diff --git a/circuit/types/field/src/square_root.rs b/circuit/types/field/src/square_root.rs index 56dbef4623..27dd44f9dd 100644 --- a/circuit/types/field/src/square_root.rs +++ b/circuit/types/field/src/square_root.rs @@ -80,7 +80,7 @@ impl Field { /// This nondeterminism saves constraints, but generally this circuit should be only used /// as part of larger circuits for which the nondeterminism in the order of the two roots does not matter, /// and where the larger circuits represent deterministic computations despite this internal nondeterminism. - pub fn square_roots_flagged_nondeterministic(&self) -> (Boolean, Self, Self) { + pub fn square_roots_flagged_nondeterministic(&self) -> (Self, Self, Boolean) { // Obtain (p-1)/2, as a constant field element. let modulus_minus_one_div_two = match E::BaseField::from_bigint(E::BaseField::modulus_minus_one_div_two()) { Some(modulus_minus_one_div_two) => Field::constant(console::Field::new(modulus_minus_one_div_two)), @@ -122,7 +122,7 @@ impl Field { let is_nonzero = !self.is_zero(); let error_flag = is_nonzero.bitand(is_nonzero_square.not()); - (error_flag, first_root, second_root) + (first_root, second_root, error_flag) } } @@ -220,7 +220,7 @@ mod tests { // Compute square roots and error flag in circuit-land. let input = Field::::new(mode, given); Circuit::scope(name, || { - let (candidate_error_flag, candidate_first_root, candidate_second_root) = + let (candidate_first_root, candidate_second_root, candidate_error_flag) = input.square_roots_flagged_nondeterministic(); // Although the order of the roots is unspecified in the circuit, // the witness values are in a fixed order (first positive, then negative). diff --git a/circuit/types/group/src/helpers/from_x_coordinate.rs b/circuit/types/group/src/helpers/from_x_coordinate.rs index e6e4245f32..c2093d3d83 100644 --- a/circuit/types/group/src/helpers/from_x_coordinate.rs +++ b/circuit/types/group/src/helpers/from_x_coordinate.rs @@ -51,7 +51,7 @@ impl Group { // Compute both square roots of y^2, in no specified order, with a flag saying whether y^2 is a square or not. // That is, finish solving the curve equation for y. // If the x-coordinate line does not intersect the elliptic curve, this returns (1, 0, 0). - let (yy_is_not_square, y1, y2) = yy.square_roots_flagged_nondeterministic(); + let (y1, y2, yy_is_not_square) = yy.square_roots_flagged_nondeterministic(); // Form the two points, which are on the curve if yy_is_not_square is false. // Note that the Group type is not restricted to the points in the subgroup or even on the curve;