Add M31ToU32 AIR component with full prove+verify#363
Add M31ToU32 AIR component with full prove+verify#363alon-f wants to merge 1 commit intoalon/decomposed-blake-gatesfrom
Conversation
|
This change is |
alon-f
force-pushed
the
alon/m31-to-u32-air
branch
from
a65213a to
7b86c1d
Compare
Integrates the auto-generated M31ToU32 gate AIR into the circuit prover: - Preprocessed columns for m31_to_u32 (input_addr, output_addr, multiplicity) - M31ToU32 AIR component (circuit_eval, framework eval, witness trace) - Padding in finalize_context for m31_to_u32 (like all other components) - Full prove+verify test (test_prove_and_stark_verify_m31_to_u32_context) - Updated PRIVACY_RECURSION_CIRCUIT_CONSTS_HASH and FIBONACCI_CIRCUIT_PREPROCESSED_ROOT Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
alon-f
force-pushed
the
alon/m31-to-u32-air
branch
from
7b86c1d to
f0d578e
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
|
|
||
| pub const PRIVACY_RECURSION_CIRCUIT_CONSTS_HASH: [u32; 8] = | ||
| [1918909779, 1959776519, 1259409979, 1114474154, 106626018, 731417550, 96744222, 1513056460]; | ||
| [147728852, 770082982, 775669237, 652147433, 172357191, 644565232, 489022597, 2120137226]; |
There was a problem hiding this comment.
Stale privacy preprocessed root not updated
Medium Severity
PRIVACY_RECURSION_CIRCUIT_PREPROCESSED_ROOT was not updated even though finalize_context now calls pad_m31_to_u32, which adds N_LANES M31ToU32 padding gates to any circuit that previously had none (including the privacy recursion circuit). This adds three new preprocessed columns to the circuit's trace, changing its preprocessed Merkle root. The analogous FIBONACCI_CIRCUIT_PREPROCESSED_ROOT was correctly updated in this PR. PRIVACY_RECURSION_CIRCUIT_CONSTS_HASH appears to have been recomputed using the stale root, making both constants internally consistent but semantically incorrect. Any production code using PRIVACY_RECURSION_CIRCUIT_PREPROCESSED_ROOT to verify actual privacy recursion proofs against the expected circuit would fail or accept proofs against the wrong circuit.
Additional Locations (1)
2 participants
Summary
finalize_context(same pattern as eq, qm31_ops, blake)Test plan
test_prove_and_stark_verify_m31_to_u32_context— creates 32 m31_to_u32 gates, proves, STARK-verifiestest_evaluation_result— auto-generated constraint accumulator unit testcargo test -r— 191 tests, 0 failures, 0 warnings)🤖 Generated with Claude Code
Note
Medium Risk
Adds a new AIR component and corresponding witness/preprocessed-trace plumbing, changing proof composition and trace layout. Also increases
INTERACTION_POW_BITS, which affects PoW verification parameters and could break compatibility if configs aren’t updated everywhere.Overview
Adds a new
m_31_to_u_32AIR component end-to-end (constraint eval + framework component + witness generation) to prove conversion of an M31 wire into packed u32 limbs, including requiredRangeCheck_16/Gatelookups.Integrates the component through circuit preprocessing and proving: generates new preprocessed columns (
m31_to_u32_input_addr,m31_to_u32_output_addr,m31_to_u32_multiplicity), padsm31_to_u32gates duringfinalize_context, registers the component in component lists/prover pipelines/statementall_circuit_components, and adds a full prove+verify test plus updated expected preprocessed roots/sample eval constants.Separately updates
INTERACTION_POW_BITSfrom8to20and refreshes the privacy recursion consts hash.Written by Cursor Bugbot for commit f0d578e. This will update automatically on new commits. Configure here.