Fix SHA256 word range checks and U32ADD carry constraints#3021
Merged
huitseeker merged 3 commits intonextfrom Apr 23, 2026
Merged
Fix SHA256 word range checks and U32ADD carry constraints#3021huitseeker merged 3 commits intonextfrom
huitseeker merged 3 commits intonextfrom
Conversation
huitseeker
changed the title
Al-Kindi-0
approved these changes
Apr 20, 2026
Comment on lines
+124
to
+127
| $$ | ||
| h_3 = 0 \text{ | degree} = 1 | ||
| $$ | ||
|
|
Contributor
There was a problem hiding this comment.
Very strange, my memory tells me that we had these constraints in the docs. Maybe in some of the local work I was doing on tagging design docs, but not sure.
huitseeker
force-pushed
the
huitseeker/tob3
branch
3 times, most recently
from
6c77566 to
c27b5e1
Compare
adr1anh
approved these changes
Apr 23, 2026
Contributor
adr1anh
left a comment
adr1anh
left a comment
There was a problem hiding this comment.
Looks good. These tests using AirBuilder are great, and we should look at integrating these for other parts of our constraints.
huitseeker
force-pushed
the
huitseeker/tob3
branch
from
631ed68 to
8b15772
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes TOB-MIDENCORE-4 and TOB-MIDENCORE-9.
The SHA256 fix checks that all message words are valid u32 values before they are used by the SHA256 schedule. This covers hash, merge, and hash_bytes, including words loaded from memory.
The U32ADD fix enforces that the high carry helper limb h3 is zero for U32ADD and U32ADD3. This prevents forged carry outputs such as 65536, including the carry path used by
u64::overflowing_add.The verifier artifacts and relation digest constants were updated to match the new AIR. This includes the RELATION_DIGEST constants in Rust and MASM, the AIR snapshot, and the generated recursive verifier constraint program.
Tests were added for rejected SHA256 non-u32 message words, forged U32ADD and U32ADD3 carries, and the
u64::overflowing_addcarry propagation case.