feat!: Address ECDSA audit

barretenberg/cpp/scripts/test_chonk_standalone_vks_havent_changed.sh

@@ -13,7 +13,7 @@ cd ..
 # - Generate a hash for versioning: sha256sum bb-chonk-inputs.tar.gz
 # - Upload the compressed results: aws s3 cp bb-chonk-inputs.tar.gz s3://aztec-ci-artifacts/protocol/bb-chonk-inputs-[hash(0:8)].tar.gz
 # Note: In case of the "Test suite failed to run ... Unexpected token 'with' " error, need to run: docker pull aztecprotocol/build:3.0
-pinned_short_hash="53ce2d4f"
+pinned_short_hash="189f0026"
 pinned_chonk_inputs_url="https://aztec-ci-artifacts.s3.us-east-2.amazonaws.com/protocol/bb-chonk-inputs-${pinned_short_hash}.tar.gz"
 
 script_path="$(cd "$(dirname "${BASH_SOURCE[0]}")/scripts" && pwd)/$(basename "${BASH_SOURCE[0]}")"
@@ -85,13 +85,13 @@ function prove_and_verify_inputs {
   echo "Running proof test for $1..."
   $bb prove --scheme chonk --ivc_inputs_path "$flow_folder/ivc-inputs.msgpack" > /dev/null 2>&1 || prove_exit_code=$?
 
-  # if [[ $proof_exit_code -ne 0 ]]; then
+  if [[ $proof_exit_code -ne 0 ]]; then
     echo "Proof test failed for flow $1. Please re-run the script with flag --update_inputs."
 
     cp "$flow_folder/ivc-inputs.msgpack" "$root/yarn-project/end-to-end/example-app-ivc-inputs-out/$1/ivc-inputs.msgpack"
     echo "Inputs copied in yarn-project for debugging"
     exit 1
-  # fi
+  fi
 }
 
 export -f prove_and_verify_inputs

barretenberg/cpp/src/barretenberg/dsl/acir_format/ecdsa_constraints.test.cpp

@@ -58,11 +58,13 @@ template <class Curve> class EcdsaTestingFunctions {
         WitnessVector witness_values,
         const InvalidWitness::Target& invalid_witness_target)
     {
-        // For most ECDSA invalidation cases, we set result=0 to ensure that the failure mode caught by the test is
-        // specific to the particular case being tested, not just simple verification failure.
-        // For the "Result" case we test the mismatch between actual and claimed result.
-        if (invalid_witness_target != InvalidWitness::Target::None &&
-            invalid_witness_target != InvalidWitness::Target::Result) {
+
+        // The ECDSA verification algorithm never makes the circuit fail, it just returns a boolean bearing witness to
+        // whether the verification succeeded or not. The only exception is HashIsNotAByteArray, in which case the
+        // byte_array constructors raises an error. To ensure that the failure mode caught by the test is specific to
+        // the particular case being tested, not just simple verification failure, we set the verification result to
+        // false for HashIsNotAByteArray and to true for every other case.
+        if (invalid_witness_target == InvalidWitness::Target::HashIsNotAByteArray) {
             witness_values[ecdsa_constraints.result] = bb::fr(0);
         }
 
@@ -98,7 +100,6 @@ template <class Curve> class EcdsaTestingFunctions {
         case InvalidWitness::Target::Result:
             // Test enforcement of verification result: tamper signature but claim it's valid
             witness_values[ecdsa_constraints.signature[31]] = bb::fr(0);
-            witness_values[ecdsa_constraints.result] = bb::fr(1);
             break;
         case InvalidWitness::Target::None:
             break;

barretenberg/cpp/src/barretenberg/dsl/acir_format/gate_count_constants.hpp

@@ -34,9 +34,9 @@ template <typename Builder> inline constexpr size_t AES128_ENCRYPTION = 1559 + Z
 // overlap with the values added for ECCVM. secp256k1 uses table of size 16 whose indices contain all the 4 values
 // set for ECCVM (hence the same value for Ultra and Mega builders). secp256r1 uses ROM tables of size 4, which
 // contain only 2 of the values set for ECCVM (hence the difference of two gates between Ultra and Mega builders).
-template <typename Builder> inline constexpr size_t ECDSA_SECP256K1 = 42541 + ZERO_GATE;
+template <typename Builder> inline constexpr size_t ECDSA_SECP256K1 = 42839 + ZERO_GATE;
 template <typename Builder>
-inline constexpr size_t ECDSA_SECP256R1 = 72313 + ZERO_GATE + (IsMegaBuilder<Builder> ? 2 : 0);
+inline constexpr size_t ECDSA_SECP256R1 = 72614 + ZERO_GATE + (IsMegaBuilder<Builder> ? 2 : 0);
 
 template <typename Builder> inline constexpr size_t BLAKE2S = 2952 + ZERO_GATE + MEGA_OFFSET<Builder>;
 template <typename Builder> inline constexpr size_t BLAKE3 = 2158 + ZERO_GATE + MEGA_OFFSET<Builder>;
@@ -45,7 +45,7 @@ template <typename Builder> inline constexpr size_t POSEIDON2_PERMUTATION = 73 +
 template <typename Builder> inline constexpr size_t MULTI_SCALAR_MUL = 3559 + ZERO_GATE;
 template <typename Builder> inline constexpr size_t EC_ADD = 80 + ZERO_GATE + MEGA_OFFSET<Builder>;
 template <typename Builder> inline constexpr size_t BLOCK_ROM_READ = 9 + ZERO_GATE + MEGA_OFFSET<Builder>;
-template <typename Builder> inline constexpr size_t BLOCK_RAM_READ = 18 + ZERO_GATE + MEGA_OFFSET<Builder>;
+template <typename Builder> inline constexpr size_t BLOCK_RAM_READ = 9 + ZERO_GATE + MEGA_OFFSET<Builder>;
 template <typename Builder> inline constexpr size_t BLOCK_RAM_WRITE = 18 + ZERO_GATE + MEGA_OFFSET<Builder>;
 template <typename Builder> inline constexpr size_t BLOCK_CALLDATA = 1 + ZERO_GATE + MEGA_OFFSET<Builder>;
 template <typename Builder> inline constexpr size_t BLOCK_RETURNDATA = 11 + ZERO_GATE + MEGA_OFFSET<Builder>;