Fix soundness vulnerability: bind public input to FS transcript

[niconiconi]

Summary

• Fixes a soundness-breaking vulnerability where public_input was not bound to the Fiat-Shamir transcript
• A malicious prover could forge valid GKR+PCS proofs for arbitrary public inputs by exploiting the linear relationship between public input and sumcheck errors
• This fix adds public_input hashing to the transcript before any challenges are generated

Changes

Rust Prover (gkr/src/prover/snark.rs):

• Hash c.public_input into transcript after creation, before PCS commit

Rust Verifier (gkr/src/verifier/snark.rs):

• Hash public_input into transcript in both verify and par_verify functions

Go Recursive Verifier (recursion/modules/verifier/verifier.go):

• Hash public_input into transcript in Verify function

Test plan

• Rust code compiles (cargo check --all)
• Go code compiles (go build ./...)
• Run existing test suite to ensure no regressions

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello @niconiconi, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a significant soundness vulnerability within the GKR+PCS proof system. By ensuring that public inputs are properly bound to the Fiat-Shamir transcript early in the proof generation and verification process, it eliminates a critical attack vector. This enhancement prevents malicious actors from exploiting a linear relationship between public inputs and sumcheck errors to forge proofs, thereby bolstering the cryptographic security and integrity of the system.

Highlights

• Soundness Vulnerability Fix: Addresses a critical flaw where public_input was not bound to the Fiat-Shamir transcript, which could lead to forged proofs.
• Malleability Prevention: Prevents malicious provers from exploiting a linear relationship between public input and sumcheck errors to forge valid GKR+PCS proofs for arbitrary public inputs.
• Transcript Binding: Integrates public_input hashing into the Fiat-Shamir transcript before any challenges are generated, ensuring its integrity.
• Multi-language Implementation: The fix is applied across Rust (prover and verifier) and Go (recursive verifier) components to ensure comprehensive protection.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request addresses a critical soundness vulnerability by binding the public input to the Fiat-Shamir transcript. The changes are applied consistently across the Rust prover, Rust verifier, and Go recursive verifier, and appear to correctly fix the issue. My review found the implementation to be correct. I have one suggestion for the Rust verifier to refactor a small piece of duplicated code to improve maintainability.

[gemini-code-assist]

This logic to bind the public input to the transcript is duplicated in the par_verify function (lines 320-323). To improve maintainability and avoid code duplication, consider extracting this logic into a private helper function.

For example, you could add a helper function to Verifier:

fn bind_public_input_to_transcript(
    transcript: &mut Cfg::TranscriptConfig,
    public_input: &[<Cfg::FieldConfig as FieldEngine>::SimdCircuitField],
) {
    // Bind public input to the FS transcript to prevent malleability attacks
    for v in public_input {
        transcript.append_field_element(v);
    }
}

Then, you can call it from both verify and par_verify like this:

Self::bind_public_input_to_transcript(&mut transcript, public_input);