Enforce mul_by_inverse (#70)

* proposal to fix mul_by_inverse * update CHANGELOG * rollback to a secure impl * update changelog
2026-01-23 12:13:48 +01:00 · 2021-07-06 02:39:48 -07:00
parent 1ad210462c
commit 47ddbaa411
3 changed files with 84 additions and 12 deletions
--- a/src/fields/mod.rs
+++ b/src/fields/mod.rs
@@ -155,15 +155,10 @@ pub trait FieldVar<F: Field, ConstraintF: Field>:
    /// Computes `result` such that `self * result == Self::one()`.
    fn inverse(&self) -> Result<Self, SynthesisError>;

-    /// Returns `(self / d)`. but requires fewer constraints than `self * d.inverse()`.
-    /// It is up to the caller to ensure that `d` is non-zero,
-    /// since in that case the result is unconstrained.
+    /// Returns `(self / d)`.
+    /// The constraint system will be unsatisfiable when `d = 0`.
    fn mul_by_inverse(&self, d: &Self) -> Result<Self, SynthesisError> {
-        let d_inv = if self.is_constant() || d.is_constant() {
-            d.inverse()?
-        } else {
-            Self::new_witness(self.cs(), || Ok(d.value()?.inverse().unwrap_or(F::zero())))?
-        };
+        let d_inv = d.inverse()?;
        Ok(d_inv * self)
    }