chore: golangcilint update

.github/workflows/pr.yml

@@ -9,20 +9,20 @@ permissions:
   contents: read
 
 env:
-  GO_VERSION: 1.25.x
-  GOIMPORTS_VERSION: v0.42.0
-  ASMFMT_VERSION: v1.3.2
+  ABIGEN_VERSION: v1.14.8
+  GO_VERSION: 1.25.x # NB! when updating also update matrix, we cannot refer to env variables in the matrix
+  GOLANGCI_LINT_VERSION: v2.10.1
 
 jobs:
   staticcheck:
     runs-on: ubuntu-latest
     steps:
       - name: checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.2 # nonpinned - official GH action
         with:
           fetch-depth: 0
       - name: install Go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@v6.2.0 # nonpinned - official GH action
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true
@@ -44,9 +44,9 @@ jobs:
           fi
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v9
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 #v9.2.0 pinned
         with:
-          version: v2.8.0
+          version: ${{ env.GOLANGCI_LINT_VERSION }}
           args: -v --timeout=5m
 
   test:
@@ -63,14 +63,14 @@ jobs:
 
       - name: install deps
         run: |
-          go install github.com/ethereum/go-ethereum/cmd/abigen@v1.14.8
+          go install github.com/ethereum/go-ethereum/cmd/abigen@${{ env.ABIGEN_VERSION }}
           sudo add-apt-repository ppa:ethereum/ethereum
           sudo apt-get update
           sudo apt-get install -y --no-install-recommends solc
 
       # Install gotestfmt on the VM running the action.
       - name: Set up gotestfmt
-        uses: gotesttools/gotestfmt-action@v2.2.0
+        uses: gotesttools/gotestfmt-action@8b4478c7019be847373babde9300210e7de34bfb #v2.2.0 pinned
         with:
           # Optional: pass GITHUB_TOKEN to avoid rate limiting.
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/push.yml

@@ -12,18 +12,20 @@ permissions:
   contents: read
 
 env:
-  GO_VERSION: 1.25.x
+  ABIGEN_VERSION: v1.14.8
+  GO_VERSION: 1.25.x # NB! when updating also update matrix, we cannot refer to env variables in the matrix
+  GOLANGCI_LINT_VERSION: v2.10.1
 
 jobs:
   staticcheck:
     runs-on: ubuntu-latest
     steps:
       - name: checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.2 # nonpinned - official GH action
         with:
           fetch-depth: 0
       - name: install Go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@v6.2.0 # nonpinned - official GH action
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true
@@ -45,9 +47,9 @@ jobs:
           fi
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v9
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 #v9.2.0 pinned
         with:
-          version: v2.8.0
+          version: ${{ env.GOLANGCI_LINT_VERSION }}
           args: -v --timeout=5m
 
   test:
@@ -74,7 +76,7 @@ jobs:
           cache: true
       - name: install deps
         run: |
-          go install github.com/ethereum/go-ethereum/cmd/abigen@v1.14.8
+          go install github.com/ethereum/go-ethereum/cmd/abigen@${{ env.ABIGEN_VERSION }}
       - name: install solc deps
         if: startsWith(matrix.os, 'gha-runner-scale-set-ubuntu') == true
         run: |

constraint/core.go

@@ -92,7 +92,7 @@ type System struct {
 	NbInternalVariables int
 
 	// input wires names
-	Public, Secret []string
+	Public, Secret []string //nolint:gosec // They are wire names, not secret values
 
 	// logs (added with system.Println, resolved when solver sets a value to a wire)
 	Logs []LogEntry

go.mod

@@ -1,6 +1,6 @@
 module github.com/consensys/gnark
 
-go 1.25.6
+go 1.25.7
 
 require (
 	github.com/bits-and-blooms/bitset v1.24.4

std/algebra/emulated/sw_emulated/hints.go

@@ -15,7 +15,9 @@ import (
 	bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761"
 	bw6_fp "github.com/consensys/gnark-crypto/ecc/bw6-761/fp"
 	"github.com/consensys/gnark-crypto/ecc/secp256k1"
-	secp_fp "github.com/consensys/gnark-crypto/ecc/secp256k1/fp"
+	secp256k1_fp "github.com/consensys/gnark-crypto/ecc/secp256k1/fp"
+	"github.com/consensys/gnark-crypto/ecc/secp256r1"
+	secp256r1_fp "github.com/consensys/gnark-crypto/ecc/secp256r1/fp"
 	stark_curve "github.com/consensys/gnark-crypto/ecc/stark-curve"
 	stark_fp "github.com/consensys/gnark-crypto/ecc/stark-curve/fp"
 	"github.com/consensys/gnark/constraint/solver"
@@ -97,16 +99,18 @@ func scalarMulHint(field *big.Int, inputs []*big.Int, outputs []*big.Int) error
 		Px := baseInputs[0]
 		Py := baseInputs[1]
 		S := scalarInputs[0]
-		if baseModulus.Cmp(elliptic.P256().Params().P) == 0 {
-			curve := elliptic.P256()
+		if baseModulus.Cmp(secp256r1_fp.Modulus()) == 0 {
 			// compute the resulting point [s]P
-			Qx, Qy := curve.ScalarMult(Px, Py, S.Bytes())
-			baseOutputs[0].Set(Qx)
-			baseOutputs[1].Set(Qy)
+			var P secp256r1.G1Affine
+			P.X.SetBigInt(Px)
+			P.Y.SetBigInt(Py)
+			P.ScalarMultiplication(&P, S)
+			P.X.BigInt(baseOutputs[0])
+			P.Y.BigInt(baseOutputs[1])
 		} else if baseModulus.Cmp(elliptic.P384().Params().P) == 0 {
 			curve := elliptic.P384()
 			// compute the resulting point [s]P
-			Qx, Qy := curve.ScalarMult(Px, Py, S.Bytes())
+			Qx, Qy := curve.ScalarMult(Px, Py, S.Bytes()) //nolint:staticcheck // we don't have counterpart in gnark-crypto, and crypto/ecdh doesn't suffice
 			baseOutputs[0].Set(Qx)
 			baseOutputs[1].Set(Qy)
 		} else if baseModulus.Cmp(stark_fp.Modulus()) == 0 {
@@ -133,7 +137,7 @@ func scalarMulHint(field *big.Int, inputs []*big.Int, outputs []*big.Int) error
 			P.ScalarMultiplication(&P, S)
 			P.X.BigInt(baseOutputs[0])
 			P.Y.BigInt(baseOutputs[1])
-		} else if baseModulus.Cmp(secp_fp.Modulus()) == 0 {
+		} else if baseModulus.Cmp(secp256k1_fp.Modulus()) == 0 {
 			// compute the resulting point [s]Q
 			var P secp256k1.G1Affine
 			P.X.SetBigInt(Px)

std/algebra/emulated/sw_emulated/params_compute.go

@@ -8,6 +8,7 @@ import (
 	"github.com/consensys/gnark-crypto/ecc/bn254"
 	bw6761 "github.com/consensys/gnark-crypto/ecc/bw6-761"
 	"github.com/consensys/gnark-crypto/ecc/secp256k1"
+	"github.com/consensys/gnark-crypto/ecc/secp256r1"
 	stark_curve "github.com/consensys/gnark-crypto/ecc/stark-curve"
 )
 
@@ -90,22 +91,26 @@ func computeBLS12381Table() [][2]*big.Int {
 }
 
 func computeP256Table() [][2]*big.Int {
+	Gjac, _ := secp256r1.Generators()
 	table := make([][2]*big.Int, 256)
-	p256 := elliptic.P256()
-	gx, gy := p256.Params().Gx, p256.Params().Gy
-	tmpx, tmpy := new(big.Int).Set(gx), new(big.Int).Set(gy)
+	tmp := new(secp256r1.G1Jac).Set(&Gjac)
+	aff := new(secp256r1.G1Affine)
+	jac := new(secp256r1.G1Jac)
 	for i := 1; i < 256; i++ {
-		tmpx, tmpy = p256.Double(tmpx, tmpy)
+		tmp = tmp.Double(tmp)
 		switch i {
 		case 1, 2:
-			xx, yy := p256.Add(tmpx, tmpy, gx, gy)
-			table[i-1] = [2]*big.Int{xx, yy}
+			jac.Set(tmp).AddAssign(&Gjac)
+			aff.FromJacobian(jac)
+			table[i-1] = [2]*big.Int{aff.X.BigInt(new(big.Int)), aff.Y.BigInt(new(big.Int))}
 		case 3:
-			xx, yy := p256.Add(tmpx, tmpy, gx, new(big.Int).Sub(p256.Params().P, gy))
-			table[i-1] = [2]*big.Int{xx, yy}
+			jac.Set(tmp).SubAssign(&Gjac)
+			aff.FromJacobian(jac)
+			table[i-1] = [2]*big.Int{aff.X.BigInt(new(big.Int)), aff.Y.BigInt(new(big.Int))}
 			fallthrough
 		default:
-			table[i] = [2]*big.Int{tmpx, tmpy}
+			aff.FromJacobian(tmp)
+			table[i] = [2]*big.Int{aff.X.BigInt(new(big.Int)), aff.Y.BigInt(new(big.Int))}
 		}
 	}
 	return table
@@ -117,13 +122,13 @@ func computeP384Table() [][2]*big.Int {
 	gx, gy := p384.Params().Gx, p384.Params().Gy
 	tmpx, tmpy := new(big.Int).Set(gx), new(big.Int).Set(gy)
 	for i := 1; i < 384; i++ {
-		tmpx, tmpy = p384.Double(tmpx, tmpy)
+		tmpx, tmpy = p384.Double(tmpx, tmpy) //nolint:staticcheck // we don't have counterpart in gnark-crypto, and crypto/ecdh doesn't suffice
 		switch i {
 		case 1, 2:
-			xx, yy := p384.Add(tmpx, tmpy, gx, gy)
+			xx, yy := p384.Add(tmpx, tmpy, gx, gy) //nolint:staticcheck // we don't have counterpart in gnark-crypto, and crypto/ecdh doesn't suffice
 			table[i-1] = [2]*big.Int{xx, yy}
 		case 3:
-			xx, yy := p384.Add(tmpx, tmpy, gx, new(big.Int).Sub(p384.Params().P, gy))
+			xx, yy := p384.Add(tmpx, tmpy, gx, new(big.Int).Sub(p384.Params().P, gy)) //nolint:staticcheck // we don't have counterpart in gnark-crypto, and crypto/ecdh doesn't suffice
 			table[i-1] = [2]*big.Int{xx, yy}
 			fallthrough
 		default:

std/algebra/emulated/sw_emulated/point_test.go

@@ -566,7 +566,7 @@ func TestScalarMulBase4(t *testing.T) {
 	p256 := elliptic.P256()
 	s, err := rand.Int(rand.Reader, p256.Params().N)
 	assert.NoError(err)
-	px, py := p256.ScalarBaseMult(s.Bytes())
+	px, py := p256.ScalarBaseMult(s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulBaseTest[emulated.P256Fp, emulated.P256Fr]{}
 	witness := ScalarMulBaseTest[emulated.P256Fp, emulated.P256Fr]{
@@ -585,7 +585,7 @@ func TestScalarMulBase5(t *testing.T) {
 	p384 := elliptic.P384()
 	s, err := rand.Int(rand.Reader, p384.Params().N)
 	assert.NoError(err)
-	px, py := p384.ScalarBaseMult(s.Bytes())
+	px, py := p384.ScalarBaseMult(s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulBaseTest[emulated.P384Fp, emulated.P384Fr]{}
 	witness := ScalarMulBaseTest[emulated.P384Fp, emulated.P384Fr]{
@@ -719,7 +719,7 @@ func TestScalarMul4(t *testing.T) {
 	p256 := elliptic.P256()
 	s, err := rand.Int(rand.Reader, p256.Params().N)
 	assert.NoError(err)
-	px, py := p256.ScalarBaseMult(s.Bytes())
+	px, py := p256.ScalarBaseMult(s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulTest[emulated.P256Fp, emulated.P256Fr]{}
 	witness := ScalarMulTest[emulated.P256Fp, emulated.P256Fr]{
@@ -742,7 +742,7 @@ func TestScalarMul5(t *testing.T) {
 	p384 := elliptic.P384()
 	s, err := rand.Int(rand.Reader, p384.Params().N)
 	assert.NoError(err)
-	px, py := p384.ScalarBaseMult(s.Bytes())
+	px, py := p384.ScalarBaseMult(s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulTest[emulated.P384Fp, emulated.P384Fr]{}
 	witness := ScalarMulTest[emulated.P384Fp, emulated.P384Fr]{
@@ -1051,10 +1051,10 @@ func TestJointScalarMulBase4(t *testing.T) {
 	assert.NoError(err)
 	s2, err := rand.Int(rand.Reader, p256.Params().N)
 	assert.NoError(err)
-	p1x, p1y := p256.ScalarBaseMult(s1.Bytes())
-	resx, resy := p256.ScalarMult(p1x, p1y, s1.Bytes())
-	tmpx, tmpy := p256.ScalarBaseMult(s2.Bytes())
-	resx, resy = p256.Add(resx, resy, tmpx, tmpy)
+	p1x, p1y := p256.ScalarBaseMult(s1.Bytes())         //nolint:staticcheck // compatibility test only
+	resx, resy := p256.ScalarMult(p1x, p1y, s1.Bytes()) //nolint:staticcheck // compatibility test only
+	tmpx, tmpy := p256.ScalarBaseMult(s2.Bytes())       //nolint:staticcheck // compatibility test only
+	resx, resy = p256.Add(resx, resy, tmpx, tmpy)       //nolint:staticcheck // compatibility test only
 
 	circuit := JointScalarMulBaseTest[emulated.P256Fp, emulated.P256Fr]{}
 	witness := JointScalarMulBaseTest[emulated.P256Fp, emulated.P256Fr]{
@@ -1548,11 +1548,11 @@ func TestJointScalarMul4(t *testing.T) {
 	assert.NoError(err)
 	s2, err := rand.Int(rand.Reader, p256.Params().N)
 	assert.NoError(err)
-	p1x, p1y := p256.ScalarBaseMult(s1.Bytes())
-	p2x, p2y := p256.ScalarBaseMult(s2.Bytes())
-	resx, resy := p256.ScalarMult(p1x, p1y, s1.Bytes())
-	tmpx, tmpy := p256.ScalarMult(p2x, p2y, s2.Bytes())
-	resx, resy = p256.Add(resx, resy, tmpx, tmpy)
+	p1x, p1y := p256.ScalarBaseMult(s1.Bytes())         //nolint:staticcheck // compatibility test only
+	p2x, p2y := p256.ScalarBaseMult(s2.Bytes())         //nolint:staticcheck // compatibility test only
+	resx, resy := p256.ScalarMult(p1x, p1y, s1.Bytes()) //nolint:staticcheck // compatibility test only
+	tmpx, tmpy := p256.ScalarMult(p2x, p2y, s2.Bytes()) //nolint:staticcheck // compatibility test only
+	resx, resy = p256.Add(resx, resy, tmpx, tmpy)       //nolint:staticcheck // compatibility test only
 
 	circuit := JointScalarMulTest[emulated.P256Fp, emulated.P256Fr]{}
 	witness := JointScalarMulTest[emulated.P256Fp, emulated.P256Fr]{
@@ -1781,10 +1781,10 @@ func TestJointScalarMulEdgeCases4(t *testing.T) {
 	assert.NoError(err)
 	s2, err := rand.Int(rand.Reader, p256.Params().N)
 	assert.NoError(err)
-	p1x, p1y := p256.ScalarBaseMult(s1.Bytes())
-	p2x, p2y := p256.ScalarBaseMult(s2.Bytes())
-	res1x, res1y := p256.ScalarMult(p1x, p1y, s1.Bytes())
-	res2x, res2y := p256.ScalarMult(p2x, p2y, s2.Bytes())
+	p1x, p1y := p256.ScalarBaseMult(s1.Bytes())           //nolint:staticcheck // compatibility test only
+	p2x, p2y := p256.ScalarBaseMult(s2.Bytes())           //nolint:staticcheck // compatibility test only
+	res1x, res1y := p256.ScalarMult(p1x, p1y, s1.Bytes()) //nolint:staticcheck // compatibility test only
+	res2x, res2y := p256.ScalarMult(p2x, p2y, s2.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := JointScalarMulEdgeCasesTest[emulated.P256Fp, emulated.P256Fr]{}
 	// s1*(0,0) + s2*(0,0) == (0,0)
@@ -1976,7 +1976,7 @@ func TestScalarMulJoye(t *testing.T) {
 	p256 := elliptic.P256()
 	s, err := rand.Int(rand.Reader, p256.Params().N)
 	assert.NoError(err)
-	px, py := p256.ScalarBaseMult(s.Bytes())
+	px, py := p256.ScalarBaseMult(s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulJoyeTest[emulated.P256Fp, emulated.P256Fr]{}
 	witness := ScalarMulJoyeTest[emulated.P256Fp, emulated.P256Fr]{
@@ -2041,7 +2041,7 @@ func TestScalarMulFakeGLV(t *testing.T) {
 	p256 := elliptic.P256()
 	s, err := rand.Int(rand.Reader, p256.Params().N)
 	assert.NoError(err)
-	px, py := p256.ScalarBaseMult(s.Bytes())
+	px, py := p256.ScalarBaseMult(s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulFakeGLVTest[emulated.P256Fp, emulated.P256Fr]{}
 	witness := ScalarMulFakeGLVTest[emulated.P256Fp, emulated.P256Fr]{
@@ -2064,7 +2064,7 @@ func TestScalarMulFakeGLV2(t *testing.T) {
 	p384 := elliptic.P384()
 	s, err := rand.Int(rand.Reader, p384.Params().N)
 	assert.NoError(err)
-	px, py := p384.ScalarBaseMult(s.Bytes())
+	px, py := p384.ScalarBaseMult(s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulFakeGLVTest[emulated.P384Fp, emulated.P384Fr]{}
 	witness := ScalarMulFakeGLVTest[emulated.P384Fp, emulated.P384Fr]{
@@ -2128,8 +2128,8 @@ func TestScalarMulFakeGLVEdgeCasesEdgeCases(t *testing.T) {
 	p256 := elliptic.P256()
 	s, err := rand.Int(rand.Reader, p256.Params().N)
 	assert.NoError(err)
-	px, py := p256.ScalarBaseMult(s.Bytes())
-	_, _ = p256.ScalarMult(px, py, s.Bytes())
+	px, py := p256.ScalarBaseMult(s.Bytes())  //nolint:staticcheck // compatibility test only
+	_, _ = p256.ScalarMult(px, py, s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulFakeGLVEdgeCasesTest[emulated.P256Fp, emulated.P256Fr]{}
 
@@ -2184,8 +2184,8 @@ func TestScalarMulFakeGLVEdgeCasesEdgeCases2(t *testing.T) {
 	p384 := elliptic.P384()
 	s, err := rand.Int(rand.Reader, p384.Params().N)
 	assert.NoError(err)
-	px, py := p384.ScalarBaseMult(s.Bytes())
-	_, _ = p384.ScalarMult(px, py, s.Bytes())
+	px, py := p384.ScalarBaseMult(s.Bytes())  //nolint:staticcheck // compatibility test only
+	_, _ = p384.ScalarMult(px, py, s.Bytes()) //nolint:staticcheck // compatibility test only
 
 	circuit := ScalarMulFakeGLVEdgeCasesTest[emulated.P384Fp, emulated.P384Fr]{}