Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
secp256k1.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8
9#include "../../fields/field.hpp"
10#include "../../groups/group.hpp"
11#include "../types.hpp"
12
13// NOLINTBEGIN(cppcoreguidelines-avoid-c-arrays)
14
15namespace bb::secp256k1 {
16struct FqParams {
17 // There is a helper script in ecc/fields/parameter_helper.py that can be used to extract these parameters from the
18 // source code
19
20 // A little-endian representation of the modulus split into 4 64-bit words
21 static constexpr uint64_t modulus_0 = 0xFFFFFFFEFFFFFC2FULL;
22 static constexpr uint64_t modulus_1 = 0xFFFFFFFFFFFFFFFFULL;
23 static constexpr uint64_t modulus_2 = 0xFFFFFFFFFFFFFFFFULL;
24 static constexpr uint64_t modulus_3 = 0xFFFFFFFFFFFFFFFFULL;
25
26 // A little-endian representation of R^2 modulo the modulus (R=2^256 mod modulus) split into 4 64-bit words
27 static constexpr uint64_t r_squared_0 = 8392367050913ULL;
28 static constexpr uint64_t r_squared_1 = 1;
29 static constexpr uint64_t r_squared_2 = 0;
30 static constexpr uint64_t r_squared_3 = 0;
31
32 // Coset generators in Montgomery form for R=2^256 mod Modulus. Used in FFT-based proving systems
33 static constexpr uint64_t coset_generators_0[8]{
34 0x300000b73ULL, 0x400000f44ULL, 0x500001315ULL, 0x6000016e6ULL,
35 0x700001ab7ULL, 0x800001e88ULL, 0x900002259ULL, 0xa0000262aULL,
36 };
37 static constexpr uint64_t coset_generators_1[8]{
38 0, 0, 0, 0, 0, 0, 0, 0,
39 };
40 static constexpr uint64_t coset_generators_2[8]{
41 0, 0, 0, 0, 0, 0, 0, 0,
42 };
43 static constexpr uint64_t coset_generators_3[8]{
44 0, 0, 0, 0, 0, 0, 0, 0,
45 };
46
47 // -(Modulus^-1) mod 2^64
48 // This is used to compute k = r_inv * lower_limb(scalar), such that scalar + k*modulus in integers would have 0 in
49 // the lowest limb By performing this sequentially for 4 limbs, we get an 8-limb representation of the scalar, where
50 // the lowest 4 limbs are zeros. Then we can immediately divide by 2^256 by simply getting rid of the lowest 4 limbs
51 static constexpr uint64_t r_inv = 15580212934572586289ULL;
52
53 // 2^(-64) mod Modulus
54 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
55 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
56 // This saves us from having to compute k
57 static constexpr uint64_t r_inv_0 = 0xffffffff27c7f3a9UL;
58 static constexpr uint64_t r_inv_1 = 0xffffffffffffffffUL;
59 static constexpr uint64_t r_inv_2 = 0xffffffffffffffffUL;
60 static constexpr uint64_t r_inv_3 = 0xd838091dd2253530UL;
61
62 // 2^(-29) mod Modulus
63 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
64 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 10 limbs.
65 // This saves us from having to compute k
66 static constexpr uint64_t r_inv_wasm_0 = 0xed6544e;
67 static constexpr uint64_t r_inv_wasm_1 = 0x1ffffffb;
68 static constexpr uint64_t r_inv_wasm_2 = 0x1fffffff;
69 static constexpr uint64_t r_inv_wasm_3 = 0x1fffffff;
70 static constexpr uint64_t r_inv_wasm_4 = 0x1fffffff;
71 static constexpr uint64_t r_inv_wasm_5 = 0x1fffffff;
72 static constexpr uint64_t r_inv_wasm_6 = 0x1fffffff;
73 static constexpr uint64_t r_inv_wasm_7 = 0x10ffffff;
74 static constexpr uint64_t r_inv_wasm_8 = 0x9129a9;
75
76 // A little-endian representation of the cubic root of 1 in Fq in Montgomery form split into 4 64-bit words
77 static constexpr uint64_t cube_root_0 = 0x58a4361c8e81894eULL;
78 static constexpr uint64_t cube_root_1 = 0x03fde1631c4b80afULL;
79 static constexpr uint64_t cube_root_2 = 0xf8e98978d02e3905ULL;
80 static constexpr uint64_t cube_root_3 = 0x7a4a36aebcbb3d53ULL;
81
82 // Not used for secp256k1
83 static constexpr uint64_t primitive_root_0 = 0UL;
84 static constexpr uint64_t primitive_root_1 = 0UL;
85 static constexpr uint64_t primitive_root_2 = 0UL;
86 static constexpr uint64_t primitive_root_3 = 0UL;
87
88 // A little-endian representation of the modulus split into 9 29-bit limbs
89 // This is used in wasm because we can only do multiplication with 64-bit result instead of 128-bit like in x86_64
90 static constexpr uint64_t modulus_wasm_0 = 0x1ffffc2f;
91 static constexpr uint64_t modulus_wasm_1 = 0x1ffffff7;
92 static constexpr uint64_t modulus_wasm_2 = 0x1fffffff;
93 static constexpr uint64_t modulus_wasm_3 = 0x1fffffff;
94 static constexpr uint64_t modulus_wasm_4 = 0x1fffffff;
95 static constexpr uint64_t modulus_wasm_5 = 0x1fffffff;
96 static constexpr uint64_t modulus_wasm_6 = 0x1fffffff;
97 static constexpr uint64_t modulus_wasm_7 = 0x1fffffff;
98 static constexpr uint64_t modulus_wasm_8 = 0xffffff;
99
100 // A little-endian representation of R^2 modulo the modulus (R=2^261 mod modulus) split into 4 64-bit words
101 // We use 2^261 in wasm, because 261=29*9, the 9 29-bit limbs used for arithmetic in
102 static constexpr uint64_t r_squared_wasm_0 = 0x001e88003a428400UL;
103 static constexpr uint64_t r_squared_wasm_1 = 0x0000000000000400UL;
104 static constexpr uint64_t r_squared_wasm_2 = 0x0000000000000000UL;
105 static constexpr uint64_t r_squared_wasm_3 = 0x0000000000000000UL;
106
107 // A little-endian representation of the cube root of 1 in Fq in Montgomery form for wasm (R=2^261 mod modulus)
108 // split into 4 64-bit words
109 static constexpr uint64_t cube_root_wasm_0 = 0x1486c3a0d03162ffUL;
110 static constexpr uint64_t cube_root_wasm_1 = 0x7fbc2c63897015ebUL;
111 static constexpr uint64_t cube_root_wasm_2 = 0x1d312f1a05c720a0UL;
112 static constexpr uint64_t cube_root_wasm_3 = 0x4946d5d79767aa7fUL;
113
114 // Not used in secp256k1, since this is not for proving systems
115 static constexpr uint64_t primitive_root_wasm_0 = 0x0000000000000000UL;
116 static constexpr uint64_t primitive_root_wasm_1 = 0x0000000000000000UL;
117 static constexpr uint64_t primitive_root_wasm_2 = 0x0000000000000000UL;
118 static constexpr uint64_t primitive_root_wasm_3 = 0x0000000000000000UL;
119
120 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
121 // them here
122 static constexpr uint64_t coset_generators_wasm_0[8] = { 0x0000006000016e60ULL, 0x000000800001e880ULL,
123 0x000000a0000262a0ULL, 0x000000c00002dcc0ULL,
124 0x000000e0000356e0ULL, 0x000001000003d100ULL,
125 0x0000012000044b20ULL, 0x000001400004c540ULL };
126 static constexpr uint64_t coset_generators_wasm_1[8] = { 0x0000000000000000ULL, 0x0000000000000000ULL,
127 0x0000000000000000ULL, 0x0000000000000000ULL,
128 0x0000000000000000ULL, 0x0000000000000000ULL,
129 0x0000000000000000ULL, 0x0000000000000000ULL };
130 static constexpr uint64_t coset_generators_wasm_2[8] = { 0x0000000000000000ULL, 0x0000000000000000ULL,
131 0x0000000000000000ULL, 0x0000000000000000ULL,
132 0x0000000000000000ULL, 0x0000000000000000ULL,
133 0x0000000000000000ULL, 0x0000000000000000ULL };
134 static constexpr uint64_t coset_generators_wasm_3[8] = { 0x0000000000000000ULL, 0x0000000000000000ULL,
135 0x0000000000000000ULL, 0x0000000000000000ULL,
136 0x0000000000000000ULL, 0x0000000000000000ULL,
137 0x0000000000000000ULL, 0x0000000000000000ULL };
138
139 // For consistency with bb::fq, if we ever represent an element of bb::secp256k1::fq in the public inputs, we do so
140 // as a bigfield element, so with 4 public inputs
141 static constexpr size_t PUBLIC_INPUTS_SIZE = BIGFIELD_PUBLIC_INPUTS_SIZE;
142
143 static constexpr char schema_name[] = "secp256k1_fq";
144};
145using fq = field<FqParams>;
146
147struct FrParams {
148
149 // A little-endian representation of the modulus split into 4 64-bit words
150 static constexpr uint64_t modulus_0 = 0xBFD25E8CD0364141ULL;
151 static constexpr uint64_t modulus_1 = 0xBAAEDCE6AF48A03BULL;
152 static constexpr uint64_t modulus_2 = 0xFFFFFFFFFFFFFFFEULL;
153 static constexpr uint64_t modulus_3 = 0xFFFFFFFFFFFFFFFFULL;
154
155 // A little-endian representation of R^2 modulo the modulus (R=2^256 mod modulus) split into 4 64-bit words
156 static constexpr uint64_t r_squared_0 = 9902555850136342848ULL;
157 static constexpr uint64_t r_squared_1 = 8364476168144746616ULL;
158 static constexpr uint64_t r_squared_2 = 16616019711348246470ULL;
159 static constexpr uint64_t r_squared_3 = 11342065889886772165ULL;
160
161 // -(Modulus^-1) mod 2^64
162 // This is used to compute k = r_inv * lower_limb(scalar), such that scalar + k*modulus in integers would have 0 in
163 // the lowest limb By performing this sequentially for 4 limbs, we get an 8-limb representation of the scalar, where
164 // the lowest 4 limbs are zeros. Then we can immediately divide by 2^256 by simply getting rid of the lowest 4 limbs
165 static constexpr uint64_t r_inv = 5408259542528602431ULL;
166
167 // 2^(-64) mod Modulus
168 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
169 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
170 // This saves us from having to compute k
171 static constexpr uint64_t r_inv_0 = 0x9d4ad302583de6dcUL;
172 static constexpr uint64_t r_inv_1 = 0xa09f710af0155525UL;
173 static constexpr uint64_t r_inv_2 = 0xffffffffffffffffUL;
174 static constexpr uint64_t r_inv_3 = 0x4b0dff665588b13eUL;
175
176 // 2^(-29) mod Modulus
177 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
178 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 10 limbs.
179 // This saves us from having to compute k
180 static constexpr uint64_t r_inv_wasm_0 = 0x3d864e;
181 static constexpr uint64_t r_inv_wasm_1 = 0x8b9f61c;
182 static constexpr uint64_t r_inv_wasm_2 = 0x3df60c0;
183 static constexpr uint64_t r_inv_wasm_3 = 0xa3c71eb;
184 static constexpr uint64_t r_inv_wasm_4 = 0x1ffff251;
185 static constexpr uint64_t r_inv_wasm_5 = 0x1fffffff;
186 static constexpr uint64_t r_inv_wasm_6 = 0x1fffffff;
187 static constexpr uint64_t r_inv_wasm_7 = 0x1effffff;
188 static constexpr uint64_t r_inv_wasm_8 = 0xac4589;
189
190 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
191 // them here
192 static constexpr uint64_t coset_generators_0[8]{
193 0x40e4273feef0b9bbULL, 0x8111c8b31eba787aULL, 0xc13f6a264e843739ULL, 0x16d0b997e4df5f8ULL,
194 0x419aad0cae17b4b7ULL, 0x81c84e7fdde17376ULL, 0xc1f5eff30dab3235ULL, 0x22391663d74f0f4ULL,
195 };
196 static constexpr uint64_t coset_generators_1[8]{
197 0x5a95af7e9394ded5ULL, 0x9fe6d297e44c3e99ULL, 0xe537f5b135039e5dULL, 0x2a8918ca85bafe22ULL,
198 0x6fda3be3d6725de6ULL, 0xb52b5efd2729bdaaULL, 0xfa7c821677e11d6eULL, 0x3fcda52fc8987d33ULL,
199 };
200 static constexpr uint64_t coset_generators_2[8]{
201 0x6ULL, 0x7ULL, 0x8ULL, 0xaULL, 0xbULL, 0xcULL, 0xdULL, 0xfULL,
202 };
203 static constexpr uint64_t coset_generators_3[8]{
204 0, 0, 0, 0, 0, 0, 0, 0,
205 };
206
207 // A little-endian representation of the cubic root of 1 in Fr in Montgomery form split into 4 64-bit words
208 static constexpr uint64_t cube_root_0 = 0xf07deb3dc9926c9eULL;
209 static constexpr uint64_t cube_root_1 = 0x2c93e7ad83c6944cULL;
210 static constexpr uint64_t cube_root_2 = 0x73a9660652697d91ULL;
211 static constexpr uint64_t cube_root_3 = 0x532840178558d639ULL;
212
213 // Not needed, since there is no endomorphism for secp256k1
214 static constexpr uint64_t endo_minus_b1_lo = 0x6F547FA90ABFE4C3ULL;
215 static constexpr uint64_t endo_minus_b1_mid = 0xE4437ED6010E8828ULL;
216
217 static constexpr uint64_t endo_b2_lo = 0xe86c90e49284eb15ULL;
218 static constexpr uint64_t endo_b2_mid = 0x3086d221a7d46bcdULL;
219
220 static constexpr uint64_t endo_g1_lo = 0xE893209A45DBB031ULL;
221 static constexpr uint64_t endo_g1_mid = 0x3DAA8A1471E8CA7FULL;
222 static constexpr uint64_t endo_g1_hi = 0xE86C90E49284EB15ULL;
223 static constexpr uint64_t endo_g1_hihi = 0x3086D221A7D46BCDULL;
224
225 static constexpr uint64_t endo_g2_lo = 0x1571B4AE8AC47F71ULL;
226 static constexpr uint64_t endo_g2_mid = 0x221208AC9DF506C6ULL;
227 static constexpr uint64_t endo_g2_hi = 0x6F547FA90ABFE4C4ULL;
228 static constexpr uint64_t endo_g2_hihi = 0xE4437ED6010E8828ULL;
229
230 // Not used in secp256k1
231 static constexpr uint64_t primitive_root_0 = 0UL;
232 static constexpr uint64_t primitive_root_1 = 0UL;
233 static constexpr uint64_t primitive_root_2 = 0UL;
234 static constexpr uint64_t primitive_root_3 = 0UL;
235
236 // A little-endian representation of the modulus split into 9 29-bit limbs
237 // This is used in wasm because we can only do multiplication with 64-bit result instead of 128-bit like in x86_64
238 static constexpr uint64_t modulus_wasm_0 = 0x10364141;
239 static constexpr uint64_t modulus_wasm_1 = 0x1e92f466;
240 static constexpr uint64_t modulus_wasm_2 = 0x12280eef;
241 static constexpr uint64_t modulus_wasm_3 = 0x1db9cd5e;
242 static constexpr uint64_t modulus_wasm_4 = 0x1fffebaa;
243 static constexpr uint64_t modulus_wasm_5 = 0x1fffffff;
244 static constexpr uint64_t modulus_wasm_6 = 0x1fffffff;
245 static constexpr uint64_t modulus_wasm_7 = 0x1fffffff;
246 static constexpr uint64_t modulus_wasm_8 = 0xffffff;
247
248 // A little-endian representation of R^2 modulo the modulus (R=2^261 mod modulus) split into 4 64-bit words
249 // We use 2^261 in wasm, because 261=29*9, the 9 29-bit limbs used for arithmetic in
250 static constexpr uint64_t r_squared_wasm_0 = 0x63e601a3c9f6ab4bUL;
251 static constexpr uint64_t r_squared_wasm_1 = 0xa2b6456d46702f57UL;
252 static constexpr uint64_t r_squared_wasm_2 = 0x5fd7916f341f1cefUL;
253 static constexpr uint64_t r_squared_wasm_3 = 0x9c7356071a6f179aUL;
254
255 // A little-endian representation of the cube root of 1 in Fr in Montgomery form for wasm (R=2^261 mod modulus)
256 // split into 4 64-bit words
257 static constexpr uint64_t cube_root_wasm_0 = 0x9185b639102f0736UL;
258 static constexpr uint64_t cube_root_wasm_1 = 0x47a854ad9ffc4748UL;
259 static constexpr uint64_t cube_root_wasm_2 = 0x752cc0ca4d2fb232UL;
260 static constexpr uint64_t cube_root_wasm_3 = 0x650802f0ab1ac72eUL;
261
262 // Not used in secp256k1
263 static constexpr uint64_t primitive_root_wasm_0 = 0x0000000000000000UL;
264 static constexpr uint64_t primitive_root_wasm_1 = 0x0000000000000000UL;
265 static constexpr uint64_t primitive_root_wasm_2 = 0x0000000000000000UL;
266 static constexpr uint64_t primitive_root_wasm_3 = 0x0000000000000000UL;
267
268 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
269 // them here
270 static constexpr uint64_t coset_generators_wasm_0[8] = { 0x1c84e7fdde173760ULL, 0x22391663d74f0f40ULL,
271 0x27ed44c9d086e720ULL, 0x2da1732fc9bebf00ULL,
272 0x3355a195c2f696e0ULL, 0x3909cffbbc2e6ec0ULL,
273 0x3ebdfe61b56646a0ULL, 0x44722cc7ae9e1e80ULL };
274 static constexpr uint64_t coset_generators_wasm_1[8] = { 0x52b5efd2729bdaa8ULL, 0xfcda52fc8987d330ULL,
275 0xa6feb626a073cbb8ULL, 0x51231950b75fc440ULL,
276 0xfb477c7ace4bbcc8ULL, 0xa56bdfa4e537b550ULL,
277 0x4f9042cefc23add8ULL, 0xf9b4a5f9130fa660ULL };
278 static constexpr uint64_t coset_generators_wasm_2[8] = { 0x00000000000000cbULL, 0x00000000000000f3ULL,
279 0x000000000000011cULL, 0x0000000000000145ULL,
280 0x000000000000016dULL, 0x0000000000000196ULL,
281 0x00000000000001bfULL, 0x00000000000001e7ULL };
282 static constexpr uint64_t coset_generators_wasm_3[8] = { 0x0000000000000000ULL, 0x0000000000000000ULL,
283 0x0000000000000000ULL, 0x0000000000000000ULL,
284 0x0000000000000000ULL, 0x0000000000000000ULL,
285 0x0000000000000000ULL, 0x0000000000000000ULL };
286
287 // For consistency with bb::fq, if we ever represent an element of bb::secp256k1::fr in the public inputs, we do so
288 // as a bigfield element, so with 4 public inputs
289 static constexpr size_t PUBLIC_INPUTS_SIZE = BIGFIELD_PUBLIC_INPUTS_SIZE;
290
291 static constexpr char schema_name[] = "secp256k1_fr";
292};
293using fr = field<FrParams>;
294
295struct G1Params {
296 static constexpr bool USE_ENDOMORPHISM = false;
297 static constexpr bool can_hash_to_curve = true;
298 static constexpr bool small_elements = true;
299 static constexpr bool has_a = false;
300
301 static constexpr fq b = fq(7);
302 static constexpr fq a = fq(0);
303
304 static constexpr fq one_x =
305 fq(0x59F2815B16F81798UL, 0x029BFCDB2DCE28D9UL, 0x55A06295CE870B07UL, 0x79BE667EF9DCBBACUL).to_montgomery_form();
306 static constexpr fq one_y =
307 fq(0x9C47D08FFB10D4B8UL, 0xFD17B448A6855419UL, 0x5DA4FBFC0E1108A8UL, 0x483ADA7726A3C465UL).to_montgomery_form();
308};
309using g1 = group<fq, fr, G1Params>;
310
311// specialize the name in msgpack schema generation
312// consumed by the typescript schema compiler, helps disambiguate templates
313inline std::string msgpack_schema_name(g1::affine_element const& /*unused*/)
314{
315 return "Secp256k1Point";
316}
317
318} // namespace bb::secp256k1
319
320namespace bb::curve {
329} // namespace bb::curve
330
331// NOLINTEND(cppcoreguidelines-avoid-c-arrays)
bb::curve::SECP256K1::Element
typename Group::element Element
Definition secp256k1.hpp:326
bb::curve::SECP256K1::AffineElement
typename Group::affine_element AffineElement
Definition secp256k1.hpp:327
bb::group_elements::affine_element
Definition affine_element.hpp:22
bb::group
group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr
Definition group.hpp:36
bb::group::affine_element
group_elements::affine_element< Fq, Fr, Params > affine_element
Definition group.hpp:42
bb::group::element
group_elements::element< Fq, Fr, Params > element
Definition group.hpp:41
bb::secp256k1::fr
field< FrParams > fr
Definition secp256k1.hpp:293
bb::secp256k1::msgpack_schema_name
std::string msgpack_schema_name(g1::affine_element const &)
Definition secp256k1.hpp:313
bb::secp256k1::g1
group< fq, fr, G1Params > g1
Definition secp256k1.hpp:309
bb::secp256k1::fq
field< FqParams > fq
Definition secp256k1.hpp:145
bb::field
General class for prime fields see Prime field documentation["field documentation"] for general imple...
Definition field_declarations.hpp:36
bb::field::to_montgomery_form
BB_INLINE constexpr field to_montgomery_form() const noexcept
Definition field_impl.hpp:282
bb::secp256k1::FqParams::primitive_root_wasm_0
static constexpr uint64_t primitive_root_wasm_0
Definition secp256k1.hpp:115
bb::secp256k1::FqParams::coset_generators_1
static constexpr uint64_t coset_generators_1[8]
Definition secp256k1.hpp:37
bb::secp256k1::FqParams::primitive_root_2
static constexpr uint64_t primitive_root_2
Definition secp256k1.hpp:85
bb::secp256k1::FqParams::modulus_wasm_4
static constexpr uint64_t modulus_wasm_4
Definition secp256k1.hpp:94
bb::secp256k1::FqParams::r_inv_3
static constexpr uint64_t r_inv_3
Definition secp256k1.hpp:60
bb::secp256k1::FqParams::primitive_root_3
static constexpr uint64_t primitive_root_3
Definition secp256k1.hpp:86
bb::secp256k1::FqParams::modulus_wasm_8
static constexpr uint64_t modulus_wasm_8
Definition secp256k1.hpp:98
bb::secp256k1::FqParams::r_inv_0
static constexpr uint64_t r_inv_0
Definition secp256k1.hpp:57
bb::secp256k1::FqParams::modulus_wasm_0
static constexpr uint64_t modulus_wasm_0
Definition secp256k1.hpp:90
bb::secp256k1::FqParams::r_squared_2
static constexpr uint64_t r_squared_2
Definition secp256k1.hpp:29
bb::secp256k1::FqParams::r_inv
static constexpr uint64_t r_inv
Definition secp256k1.hpp:51
bb::secp256k1::FqParams::modulus_wasm_7
static constexpr uint64_t modulus_wasm_7
Definition secp256k1.hpp:97
bb::secp256k1::FqParams::modulus_wasm_2
static constexpr uint64_t modulus_wasm_2
Definition secp256k1.hpp:92
bb::secp256k1::FqParams::r_inv_wasm_4
static constexpr uint64_t r_inv_wasm_4
Definition secp256k1.hpp:70
bb::secp256k1::FqParams::r_squared_wasm_1
static constexpr uint64_t r_squared_wasm_1
Definition secp256k1.hpp:103
bb::secp256k1::FqParams::r_inv_wasm_1
static constexpr uint64_t r_inv_wasm_1
Definition secp256k1.hpp:67
bb::secp256k1::FqParams::cube_root_wasm_0
static constexpr uint64_t cube_root_wasm_0
Definition secp256k1.hpp:109
bb::secp256k1::FqParams::r_squared_wasm_0
static constexpr uint64_t r_squared_wasm_0
Definition secp256k1.hpp:102
bb::secp256k1::FqParams::r_squared_3
static constexpr uint64_t r_squared_3
Definition secp256k1.hpp:30
bb::secp256k1::FqParams::primitive_root_wasm_1
static constexpr uint64_t primitive_root_wasm_1
Definition secp256k1.hpp:116
bb::secp256k1::FqParams::modulus_0
static constexpr uint64_t modulus_0
Definition secp256k1.hpp:21
bb::secp256k1::FqParams::modulus_wasm_5
static constexpr uint64_t modulus_wasm_5
Definition secp256k1.hpp:95
bb::secp256k1::FqParams::cube_root_0
static constexpr uint64_t cube_root_0
Definition secp256k1.hpp:77
bb::secp256k1::FqParams::modulus_1
static constexpr uint64_t modulus_1
Definition secp256k1.hpp:22
bb::secp256k1::FqParams::r_inv_wasm_5
static constexpr uint64_t r_inv_wasm_5
Definition secp256k1.hpp:71
bb::secp256k1::FqParams::coset_generators_wasm_2
static constexpr uint64_t coset_generators_wasm_2[8]
Definition secp256k1.hpp:130
bb::secp256k1::FqParams::cube_root_wasm_3
static constexpr uint64_t cube_root_wasm_3
Definition secp256k1.hpp:112
bb::secp256k1::FqParams::coset_generators_2
static constexpr uint64_t coset_generators_2[8]
Definition secp256k1.hpp:40
bb::secp256k1::FqParams::r_inv_wasm_8
static constexpr uint64_t r_inv_wasm_8
Definition secp256k1.hpp:74
bb::secp256k1::FqParams::r_squared_1
static constexpr uint64_t r_squared_1
Definition secp256k1.hpp:28
bb::secp256k1::FqParams::primitive_root_wasm_3
static constexpr uint64_t primitive_root_wasm_3
Definition secp256k1.hpp:118
bb::secp256k1::FqParams::r_squared_wasm_2
static constexpr uint64_t r_squared_wasm_2
Definition secp256k1.hpp:104
bb::secp256k1::FqParams::primitive_root_1
static constexpr uint64_t primitive_root_1
Definition secp256k1.hpp:84
bb::secp256k1::FqParams::r_squared_wasm_3
static constexpr uint64_t r_squared_wasm_3
Definition secp256k1.hpp:105
bb::secp256k1::FqParams::modulus_2
static constexpr uint64_t modulus_2
Definition secp256k1.hpp:23
bb::secp256k1::FqParams::r_inv_1
static constexpr uint64_t r_inv_1
Definition secp256k1.hpp:58
bb::secp256k1::FqParams::coset_generators_wasm_3
static constexpr uint64_t coset_generators_wasm_3[8]
Definition secp256k1.hpp:134
bb::secp256k1::FqParams::r_inv_wasm_7
static constexpr uint64_t r_inv_wasm_7
Definition secp256k1.hpp:73
bb::secp256k1::FqParams::coset_generators_3
static constexpr uint64_t coset_generators_3[8]
Definition secp256k1.hpp:43
bb::secp256k1::FqParams::r_squared_0
static constexpr uint64_t r_squared_0
Definition secp256k1.hpp:27
bb::secp256k1::FqParams::r_inv_wasm_3
static constexpr uint64_t r_inv_wasm_3
Definition secp256k1.hpp:69
bb::secp256k1::FqParams::primitive_root_wasm_2
static constexpr uint64_t primitive_root_wasm_2
Definition secp256k1.hpp:117
bb::secp256k1::FqParams::primitive_root_0
static constexpr uint64_t primitive_root_0
Definition secp256k1.hpp:83
bb::secp256k1::FqParams::modulus_wasm_1
static constexpr uint64_t modulus_wasm_1
Definition secp256k1.hpp:91
bb::secp256k1::FqParams::r_inv_wasm_0
static constexpr uint64_t r_inv_wasm_0
Definition secp256k1.hpp:66
bb::secp256k1::FqParams::coset_generators_wasm_0
static constexpr uint64_t coset_generators_wasm_0[8]
Definition secp256k1.hpp:122
bb::secp256k1::FqParams::cube_root_2
static constexpr uint64_t cube_root_2
Definition secp256k1.hpp:79
bb::secp256k1::FqParams::cube_root_wasm_1
static constexpr uint64_t cube_root_wasm_1
Definition secp256k1.hpp:110
bb::secp256k1::FqParams::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition secp256k1.hpp:141
bb::secp256k1::FqParams::schema_name
static constexpr char schema_name[]
Definition secp256k1.hpp:143
bb::secp256k1::FqParams::coset_generators_0
static constexpr uint64_t coset_generators_0[8]
Definition secp256k1.hpp:33
bb::secp256k1::FqParams::cube_root_wasm_2
static constexpr uint64_t cube_root_wasm_2
Definition secp256k1.hpp:111
bb::secp256k1::FqParams::modulus_wasm_6
static constexpr uint64_t modulus_wasm_6
Definition secp256k1.hpp:96
bb::secp256k1::FqParams::cube_root_1
static constexpr uint64_t cube_root_1
Definition secp256k1.hpp:78
bb::secp256k1::FqParams::coset_generators_wasm_1
static constexpr uint64_t coset_generators_wasm_1[8]
Definition secp256k1.hpp:126
bb::secp256k1::FqParams::modulus_wasm_3
static constexpr uint64_t modulus_wasm_3
Definition secp256k1.hpp:93
bb::secp256k1::FqParams::r_inv_wasm_2
static constexpr uint64_t r_inv_wasm_2
Definition secp256k1.hpp:68
bb::secp256k1::FqParams::r_inv_wasm_6
static constexpr uint64_t r_inv_wasm_6
Definition secp256k1.hpp:72
bb::secp256k1::FqParams::r_inv_2
static constexpr uint64_t r_inv_2
Definition secp256k1.hpp:59
bb::secp256k1::FqParams::cube_root_3
static constexpr uint64_t cube_root_3
Definition secp256k1.hpp:80
bb::secp256k1::FqParams::modulus_3
static constexpr uint64_t modulus_3
Definition secp256k1.hpp:24
bb::secp256k1::FrParams::r_squared_3
static constexpr uint64_t r_squared_3
Definition secp256k1.hpp:159
bb::secp256k1::FrParams::r_inv_wasm_5
static constexpr uint64_t r_inv_wasm_5
Definition secp256k1.hpp:185
bb::secp256k1::FrParams::cube_root_wasm_0
static constexpr uint64_t cube_root_wasm_0
Definition secp256k1.hpp:257
bb::secp256k1::FrParams::modulus_wasm_5
static constexpr uint64_t modulus_wasm_5
Definition secp256k1.hpp:243
bb::secp256k1::FrParams::coset_generators_1
static constexpr uint64_t coset_generators_1[8]
Definition secp256k1.hpp:196
bb::secp256k1::FrParams::endo_g1_hi
static constexpr uint64_t endo_g1_hi
Definition secp256k1.hpp:222
bb::secp256k1::FrParams::modulus_wasm_7
static constexpr uint64_t modulus_wasm_7
Definition secp256k1.hpp:245
bb::secp256k1::FrParams::r_inv
static constexpr uint64_t r_inv
Definition secp256k1.hpp:165
bb::secp256k1::FrParams::modulus_wasm_6
static constexpr uint64_t modulus_wasm_6
Definition secp256k1.hpp:244
bb::secp256k1::FrParams::modulus_wasm_1
static constexpr uint64_t modulus_wasm_1
Definition secp256k1.hpp:239
bb::secp256k1::FrParams::modulus_0
static constexpr uint64_t modulus_0
Definition secp256k1.hpp:150
bb::secp256k1::FrParams::r_squared_wasm_3
static constexpr uint64_t r_squared_wasm_3
Definition secp256k1.hpp:253
bb::secp256k1::FrParams::endo_g1_mid
static constexpr uint64_t endo_g1_mid
Definition secp256k1.hpp:221
bb::secp256k1::FrParams::primitive_root_wasm_3
static constexpr uint64_t primitive_root_wasm_3
Definition secp256k1.hpp:266
bb::secp256k1::FrParams::primitive_root_2
static constexpr uint64_t primitive_root_2
Definition secp256k1.hpp:233
bb::secp256k1::FrParams::endo_minus_b1_lo
static constexpr uint64_t endo_minus_b1_lo
Definition secp256k1.hpp:214
bb::secp256k1::FrParams::r_inv_1
static constexpr uint64_t r_inv_1
Definition secp256k1.hpp:172
bb::secp256k1::FrParams::endo_g1_lo
static constexpr uint64_t endo_g1_lo
Definition secp256k1.hpp:220
bb::secp256k1::FrParams::cube_root_wasm_1
static constexpr uint64_t cube_root_wasm_1
Definition secp256k1.hpp:258
bb::secp256k1::FrParams::cube_root_wasm_3
static constexpr uint64_t cube_root_wasm_3
Definition secp256k1.hpp:260
bb::secp256k1::FrParams::coset_generators_wasm_1
static constexpr uint64_t coset_generators_wasm_1[8]
Definition secp256k1.hpp:274
bb::secp256k1::FrParams::modulus_wasm_8
static constexpr uint64_t modulus_wasm_8
Definition secp256k1.hpp:246
bb::secp256k1::FrParams::schema_name
static constexpr char schema_name[]
Definition secp256k1.hpp:291
bb::secp256k1::FrParams::r_inv_wasm_6
static constexpr uint64_t r_inv_wasm_6
Definition secp256k1.hpp:186
bb::secp256k1::FrParams::r_inv_0
static constexpr uint64_t r_inv_0
Definition secp256k1.hpp:171
bb::secp256k1::FrParams::modulus_3
static constexpr uint64_t modulus_3
Definition secp256k1.hpp:153
bb::secp256k1::FrParams::r_inv_wasm_2
static constexpr uint64_t r_inv_wasm_2
Definition secp256k1.hpp:182
bb::secp256k1::FrParams::modulus_1
static constexpr uint64_t modulus_1
Definition secp256k1.hpp:151
bb::secp256k1::FrParams::modulus_wasm_2
static constexpr uint64_t modulus_wasm_2
Definition secp256k1.hpp:240
bb::secp256k1::FrParams::r_inv_wasm_8
static constexpr uint64_t r_inv_wasm_8
Definition secp256k1.hpp:188
bb::secp256k1::FrParams::endo_minus_b1_mid
static constexpr uint64_t endo_minus_b1_mid
Definition secp256k1.hpp:215
bb::secp256k1::FrParams::r_inv_wasm_0
static constexpr uint64_t r_inv_wasm_0
Definition secp256k1.hpp:180
bb::secp256k1::FrParams::endo_b2_mid
static constexpr uint64_t endo_b2_mid
Definition secp256k1.hpp:218
bb::secp256k1::FrParams::modulus_wasm_3
static constexpr uint64_t modulus_wasm_3
Definition secp256k1.hpp:241
bb::secp256k1::FrParams::r_inv_wasm_1
static constexpr uint64_t r_inv_wasm_1
Definition secp256k1.hpp:181
bb::secp256k1::FrParams::r_inv_2
static constexpr uint64_t r_inv_2
Definition secp256k1.hpp:173
bb::secp256k1::FrParams::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition secp256k1.hpp:289
bb::secp256k1::FrParams::coset_generators_0
static constexpr uint64_t coset_generators_0[8]
Definition secp256k1.hpp:192
bb::secp256k1::FrParams::coset_generators_wasm_0
static constexpr uint64_t coset_generators_wasm_0[8]
Definition secp256k1.hpp:270
bb::secp256k1::FrParams::primitive_root_wasm_2
static constexpr uint64_t primitive_root_wasm_2
Definition secp256k1.hpp:265
bb::secp256k1::FrParams::primitive_root_0
static constexpr uint64_t primitive_root_0
Definition secp256k1.hpp:231
bb::secp256k1::FrParams::cube_root_wasm_2
static constexpr uint64_t cube_root_wasm_2
Definition secp256k1.hpp:259
bb::secp256k1::FrParams::endo_b2_lo
static constexpr uint64_t endo_b2_lo
Definition secp256k1.hpp:217
bb::secp256k1::FrParams::r_squared_2
static constexpr uint64_t r_squared_2
Definition secp256k1.hpp:158
bb::secp256k1::FrParams::cube_root_3
static constexpr uint64_t cube_root_3
Definition secp256k1.hpp:211
bb::secp256k1::FrParams::coset_generators_3
static constexpr uint64_t coset_generators_3[8]
Definition secp256k1.hpp:203
bb::secp256k1::FrParams::endo_g1_hihi
static constexpr uint64_t endo_g1_hihi
Definition secp256k1.hpp:223
bb::secp256k1::FrParams::endo_g2_hihi
static constexpr uint64_t endo_g2_hihi
Definition secp256k1.hpp:228
bb::secp256k1::FrParams::endo_g2_hi
static constexpr uint64_t endo_g2_hi
Definition secp256k1.hpp:227
bb::secp256k1::FrParams::r_inv_wasm_7
static constexpr uint64_t r_inv_wasm_7
Definition secp256k1.hpp:187
bb::secp256k1::FrParams::primitive_root_1
static constexpr uint64_t primitive_root_1
Definition secp256k1.hpp:232
bb::secp256k1::FrParams::coset_generators_wasm_3
static constexpr uint64_t coset_generators_wasm_3[8]
Definition secp256k1.hpp:282
bb::secp256k1::FrParams::primitive_root_wasm_0
static constexpr uint64_t primitive_root_wasm_0
Definition secp256k1.hpp:263
bb::secp256k1::FrParams::r_squared_0
static constexpr uint64_t r_squared_0
Definition secp256k1.hpp:156
bb::secp256k1::FrParams::r_squared_wasm_2
static constexpr uint64_t r_squared_wasm_2
Definition secp256k1.hpp:252
bb::secp256k1::FrParams::modulus_2
static constexpr uint64_t modulus_2
Definition secp256k1.hpp:152
bb::secp256k1::FrParams::r_squared_wasm_1
static constexpr uint64_t r_squared_wasm_1
Definition secp256k1.hpp:251
bb::secp256k1::FrParams::coset_generators_wasm_2
static constexpr uint64_t coset_generators_wasm_2[8]
Definition secp256k1.hpp:278
bb::secp256k1::FrParams::modulus_wasm_4
static constexpr uint64_t modulus_wasm_4
Definition secp256k1.hpp:242
bb::secp256k1::FrParams::coset_generators_2
static constexpr uint64_t coset_generators_2[8]
Definition secp256k1.hpp:200
bb::secp256k1::FrParams::r_inv_wasm_4
static constexpr uint64_t r_inv_wasm_4
Definition secp256k1.hpp:184
bb::secp256k1::FrParams::cube_root_2
static constexpr uint64_t cube_root_2
Definition secp256k1.hpp:210
bb::secp256k1::FrParams::endo_g2_lo
static constexpr uint64_t endo_g2_lo
Definition secp256k1.hpp:225
bb::secp256k1::FrParams::r_squared_wasm_0
static constexpr uint64_t r_squared_wasm_0
Definition secp256k1.hpp:250
bb::secp256k1::FrParams::endo_g2_mid
static constexpr uint64_t endo_g2_mid
Definition secp256k1.hpp:226
bb::secp256k1::FrParams::r_squared_1
static constexpr uint64_t r_squared_1
Definition secp256k1.hpp:157
bb::secp256k1::FrParams::primitive_root_3
static constexpr uint64_t primitive_root_3
Definition secp256k1.hpp:234
bb::secp256k1::FrParams::cube_root_0
static constexpr uint64_t cube_root_0
Definition secp256k1.hpp:208
bb::secp256k1::FrParams::r_inv_3
static constexpr uint64_t r_inv_3
Definition secp256k1.hpp:174
bb::secp256k1::FrParams::primitive_root_wasm_1
static constexpr uint64_t primitive_root_wasm_1
Definition secp256k1.hpp:264
bb::secp256k1::FrParams::modulus_wasm_0
static constexpr uint64_t modulus_wasm_0
Definition secp256k1.hpp:238
bb::secp256k1::FrParams::cube_root_1
static constexpr uint64_t cube_root_1
Definition secp256k1.hpp:209
bb::secp256k1::FrParams::r_inv_wasm_3
static constexpr uint64_t r_inv_wasm_3
Definition secp256k1.hpp:183
bb::secp256k1::G1Params::small_elements
static constexpr bool small_elements
Definition secp256k1.hpp:298
bb::secp256k1::G1Params::b
static constexpr fq b
Definition secp256k1.hpp:301
bb::secp256k1::G1Params::can_hash_to_curve
static constexpr bool can_hash_to_curve
Definition secp256k1.hpp:297
bb::secp256k1::G1Params::one_x
static constexpr fq one_x
Definition secp256k1.hpp:304
bb::secp256k1::G1Params::one_y
static constexpr fq one_y
Definition secp256k1.hpp:306
bb::secp256k1::G1Params::has_a
static constexpr bool has_a
Definition secp256k1.hpp:299
bb::secp256k1::G1Params::USE_ENDOMORPHISM
static constexpr bool USE_ENDOMORPHISM
Definition secp256k1.hpp:296
bb::secp256k1::G1Params::a
static constexpr fq a
Definition secp256k1.hpp:302