Is this correct? it seems like a placeholder but ge == ge is always true, should it not ensure r * ge == 0? I found BLS12-377 G2, proof.b inside the recursive circuit using proof vars will not have proper prime-order/subgroup checks as it falls in this path.
I think the fix it literally:
} else {
ge.negate()?.enforce_equal(&result)?;
Ok(ge)
}
Is this correct? it seems like a placeholder but ge == ge is always true, should it not ensure r * ge == 0? I found BLS12-377 G2, proof.b inside the recursive circuit using proof vars will not have proper prime-order/subgroup checks as it falls in this path.
r1cs-std/src/groups/curves/short_weierstrass/mod.rs
Line 903 in 3b12258
I think the fix it literally: