Serialization of GroupAffine

[debris]

Version:

latest master

---

Overview:

I stumbled upon a problem while using zexe CanonDeserialization for bls12_381::G1Affine.

---

Details:

I have an existing code which utilizes zkcrypto/pairing library.

That code reads a 96 bytes long uncompressed G1Affine:

0x0db882cf5db3e8567f16b4db1772d4d1f5a3fe8d62f0df2eb8a5cfa50806702afde8fc25335eb5ec859c2818b2610b2e19ab445dac720bb1f2b0cd3336f7a1acc62bf1b3a321826264dc7e469281e23b218394d598689da04e136878ff9a7897

by calling pairing::bls12_381::G1Uncompressed(data).into_affine()

I expected algebra::CanonDeserialization::deserialize to correctly read this data as well, but it does not work.

I also tried reading compressed G1Affine, but it also does not work.

---

Questions:

• Is it a bug or is the serialization format different in zexe? If it's different, is it documented somewhere?
• I'm using zexe for zcash sapling verification in no-std environments. debris/zexe-sapling. For now I added pairing-like deserialization there, but it would be nice if it was supported out of the box in zexe.

[paberr]

Questions:

• Is it a bug or is the serialization format different in zexe? If it's different, is it documented somewhere?

Maybe, to quickly answer this part of the questions: Yes, the serialization format is different. zkcrypto uses a distinguisher bit, which zexe doesn't have.

[Pratyush]

A solution for the interim is to make a separate deserialize_zk_crypto function which deserializes from the format used by zkcrypto.

[Pratyush]

This is fixed now with #129