Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
secp256r1.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8
9#include "../../fields/field.hpp"
10#include "../../groups/group.hpp"
11
12namespace bb::secp256r1 {
13// NOLINTBEGIN(cppcoreguidelines-avoid-c-arrays)
14struct FqParams {
15 static constexpr const char* schema_name = "secp256r1_fq";
16
17 // A little-endian representation of the modulus split into 4 64-bit words
18 static constexpr uint64_t modulus_0 = 0xFFFFFFFFFFFFFFFFULL;
19 static constexpr uint64_t modulus_1 = 0x00000000FFFFFFFFULL;
20 static constexpr uint64_t modulus_2 = 0x0000000000000000ULL;
21 static constexpr uint64_t modulus_3 = 0xFFFFFFFF00000001ULL;
22
23 // A little-endian representation of R^2 modulo the modulus (R=2^256 mod modulus) split into 4 64-bit words
24 static constexpr uint64_t r_squared_0 = 3ULL;
25 static constexpr uint64_t r_squared_1 = 18446744056529682431ULL;
26 static constexpr uint64_t r_squared_2 = 18446744073709551614ULL;
27 static constexpr uint64_t r_squared_3 = 21474836477ULL;
28
29 // -(Modulus^-1) mod 2^64
30 // This is used to compute k = r_inv * lower_limb(scalar), such that scalar + k*modulus in integers would have 0 in
31 // the lowest limb By performing this sequentially for 4 limbs, we get an 8-limb representation of the scalar, where
32 // the lowest 4 limbs are zeros. Then we can immediately divide by 2^256 by simply getting rid of the lowest 4 limbs
33 static constexpr uint64_t r_inv = 1;
34
35 // 2^(-64) mod Modulus
36 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
37 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
38 // This saves us from having to compute k
39 static constexpr uint64_t r_inv_0 = 0x100000000UL;
40 static constexpr uint64_t r_inv_1 = 0x0UL;
41 static constexpr uint64_t r_inv_2 = 0xffffffff00000001UL;
42 static constexpr uint64_t r_inv_3 = 0x0UL;
43
44 // 2^(-29) mod Modulus
45 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
46 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 10 limbs.
47 // This saves us from having to compute k
48 static constexpr uint64_t r_inv_wasm_0 = 0x0;
49 static constexpr uint64_t r_inv_wasm_1 = 0x0;
50 static constexpr uint64_t r_inv_wasm_2 = 0x200;
51 static constexpr uint64_t r_inv_wasm_3 = 0x0;
52 static constexpr uint64_t r_inv_wasm_4 = 0x0;
53 static constexpr uint64_t r_inv_wasm_5 = 0x40000;
54 static constexpr uint64_t r_inv_wasm_6 = 0x1fe00000;
55 static constexpr uint64_t r_inv_wasm_7 = 0xffffff;
56 static constexpr uint64_t r_inv_wasm_8 = 0x0;
57
58 // Coset generators in Montgomery form for R=2^256 mod Modulus. Used in FFT-based proving systems, don't really need
59 // them here
60 static constexpr uint64_t coset_generators_0[8]{
61 0x3ULL, 0x4ULL, 0x5ULL, 0x6ULL, 0x7ULL, 0x8ULL, 0x9ULL, 0xaULL,
62 };
63 static constexpr uint64_t coset_generators_1[8]{
64 0xfffffffd00000000ULL, 0xfffffffc00000000ULL, 0xfffffffb00000000ULL, 0xfffffffa00000000ULL,
65 0xfffffff900000000ULL, 0xfffffff800000000ULL, 0xfffffff700000000ULL, 0xfffffff600000000ULL,
66 };
67 static constexpr uint64_t coset_generators_2[8]{
68 0xffffffffffffffffULL, 0xffffffffffffffffULL, 0xffffffffffffffffULL, 0xffffffffffffffffULL,
69 0xffffffffffffffffULL, 0xffffffffffffffffULL, 0xffffffffffffffffULL, 0xffffffffffffffffULL,
70 };
71 static constexpr uint64_t coset_generators_3[8]{
72 0x2fffffffcULL, 0x3fffffffbULL, 0x4fffffffaULL, 0x5fffffff9ULL,
73 0x6fffffff8ULL, 0x7fffffff7ULL, 0x8fffffff6ULL, 0x9fffffff5ULL,
74 };
75
76 // Not used for secp256r1
77 static constexpr uint64_t cube_root_0 = 0UL;
78 static constexpr uint64_t cube_root_1 = 0UL;
79 static constexpr uint64_t cube_root_2 = 0UL;
80 static constexpr uint64_t cube_root_3 = 0UL;
81
82 // Not used for secp256r1
83 static constexpr uint64_t primitive_root_0 = 0UL;
84 static constexpr uint64_t primitive_root_1 = 0UL;
85 static constexpr uint64_t primitive_root_2 = 0UL;
86 static constexpr uint64_t primitive_root_3 = 0UL;
87
88 // A little-endian representation of the modulus split into 9 29-bit limbs
89 // This is used in wasm because we can only do multiplication with 64-bit result instead of 128-bit like in x86_64
90 static constexpr uint64_t modulus_wasm_0 = 0x1fffffff;
91 static constexpr uint64_t modulus_wasm_1 = 0x1fffffff;
92 static constexpr uint64_t modulus_wasm_2 = 0x1fffffff;
93 static constexpr uint64_t modulus_wasm_3 = 0x1ff;
94 static constexpr uint64_t modulus_wasm_4 = 0x0;
95 static constexpr uint64_t modulus_wasm_5 = 0x0;
96 static constexpr uint64_t modulus_wasm_6 = 0x40000;
97 static constexpr uint64_t modulus_wasm_7 = 0x1fe00000;
98 static constexpr uint64_t modulus_wasm_8 = 0xffffff;
99
100 // A little-endian representation of R^2 modulo the modulus (R=2^261 mod modulus) split into 4 64-bit words
101 // We use 2^261 in wasm, because 261=29*9, the 9 29-bit limbs used for arithmetic
102 static constexpr uint64_t r_squared_wasm_0 = 0x0000000000000c00UL;
103 static constexpr uint64_t r_squared_wasm_1 = 0xffffeffffffffc00UL;
104 static constexpr uint64_t r_squared_wasm_2 = 0xfffffffffffffbffUL;
105 static constexpr uint64_t r_squared_wasm_3 = 0x000013fffffff7ffUL;
106
107 // Not used for secp256r1
108 static constexpr uint64_t cube_root_wasm_0 = 0x0000000000000000UL;
109 static constexpr uint64_t cube_root_wasm_1 = 0x0000000000000000UL;
110 static constexpr uint64_t cube_root_wasm_2 = 0x0000000000000000UL;
111 static constexpr uint64_t cube_root_wasm_3 = 0x0000000000000000UL;
112
113 // Not used for secp256r1
114 static constexpr uint64_t primitive_root_wasm_0 = 0x0000000000000000UL;
115 static constexpr uint64_t primitive_root_wasm_1 = 0x0000000000000000UL;
116 static constexpr uint64_t primitive_root_wasm_2 = 0x0000000000000000UL;
117 static constexpr uint64_t primitive_root_wasm_3 = 0x0000000000000000UL;
118
119 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
120 // them here
121 static constexpr uint64_t coset_generators_wasm_0[8] = { 0x0000000000000060ULL, 0x0000000000000080ULL,
122 0x00000000000000a0ULL, 0x00000000000000c0ULL,
123 0x00000000000000e0ULL, 0x0000000000000100ULL,
124 0x0000000000000120ULL, 0x0000000000000140ULL };
125 static constexpr uint64_t coset_generators_wasm_1[8] = { 0xffffffa000000000ULL, 0xffffff8000000000ULL,
126 0xffffff6000000000ULL, 0xffffff4000000000ULL,
127 0xffffff2000000000ULL, 0xffffff0000000000ULL,
128 0xfffffee000000000ULL, 0xfffffec000000000ULL };
129 static constexpr uint64_t coset_generators_wasm_2[8] = { 0xffffffffffffffffULL, 0xffffffffffffffffULL,
130 0xffffffffffffffffULL, 0xffffffffffffffffULL,
131 0xffffffffffffffffULL, 0xffffffffffffffffULL,
132 0xffffffffffffffffULL, 0xffffffffffffffffULL };
133 static constexpr uint64_t coset_generators_wasm_3[8] = { 0x0000005fffffff9fULL, 0x0000007fffffff7fULL,
134 0x0000009fffffff5fULL, 0x000000bfffffff3fULL,
135 0x000000dfffffff1fULL, 0x000000fffffffeffULL,
136 0x0000011ffffffedfULL, 0x0000013ffffffebfULL };
137
138 // For consistency with bb::fq, if we ever represent an element of bb::secp256r1::fq in the public inputs, we do so
139 // as a bigfield element, so with 4 public inputs
140 static constexpr size_t PUBLIC_INPUTS_SIZE = BIGFIELD_PUBLIC_INPUTS_SIZE;
141};
142using fq = field<FqParams>;
143
144struct FrParams {
145 static constexpr const char* schema_name = "secp256r1_fr";
146
147 // A little-endian representation of the modulus split into 4 64-bit words
148 static constexpr uint64_t modulus_0 = 0xF3B9CAC2FC632551ULL;
149 static constexpr uint64_t modulus_1 = 0xBCE6FAADA7179E84ULL;
150 static constexpr uint64_t modulus_2 = 0xFFFFFFFFFFFFFFFFULL;
151 static constexpr uint64_t modulus_3 = 0xFFFFFFFF00000000ULL;
152
153 // A little-endian representation of R^2 modulo the modulus (R=2^256 mod modulus) split into 4 64-bit words
154 static constexpr uint64_t r_squared_0 = 9449762124159643298ULL;
155 static constexpr uint64_t r_squared_1 = 5087230966250696614ULL;
156 static constexpr uint64_t r_squared_2 = 2901921493521525849ULL;
157 static constexpr uint64_t r_squared_3 = 7413256579398063648ULL;
158
159 // -(Modulus^-1) mod 2^64
160 // This is used to compute k = r_inv * lower_limb(scalar), such that scalar + k*modulus in integers would have 0 in
161 // the lowest limb By performing this sequentially for 4 limbs, we get an 8-limb representation of the scalar, where
162 // the lowest 4 limbs are zeros. Then we can immediately divide by 2^256 by simply getting rid of the lowest 4 limbs
163 static constexpr uint64_t r_inv = 14758798090332847183ULL;
164
165 // 2^(-64) mod Modulus
166 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
167 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
168 // This saves us from having to compute k
169 static constexpr uint64_t r_inv_0 = 0x230102a06d6251dcUL;
170 static constexpr uint64_t r_inv_1 = 0xca5113bcafc4ea28UL;
171 static constexpr uint64_t r_inv_2 = 0xded10c5bee00bc4eUL;
172 static constexpr uint64_t r_inv_3 = 0xccd1c8aa212ef3a4UL;
173
174 // 2^(-29) mod Modulus
175 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
176 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
177 // This saves us from having to compute k
178 static constexpr uint64_t r_inv_wasm_0 = 0x8517c79;
179 static constexpr uint64_t r_inv_wasm_1 = 0x1edc694;
180 static constexpr uint64_t r_inv_wasm_2 = 0x459ee5c;
181 static constexpr uint64_t r_inv_wasm_3 = 0x705a6a8;
182 static constexpr uint64_t r_inv_wasm_4 = 0x1ffffe2a;
183 static constexpr uint64_t r_inv_wasm_5 = 0x113bffff;
184 static constexpr uint64_t r_inv_wasm_6 = 0x1621c017;
185 static constexpr uint64_t r_inv_wasm_7 = 0xef1ff43;
186 static constexpr uint64_t r_inv_wasm_8 = 0x7005e2;
187
188 // Coset generators in Montgomery form for R=2^256 mod Modulus. Used in FFT-based proving systems, don't really need
189 // them here
190 static constexpr uint64_t coset_generators_0[8]{
191 0x55eb74ab1949fac9ULL, 0x6231a9e81ce6d578ULL, 0x6e77df252083b027ULL, 0x7abe146224208ad6ULL,
192 0x8704499f27bd6585ULL, 0x934a7edc2b5a4034ULL, 0x9f90b4192ef71ae3ULL, 0xabd6e9563293f592ULL,
193 };
194 static constexpr uint64_t coset_generators_1[8]{
195 0xd5af25406e5aaa5dULL, 0x18c82a92c7430bd8ULL, 0x5be12fe5202b6d53ULL, 0x9efa35377913ceceULL,
196 0xe2133a89d1fc3049ULL, 0x252c3fdc2ae491c4ULL, 0x6845452e83ccf33fULL, 0xab5e4a80dcb554baULL,
197 };
198 static constexpr uint64_t coset_generators_2[8]{
199 0x1ULL, 0x2ULL, 0x2ULL, 0x2ULL, 0x2ULL, 0x3ULL, 0x3ULL, 0x3ULL,
200 };
201 static constexpr uint64_t coset_generators_3[8]{
202 0x6fffffff9ULL, 0x7fffffff8ULL, 0x8fffffff7ULL, 0x9fffffff6ULL,
203 0xafffffff5ULL, 0xbfffffff4ULL, 0xcfffffff3ULL, 0xdfffffff2ULL,
204 };
205
206 // Not used for secp256r1
207 static constexpr uint64_t cube_root_0 = 0UL;
208 static constexpr uint64_t cube_root_1 = 0UL;
209 static constexpr uint64_t cube_root_2 = 0UL;
210 static constexpr uint64_t cube_root_3 = 0UL;
211
212 // Not used for secp256r1
213 static constexpr uint64_t primitive_root_0 = 0UL;
214 static constexpr uint64_t primitive_root_1 = 0UL;
215 static constexpr uint64_t primitive_root_2 = 0UL;
216 static constexpr uint64_t primitive_root_3 = 0UL;
217
218 // A little-endian representation of the modulus split into 9 29-bit limbs
219 // This is used in wasm because we can only do multiplication with 64-bit result instead of 128-bit like in x86_64
220 static constexpr uint64_t modulus_wasm_0 = 0x1c632551;
221 static constexpr uint64_t modulus_wasm_1 = 0x1dce5617;
222 static constexpr uint64_t modulus_wasm_2 = 0x5e7a13c;
223 static constexpr uint64_t modulus_wasm_3 = 0xdf55b4e;
224 static constexpr uint64_t modulus_wasm_4 = 0x1ffffbce;
225 static constexpr uint64_t modulus_wasm_5 = 0x1fffffff;
226 static constexpr uint64_t modulus_wasm_6 = 0x3ffff;
227 static constexpr uint64_t modulus_wasm_7 = 0x1fe00000;
228 static constexpr uint64_t modulus_wasm_8 = 0xffffff;
229
230 // A little-endian representation of R^2 modulo the modulus (R=2^261 mod modulus) split into 4 64-bit words
231 // We use 2^261 in wasm, because 261=29*9, the 9 29-bit limbs used for arithmetic
232 static constexpr uint64_t r_squared_wasm_0 = 0x45e9cfeeb48d9ef5UL;
233 static constexpr uint64_t r_squared_wasm_1 = 0x1f11fc5bb2d31a99UL;
234 static constexpr uint64_t r_squared_wasm_2 = 0x16c8e4adafb16586UL;
235 static constexpr uint64_t r_squared_wasm_3 = 0x84b6556a65587f06UL;
236
237 // Not used for secp256r1
238 static constexpr uint64_t cube_root_wasm_0 = 0x0000000000000000UL;
239 static constexpr uint64_t cube_root_wasm_1 = 0x0000000000000000UL;
240 static constexpr uint64_t cube_root_wasm_2 = 0x0000000000000000UL;
241 static constexpr uint64_t cube_root_wasm_3 = 0x0000000000000000UL;
242
243 // Not used for secp256r1
244 static constexpr uint64_t primitive_root_wasm_0 = 0x0000000000000000UL;
245 static constexpr uint64_t primitive_root_wasm_1 = 0x0000000000000000UL;
246 static constexpr uint64_t primitive_root_wasm_2 = 0x0000000000000000UL;
247 static constexpr uint64_t primitive_root_wasm_3 = 0x0000000000000000UL;
248
249 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
250 // them here
251 static constexpr uint64_t coset_generators_wasm_0[8] = { 0xbd6e9563293f5920ULL, 0x46353d039cdaaf00ULL,
252 0xcefbe4a4107604e0ULL, 0x57c28c4484115ac0ULL,
253 0xe08933e4f7acb0a0ULL, 0x694fdb856b480680ULL,
254 0xf2168325dee35c60ULL, 0x7add2ac6527eb240ULL };
255 static constexpr uint64_t coset_generators_wasm_1[8] = { 0xb5e4a80dcb554baaULL, 0x19055258e8617b0cULL,
256 0x7c25fca4056daa6dULL, 0xdf46a6ef2279d9cfULL,
257 0x4267513a3f860930ULL, 0xa587fb855c923892ULL,
258 0x08a8a5d0799e67f3ULL, 0x6bc9501b96aa9755ULL };
259 static constexpr uint64_t coset_generators_wasm_2[8] = { 0x000000000000003aULL, 0x0000000000000043ULL,
260 0x000000000000004bULL, 0x0000000000000053ULL,
261 0x000000000000005cULL, 0x0000000000000064ULL,
262 0x000000000000006dULL, 0x0000000000000075ULL };
263 static constexpr uint64_t coset_generators_wasm_3[8] = { 0x000000dfffffff20ULL, 0x000000ffffffff00ULL,
264 0x0000011ffffffee0ULL, 0x0000013ffffffec0ULL,
265 0x0000015ffffffea0ULL, 0x0000017ffffffe80ULL,
266 0x0000019ffffffe60ULL, 0x000001bffffffe40ULL };
267
268 // For consistency with bb::fq, if we ever represent an element of bb::secp256r1::fq in the public inputs, we do so
269 // as a bigfield element, so with 4 public inputs
270 static constexpr size_t PUBLIC_INPUTS_SIZE = BIGFIELD_PUBLIC_INPUTS_SIZE;
271};
272using fr = field<FrParams>;
273
274struct G1Params {
275 static constexpr bool USE_ENDOMORPHISM = false;
276 static constexpr bool can_hash_to_curve = true;
277 static constexpr bool small_elements = true;
278 static constexpr bool has_a = true;
279
280 static constexpr fq b =
281 fq(0x3BCE3C3E27D2604B, 0x651D06B0CC53B0F6, 0xB3EBBD55769886BC, 0x5AC635D8AA3A93E7).to_montgomery_form();
282 static constexpr fq a =
283 fq(0xFFFFFFFFFFFFFFFC, 0x00000000FFFFFFFF, 0x0000000000000000, 0xFFFFFFFF00000001).to_montgomery_form();
284
285 static constexpr fq one_x =
286 fq(0xF4A13945D898C296, 0x77037D812DEB33A0, 0xF8BCE6E563A440F2, 0x6B17D1F2E12C4247).to_montgomery_form();
287 static constexpr fq one_y =
288 fq(0xCBB6406837BF51F5, 0x2BCE33576B315ECE, 0x8EE7EB4A7C0F9E16, 0x4FE342E2FE1A7F9B).to_montgomery_form();
289};
290using g1 = group<fq, fr, G1Params>;
291
292// specialize the name in msgpack schema generation
293// consumed by the typescript schema compiler, helps disambiguate templates
294inline std::string msgpack_schema_name(g1::affine_element const& /*unused*/)
295{
296 return "Secp256r1Point";
297}
298
299} // namespace bb::secp256r1
300
301namespace bb::curve {
310} // namespace bb::curve
311
312// NOLINTEND(cppcoreguidelines-avoid-c-arrays)
bb::curve::SECP256R1::AffineElement
typename Group::affine_element AffineElement
Definition secp256r1.hpp:308
bb::curve::SECP256R1::Element
typename Group::element Element
Definition secp256r1.hpp:307
bb::group_elements::affine_element
Definition affine_element.hpp:22
bb::group
group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr
Definition group.hpp:36
bb::group::affine_element
group_elements::affine_element< Fq, Fr, Params > affine_element
Definition group.hpp:42
bb::group::element
group_elements::element< Fq, Fr, Params > element
Definition group.hpp:41
bb::secp256r1::fr
field< FrParams > fr
Definition secp256r1.hpp:272
bb::secp256r1::g1
group< fq, fr, G1Params > g1
Definition secp256r1.hpp:290
bb::secp256r1::msgpack_schema_name
std::string msgpack_schema_name(g1::affine_element const &)
Definition secp256r1.hpp:294
bb::secp256r1::fq
field< FqParams > fq
Definition secp256r1.hpp:142
bb::field
General class for prime fields see Prime field documentation["field documentation"] for general imple...
Definition field_declarations.hpp:36
bb::field::to_montgomery_form
BB_INLINE constexpr field to_montgomery_form() const noexcept
Definition field_impl.hpp:282
bb::secp256r1::FqParams::modulus_wasm_2
static constexpr uint64_t modulus_wasm_2
Definition secp256r1.hpp:92
bb::secp256r1::FqParams::coset_generators_wasm_3
static constexpr uint64_t coset_generators_wasm_3[8]
Definition secp256r1.hpp:133
bb::secp256r1::FqParams::r_squared_1
static constexpr uint64_t r_squared_1
Definition secp256r1.hpp:25
bb::secp256r1::FqParams::primitive_root_wasm_3
static constexpr uint64_t primitive_root_wasm_3
Definition secp256r1.hpp:117
bb::secp256r1::FqParams::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition secp256r1.hpp:140
bb::secp256r1::FqParams::coset_generators_wasm_2
static constexpr uint64_t coset_generators_wasm_2[8]
Definition secp256r1.hpp:129
bb::secp256r1::FqParams::cube_root_3
static constexpr uint64_t cube_root_3
Definition secp256r1.hpp:80
bb::secp256r1::FqParams::primitive_root_0
static constexpr uint64_t primitive_root_0
Definition secp256r1.hpp:83
bb::secp256r1::FqParams::r_squared_0
static constexpr uint64_t r_squared_0
Definition secp256r1.hpp:24
bb::secp256r1::FqParams::cube_root_wasm_1
static constexpr uint64_t cube_root_wasm_1
Definition secp256r1.hpp:109
bb::secp256r1::FqParams::r_inv_3
static constexpr uint64_t r_inv_3
Definition secp256r1.hpp:42
bb::secp256r1::FqParams::r_inv_0
static constexpr uint64_t r_inv_0
Definition secp256r1.hpp:39
bb::secp256r1::FqParams::primitive_root_3
static constexpr uint64_t primitive_root_3
Definition secp256r1.hpp:86
bb::secp256r1::FqParams::r_inv_wasm_8
static constexpr uint64_t r_inv_wasm_8
Definition secp256r1.hpp:56
bb::secp256r1::FqParams::modulus_3
static constexpr uint64_t modulus_3
Definition secp256r1.hpp:21
bb::secp256r1::FqParams::r_squared_wasm_1
static constexpr uint64_t r_squared_wasm_1
Definition secp256r1.hpp:103
bb::secp256r1::FqParams::primitive_root_1
static constexpr uint64_t primitive_root_1
Definition secp256r1.hpp:84
bb::secp256r1::FqParams::primitive_root_wasm_2
static constexpr uint64_t primitive_root_wasm_2
Definition secp256r1.hpp:116
bb::secp256r1::FqParams::coset_generators_wasm_0
static constexpr uint64_t coset_generators_wasm_0[8]
Definition secp256r1.hpp:121
bb::secp256r1::FqParams::modulus_wasm_8
static constexpr uint64_t modulus_wasm_8
Definition secp256r1.hpp:98
bb::secp256r1::FqParams::r_squared_wasm_3
static constexpr uint64_t r_squared_wasm_3
Definition secp256r1.hpp:105
bb::secp256r1::FqParams::coset_generators_0
static constexpr uint64_t coset_generators_0[8]
Definition secp256r1.hpp:60
bb::secp256r1::FqParams::modulus_wasm_3
static constexpr uint64_t modulus_wasm_3
Definition secp256r1.hpp:93
bb::secp256r1::FqParams::coset_generators_wasm_1
static constexpr uint64_t coset_generators_wasm_1[8]
Definition secp256r1.hpp:125
bb::secp256r1::FqParams::cube_root_1
static constexpr uint64_t cube_root_1
Definition secp256r1.hpp:78
bb::secp256r1::FqParams::modulus_wasm_7
static constexpr uint64_t modulus_wasm_7
Definition secp256r1.hpp:97
bb::secp256r1::FqParams::schema_name
static constexpr const char * schema_name
Definition secp256r1.hpp:15
bb::secp256r1::FqParams::cube_root_0
static constexpr uint64_t cube_root_0
Definition secp256r1.hpp:77
bb::secp256r1::FqParams::modulus_wasm_5
static constexpr uint64_t modulus_wasm_5
Definition secp256r1.hpp:95
bb::secp256r1::FqParams::r_squared_wasm_2
static constexpr uint64_t r_squared_wasm_2
Definition secp256r1.hpp:104
bb::secp256r1::FqParams::cube_root_wasm_2
static constexpr uint64_t cube_root_wasm_2
Definition secp256r1.hpp:110
bb::secp256r1::FqParams::modulus_wasm_1
static constexpr uint64_t modulus_wasm_1
Definition secp256r1.hpp:91
bb::secp256r1::FqParams::primitive_root_wasm_1
static constexpr uint64_t primitive_root_wasm_1
Definition secp256r1.hpp:115
bb::secp256r1::FqParams::primitive_root_2
static constexpr uint64_t primitive_root_2
Definition secp256r1.hpp:85
bb::secp256r1::FqParams::cube_root_wasm_3
static constexpr uint64_t cube_root_wasm_3
Definition secp256r1.hpp:111
bb::secp256r1::FqParams::r_inv
static constexpr uint64_t r_inv
Definition secp256r1.hpp:33
bb::secp256r1::FqParams::r_inv_wasm_7
static constexpr uint64_t r_inv_wasm_7
Definition secp256r1.hpp:55
bb::secp256r1::FqParams::r_squared_3
static constexpr uint64_t r_squared_3
Definition secp256r1.hpp:27
bb::secp256r1::FqParams::modulus_2
static constexpr uint64_t modulus_2
Definition secp256r1.hpp:20
bb::secp256r1::FqParams::r_inv_wasm_4
static constexpr uint64_t r_inv_wasm_4
Definition secp256r1.hpp:52
bb::secp256r1::FqParams::modulus_0
static constexpr uint64_t modulus_0
Definition secp256r1.hpp:18
bb::secp256r1::FqParams::cube_root_2
static constexpr uint64_t cube_root_2
Definition secp256r1.hpp:79
bb::secp256r1::FqParams::r_inv_wasm_5
static constexpr uint64_t r_inv_wasm_5
Definition secp256r1.hpp:53
bb::secp256r1::FqParams::coset_generators_1
static constexpr uint64_t coset_generators_1[8]
Definition secp256r1.hpp:63
bb::secp256r1::FqParams::coset_generators_3
static constexpr uint64_t coset_generators_3[8]
Definition secp256r1.hpp:71
bb::secp256r1::FqParams::cube_root_wasm_0
static constexpr uint64_t cube_root_wasm_0
Definition secp256r1.hpp:108
bb::secp256r1::FqParams::r_squared_2
static constexpr uint64_t r_squared_2
Definition secp256r1.hpp:26
bb::secp256r1::FqParams::r_inv_wasm_6
static constexpr uint64_t r_inv_wasm_6
Definition secp256r1.hpp:54
bb::secp256r1::FqParams::r_inv_wasm_2
static constexpr uint64_t r_inv_wasm_2
Definition secp256r1.hpp:50
bb::secp256r1::FqParams::r_squared_wasm_0
static constexpr uint64_t r_squared_wasm_0
Definition secp256r1.hpp:102
bb::secp256r1::FqParams::r_inv_2
static constexpr uint64_t r_inv_2
Definition secp256r1.hpp:41
bb::secp256r1::FqParams::r_inv_1
static constexpr uint64_t r_inv_1
Definition secp256r1.hpp:40
bb::secp256r1::FqParams::r_inv_wasm_0
static constexpr uint64_t r_inv_wasm_0
Definition secp256r1.hpp:48
bb::secp256r1::FqParams::primitive_root_wasm_0
static constexpr uint64_t primitive_root_wasm_0
Definition secp256r1.hpp:114
bb::secp256r1::FqParams::modulus_wasm_4
static constexpr uint64_t modulus_wasm_4
Definition secp256r1.hpp:94
bb::secp256r1::FqParams::coset_generators_2
static constexpr uint64_t coset_generators_2[8]
Definition secp256r1.hpp:67
bb::secp256r1::FqParams::modulus_wasm_6
static constexpr uint64_t modulus_wasm_6
Definition secp256r1.hpp:96
bb::secp256r1::FqParams::modulus_1
static constexpr uint64_t modulus_1
Definition secp256r1.hpp:19
bb::secp256r1::FqParams::r_inv_wasm_3
static constexpr uint64_t r_inv_wasm_3
Definition secp256r1.hpp:51
bb::secp256r1::FqParams::r_inv_wasm_1
static constexpr uint64_t r_inv_wasm_1
Definition secp256r1.hpp:49
bb::secp256r1::FqParams::modulus_wasm_0
static constexpr uint64_t modulus_wasm_0
Definition secp256r1.hpp:90
bb::secp256r1::FrParams::r_squared_wasm_0
static constexpr uint64_t r_squared_wasm_0
Definition secp256r1.hpp:232
bb::secp256r1::FrParams::coset_generators_3
static constexpr uint64_t coset_generators_3[8]
Definition secp256r1.hpp:201
bb::secp256r1::FrParams::r_inv_1
static constexpr uint64_t r_inv_1
Definition secp256r1.hpp:170
bb::secp256r1::FrParams::r_squared_1
static constexpr uint64_t r_squared_1
Definition secp256r1.hpp:155
bb::secp256r1::FrParams::r_inv
static constexpr uint64_t r_inv
Definition secp256r1.hpp:163
bb::secp256r1::FrParams::primitive_root_wasm_0
static constexpr uint64_t primitive_root_wasm_0
Definition secp256r1.hpp:244
bb::secp256r1::FrParams::modulus_wasm_6
static constexpr uint64_t modulus_wasm_6
Definition secp256r1.hpp:226
bb::secp256r1::FrParams::coset_generators_wasm_2
static constexpr uint64_t coset_generators_wasm_2[8]
Definition secp256r1.hpp:259
bb::secp256r1::FrParams::modulus_2
static constexpr uint64_t modulus_2
Definition secp256r1.hpp:150
bb::secp256r1::FrParams::coset_generators_2
static constexpr uint64_t coset_generators_2[8]
Definition secp256r1.hpp:198
bb::secp256r1::FrParams::primitive_root_wasm_3
static constexpr uint64_t primitive_root_wasm_3
Definition secp256r1.hpp:247
bb::secp256r1::FrParams::r_inv_wasm_5
static constexpr uint64_t r_inv_wasm_5
Definition secp256r1.hpp:183
bb::secp256r1::FrParams::primitive_root_0
static constexpr uint64_t primitive_root_0
Definition secp256r1.hpp:213
bb::secp256r1::FrParams::modulus_wasm_7
static constexpr uint64_t modulus_wasm_7
Definition secp256r1.hpp:227
bb::secp256r1::FrParams::r_inv_wasm_0
static constexpr uint64_t r_inv_wasm_0
Definition secp256r1.hpp:178
bb::secp256r1::FrParams::r_squared_0
static constexpr uint64_t r_squared_0
Definition secp256r1.hpp:154
bb::secp256r1::FrParams::modulus_wasm_0
static constexpr uint64_t modulus_wasm_0
Definition secp256r1.hpp:220
bb::secp256r1::FrParams::modulus_wasm_8
static constexpr uint64_t modulus_wasm_8
Definition secp256r1.hpp:228
bb::secp256r1::FrParams::r_inv_2
static constexpr uint64_t r_inv_2
Definition secp256r1.hpp:171
bb::secp256r1::FrParams::cube_root_0
static constexpr uint64_t cube_root_0
Definition secp256r1.hpp:207
bb::secp256r1::FrParams::primitive_root_3
static constexpr uint64_t primitive_root_3
Definition secp256r1.hpp:216
bb::secp256r1::FrParams::r_inv_wasm_3
static constexpr uint64_t r_inv_wasm_3
Definition secp256r1.hpp:181
bb::secp256r1::FrParams::r_inv_wasm_8
static constexpr uint64_t r_inv_wasm_8
Definition secp256r1.hpp:186
bb::secp256r1::FrParams::modulus_wasm_1
static constexpr uint64_t modulus_wasm_1
Definition secp256r1.hpp:221
bb::secp256r1::FrParams::primitive_root_1
static constexpr uint64_t primitive_root_1
Definition secp256r1.hpp:214
bb::secp256r1::FrParams::r_inv_wasm_7
static constexpr uint64_t r_inv_wasm_7
Definition secp256r1.hpp:185
bb::secp256r1::FrParams::modulus_wasm_5
static constexpr uint64_t modulus_wasm_5
Definition secp256r1.hpp:225
bb::secp256r1::FrParams::schema_name
static constexpr const char * schema_name
Definition secp256r1.hpp:145
bb::secp256r1::FrParams::primitive_root_wasm_1
static constexpr uint64_t primitive_root_wasm_1
Definition secp256r1.hpp:245
bb::secp256r1::FrParams::primitive_root_wasm_2
static constexpr uint64_t primitive_root_wasm_2
Definition secp256r1.hpp:246
bb::secp256r1::FrParams::cube_root_wasm_1
static constexpr uint64_t cube_root_wasm_1
Definition secp256r1.hpp:239
bb::secp256r1::FrParams::modulus_wasm_2
static constexpr uint64_t modulus_wasm_2
Definition secp256r1.hpp:222
bb::secp256r1::FrParams::cube_root_wasm_3
static constexpr uint64_t cube_root_wasm_3
Definition secp256r1.hpp:241
bb::secp256r1::FrParams::coset_generators_wasm_0
static constexpr uint64_t coset_generators_wasm_0[8]
Definition secp256r1.hpp:251
bb::secp256r1::FrParams::r_inv_wasm_4
static constexpr uint64_t r_inv_wasm_4
Definition secp256r1.hpp:182
bb::secp256r1::FrParams::modulus_1
static constexpr uint64_t modulus_1
Definition secp256r1.hpp:149
bb::secp256r1::FrParams::r_inv_wasm_2
static constexpr uint64_t r_inv_wasm_2
Definition secp256r1.hpp:180
bb::secp256r1::FrParams::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition secp256r1.hpp:270
bb::secp256r1::FrParams::r_inv_3
static constexpr uint64_t r_inv_3
Definition secp256r1.hpp:172
bb::secp256r1::FrParams::modulus_3
static constexpr uint64_t modulus_3
Definition secp256r1.hpp:151
bb::secp256r1::FrParams::modulus_wasm_3
static constexpr uint64_t modulus_wasm_3
Definition secp256r1.hpp:223
bb::secp256r1::FrParams::r_squared_wasm_2
static constexpr uint64_t r_squared_wasm_2
Definition secp256r1.hpp:234
bb::secp256r1::FrParams::r_inv_wasm_1
static constexpr uint64_t r_inv_wasm_1
Definition secp256r1.hpp:179
bb::secp256r1::FrParams::coset_generators_0
static constexpr uint64_t coset_generators_0[8]
Definition secp256r1.hpp:190
bb::secp256r1::FrParams::r_inv_0
static constexpr uint64_t r_inv_0
Definition secp256r1.hpp:169
bb::secp256r1::FrParams::cube_root_2
static constexpr uint64_t cube_root_2
Definition secp256r1.hpp:209
bb::secp256r1::FrParams::r_squared_2
static constexpr uint64_t r_squared_2
Definition secp256r1.hpp:156
bb::secp256r1::FrParams::modulus_wasm_4
static constexpr uint64_t modulus_wasm_4
Definition secp256r1.hpp:224
bb::secp256r1::FrParams::coset_generators_wasm_1
static constexpr uint64_t coset_generators_wasm_1[8]
Definition secp256r1.hpp:255
bb::secp256r1::FrParams::r_squared_3
static constexpr uint64_t r_squared_3
Definition secp256r1.hpp:157
bb::secp256r1::FrParams::r_inv_wasm_6
static constexpr uint64_t r_inv_wasm_6
Definition secp256r1.hpp:184
bb::secp256r1::FrParams::cube_root_wasm_0
static constexpr uint64_t cube_root_wasm_0
Definition secp256r1.hpp:238
bb::secp256r1::FrParams::r_squared_wasm_3
static constexpr uint64_t r_squared_wasm_3
Definition secp256r1.hpp:235
bb::secp256r1::FrParams::coset_generators_wasm_3
static constexpr uint64_t coset_generators_wasm_3[8]
Definition secp256r1.hpp:263
bb::secp256r1::FrParams::cube_root_1
static constexpr uint64_t cube_root_1
Definition secp256r1.hpp:208
bb::secp256r1::FrParams::coset_generators_1
static constexpr uint64_t coset_generators_1[8]
Definition secp256r1.hpp:194
bb::secp256r1::FrParams::cube_root_wasm_2
static constexpr uint64_t cube_root_wasm_2
Definition secp256r1.hpp:240
bb::secp256r1::FrParams::modulus_0
static constexpr uint64_t modulus_0
Definition secp256r1.hpp:148
bb::secp256r1::FrParams::r_squared_wasm_1
static constexpr uint64_t r_squared_wasm_1
Definition secp256r1.hpp:233
bb::secp256r1::FrParams::primitive_root_2
static constexpr uint64_t primitive_root_2
Definition secp256r1.hpp:215
bb::secp256r1::FrParams::cube_root_3
static constexpr uint64_t cube_root_3
Definition secp256r1.hpp:210
bb::secp256r1::G1Params::a
static constexpr fq a
Definition secp256r1.hpp:282
bb::secp256r1::G1Params::can_hash_to_curve
static constexpr bool can_hash_to_curve
Definition secp256r1.hpp:276
bb::secp256r1::G1Params::has_a
static constexpr bool has_a
Definition secp256r1.hpp:278
bb::secp256r1::G1Params::one_y
static constexpr fq one_y
Definition secp256r1.hpp:287
bb::secp256r1::G1Params::USE_ENDOMORPHISM
static constexpr bool USE_ENDOMORPHISM
Definition secp256r1.hpp:275
bb::secp256r1::G1Params::b
static constexpr fq b
Definition secp256r1.hpp:280
bb::secp256r1::G1Params::small_elements
static constexpr bool small_elements
Definition secp256r1.hpp:277
bb::secp256r1::G1Params::one_x
static constexpr fq one_x
Definition secp256r1.hpp:285