search

privacy-scaling-explorations / sonobe

Experimental folding schemes library
https://privacy-scaling-explorations.github.io/sonobe-docs/
MIT License
208 stars 55 forks source link

Fix the incorrect `NonNativeAffineVar::inputize` implementation #89

Closed winderica closed 7 months ago

winderica commented 7 months ago

88 incorrectly sets the bit-length of an element in BaseField to ScalarField::MODULUS_BIT_SIZE in NonNativeAffineVar::inputize. This works for Pasta curves and BN254, but is problematic for curves with ScalarField::MODULUS_BIT_SIZE != BaseField::MODULUS_BIT_SIZE, e.g., the test below will fail for BLS12_381.

#[test]
fn test_inputize() {
    let cs = ConstraintSystem::<ark_bls12_381::Fr>::new_ref();

    // check that point_to_nonnative_limbs returns the expected values
    let mut rng = ark_std::test_rng();
    let p = ark_bls12_381::G1Projective::rand(&mut rng);
    let pVar = NonNativeAffineVar::<ark_bls12_381::G1Projective>::new_witness(cs.clone(), || Ok(p)).unwrap();
    let (x, y) = NonNativeAffineVar::inputize(p).unwrap();

    assert_eq!(pVar.x.0.value().unwrap(), x);
    assert_eq!(pVar.y.0.value().unwrap(), y);
}

This PR is a hotfix that ensures it works correctly.