negate y conditionally.

AztecProtocol · Apr 19, 2023 · c6b1c4c · c6b1c4c
1 parent 3dddda9
commit c6b1c4c
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/cpp/src/barretenberg/ecc/groups/affine_element_impl.hpp b/cpp/src/barretenberg/ecc/groups/affine_element_impl.hpp
@@ -211,13 +211,21 @@ affine_element<Fq, Fr, T> affine_element<Fq, Fr, T>::random_element(numeric::ran
     Fq x;
     Fq y;
     while (!found_one) {
+        // Sample a random x-coordinate and check if it satisfies curve equation.
         x = Fq::random_element(engine);
         yy = x.sqr() * x + T::b;
         if constexpr (T::has_a) {
             yy += (x * T::a);
         }
         auto [found_root, y1] = yy.sqrt();
         y = y1;
+
+        // Negate the y-coordinate based on a randomly sampled bit.
+        bool random_bit = (engine->get_random_uint8() & 1);
+        if (random_bit) {
+            y = -y;
+        }
+
         found_one = found_root;
     }
     return affine_element<Fq, Fr, T>(x, y);