Commit 70d3710
fix(soundness): bound untrusted num_instances in recursion verifier
Companion to the native-verifier bound. The native verifier rejects any
num_instances entry (and their sum) exceeding 2^MAX_NUM_VARIABLES and derives
log2_num_instances from those bounded counts. The recursion verifier reads
sum_num_instances and log2_num_instances as untrusted hints without bounding
them, so a crafted proof could drive pow_2(log2_num_instances) past the field
size and wrap the next_pow2 - sum offset, verifying a different statement than
the native verifier.
verify_chip_proof_pre_main now bounds log2_num_instances <= MAX_NUM_VARIABLES and
sum_num_instances / each num_instances[i] <= 2^MAX_NUM_VARIABLES before they are
used. Valid proofs are always within this bound, so only malformed proofs are
rejected; native and recursion stay in lockstep.
Validated: cargo check / clippy clean; aggregation e2e over multi-shard
keccak_syscall verifies (leaf proofs run the asserts for every chip, valid
proofs are not rejected).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent ab2f36d commit 70d3710
1 file changed
Lines changed: 26 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
32 | | - | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
33 | 36 | | |
34 | 37 | | |
35 | 38 | | |
| |||
613 | 616 | | |
614 | 617 | | |
615 | 618 | | |
| 619 | + | |
| 620 | + | |
| 621 | + | |
| 622 | + | |
| 623 | + | |
| 624 | + | |
| 625 | + | |
| 626 | + | |
| 627 | + | |
| 628 | + | |
| 629 | + | |
| 630 | + | |
| 631 | + | |
| 632 | + | |
| 633 | + | |
| 634 | + | |
| 635 | + | |
| 636 | + | |
| 637 | + | |
| 638 | + | |
| 639 | + | |
| 640 | + | |
616 | 641 | | |
617 | 642 | | |
618 | 643 | | |
| |||
0 commit comments