Different results for '~' on `bls12381`

Question

Different results for '~' on `bls12381`

Closed this issue 3 months ago · 1 comments

Hello,
When executing following minimized program with the bls12381 curve I get an unexpected output:

Circom Source

pragma circom 2.1.9;

include "mux1.circom";

template T() {

    component mux = Mux1();
    mux.c[0] <== 1;
    mux.c[1] <== 0;
    mux.s <== 0;

    log("mux.c[0] = ", mux.c[0]);
    log("mux.c[1] = ", mux.c[1]);
    log("mux.s    = ", mux.s);
    log("mux.out  = ", mux.out);

    log("(~ mux.out) = ", (~ mux.out));
    log("(~ 1)       = ", (~ 1));

}

component main = T();

Output

mux.c[0] =  1
mux.c[1] =  0
mux.s    =  0
mux.out  =  1
(~ mux.out) =  5460169443531907232337751996157988088944439832292644197125133304017983635453
(~ 1)       =  28948022309329048855892746252171976963317496166410141009864396001978282409982

Commands

> circom --r1cs --sym --wasm --c --json --prime bls12381 --O2 -l ./circomlib/circuits circuit.circom

> node circuit_js/generate_witness.js circuit_js/circuit.wasm input.json witness.js.wtns

When changing the curve from bls12381 to bn128 the error is gone and the output of (~ mux.out) and (~ 1) match.

Answer 1 · 2024-09-25T16:45:37.000Z

Resolved! The complement is now applied based on the bit length of the prime number. Additionally, the documentation has been updated, as it previously stated that the complement operation was always applied using 254 bits.