Bug: SRS BN254 G2 h is not in subgroup

Question

Closed this issue 5 months ago · 2 comments

This fails, due to the fact how verifier_srs is created.

    let actual: BN254G2Affine = srs.verifier_srs.h;
    assert!(actual.is_in_correct_subgroup_assuming_on_curve());

The issue is in point_of_random_bytes() most likely.

Answer 1 · 2024-06-13T17:31:30.000Z

Use mul_by_cofactor

Answer 2 · 2024-06-13T17:41:39.000Z

Solved in #2290