Skip to content

fix!: defensive ghost row constraints in bc_hashing pil #19481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dbanks12 merged 1 commit into from
Jan 12, 2026
Merged

fix!: defensive ghost row constraints in bc_hashing pil #19481

dbanks12 merged 1 commit into from
Jan 12, 2026
+81 −26

Conversation

@dbanks12
Copy link
Contributor

@dbanks12 dbanks12 commented Jan 10, 2026
edited
Loading

Summary

Adds defensive constraints to bc_hashing.pil to prevent ghost row injection attacks on the #[GET_PACKED_FIELD_1] and #[GET_PACKED_FIELD_2] permutations.

The vulnerability pattern: When sel=0 (gadget inactive), the sub-selectors sel_not_padding_1 and sel_not_padding_2 were only boolean-constrained, not forced to 0. A malicious prover could set these to 1 on ghost rows to fire the permutations into bc_decomposition.

The fix: Add constraints that force these selectors to 0 when sel=0:

#[SEL_NOT_PADDING_1_REQUIRES_SEL]
sel_not_padding_1 * (1 - sel) = 0;

#[SEL_NOT_PADDING_2_REQUIRES_SEL]
sel_not_padding_2 * (1 - sel) = 0;

Note: This is a defensive fix. The destination trace (bc_decomposition) already has sel_packed * (1 - sel) = 0 which would block ghost destination rows, making the attack non-exploitable in practice.

Test Plan

  • Added NegativeGhostRowInjectionBlocked test verifying the fix

@dbanks12 Graphite App
Copy link
Contributor Author

dbanks12 commented Jan 10, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@dbanks12 dbanks12 marked this pull request as ready for review January 10, 2026 01:14
@dbanks12 dbanks12 merged commit 730e9b5 into merge-train/avm Jan 12, 2026
15 of 16 checks passed
@dbanks12 dbanks12 deleted the db/more-ghosts branch January 12, 2026 15:55
@AztecBot AztecBot mentioned this pull request Jan 12, 2026
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jan 12, 2026
@fcarreiro
feat: merge-train/avm (#19496)
b7c8acf 
BEGIN_COMMIT_OVERRIDE
feat(avm security): add static check for isolated/unused columns
(#19489)
feat(avm): use noop calldata hasher in fast sim (#19495)
chore(avm): rename indirect -> addressing mode (#19491)
chore(avm): small cursor optimizations
chore(avm):! rename indirect -> addressing mode (PIL) (#19493)
fix(avm): constraint when unwinding empty call stack (#19485)
feat(avm): Fuzz debug log and refactor env getter (#19494)
fix!: ecc add predicate completeness bug (#19471)
chore(avm): callstackmetadatacollector clarifications (#19490)
chore: sanity assert in execution for bytecode id (#19486)
fix!: sstore allowed injection of malicious write rows (#19470)
fix!: defensive ghost row constraints in bc_hashing pil (#19481)
fix(avm): fix execution::mov for mac? (#19507)
chore(avm)!: resolve execution TODOs (#19501)
fix!: multiple traces had ghost row injection vulnerabilities (#19480)
fix(avm): defensively copy MemoryValues (#19512)
feat: align TS and BB log levels (#19518)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeanmon jeanmon jeanmon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dbanks12 @jeanmon