check intmul doesn't overflow modulo 2^128-1#910
Closed
josephjohnston wants to merge 1 commit intomainfrom
Closed
Conversation
Contributor
Author
How to use the Graphite Merge QueueAdd the label merge-ready to this PR to add it to the merge queue. You must have a Graphite account in order to use the merge queue. Sign up using this link. An organization admin has enabled the Graphite Merge Queue in this repository. Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue. This stack of pull requests is managed by Graphite. Learn more about stacking. |
josephjohnston
force-pushed
the
intmul-overflow-check
branch
from
6036bf5 to
4eca08f
Compare
Contributor
Author
|
Not sure what to do about this snapshot issue |
josephjohnston
force-pushed
the
intmul-overflow-check
branch
from
4eca08f to
b8067f8
Compare
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
josephjohnston
force-pushed
the
intmul-overflow-check
branch
from
b8067f8 to
480a10c
Compare
Merge activity
|
graphite-app bot
pushed a commit
that referenced
this pull request
Sep 2, 2025
### TL;DR Added an overflow check to the integer multiplication gate to prevent potential vulnerabilities. ### What changed? Added an additional constraint to the `imul.rs` gate implementation that prevents overflow modulo 2^128-1. The implementation now verifies integer multiplication on the least significant bits by: 1. Extracting the least significant bits using shift-left operations 2. Adding an AND constraint to verify that `x[0] * y[0] = lo[0]` This is accomplished by importing the `sll` function from the constraint builder module and adding the new AND constraint after the existing multiplication constraint. ### How to test? Run the existing test suite to ensure that the integer multiplication gate still functions correctly with the added overflow protection. Consider adding specific tests that attempt to trigger overflow conditions to verify the new constraint is working as expected. ### Why make this change? This change addresses a potential security vulnerability where overflow modulo 2^128-1 could occur in integer multiplication operations. The additional constraint ensures that the least significant bits of the multiplication are correctly verified, which is sufficient to guard against overflow attacks that could potentially compromise the system's integrity.
lockedloop
pushed a commit
that referenced
this pull request
Sep 8, 2025
### TL;DR Added an overflow check to the integer multiplication gate to prevent potential vulnerabilities. ### What changed? Added an additional constraint to the `imul.rs` gate implementation that prevents overflow modulo 2^128-1. The implementation now verifies integer multiplication on the least significant bits by: 1. Extracting the least significant bits using shift-left operations 2. Adding an AND constraint to verify that `x[0] * y[0] = lo[0]` This is accomplished by importing the `sll` function from the constraint builder module and adding the new AND constraint after the existing multiplication constraint. ### How to test? Run the existing test suite to ensure that the integer multiplication gate still functions correctly with the added overflow protection. Consider adding specific tests that attempt to trigger overflow conditions to verify the new constraint is working as expected. ### Why make this change? This change addresses a potential security vulnerability where overflow modulo 2^128-1 could occur in integer multiplication operations. The additional constraint ensures that the least significant bits of the multiplication are correctly verified, which is sufficient to guard against overflow attacks that could potentially compromise the system's integrity.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TL;DR
Added an overflow check to the integer multiplication gate to prevent potential vulnerabilities.
What changed?
Added an additional constraint to the
imul.rsgate implementation that prevents overflow modulo 2^128-1. The implementation now verifies integer multiplication on the least significant bits by:x[0] * y[0] = lo[0]This is accomplished by importing the
sllfunction from the constraint builder module and adding the new AND constraint after the existing multiplication constraint.How to test?
Run the existing test suite to ensure that the integer multiplication gate still functions correctly with the added overflow protection. Consider adding specific tests that attempt to trigger overflow conditions to verify the new constraint is working as expected.
Why make this change?
This change addresses a potential security vulnerability where overflow modulo 2^128-1 could occur in integer multiplication operations. The additional constraint ensures that the least significant bits of the multiplication are correctly verified, which is sufficient to guard against overflow attacks that could potentially compromise the system's integrity.