finding 8: make is_zero constant-time.

Author: suyash67

barretenberg/cpp/src/barretenberg/ecc/fields/field_impl.hpp

@@ -752,8 +752,13 @@ template <class T> constexpr uint64_t field<T>::is_msb_set_word() const noexcept
 
 template <class T> constexpr bool field<T>::is_zero() const noexcept
 {
-    return ((data[0] | data[1] | data[2] | data[3]) == 0) ||
-           (data[0] == T::modulus_0 && data[1] == T::modulus_1 && data[2] == T::modulus_2 && data[3] == T::modulus_3);
+    // Use bitwise OR (not || or && operator) so neither chain short-circuits: the running time must not depend on
+    // whether the value is zero, on which limb of the modulus first matches/diverges, or on which form
+    // (raw 0 vs the modulus) is being tested.
+    const uint64_t raw_zero = data[0] | data[1] | data[2] | data[3];
+    const uint64_t mod_zero =
+        (data[0] ^ T::modulus_0) | (data[1] ^ T::modulus_1) | (data[2] ^ T::modulus_2) | (data[3] ^ T::modulus_3);
+    return static_cast<bool>(static_cast<uint64_t>(raw_zero == 0) | static_cast<uint64_t>(mod_zero == 0));
 }
 
 template <class T> constexpr field<T> field<T>::get_root_of_unity(size_t subgroup_size) noexcept

barretenberg/cpp/src/barretenberg/ecc/fields/prime_field.test.cpp

@@ -117,6 +117,20 @@ TYPED_TEST(PrimeFieldTest, CompileTimeEquality)
     static_assert(!(a == f));
 }
 
+TYPED_TEST(PrimeFieldTest, IsZeroOnModulusForm)
+{
+    using F = TypeParam;
+
+    F modulus_form{ F::modulus.data[0], F::modulus.data[1], F::modulus.data[2], F::modulus.data[3] };
+    EXPECT_TRUE(modulus_form.is_zero());
+
+    F prefix_match{ F::modulus.data[0], F::modulus.data[1], F::modulus.data[2], F::modulus.data[3] - 1 };
+    EXPECT_FALSE(prefix_match.is_zero());
+
+    F first_limb_only{ F::modulus.data[0], 0, 0, 0 };
+    EXPECT_FALSE(first_limb_only.is_zero());
+}
+
 TYPED_TEST(PrimeFieldTest, CompileTimeSmallAddSubMul)
 {
     using F = TypeParam;