From a81a76da3b12e81045725bf30642e4d555f45e93 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Sat, 2 Jul 2022 14:08:04 -0400
Subject: [PATCH] Ensure multiexp never uses a zero-weight in its batch
 verifier

---
 crypto/multiexp/src/batch.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/multiexp/src/batch.rs b/crypto/multiexp/src/batch.rs
index 5b5d65fb..81765563 100644
--- a/crypto/multiexp/src/batch.rs
+++ b/crypto/multiexp/src/batch.rs
@@ -22,7 +22,12 @@ impl<Id: Copy, G: Group> BatchVerifier<Id, G> where <G as Group>::Scalar: PrimeF
     let u = if self.0.len() == 0 {
       G::Scalar::one()
     } else {
-      G::Scalar::random(rng)
+      let mut weight = G::Scalar::random(&mut *rng);
+      // Ensure it's non-zero, as a zero scalar would cause this item to pass no matter what
+      while weight.is_zero().into() {
+        weight = G::Scalar::random(&mut *rng);
+      }
+      weight
     };
     self.0.push((id, pairs.into_iter().map(|(scalar, point)| (scalar * u, point)).collect()));
   }