- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
Represents a member of the Grumpkin curve scalar field (i.e. BN254 base field). More...
#include <cycle_scalar.hpp>
Public Types | |
| enum class | SkipValidation { FLAG } |
| using | field_t = stdlib::field_t< Builder > |
| using | Curve = typename Builder::EmbeddedCurve |
| using | ScalarField = typename Curve::ScalarField |
| using | BigScalarField = stdlib::bigfield< Builder, typename ScalarField::Params > |
Public Member Functions | |
| cycle_scalar (const ScalarField &in=0) | |
| Construct a circuit-constant cycle scalar from a value in the Grumpkin scalar field. | |
| cycle_scalar (const field_t &lo, const field_t &hi) | |
| Construct a cycle_scalar from lo and hi field elements. | |
| cycle_scalar (BigScalarField &scalar) | |
| Construct a new cycle scalar from a bigfield scalar. | |
| bool | is_constant () const |
| ScalarField | get_value () const |
| Builder * | get_context () const |
| const field_t & | lo () const |
| const field_t & | hi () const |
| OriginTag | get_origin_tag () const |
| Get the origin tag of the cycle_scalar (a merge of the lo and hi tags) | |
| void | set_origin_tag (const OriginTag &tag) |
| Set the origin tag of lo and hi members of cycle scalar. | |
| void | set_free_witness_tag () |
| Set the free witness flag for the cycle scalar's tags. | |
| void | unset_free_witness_tag () |
| Unset the free witness flag for the cycle scalar's tags. | |
Static Public Member Functions | |
| static cycle_scalar | from_witness (Builder *context, const ScalarField &value) |
| Construct a cycle scalar from a witness value in the Grumpkin scalar field. | |
Static Public Attributes | |
| static constexpr size_t | NUM_BITS = ScalarField::modulus.get_msb() + 1 |
| static constexpr size_t | LO_BITS = field_t::native::Params::MAX_BITS_PER_ENDOMORPHISM_SCALAR |
| static constexpr size_t | HI_BITS = NUM_BITS - LO_BITS |
Private Member Functions | |
| cycle_scalar (const field_t &lo, const field_t &hi, SkipValidation flag) | |
| Private constructor that skips field validation (for internal use only) | |
| void | validate_scalar_is_in_field () const |
| Validates that the scalar (lo + hi * 2^LO_BITS) is less than the Grumpkin scalar field modulus. | |
Static Private Member Functions | |
| static std::pair< uint256_t, uint256_t > | decompose_into_lo_hi_u256 (const uint256_t &value) |
| Decompose a uint256_t value into lo and hi parts for cycle_scalar representation. | |
Private Attributes | |
| field_t | _lo |
| field_t | _hi |
Represents a member of the Grumpkin curve scalar field (i.e. BN254 base field).
The primary use for this class is scalar multiplication of points on the Grumpkin curve. For simplicity, class is hardcoded for 254-bit scalars
bigfield to represent cycle scalars is that bigfield is inefficient in this context. All required range checks for cycle_scalar can be obtained for free from the batch_mul algorithm, making the range checks performed by bigfield largely redundant.Definition at line 31 of file cycle_scalar.hpp.
| using bb::stdlib::cycle_scalar< Builder >::BigScalarField = stdlib::bigfield<Builder, typename ScalarField::Params> |
Definition at line 36 of file cycle_scalar.hpp.
| using bb::stdlib::cycle_scalar< Builder >::Curve = typename Builder::EmbeddedCurve |
Definition at line 34 of file cycle_scalar.hpp.
| using bb::stdlib::cycle_scalar< Builder >::field_t = stdlib::field_t<Builder> |
Definition at line 33 of file cycle_scalar.hpp.
| using bb::stdlib::cycle_scalar< Builder >::ScalarField = typename Curve::ScalarField |
Definition at line 35 of file cycle_scalar.hpp.
|
strong |
| Enumerator | |
|---|---|
| FLAG | |
Definition at line 46 of file cycle_scalar.hpp.
|
private |
Private constructor that skips field validation (for internal use only)
This constructor is used internally in contexts where validation has already been performed externally or where it is not required at all (e.g., 256-bit bitstrings).
| Builder |
| lo | Low LO_BITS of the scalar |
| hi | High HI_BITS of the scalar |
| flag | SkipValidation::FLAG explicitly indicates that validation should be skipped |
Definition at line 26 of file cycle_scalar.cpp.
| bb::stdlib::cycle_scalar< Builder >::cycle_scalar | ( | const ScalarField & | in = 0 | ) |
Construct a circuit-constant cycle scalar from a value in the Grumpkin scalar field.
| Builder |
| in |
Definition at line 59 of file cycle_scalar.cpp.
| bb::stdlib::cycle_scalar< Builder >::cycle_scalar | ( | const field_t & | lo, |
| const field_t & | hi | ||
| ) |
Construct a cycle_scalar from lo and hi field elements.
Standard public constructor. Validates that (lo + hi * 2^LO_BITS) is less than the Grumpkin scalar field modulus. Use this constructor when creating cycle_scalars from arbitrary field elements that may not have been previously validated.
| Builder |
| lo | Low LO_BITS of the scalar |
| hi | High HI_BITS of the scalar |
Definition at line 46 of file cycle_scalar.cpp.
|
explicit |
Construct a new cycle scalar from a bigfield scalar.
Construct the two cycle scalar limbs from the four limbs of a bigfield scalar as in the diagram below. Range constraints are applied as necessary to ensure the construction is unique:
BigScalarField (four 68-bit limbs): +-------—+-------—+-------—+-------—+ | limb0 | limb1 | limb2 | limb3 | +-------—+-------—+-------—+-------—+ | +-------—+-—+--—+-------—+-------—+ | limb0 | lo | hi | limb2 | limb3 | +-------—+-—+--—+-------—+-------—+ | +------------—+------------------------—+ | lo | hi | | (128 bits) | (126 bits) | +------------—|------------------------—+
The main steps of the algorithm are:
scalar.lo and scalar.hi are implicitly range-constrained to be respectively 128 and 126 bits when they are further decomposed into slices for the batch mul algorithm.| Builder |
| scalar | Note: passed by non-const reference since we may call self_reduce on it |
Definition at line 126 of file cycle_scalar.cpp.
|
inlinestaticprivate |
Decompose a uint256_t value into lo and hi parts for cycle_scalar representation.
| value | The value to decompose |
Definition at line 58 of file cycle_scalar.hpp.
|
static |
Construct a cycle scalar from a witness value in the Grumpkin scalar field.
Creates a cycle_scalar from a witness and validates it is in the Grumpkin scalar field.
validate_scalar_is_in_field.| Builder |
| context | |
| value |
Definition at line 78 of file cycle_scalar.cpp.
|
inline |
Definition at line 78 of file cycle_scalar.hpp.
|
inline |
Get the origin tag of the cycle_scalar (a merge of the lo and hi tags)
Definition at line 88 of file cycle_scalar.hpp.
| cycle_scalar< Builder >::ScalarField bb::stdlib::cycle_scalar< Builder >::get_value | ( | ) | const |
Definition at line 223 of file cycle_scalar.cpp.
|
inline |
Definition at line 81 of file cycle_scalar.hpp.
| bool bb::stdlib::cycle_scalar< Builder >::is_constant | ( | ) | const |
Definition at line 198 of file cycle_scalar.cpp.
|
inline |
Definition at line 80 of file cycle_scalar.hpp.
|
inline |
Set the free witness flag for the cycle scalar's tags.
Definition at line 102 of file cycle_scalar.hpp.
|
inline |
Set the origin tag of lo and hi members of cycle scalar.
| tag |
Definition at line 94 of file cycle_scalar.hpp.
|
inline |
Unset the free witness flag for the cycle scalar's tags.
Definition at line 110 of file cycle_scalar.hpp.
|
private |
Validates that the scalar (lo + hi * 2^LO_BITS) is less than the Grumpkin scalar field modulus.
Delegates to validate_split_in_field_unsafe, which uses a borrow-subtraction algorithm to check the inequality.
By design, these range constraints are not applied by this function. Instead, they are implicitly enforced when the cycle_scalar is used in scalar multiplication via batch_mul.
| Builder |
Definition at line 217 of file cycle_scalar.cpp.
|
private |
Definition at line 50 of file cycle_scalar.hpp.
|
private |
Definition at line 49 of file cycle_scalar.hpp.
|
staticconstexpr |
Definition at line 40 of file cycle_scalar.hpp.
|
staticconstexpr |
Definition at line 39 of file cycle_scalar.hpp.
|
staticconstexpr |
Definition at line 38 of file cycle_scalar.hpp.
1.9.8