do not skip subgroup checks

Author: prajwolrg

adapters/sp1/groth16-verifier/src/types/g1.rs

@@ -149,10 +149,7 @@ pub(crate) fn uncompressed_bytes_to_affine_g1(buf: &[u8]) -> Result<AffineG1, Er
     let x = Fq::from_slice(x_bytes).map_err(Error::Field)?;
     let y = Fq::from_slice(y_bytes).map_err(Error::Field)?;
 
-    // REVIEW: This avoids the subcheck group by assuming X and Y are valid, reducing cycle counts.
-    // If they are invalid the proof verification fails
-    let g1 = G1::new(x, y, Fq::one());
-    AffineG1::from_jacobian(g1).ok_or(Error::InvalidPoint)
+    AffineG1::new(x, y).map_err(Error::Group)
 }
 
 /// Given an Fq element `x`, compute both possible y‐coordinates on the BN254 curve:

adapters/sp1/groth16-verifier/src/types/g2.rs

@@ -187,10 +187,7 @@ pub(crate) fn uncompressed_bytes_to_affine_g2(buf: &[u8]) -> Result<AffineG2, Er
     let x = Fq2::new(x0, x1);
     let y = Fq2::new(y0, y1);
 
-    // REVIEW: This avoids the subcheck group by assuming X and Y are valid, reducing cycle counts.
-    // If they are invalid the proof verification fails
-    let g2 = G2::new(x, y, Fq2::one());
-    AffineG2::from_jacobian(g2).ok_or(Error::InvalidPoint)
+    AffineG2::new(x, y).map_err(Error::Group)
 }
 
 /// Given an Fq2 element `x`, compute both possible y‐coordinates on the BN254 curve: