properly constrain

jialinli98 · jialinli98 · commit c5b2a8a8ddd7 · 2025-07-23T10:03:25.000-07:00
diff --git a/src/curve_jac.nr b/src/curve_jac.nr
@@ -662,17 +662,16 @@ where
         mut points: [Self; Size],
         mut scalars: [ScalarField<NScalarSlices>; Size],
     ) -> (Self, [AffineTranscript<B>; NScalarSlices * Size + NScalarSlices * 4 + Size * 9 - 3]) {
-        let mut (accumulator, transcript)
-            : (Self, [JTranscript<B>; NScalarSlices * Size + NScalarSlices * 4 + Size * 9 - 3]) =
-                CurveJ::msm_partial(points, scalars);
-            let op = accumulator.sub(CurveJ::offset_generator_final());
-            transcript[73 * Size + 252] = op.1;
-            accumulator = op.0;
-            let affine_transcript: [AffineTranscript<B>; NScalarSlices * Size + NScalarSlices * 4 + Size * 9 - 3] =
-                AffineTranscript::from_jacobian_transcript(transcript);
+        let mut (accumulator, transcript): (Self, [JTranscript<B>; NScalarSlices * Size + NScalarSlices * 4 + Size * 9 - 3]) =
+            CurveJ::msm_partial(points, scalars);
+        let op = accumulator.sub(CurveJ::offset_generator_final());
+        transcript[73 * Size + 252] = op.1;
+        accumulator = op.0;
+        let affine_transcript: [AffineTranscript<B>; NScalarSlices * Size + NScalarSlices * 4 + Size * 9 - 3] =
+            AffineTranscript::from_jacobian_transcript(transcript);
 
-            (accumulator, affine_transcript)
-        }
+        (accumulator, affine_transcript)
+    }
 
     pub(crate) unconstrained fn compute_linear_expression_transcript<let NScalarSlices: u32, let NMuls: u32, let NAdds: u32>(
         mut mul_points: [Curve; NMuls],
@@ -688,23 +687,22 @@ where
             add_j[i] = CurveJ::from(add_points[i]);
         }
 
-        let mut (accumulator, transcript)
-            : (Self, [JTranscript<B>; NScalarSlices * NMuls + NScalarSlices * 4 + NMuls * 9 + NAdds - 3]) =
-                CurveJ::msm_partial(mul_j, scalars);
-            let mut transcript_ptr: u32 = NScalarSlices * NMuls + NScalarSlices * 4 + NMuls * 9 - 4;
-            for i in 0..NAdds {
-                let op = accumulator.conditional_incomplete_add(add_j[i], !add_j[i].is_infinity);
-                transcript[transcript_ptr] = op.1;
-                accumulator = op.0;
-                transcript_ptr += 1;
-            }
-
-            let op = accumulator.sub(CurveJ::offset_generator_final());
+        let mut (accumulator, transcript): (Self, [JTranscript<B>; NScalarSlices * NMuls + NScalarSlices * 4 + NMuls * 9 + NAdds - 3]) =
+            CurveJ::msm_partial(mul_j, scalars);
+        let mut transcript_ptr: u32 = NScalarSlices * NMuls + NScalarSlices * 4 + NMuls * 9 - 4;
+        for i in 0..NAdds {
+            let op = accumulator.conditional_incomplete_add(add_j[i], !add_j[i].is_infinity);
             transcript[transcript_ptr] = op.1;
             accumulator = op.0;
-            let affine_transcript: [AffineTranscript<B>; NScalarSlices * NMuls + NScalarSlices * 4 + NMuls * 9 + NAdds - 3] =
-                AffineTranscript::from_jacobian_transcript(transcript);
-
-            (accumulator, affine_transcript)
+            transcript_ptr += 1;
         }
+
+        let op = accumulator.sub(CurveJ::offset_generator_final());
+        transcript[transcript_ptr] = op.1;
+        accumulator = op.0;
+        let affine_transcript: [AffineTranscript<B>; NScalarSlices * NMuls + NScalarSlices * 4 + NMuls * 9 + NAdds - 3] =
+            AffineTranscript::from_jacobian_transcript(transcript);
+
+        (accumulator, affine_transcript)
+    }
 }
diff --git a/src/scalar_field.nr b/src/scalar_field.nr
@@ -77,7 +77,7 @@ where
     ScalarField { base4_slices, skew }
 }
 
-unconstrained fn get_modulus_slices<let N: u32>() -> [u8; N] {
+fn get_modulus_slices<let N: u32>() -> [u8; N] {
     let mut expected_slices: [u8; N] = [0; N];
 
     if N == 64 {
@@ -117,7 +117,7 @@ unconstrained fn get_modulus_slices<let N: u32>() -> [u8; N] {
     expected_slices
 }
 
-unconstrained fn compare_scalar_field_to_bignum<let N: u32>(result: ScalarField<N>) {
+fn compare_scalar_field_to_bignum<let N: u32>(result: ScalarField<N>) {
     let expected_slices: [u8; N] = get_modulus_slices::<N>();
 
     // Lexicographic comparison: stop when we find a strictly smaller number
@@ -142,7 +142,7 @@ impl<let N: u32> std::convert::From<Field> for ScalarField<N> {
     fn from(input: Field) -> Self {
         let result = unsafe { get_wnaf_slices(input) };
 
-        if std::runtime::is_unconstrained() {
+        if !std::runtime::is_unconstrained() {
             // Enforce that limbs are all 4 bits.
             for i in 0..N {
                 (result.base4_slices[i] as Field).assert_max_bit_size::<4>();
@@ -151,9 +151,9 @@ impl<let N: u32> std::convert::From<Field> for ScalarField<N> {
             // Enforce consistency with `input`.
             let reconstructed_input: Field = result.into();
             assert_eq(reconstructed_input, input);
-        }
-        if N >= 64 {
-            unsafe { compare_scalar_field_to_bignum(result) };
+            if N >= 64 {
+                compare_scalar_field_to_bignum(result);
+            }
         }
         result
     }
