Barretenberg: src/barretenberg/stdlib/primitives/group/cycle_scalar.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"

#include "barretenberg/stdlib/primitives/field/field.hpp"

#include "barretenberg/transcript/origin_tag.hpp"


namespace bb::stdlib {


// Forward declaration

template <typename Builder> class cycle_group;


template <typename Builder> class cycle_scalar {

  public:

    using field_t = stdlib::field_t<Builder>;

    using Curve = typename Builder::EmbeddedCurve;

    using ScalarField = typename Curve::ScalarField;

    using BigScalarField = stdlib::bigfield<Builder, typename ScalarField::Params>;


    static constexpr size_t NUM_BITS = ScalarField::modulus.get_msb() + 1; // equivalent for both bn254 and grumpkin

    static constexpr size_t LO_BITS = field_t::native::Params::MAX_BITS_PER_ENDOMORPHISM_SCALAR;

    static constexpr size_t HI_BITS = NUM_BITS - LO_BITS;


    // Enforce the architectural constraint that cycle_scalar is hardcoded for 254-bit scalars

    static_assert(NUM_BITS == 254);

    static_assert(LO_BITS == 128 && HI_BITS == 126);


    enum class SkipValidation { FLAG };


  private:

    field_t _lo; // LO_BITS of the scalar

    field_t _hi; // Remaining HI_BITS of the scalar


    static std::pair<uint256_t, uint256_t> decompose_into_lo_hi_u256(const uint256_t& value)

    {

        return { value.slice(0, LO_BITS), value.slice(LO_BITS, NUM_BITS) };

    }


    cycle_scalar(const field_t& lo, const field_t& hi, SkipValidation flag);


    void validate_scalar_is_in_field() const;


  public:

    cycle_scalar(const ScalarField& in = 0);

    cycle_scalar(const field_t& lo, const field_t& hi);

    static cycle_scalar from_witness(Builder* context, const ScalarField& value);

    explicit cycle_scalar(BigScalarField& scalar);


    [[nodiscard]] bool is_constant() const;

    ScalarField get_value() const;

    Builder* get_context() const { return _lo.get_context() != nullptr ? _lo.get_context() : _hi.get_context(); }


    const field_t& lo() const { return _lo; }

    const field_t& hi() const { return _hi; }


    OriginTag get_origin_tag() const { return OriginTag(_lo.get_origin_tag(), _hi.get_origin_tag()); }


    void set_origin_tag(const OriginTag& tag)

    {

        _lo.set_origin_tag(tag);

        _hi.set_origin_tag(tag);

    }


    void set_free_witness_tag()

    {

        _lo.set_free_witness_tag();

        _hi.set_free_witness_tag();

    }


    void unset_free_witness_tag()

    {

        _lo.unset_free_witness_tag();

        _hi.unset_free_witness_tag();

    }


};


} // namespace bb::stdlib

bigfield.hpp

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:59

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::stdlib::bigfield
Definition bigfield.hpp:21

bb::stdlib::cycle_scalar
Represents a member of the Grumpkin curve scalar field (i.e. BN254 base field).
Definition cycle_scalar.hpp:31

bb::stdlib::cycle_scalar::Curve
typename Builder::EmbeddedCurve Curve
Definition cycle_scalar.hpp:34

bb::stdlib::cycle_scalar::ScalarField
typename Curve::ScalarField ScalarField
Definition cycle_scalar.hpp:35

bb::stdlib::cycle_scalar::SkipValidation
SkipValidation
Definition cycle_scalar.hpp:46

bb::stdlib::cycle_scalar::SkipValidation::FLAG
@ FLAG

bb::stdlib::cycle_scalar::_hi
field_t _hi
Definition cycle_scalar.hpp:50

bb::stdlib::cycle_scalar::BigScalarField
stdlib::bigfield< Builder, typename ScalarField::Params > BigScalarField
Definition cycle_scalar.hpp:36

bb::stdlib::cycle_scalar::NUM_BITS
static constexpr size_t NUM_BITS
Definition cycle_scalar.hpp:38

bb::stdlib::cycle_scalar::_lo
field_t _lo
Definition cycle_scalar.hpp:49

bb::stdlib::cycle_scalar::hi
const field_t & hi() const
Definition cycle_scalar.hpp:81

bb::stdlib::cycle_scalar::get_value
ScalarField get_value() const
Definition cycle_scalar.cpp:223

bb::stdlib::cycle_scalar::lo
const field_t & lo() const
Definition cycle_scalar.hpp:80

bb::stdlib::cycle_scalar::decompose_into_lo_hi_u256
static std::pair< uint256_t, uint256_t > decompose_into_lo_hi_u256(const uint256_t &value)
Decompose a uint256_t value into lo and hi parts for cycle_scalar representation.
Definition cycle_scalar.hpp:58

bb::stdlib::cycle_scalar::from_witness
static cycle_scalar from_witness(Builder *context, const ScalarField &value)
Construct a cycle scalar from a witness value in the Grumpkin scalar field.
Definition cycle_scalar.cpp:78

bb::stdlib::cycle_scalar::LO_BITS
static constexpr size_t LO_BITS
Definition cycle_scalar.hpp:39

bb::stdlib::cycle_scalar::validate_scalar_is_in_field
void validate_scalar_is_in_field() const
Validates that the scalar (lo + hi * 2^LO_BITS) is less than the Grumpkin scalar field modulus.
Definition cycle_scalar.cpp:217

bb::stdlib::cycle_scalar::unset_free_witness_tag
void unset_free_witness_tag()
Unset the free witness flag for the cycle scalar's tags.
Definition cycle_scalar.hpp:110

bb::stdlib::cycle_scalar::get_context
Builder * get_context() const
Definition cycle_scalar.hpp:78

bb::stdlib::cycle_scalar::set_free_witness_tag
void set_free_witness_tag()
Set the free witness flag for the cycle scalar's tags.
Definition cycle_scalar.hpp:102

bb::stdlib::cycle_scalar::HI_BITS
static constexpr size_t HI_BITS
Definition cycle_scalar.hpp:40

bb::stdlib::cycle_scalar::get_origin_tag
OriginTag get_origin_tag() const
Get the origin tag of the cycle_scalar (a merge of the lo and hi tags)
Definition cycle_scalar.hpp:88

bb::stdlib::cycle_scalar::is_constant
bool is_constant() const
Definition cycle_scalar.cpp:198

bb::stdlib::cycle_scalar::set_origin_tag
void set_origin_tag(const OriginTag &tag)
Set the origin tag of lo and hi members of cycle scalar.
Definition cycle_scalar.hpp:94

bb::stdlib::field_t< Builder >

bb::stdlib::field_t::unset_free_witness_tag
void unset_free_witness_tag() const
Unset the free witness flag for the field element's tag.
Definition field.hpp:356

bb::stdlib::field_t::get_context
Builder * get_context() const
Definition field.hpp:419

bb::stdlib::field_t::get_origin_tag
OriginTag get_origin_tag() const
Definition field.hpp:346

bb::stdlib::field_t::set_free_witness_tag
void set_free_witness_tag()
Set the free witness flag for the field element's tag.
Definition field.hpp:351

bb::stdlib::field_t::set_origin_tag
void set_origin_tag(const OriginTag &new_tag) const
Definition field.hpp:345

AddressRefMutationOptions::tag
@ tag

context
StrictMock< MockContext > context
Definition data_copy.test.cpp:59

bb::stdlib
Definition graph_description_goblin.test.cpp:13

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

origin_tag.hpp
This file contains part of the logic for the Origin Tag mechanism that tracks the use of in-circuit p...

value
FF value
Definition public_data_tree.test.cpp:97

field.hpp

bb::OriginTag
Definition origin_tag.hpp:67