Enforce first four bits are zero for all spending keys and phi.

src/zcash/circuit/gadget.tcc

@@ -187,7 +187,7 @@ public:
     }
 
     void generate_r1cs_witness(
-        const uint256& phi,
+        const uint252& phi,
         const uint256& rt,
         const uint256& h_sig,
         const boost::array<JSInput, NumInputs>& inputs,
@@ -234,7 +234,7 @@ public:
         // Witness phi
         zk_phi->bits.fill_with_bits(
             this->pb,
-            trailing252(uint256_to_bool_vector(phi))
+            uint252_to_bool_vector(phi)
         );
 
         // Witness h_sig

src/zcash/circuit/note.tcc

@@ -131,7 +131,7 @@ public:
         // Witness a_sk for the input
         a_sk->bits.fill_with_bits(
             this->pb,
-            trailing252(uint256_to_bool_vector(key))
+            uint252_to_bool_vector(key)
         );
 
         // Witness a_pk for a_sk with PRF_addr

src/zcash/circuit/utils.tcc

@@ -1,3 +1,5 @@
+#include "uint252.h"
+
 template<typename FieldT>
 pb_variable_array<FieldT> from_bits(std::vector<bool> bits, pb_variable<FieldT>& ZERO) {
     pb_variable_array<FieldT> acc;
@@ -17,7 +19,8 @@ std::vector<bool> trailing252(std::vector<bool> input) {
     return std::vector<bool>(input.begin() + 4, input.end());
 }
 
-std::vector<bool> uint256_to_bool_vector(uint256 input) {
+template<typename T>
+std::vector<bool> to_bool_vector(T input) {
     std::vector<unsigned char> input_v(input.begin(), input.end());
     std::vector<bool> output_bv(256, 0);
     libzerocash::convertBytesVectorToVector(
@@ -28,6 +31,14 @@ std::vector<bool> uint256_to_bool_vector(uint256 input) {
     return output_bv;
 }
 
+std::vector<bool> uint256_to_bool_vector(uint256 input) {
+    return to_bool_vector(input);
+}
+
+std::vector<bool> uint252_to_bool_vector(uint252 input) {
+    return trailing252(to_bool_vector(input));
+}
+
 std::vector<bool> uint64_to_bool_vector(uint64_t input) {
     auto num_bv = convertIntToVectorLE(input);
     std::vector<bool> num_v(64, 0);