Open 0xJepsen opened 3 days ago
The may be some security considerations outlined in the crema labs work in this PR https://github.com/crema-labs/aes-circom/pull/7, we should pull the downstream changes and also investigate their constraints carefully.
Looks like SBOX is not constrained at all https://github.com/pluto/aes-proof/blob/038453186a355d40520608c0d1f7b9140c40ecb5/circuits/aes-gcm/aes/sbox128.circom#L10-L29
The may be some security considerations outlined in the crema labs work in this PR https://github.com/crema-labs/aes-circom/pull/7, we should pull the downstream changes and also investigate their constraints carefully.