ff_derive: Revert to_mont usage for R^2

R^2 is a specific constant, not R in Montgomery form.
zkcrypto · Nov 25, 2022 · 286e908 · 286e908
1 parent e49e069
commit 286e908
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ff_derive/src/lib.rs b/ff_derive/src/lib.rs
@@ -590,7 +590,7 @@ fn prime_field_constants_and_sqrt(
         };
 
     // Compute R^2 mod m
-    let r2 = biguint_to_u64_vec(to_mont(r.clone()), limbs);
+    let r2 = biguint_to_u64_vec((&r * &r) % modulus, limbs);
 
     let r = biguint_to_u64_vec(r, limbs);
     let modulus_le_bytes = ReprEndianness::Little.modulus_repr(modulus, limbs * 8);