Issue

The template EscalarMulFix contains a typo that prevents it from being initialized with bit scalars of sizes $b \in [247, 248, 249]$. This occurs due to the following code snippet (cited from this repository at escalarmulfix.circom):

 var nsegments = (n-1)\246 +1;       // 249 probably would work. But I'm not sure and for security I keep 246
 var nlastsegment = n - (nsegments-1)*249;

nsegments is defined with a segment length of 246, but later in the code (in the next line and elsewhere in the implementation), a length of 249 is used. This inconsistency leads to compiler errors when using lengths $247-249$.

You can see the compiler error at this ZKRepl.

Solution

Fix the typo and ensure consistency in the segment size (i.e., use 246 everywhere).

Side Notes

In general, the segment size is not consistent throughout the library. The babyjubjub design doc states that for scalar-point multiplication, the scalar should be split into chunks of 248 bits. The EscalarMulFix uses an incorrect bit size as described in this issue. The EscalarMulAny uses a segment size of 148, as seen here. This does not appear to cause any problems as far as I can tell.