fix: cycle_group validate_is_on_curve bug

barretenberg/cpp/src/barretenberg/join_split_example/proofs/join_split/join_split.test.cpp

@@ -707,7 +707,7 @@ TEST_F(join_split_tests, test_0_input_notes_and_detect_circuit_change)
     // The below part detects any changes in the join-split circuit
     constexpr uint32_t CIRCUIT_GATE_COUNT = 49492;
     constexpr uint32_t GATES_NEXT_POWER_OF_TWO = 65535;
-    const uint256_t VK_HASH("cc3b14fad5465fe9b8c714e8a5d79012b86a70f6e37dfc23054e6def7eb1770f");
+    const uint256_t VK_HASH("e253629a7f74dd33ac4288473df5fac928aae029cb8f5867bb413366b54c02ba");
 
     auto number_of_gates_js = result.number_of_gates;
     std::cout << get_verification_key()->sha256_hash() << std::endl;

barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.cpp

@@ -160,7 +160,8 @@ template <typename Composer> void cycle_group<Composer>::validate_is_on_curve()
     auto xx = x * x;
     auto xxx = xx * x;
     auto res = y.madd(y, -xxx - Group::curve_b);
-    res *= is_point_at_infinity();
+    res *= !is_point_at_infinity(); // if the point is marked as the point at infinity, then res should be 0, but
+                                    // otherwise, we leave res unchanged
     res.assert_is_zero();
 }
 

barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.test.cpp

@@ -48,6 +48,43 @@ template <class Builder> class CycleGroupTest : public ::testing::Test {
 using CircuitTypes = ::testing::Types<bb::StandardCircuitBuilder, bb::UltraCircuitBuilder>;
 TYPED_TEST_SUITE(CycleGroupTest, CircuitTypes);
 
+TYPED_TEST(CycleGroupTest, TestValidateOnCurveSucceed)
+{
+    STDLIB_TYPE_ALIASES;
+    auto builder = Builder();
+
+    auto lhs = TestFixture::generators[0];
+    cycle_group_ct a = cycle_group_ct::from_witness(&builder, lhs);
+    a.validate_is_on_curve();
+    EXPECT_FALSE(builder.failed());
+}
+
+TYPED_TEST(CycleGroupTest, TestValidateOnCurveInfinitySucceed)
+{
+    STDLIB_TYPE_ALIASES;
+    auto builder = Builder();
+
+    auto x = stdlib::field_t<Builder>::from_witness(&builder, 1);
+    auto y = stdlib::field_t<Builder>::from_witness(&builder, 1);
+
+    cycle_group_ct a(x, y, true);
+    a.validate_is_on_curve();
+    EXPECT_FALSE(builder.failed());
+}
+
+TYPED_TEST(CycleGroupTest, TestValidateOnCurveFail)
+{
+    STDLIB_TYPE_ALIASES;
+    auto builder = Builder();
+
+    auto x = stdlib::field_t<Builder>::from_witness(&builder, 1);
+    auto y = stdlib::field_t<Builder>::from_witness(&builder, 1);
+
+    cycle_group_ct a(x, y, false);
+    a.validate_is_on_curve();
+    EXPECT_TRUE(builder.failed());
+}
+
 TYPED_TEST(CycleGroupTest, TestDbl)
 {
     STDLIB_TYPE_ALIASES;
@@ -436,8 +473,8 @@ TYPED_TEST(CycleGroupTest, TestBatchMul)
         EXPECT_TRUE(result.is_point_at_infinity().get_value());
     }
 
-    // case 5, fixed-base MSM with inputs that are combinations of constant and witnesses (group elements are in lookup
-    // table)
+    // case 5, fixed-base MSM with inputs that are combinations of constant and witnesses (group elements are in
+    // lookup table)
     {
         std::vector<cycle_group_ct> points;
         std::vector<typename cycle_group_ct::cycle_scalar> scalars;
@@ -465,8 +502,8 @@ TYPED_TEST(CycleGroupTest, TestBatchMul)
         EXPECT_EQ(result.get_value(), crypto::pedersen_commitment::commit_native(scalars_native));
     }
 
-    // case 6, fixed-base MSM with inputs that are combinations of constant and witnesses (some group elements are in
-    // lookup table)
+    // case 6, fixed-base MSM with inputs that are combinations of constant and witnesses (some group elements are
+    // in lookup table)
     {
         std::vector<cycle_group_ct> points;
         std::vector<typename cycle_group_ct::cycle_scalar> scalars;