Barretenberg: src/barretenberg/ecc/fields/field_conversion.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include "barretenberg/common/assert.hpp"

#include "barretenberg/ecc/curves/bn254/bn254.hpp"

#include "barretenberg/ecc/curves/bn254/fr.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/honk/types/circuit_type.hpp"

#include "barretenberg/polynomials/univariate.hpp"

#include "barretenberg/stdlib/primitives/bigfield/constants.hpp" // NUM_LIMB_BITS_IN_FIELD_SIMULATION


namespace bb {


class FrCodec {

  public:

    using DataType = bb::fr;

    using fr = bb::fr;

    using fq = grumpkin::fr;

    using bn254_commitment = curve::BN254::AffineElement;

    using grumpkin_commitment = curve::Grumpkin::AffineElement;


    // Size calculators


    template <typename T> static constexpr size_t calc_num_fields()

    {

        if constexpr (IsAnyOf<T, uint32_t, uint64_t, bool>) {

            return 1;

        } else if constexpr (IsAnyOf<T, bb::fr, fq>) {

            return T::Params::NUM_BN254_SCALARS;

        } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {

            return 2 * calc_num_fields<typename T::Fq>();

        } else {

            // Array or Univariate

            return calc_num_fields<typename T::value_type>() * (std::tuple_size<T>::value);

        }

    }


    static fq convert_grumpkin_fr_from_bn254_frs(std::span<const bb::fr> fr_vec)

    {

        // expects 2 fr limbs; caller already asserts size

        constexpr uint64_t NUM_LIMB_BITS = stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION; // 68

        constexpr uint64_t TOTAL_BITS = 254;


        BB_ASSERT_LT(uint256_t(fr_vec[0]),

                     (uint256_t(1) << (NUM_LIMB_BITS * 2)),

                     "Conversion error here usually implies some bad proof serde or parsing");

        BB_ASSERT_LT(uint256_t(fr_vec[1]),

                     (uint256_t(1) << (TOTAL_BITS - NUM_LIMB_BITS * 2)),

                     "Conversion error here usually implies some bad proof serde or parsing");


        const uint256_t value = uint256_t(fr_vec[0]) + (uint256_t(fr_vec[1]) << (NUM_LIMB_BITS * 2));


        return fq(value);

    }


    static std::vector<bb::fr> convert_grumpkin_fr_to_bn254_frs(const fq& val)

    {

        constexpr uint64_t NUM_LIMB_BITS = stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION; // 68

        constexpr uint64_t TOTAL_BITS = 254;


        constexpr uint64_t LOWER_BITS = 2 * NUM_LIMB_BITS; // 136

        constexpr uint256_t LOWER_MASK = (uint256_t(1) << LOWER_BITS) - 1;


        const uint256_t value = uint256_t(val);

        BB_ASSERT_LT(value, (uint256_t(1) << TOTAL_BITS));


        std::vector<bb::fr> out(2);

        out[0] = static_cast<uint256_t>(value & LOWER_MASK);

        out[1] = static_cast<uint256_t>(value >> LOWER_BITS);


        BB_ASSERT_LT(static_cast<uint256_t>(out[1]), (uint256_t(1) << (TOTAL_BITS - LOWER_BITS)));

        return out;

    }


    // ---------------------------------------------------------------------

    // Deserialize

    // ---------------------------------------------------------------------


    template <typename T> static T deserialize_from_fields(std::span<const fr> fr_vec)

    {

        BB_ASSERT_EQ(fr_vec.size(), calc_num_fields<T>());

        if constexpr (IsAnyOf<T, bool>) {

            return static_cast<bool>(fr_vec[0]);

        } else if constexpr (IsAnyOf<T, uint32_t, uint64_t, bb::fr>) {

            return static_cast<T>(fr_vec[0]);

        } else if constexpr (IsAnyOf<T, fq>) {

            return convert_grumpkin_fr_from_bn254_frs(fr_vec);

        } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {

            using BaseField = typename T::Fq;

            constexpr size_t BASE = calc_num_fields<BaseField>();

            T val;

            val.x = deserialize_from_fields<BaseField>(fr_vec.subspan(0, BASE));

            val.y = deserialize_from_fields<BaseField>(fr_vec.subspan(BASE, BASE));

            if (val.x == BaseField::zero() && val.y == BaseField::zero()) {

                val.self_set_infinity();

            }

            BB_ASSERT(val.on_curve());

            return val;

        } else {

            // Array or Univariate

            T val;

            constexpr size_t SZ = calc_num_fields<typename T::value_type>();

            size_t i = 0;

            for (auto& x : val) {

                x = deserialize_from_fields<typename T::value_type>(fr_vec.subspan(SZ * i, SZ));

                ++i;

            }

            return val;

        }

    }


    template <typename T> static std::vector<fr> serialize_to_fields(const T& val)

    {

        if constexpr (IsAnyOf<T, bool, uint32_t, uint64_t, bb::fr>) {

            return { val };

        } else if constexpr (IsAnyOf<T, fq>) {

            return convert_grumpkin_fr_to_bn254_frs(val);

        } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {

            using BaseField = typename T::Fq;

            std::vector<bb::fr> fr_vec_x;

            std::vector<bb::fr> fr_vec_y;

            if (val.is_point_at_infinity()) {

                fr_vec_x = serialize_to_fields(BaseField::zero());

                fr_vec_y = serialize_to_fields(BaseField::zero());

            } else {

                fr_vec_x = serialize_to_fields(val.x);

                fr_vec_y = serialize_to_fields(val.y);

            }

            std::vector<bb::fr> fr_vec(fr_vec_x.begin(), fr_vec_x.end());

            fr_vec.insert(fr_vec.end(), fr_vec_y.begin(), fr_vec_y.end());

            return fr_vec;

        } else {

            // Array or Univariate

            std::vector<fr> out;

            for (auto& x : val) {

                auto tmp = serialize_to_fields(x);

                out.insert(out.end(), tmp.begin(), tmp.end());

            }

            return out;

        }

    }


    static std::array<bb::fr, 2> split_challenge(const bb::fr& challenge)

    {

        static constexpr size_t TOTAL_BITS = bb::fr::modulus.get_msb() + 1; // 254

        static constexpr size_t LO_BITS = TOTAL_BITS / 2;                   // 127

        static constexpr size_t HI_BITS = TOTAL_BITS - LO_BITS;             // 127


        const uint256_t u = static_cast<uint256_t>(challenge);

        const uint256_t lo = u.slice(0, LO_BITS);

        const uint256_t hi = u.slice(LO_BITS, LO_BITS + HI_BITS);


        return { bb::fr(lo), bb::fr(hi) };

    }


    template <typename T> static T convert_challenge(const bb::fr& challenge)

    {

        if constexpr (std::is_same_v<T, bb::fr>) {

            return challenge;

        } else if constexpr (std::is_same_v<T, fq>) {

            BB_ASSERT_LT(static_cast<uint256_t>(challenge).get_msb(),

                         2 * stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION,

                         "field_conversion: convert challenge");

            return fq(challenge);

        }

    }


};


class U256Codec {

  public:

    using DataType = uint256_t;

    using fr = bb::fr;

    using fq = grumpkin::fr;

    using bn254_commitment = curve::BN254::AffineElement;

    using grumpkin_commitment = curve::Grumpkin::AffineElement;


    // Size calculators


    template <typename T> static constexpr size_t calc_num_fields()

    {

        if constexpr (IsAnyOf<T, uint32_t, uint64_t, uint256_t, bool, fq, bb::fr>) {

            return 1;

        } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {

            // In contrast to bb::fr, bn254 points can be represented by only 2 uint256_t elements

            return 2;

        } else {

            // Array or Univariate

            return calc_num_fields<typename T::value_type>() * (std::tuple_size<T>::value);

        }

    }


    // ---------------------------------------------------------------------

    // Deserialize

    // ---------------------------------------------------------------------


    template <typename T> static T deserialize_from_fields(std::span<const uint256_t> vec)

    {

        BB_ASSERT_EQ(vec.size(), calc_num_fields<T>());

        if constexpr (IsAnyOf<T, bool>) {

            return static_cast<bool>(vec[0]);

        } else if constexpr (IsAnyOf<T, uint32_t, uint64_t, uint256_t, bb::fr, fq>) {

            return static_cast<T>(vec[0]);

        } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {

            using BaseField = typename T::Fq;

            constexpr size_t N = calc_num_fields<BaseField>();

            T val;

            val.x = deserialize_from_fields<BaseField>(vec.subspan(0, N));

            val.y = deserialize_from_fields<BaseField>(vec.subspan(N, N));

            if (val.x == BaseField::zero() && val.y == BaseField::zero()) {

                val.self_set_infinity();

            }

            BB_ASSERT(val.on_curve());

            return val;

        } else {

            // Array or Univariate

            T val;

            constexpr size_t SZ = calc_num_fields<typename T::value_type>();

            size_t i = 0;

            for (auto& x : val) {

                x = deserialize_from_fields<typename T::value_type>(vec.subspan(SZ * i, SZ));

                ++i;

            }

            return val;

        }

    }


    template <typename T> static std::vector<uint256_t> serialize_to_fields(const T& val)

    {

        if constexpr (IsAnyOf<T, bool, uint32_t, uint64_t, uint256_t, bb::fr, fq>) {

            return { val };

        } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {

            using BaseField = typename T::Fq;

            std::vector<uint256_t> uint256_vec_x;

            std::vector<uint256_t> uint256_vec_y;

            // When encountering a point at infinity we pass a zero point in the proof to ensure that on the receiving

            // size there are no inconsistencies whenre constructing and hashing.

            if (val.is_point_at_infinity()) {

                uint256_vec_x = serialize_to_fields(BaseField::zero());

                uint256_vec_y = serialize_to_fields(BaseField::zero());

            } else {

                uint256_vec_x = serialize_to_fields<BaseField>(val.x);

                uint256_vec_y = serialize_to_fields<BaseField>(val.y);

            }

            std::vector<uint256_t> uint256_vec(uint256_vec_x.begin(), uint256_vec_x.end());

            uint256_vec.insert(uint256_vec.end(), uint256_vec_y.begin(), uint256_vec_y.end());

            return uint256_vec;

        } else {

            // Array or Univariate

            std::vector<uint256_t> out;

            for (auto& e : val) {

                auto tmp = serialize_to_fields(e);

                out.insert(out.end(), tmp.begin(), tmp.end());

            }

            return out;

        }

    }


    static std::array<uint256_t, 2> split_challenge(const uint256_t& challenge)

    {

        static constexpr size_t TOTAL_BITS = bb::fr::modulus.get_msb() + 1; // 254

        static constexpr size_t LO_BITS = TOTAL_BITS / 2;                   // 127

        static constexpr size_t HI_BITS = TOTAL_BITS - LO_BITS;             // 127


        const uint256_t u = static_cast<uint256_t>(challenge);

        const uint256_t lo = u.slice(0, LO_BITS);

        const uint256_t hi = u.slice(LO_BITS, LO_BITS + HI_BITS);


        return { uint256_t(lo), uint256_t(hi) };

    }


    template <typename T> static T convert_challenge(const bb::fr& challenge)

    {

        if constexpr (std::is_same_v<T, bb::fr>) {

            return challenge;

        } else if constexpr (std::is_same_v<T, fq>) {

            BB_ASSERT_LT(static_cast<uint256_t>(challenge).get_msb(),

                         2 * stdlib::NUM_LIMB_BITS_IN_FIELD_SIMULATION,

                         "field_conversion: convert challenge");

            return fq(challenge);

        }

    }


};


} // namespace bb

assert.hpp

BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:67

BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:77

BB_ASSERT_LT
#define BB_ASSERT_LT(left, right,...)
Definition assert.hpp:137

circuit_type.hpp

bb::FrCodec
Definition field_conversion.hpp:19

bb::FrCodec::bn254_commitment
curve::BN254::AffineElement bn254_commitment
Definition field_conversion.hpp:24

bb::FrCodec::fq
grumpkin::fr fq
Definition field_conversion.hpp:23

bb::FrCodec::serialize_to_fields
static std::vector< fr > serialize_to_fields(const T &val)
Conversion from transcript values to bb::frs.
Definition field_conversion.hpp:125

bb::FrCodec::split_challenge
static std::array< bb::fr, 2 > split_challenge(const bb::fr &challenge)
Split a challenge field element into two equal-width challenges.
Definition field_conversion.hpp:164

bb::FrCodec::convert_challenge
static T convert_challenge(const bb::fr &challenge)
Convert an fr challenge to a target type (fr or fq). Assumes challenge is "short".
Definition field_conversion.hpp:180

bb::FrCodec::convert_grumpkin_fr_from_bn254_frs
static fq convert_grumpkin_fr_from_bn254_frs(std::span< const bb::fr > fr_vec)
Converts 2 bb::fr elements to fq.
Definition field_conversion.hpp:46

bb::FrCodec::convert_grumpkin_fr_to_bn254_frs
static std::vector< bb::fr > convert_grumpkin_fr_to_bn254_frs(const fq &val)
Converts fq to 2 bb::fr elements (inverse of the above).
Definition field_conversion.hpp:67

bb::FrCodec::deserialize_from_fields
static T deserialize_from_fields(std::span< const fr > fr_vec)
Definition field_conversion.hpp:89

bb::FrCodec::grumpkin_commitment
curve::Grumpkin::AffineElement grumpkin_commitment
Definition field_conversion.hpp:25

bb::FrCodec::calc_num_fields
static constexpr size_t calc_num_fields()
Definition field_conversion.hpp:28

bb::U256Codec
Definition field_conversion.hpp:193

bb::U256Codec::bn254_commitment
curve::BN254::AffineElement bn254_commitment
Definition field_conversion.hpp:198

bb::U256Codec::fq
grumpkin::fr fq
Definition field_conversion.hpp:197

bb::U256Codec::grumpkin_commitment
curve::Grumpkin::AffineElement grumpkin_commitment
Definition field_conversion.hpp:199

bb::U256Codec::calc_num_fields
static constexpr size_t calc_num_fields()
Definition field_conversion.hpp:202

bb::U256Codec::split_challenge
static std::array< uint256_t, 2 > split_challenge(const uint256_t &challenge)
Split a challenge field element into two equal-width challenges.
Definition field_conversion.hpp:291

bb::U256Codec::convert_challenge
static T convert_challenge(const bb::fr &challenge)
Convert an fr challenge to a target type (fr or fq). Assumes challenge is "short".
Definition field_conversion.hpp:307

bb::U256Codec::serialize_to_fields
static std::vector< uint256_t > serialize_to_fields(const T &val)
Conversion from transcript values to uint256_ts.
Definition field_conversion.hpp:252

bb::U256Codec::deserialize_from_fields
static T deserialize_from_fields(std::span< const uint256_t > vec)
Definition field_conversion.hpp:218

bb::curve::BN254::AffineElement
typename Group::affine_element AffineElement
Definition bn254.hpp:22

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:63

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::numeric::uint256_t::slice
constexpr uint256_t slice(uint64_t start, uint64_t end) const
Definition uint256_impl.hpp:291

bb::numeric::uint256_t::get_msb
constexpr uint64_t get_msb() const
Definition uint256_impl.hpp:329

bb::IsAnyOf
Definition circuit_type.hpp:15

bn254.hpp

grumpkin.hpp

fr.hpp

bb::grumpkin::fr
bb::fq fr
Definition grumpkin.hpp:18

bb::numeric::get_msb
constexpr T get_msb(const T in)
Definition get_msb.hpp:47

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

value
FF value
Definition public_data_tree.test.cpp:97

constants.hpp

bb::field< Bn254FrParams >

bb::field< Bn254FrParams >::modulus
static constexpr uint256_t modulus
Definition field_declarations.hpp:197

univariate.hpp