From 71c66408f5b2316ed2caf4730cc0b79769febad3 Mon Sep 17 00:00:00 2001
From: Jordi Baylina <jordi@baylina.cat>
Date: Tue, 5 Feb 2019 20:28:51 +0100
Subject: [PATCH] Fix CVE-2019-7167

---
 src/setup_original.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/setup_original.js b/src/setup_original.js
index 8da4ce7..2d145eb 100644
--- a/src/setup_original.js
+++ b/src/setup_original.js
@@ -189,8 +189,9 @@ function calculateEncriptedValuesAtT(setup, circuit) {
                 }
         */
 
-
-        setup.vk_proof.Ap[s] = G1.affine(G1.mulScalar(A, setup.toxic.ka));
+        if (s > setup.vk_proof.nPublic) {
+            setup.vk_proof.Ap[s] = G1.affine(G1.mulScalar(A, setup.toxic.ka));
+        }
         setup.vk_proof.Bp[s] = G1.affine(G1.mulScalar(B1, setup.toxic.kb));
         setup.vk_proof.Cp[s] = G1.affine(G1.mulScalar(C, setup.toxic.kc));
         setup.vk_proof.Kp[s] = G1.affine(G1.mulScalar(K, setup.toxic.kbeta));