multipacking_gadget stripping the final bit from outputs

[barryWhiteHat]

here I insert a merkle root into a pb_variable.

I then use a that multipacking_gadget is equal to an input. So I don't have to deal with binary outputs when i do some validation in an ethereum contract.

When i get the output I have one char stripped 0x7073d0f6560b22ab0b35795244edc340316d5927dcde8aaef87b3b6cbd3b066 when i should have 0xe7073d0f6560b22ab0b35795244edc340316d5927dcde8aaef87b3b6cbd3b066

Reproduction

git clone https://github.com/barryWhiteHat/miximus git submodule update --init --recursive mkdir build cd build cmake .. && make cd ../zksnark_element && ../build/src/main You will see in proof.json the output 0x7073d0f6560b22ab0b35795244edc340316d5927dcde8aaef87b3b6cbd3b066

If you analyze the output you will see

Output:
81f6ad18 d28597d5 715da162 bae7b96a 168d2f03 ca62d777 62157b2c 13b24a6e 
Input:
80000000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 200 
Output:
660dcbd3 6dcde1f7 5517b3be 49ab68c0 2c3b7224 a9eacd0d 544d06a6 f0bce0e7 

The merkle root 660dcbd3 ... f0bce0e7 is the exact same as 0x7073d...b066 with opposite endianness and the missing final character.

[barryWhiteHat]

After investigating this a ilttle more i found that alt_bn128 allows for 253 bit input variables(FieldT.capacity()). So when I pass 256 bits. It splits them into 2 variables the first 253 bits and the second 3 bits. Thats why I am missing 3 bits at the start.