From 634d7fa21c66b6642c459645c1d61f8c088b3aad Mon Sep 17 00:00:00 2001
From: Michael Straka <mstraka100@gmail.com>
Date: Fri, 4 Oct 2024 16:09:09 -0500
Subject: [PATCH] Make extra sure final byte of s and r is 0

---
 src/groth16.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/groth16.cpp b/src/groth16.cpp
index 8596487..4dfb86f 100644
--- a/src/groth16.cpp
+++ b/src/groth16.cpp
@@ -291,11 +291,15 @@ Prover<Engine>::prove(typename Engine::FrElement* wtns)
     E.fr.copy(r, E.fr.zero());
     E.fr.copy(s, E.fr.zero());
 
-    // FIlling in the last byte here with a non-zero value causes a small amount of proofs to fail,
+    // Filling in the last byte here with a non-zero value causes a small amount of proofs to fail,
     // possibly due to overflowing the field modulus
     randombytes_buf((void*)&(r.v[0]), sizeof(r) - 1);
     randombytes_buf((void*)&(s.v[0]), sizeof(s) - 1);
 
+    // Make extra sure the final byte is 0
+    reinterpret_cast<char*>(&r)[sizeof(r) - 1] = 0;
+    reinterpret_cast<char*>(&s)[sizeof(s) - 1] = 0;
+
 #    ifndef DONT_USE_FUTURES
     pA_future.get();
     pB1_future.get();