Barretenberg: src/barretenberg/dsl/acir_format/ec_operations.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: Completed, auditors: [Federico], date: 2025-11-03 }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#include "ec_operations.hpp"

#include "barretenberg/ecc/curves/bn254/fr.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/ecc/groups/affine_element.hpp"

#include "barretenberg/honk/execution_trace/gate_data.hpp"

#include "barretenberg/stdlib/primitives/group/cycle_group.hpp"


namespace acir_format {


template <typename Builder> void create_ec_add_constraint(Builder& builder, const EcAdd& input)

{

    using cycle_group_ct = bb::stdlib::cycle_group<Builder>;

    using field_ct = bb::stdlib::field_t<Builder>;

    using bool_ct = bb::stdlib::bool_t<Builder>;


    // Step 1.

    bool_ct predicate = bool_ct(to_field_ct(input.predicate, builder));


    field_ct input_result_x = field_ct::from_witness_index(&builder, input.result_x);

    field_ct input_result_y = field_ct::from_witness_index(&builder, input.result_y);

    bool_ct input_result_infinite = bool_ct(field_ct::from_witness_index(&builder, input.result_infinite));


    if (builder.is_write_vk_mode()) {

        builder.set_variable(input_result_x.get_witness_index(), bb::grumpkin::g1::affine_one.x);

        builder.set_variable(input_result_y.get_witness_index(), bb::grumpkin::g1::affine_one.y);

        builder.set_variable(input_result_infinite.get_witness_index(), bb::fr(0));

    }


    cycle_group_ct input1_point =

        to_grumpkin_point(input.input1_x, input.input1_y, input.input1_infinite, predicate, builder);

    cycle_group_ct input2_point =

        to_grumpkin_point(input.input2_x, input.input2_y, input.input2_infinite, predicate, builder);

    // Note that input_result is computed by Noir and passed to bb via ACIR. Hence, it is always a valid point on

    // Grumpkin.

    cycle_group_ct input_result(input_result_x, input_result_y, input_result_infinite, /*assert_on_curve=*/false);


    // Step 2.

    cycle_group_ct result = input1_point + input2_point;


    // The assert_equal method standardizes both points before comparing, so if either of them is the point at

    // infinity, the coordinates will be assigned to be (0,0). This is OK as long as Noir developers do not use the

    // coordinates of a point at infinity (otherwise input_result might be the point at infinity different from (0,

    // 0, true), and the fact that assert_equal passes doesn't imply anything for the original coordinates of

    // input_result).

    cycle_group_ct to_be_asserted_equal = cycle_group_ct::conditional_assign(predicate, input_result, result);

    result.assert_equal(to_be_asserted_equal);

}


template void create_ec_add_constraint<bb::UltraCircuitBuilder>(bb::UltraCircuitBuilder& builder, const EcAdd& input);

template void create_ec_add_constraint<bb::MegaCircuitBuilder>(bb::MegaCircuitBuilder& builder, const EcAdd& input);


} // namespace acir_format

affine_element.hpp

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19

bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:41

bb::group_elements::affine_element::x
Fq x
Definition affine_element.hpp:202

bb::group_elements::affine_element::y
Fq y
Definition affine_element.hpp:203

bb::group::affine_one
static constexpr affine_element affine_one
Definition group.hpp:48

bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:59

bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve, i.e....
Definition cycle_group.hpp:37

bb::stdlib::field_t< Builder >

bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:62

bb::stdlib::field_t::get_witness_index
uint32_t get_witness_index() const
Get the witness index of the current field element.
Definition field.hpp:506

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

cycle_group.hpp

ec_operations.hpp

grumpkin.hpp

fr.hpp

gate_data.hpp

acir_format
Definition acir_format.cpp:31

acir_format::create_ec_add_constraint< bb::UltraCircuitBuilder >
template void create_ec_add_constraint< bb::UltraCircuitBuilder >(bb::UltraCircuitBuilder &builder, const EcAdd &input)

acir_format::create_ec_add_constraint< bb::MegaCircuitBuilder >
template void create_ec_add_constraint< bb::MegaCircuitBuilder >(bb::MegaCircuitBuilder &builder, const EcAdd &input)

acir_format::to_grumpkin_point
bb::stdlib::cycle_group< Builder > to_grumpkin_point(const WitnessOrConstant< typename Builder::FF > &input_x, const WitnessOrConstant< typename Builder::FF > &input_y, const WitnessOrConstant< typename Builder::FF > &input_infinite, const bb::stdlib::bool_t< Builder > &predicate, Builder &builder)
Convert inputs representing a Grumpkin point into a cycle_group element.
Definition witness_constant.cpp:34

acir_format::create_ec_add_constraint
void create_ec_add_constraint(Builder &builder, const EcAdd &input)
Create constraints for addition of two points on the Grumpkin curve.
Definition ec_operations.cpp:38

acir_format::to_field_ct
bb::stdlib::field_t< Builder > to_field_ct(const WitnessOrConstant< typename Builder::FF > &input, Builder &builder)
Definition witness_constant.hpp:40

acir_format::EcAdd
Constraints for addition of two points on the Grumpkin curve.
Definition ec_operations.hpp:32

acir_format::EcAdd::result_infinite
uint32_t result_infinite
Definition ec_operations.hpp:45

acir_format::EcAdd::input1_y
WitnessOrConstant< bb::fr > input1_y
Definition ec_operations.hpp:34

acir_format::EcAdd::input1_infinite
WitnessOrConstant< bb::fr > input1_infinite
Definition ec_operations.hpp:35

acir_format::EcAdd::input2_y
WitnessOrConstant< bb::fr > input2_y
Definition ec_operations.hpp:37

acir_format::EcAdd::input2_infinite
WitnessOrConstant< bb::fr > input2_infinite
Definition ec_operations.hpp:38

acir_format::EcAdd::input1_x
WitnessOrConstant< bb::fr > input1_x
Definition ec_operations.hpp:33

acir_format::EcAdd::result_y
uint32_t result_y
Definition ec_operations.hpp:44

acir_format::EcAdd::input2_x
WitnessOrConstant< bb::fr > input2_x
Definition ec_operations.hpp:36

acir_format::EcAdd::predicate
WitnessOrConstant< bb::fr > predicate
Definition ec_operations.hpp:42

acir_format::EcAdd::result_x
uint32_t result_x
Definition ec_operations.hpp:43

bb::field< Bn254FrParams >