393)

Automated update of Noir submodule to latest nightly.

**Current**: unknown
**New**: nightly-2026-04-10

[View changes in
noir-lang/noir](noir-lang/noir@c09ce9a...nightly-2026-04-10)

Author: benesjan

avm-transpiler/Cargo.lock

@@ -108,9 +108,6 @@ function build {
     rm -rf acir_tests/{diamond_deps_0,workspace,workspace_default_member,regression_7323}
     # These use folding, which is not currently supported.
     rm -rf acir_tests/{fold_call_witness_condition,fold_after_inlined_calls,fold_complex_outputs,fold_basic_nested_call,fold_numeric_generic_poseidon,fold_fibonacci,fold_basic,fold_2_to_17,fold_distinct_return}
-    # These are breaking with:
-    # Failed to solve program: 'Failed to solve blackbox function: embedded_curve_add, reason: Infinite input: embedded_curve_add(infinity, infinity)'
-    rm -rf acir_tests/{regression_5045,regression_7744}
     # The following test fails because it uses CallData/ReturnData with UltraBuilder, which is not supported
     rm -rf acir_tests/{regression_7612,regression_7143,databus_composite_calldata,databus_two_calldata_simple,databus_two_calldata,databus}
     # Merge the internal test programs with the acir tests.

barretenberg/acir_tests/bootstrap.sh

@@ -165,9 +165,9 @@ namespace constants;
     pol UPDATES_DELAYED_PUBLIC_MUTABLE_METADATA_BIT_SIZE = 144;
     pol GRUMPKIN_ONE_X = 1;
     pol GRUMPKIN_ONE_Y = 17631683881184975370165255887551781615748388533673675138860;
-    pol DOM_SEP__NOTE_HASH_NONCE = 1721808740;
-    pol DOM_SEP__UNIQUE_NOTE_HASH = 226850429;
     pol DOM_SEP__SILOED_NOTE_HASH = 3361878420;
+    pol DOM_SEP__UNIQUE_NOTE_HASH = 226850429;
+    pol DOM_SEP__NOTE_HASH_NONCE = 1721808740;
     pol DOM_SEP__SILOED_NULLIFIER = 57496191;
     pol DOM_SEP__PUBLIC_LEAF_SLOT = 1247650290;
     pol DOM_SEP__PUBLIC_STORAGE_MAP_SLOT = 4015149901;

barretenberg/cpp/pil/vm2/constants_gen.pil

@@ -257,9 +257,9 @@
 #define UPDATES_DELAYED_PUBLIC_MUTABLE_VALUES_LEN 3
 #define UPDATES_DELAYED_PUBLIC_MUTABLE_METADATA_BIT_SIZE 144
 #define DEFAULT_MAX_DEBUG_LOG_MEMORY_READS 125000
-#define DOM_SEP__NOTE_HASH_NONCE 1721808740UL
-#define DOM_SEP__UNIQUE_NOTE_HASH 226850429UL
 #define DOM_SEP__SILOED_NOTE_HASH 3361878420UL
+#define DOM_SEP__UNIQUE_NOTE_HASH 226850429UL
+#define DOM_SEP__NOTE_HASH_NONCE 1721808740UL
 #define DOM_SEP__SILOED_NULLIFIER 57496191UL
 #define DOM_SEP__PUBLIC_LEAF_SLOT 1247650290UL
 #define DOM_SEP__PUBLIC_STORAGE_MAP_SLOT 4015149901UL

barretenberg/cpp/src/barretenberg/vm2/common/aztec_constants.hpp

@@ -18,9 +18,9 @@ void note_hash_tree_checkImpl<FF_>::accumulate(ContainerOverSubrelations& evals,
     const auto constants_NOTE_HASH_TREE_HEIGHT = FF(42);
     const auto constants_AVM_PUBLIC_INPUTS_PREVIOUS_NON_REVERTIBLE_ACCUMULATED_DATA_NULLIFIERS_ROW_IDX = FF(169);
     const auto constants_AVM_PUBLIC_INPUTS_AVM_ACCUMULATED_DATA_NOTE_HASHES_ROW_IDX = FF(386);
-    const auto constants_DOM_SEP__NOTE_HASH_NONCE = FF(1721808740);
-    const auto constants_DOM_SEP__UNIQUE_NOTE_HASH = FF(226850429);
     const auto constants_DOM_SEP__SILOED_NOTE_HASH = FF(3361878420UL);
+    const auto constants_DOM_SEP__UNIQUE_NOTE_HASH = FF(226850429);
+    const auto constants_DOM_SEP__NOTE_HASH_NONCE = FF(1721808740);
     const auto note_hash_tree_check_READ = (FF(1) - in.get(C::note_hash_tree_check_write));
     const auto note_hash_tree_check_PREV_LEAF_VALUE_UNIQUE_NOTE_HASH_DIFF =
         (in.get(C::note_hash_tree_check_prev_leaf_value) - in.get(C::note_hash_tree_check_unique_note_hash));

barretenberg/cpp/src/barretenberg/vm2/generated/relations/note_hash_tree_check_impl.hpp

@@ -7,4 +7,4 @@ type = "lib"
 [dependencies]
 protocol_types = { path = "../../noir-protocol-circuits/crates/types" }
 sha256 = { tag = "v0.3.0", git = "https://github.com/noir-lang/sha256" }
-poseidon = { tag = "v0.2.6", git = "https://github.com/noir-lang/poseidon" }
+poseidon = { tag = "v0.3.0", git = "https://github.com/noir-lang/poseidon" }

noir-projects/aztec-nr/aztec/Nargo.toml

@@ -131,7 +131,9 @@ impl PublicContext {
     ///
     pub fn note_hash_exists(_self: Self, note_hash: Field, leaf_index: u64) -> bool {
         // Safety: AVM opcodes are constrained by the AVM itself
-        unsafe { avm::note_hash_exists(note_hash, leaf_index) } == 1
+        unsafe {
+            avm::note_hash_exists(note_hash, leaf_index)
+        }
     }
 
     /// Checks if a specific L1-to-L2 message exists in the L1-to-L2 message tree at a particular leaf index.
@@ -153,7 +155,9 @@ impl PublicContext {
     ///
     pub fn l1_to_l2_msg_exists(_self: Self, msg_hash: Field, msg_leaf_index: Field) -> bool {
         // Safety: AVM opcodes are constrained by the AVM itself TODO(alvaro): Make l1l2msg leaf index a u64 upstream
-        unsafe { avm::l1_to_l2_msg_exists(msg_hash, msg_leaf_index as u64) } == 1
+        unsafe {
+            avm::l1_to_l2_msg_exists(msg_hash, msg_leaf_index as u64)
+        }
     }
 
     /// Returns `true` if an `unsiloed_nullifier` has been emitted by `contract_address`.
@@ -204,7 +208,9 @@ impl PublicContext {
     pub fn nullifier_exists_unsafe(_self: Self, unsiloed_nullifier: Field, contract_address: AztecAddress) -> bool {
         let siloed_nullifier = compute_siloed_nullifier(contract_address, unsiloed_nullifier);
         // Safety: AVM opcodes are constrained by the AVM itself
-        unsafe { avm::nullifier_exists(siloed_nullifier) } == 1
+        unsafe {
+            avm::nullifier_exists(siloed_nullifier)
+        }
     }
 
     /// Consumes a message sent from Ethereum (L1) to Aztec (L2) -- effectively marking it as "read".
@@ -662,7 +668,9 @@ impl PublicContext {
     ///
     pub fn is_static_call(_self: Self) -> bool {
         // Safety: AVM opcodes are constrained by the AVM itself
-        unsafe { avm::is_static_call() } == 1
+        unsafe {
+            avm::is_static_call()
+        }
     }
 
     /// Reads raw field values from public storage. Reads N consecutive storage slots starting from the given slot.

noir-projects/aztec-nr/aztec/src/context/public_context.nr

@@ -19,7 +19,9 @@ use std::{embedded_curve_ops::multi_scalar_mul, ops::Neg};
 ///
 /// See also: https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman
 pub fn derive_ecdh_shared_secret(secret: Scalar, public_key: Point) -> Point {
-    multi_scalar_mul([public_key], [secret])
+    // TODO(F-553): Drop the `.to_embedded()` / `.into()` round-trip once the custom `Point` wrapper is removed and we
+    // use `EmbeddedCurvePoint` directly.
+    multi_scalar_mul([public_key.to_embedded()], [secret]).into()
 }
 
 /// Computes an app-siloed shared secret from a raw ECDH shared secret point and a contract address.
@@ -76,8 +78,8 @@ unconstrained fn test_shared_secret_computation_in_both_directions() {
     let secret_a = Scalar { lo: 0x1234, hi: 0x2345 };
     let secret_b = Scalar { lo: 0x3456, hi: 0x4567 };
 
-    let pk_a = std::embedded_curve_ops::fixed_base_scalar_mul(secret_a);
-    let pk_b = std::embedded_curve_ops::fixed_base_scalar_mul(secret_b);
+    let pk_a: Point = std::embedded_curve_ops::fixed_base_scalar_mul(secret_a).into();
+    let pk_b: Point = std::embedded_curve_ops::fixed_base_scalar_mul(secret_b).into();
 
     let shared_secret = derive_ecdh_shared_secret(secret_a, pk_b);
     let shared_secret_alt = derive_ecdh_shared_secret(secret_b, pk_a);
@@ -90,8 +92,8 @@ unconstrained fn test_shared_secret_computation_from_address_in_both_directions(
     let secret_a = Scalar { lo: 0x1234, hi: 0x2345 };
     let secret_b = Scalar { lo: 0x3456, hi: 0x4567 };
 
-    let mut pk_a = std::embedded_curve_ops::fixed_base_scalar_mul(secret_a);
-    let mut pk_b = std::embedded_curve_ops::fixed_base_scalar_mul(secret_b);
+    let mut pk_a: Point = std::embedded_curve_ops::fixed_base_scalar_mul(secret_a).into();
+    let mut pk_b: Point = std::embedded_curve_ops::fixed_base_scalar_mul(secret_b).into();
 
     let address_b = AztecAddress::from_field(pk_b.x);
 
@@ -118,7 +120,7 @@ unconstrained fn test_shared_secret_computation_from_address_in_both_directions(
 #[test]
 unconstrained fn test_app_siloed_shared_secret_differs_per_contract() {
     let secret_a = Scalar { lo: 0x1234, hi: 0x2345 };
-    let pk_b = std::embedded_curve_ops::fixed_base_scalar_mul(Scalar { lo: 0x3456, hi: 0x4567 });
+    let pk_b: Point = std::embedded_curve_ops::fixed_base_scalar_mul(Scalar { lo: 0x3456, hi: 0x4567 }).into();
 
     let shared_secret = derive_ecdh_shared_secret(secret_a, pk_b);
 

noir-projects/aztec-nr/aztec/src/keys/ecdh_shared_secret.nr

@@ -17,7 +17,9 @@ pub fn generate_ephemeral_key_pair() -> (Scalar, Point) {
     // TODO(#12757): compute the key pair without constraining eph_sk twice (once in from_field, once in the black box
     // called by fixed_base_scalar_mul).
     let eph_sk = EmbeddedCurveScalar::from_field(randomness);
-    let eph_pk = fixed_base_scalar_mul(eph_sk);
+    // TODO(F-553): Drop the `.into()` once the custom `Point` wrapper is removed and we use `EmbeddedCurvePoint`
+    // directly. Applies to the other `fixed_base_scalar_mul(...).into()` call sites in this file as well.
+    let eph_pk: Point = fixed_base_scalar_mul(eph_sk).into();
 
     (eph_sk, eph_pk)
 }
@@ -35,7 +37,7 @@ pub fn generate_positive_ephemeral_key_pair() -> (Scalar, Point) {
     // anyway, and so the recipient already trusts them to not disclose this information. We can therefore assume that
     // the sender will cooperate in the random value generation.
     let eph_sk = unsafe { generate_secret_key_for_positive_public_key() };
-    let eph_pk = fixed_base_scalar_mul(eph_sk);
+    let eph_pk: Point = fixed_base_scalar_mul(eph_sk).into();
 
     assert(get_sign_of_point(eph_pk), "Got an ephemeral public key with a negative y coordinate");
 
@@ -51,7 +53,7 @@ unconstrained fn generate_secret_key_for_positive_public_key() -> EmbeddedCurveS
 
         // @todo Need to draw randomness from the full domain of Fq not only Fr
         sk = EmbeddedCurveScalar::from_field(random());
-        let pk = fixed_base_scalar_mul(sk);
+        let pk: Point = fixed_base_scalar_mul(sk).into();
         if get_sign_of_point(pk) {
             break;
         }

noir-projects/aztec-nr/aztec/src/keys/ephemeral.nr

@@ -65,8 +65,8 @@ comptime fn generate_contract_library_method_compute_note_hash() -> Quoted {
     } else {
         // Contracts that do define notes produce an if-else chain where `note_type_id` is matched against the
         // `get_note_type_id()` function of each note type that we know of, in order to identify the note type. Once we
-        // know it we call the correct `unpack` method from the `Packable` trait to obtain the underlying note type, and
-        // compute the note hash (non-siloed).
+        // know it we call the correct `unpack` method from the `Packable` trait to obtain the underlying
+        // note type, and compute the note hash (non-siloed).
 
         // We resolve the log format calls here so that the resulting Quoted values can be spliced into the quote
         // block below.
@@ -174,8 +174,8 @@ comptime fn generate_contract_library_method_compute_note_nullifier() -> Quoted
     } else {
         // Contracts that do define notes produce an if-else chain where `note_type_id` is matched against the
         // `get_note_type_id()` function of each note type that we know of, in order to identify the note type. Once we
-        // know it we call the correct `unpack` method from the `Packable` trait to obtain the underlying note type, and
-        // compute the inner nullifier (non-siloed).
+        // know it we call the correct `unpack` method from the `Packable` trait to obtain the underlying
+        // note type, and compute the inner nullifier (non-siloed).
 
         // We resolve the log format calls here so that the resulting Quoted values can be spliced into the quote
         // block below.