[Zenith] H-3 Missing group validation for the input points of Groth16 circuit #60
Description
In groth16_verify and groth16_verify_compressed, there's no validations on whether the
input points are in the correct prime-order subgroup. Coupling with #1 that is used in
groth16_verify_compressed , invalid points can be used in the Groth16 verification that
may break the paring computation and allow attackers to forge a Groth16 proof.