Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
multi_scalar_mul.cpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#include "multi_scalar_mul.hpp"
8#include "barretenberg/dsl/acir_format/serde/acir.hpp"
9#include "barretenberg/ecc/curves/bn254/fr.hpp"
10#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
11#include "barretenberg/honk/execution_trace/gate_data.hpp"
12#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"
13#include "barretenberg/stdlib/primitives/group/cycle_group.hpp"
14
15namespace acir_format {
16
17using namespace bb;
18
25
48template <typename Builder>
49void create_multi_scalar_mul_constraint(Builder& builder, const MultiScalarMul& constraint_input)
50{
51 using cycle_group_ct = stdlib::cycle_group<Builder>;
52
53 // Step 1: Reconstruct inputs (points, scalars, expected result)
54 MsmInputs input = reconstruct_msm_inputs(builder, constraint_input);
55
56 // Step 2: Compute result and connect it to the expected result reconstructed from inputs
57 auto result = cycle_group_ct::batch_mul(input.points, input.scalars);
58 cycle_group_ct to_be_asserted_equal = cycle_group_ct::conditional_assign(input.predicate, input.result, result);
59 result.assert_equal(to_be_asserted_equal);
60}
61
73template <typename Builder>
74static MsmInputs<Builder> reconstruct_msm_inputs(Builder& builder, const MultiScalarMul& input)
75{
76 using cycle_group_ct = stdlib::cycle_group<Builder>;
77 using cycle_scalar_ct = typename cycle_group_ct::cycle_scalar;
78 using field_ct = stdlib::field_t<Builder>;
79 using bool_ct = stdlib::bool_t<Builder>;
80
81 bool_ct predicate = bool_ct(to_field_ct(input.predicate, builder));
82
83 // Reconstruct expected result
84 field_ct input_result_x = field_ct::from_witness_index(&builder, input.out_point_x);
85 field_ct input_result_y = field_ct::from_witness_index(&builder, input.out_point_y);
86 bool_ct input_result_infinite = bool_ct(field_ct::from_witness_index(&builder, input.out_point_is_infinite));
87
88 // If no valid witness assignments, set result to generator point to avoid errors during circuit construction
89 if (builder.is_write_vk_mode()) {
90 builder.set_variable(input_result_x.get_witness_index(), bb::grumpkin::g1::affine_one.x);
91 builder.set_variable(input_result_y.get_witness_index(), bb::grumpkin::g1::affine_one.y);
92 builder.set_variable(input_result_infinite.get_witness_index(), bb::fr(0));
93 }
94
95 // Note that input_result is computed by Noir and passed to bb via ACIR. Hence, it is always a valid point on
96 // Grumpkin.
97 cycle_group_ct input_result(input_result_x, input_result_y, input_result_infinite, /*assert_on_curve=*/false);
98
99 // Reconstruct points and scalars
100 std::vector<cycle_group_ct> points;
101 std::vector<cycle_scalar_ct> scalars;
102
103 // Ensure that the number of points and scalars are consistent (3 field elements per point, 2 per scalar)
104 BB_ASSERT(input.points.size() * 2 == input.scalars.size() * 3, "MultiScalarMul input size mismatch");
105
106 for (size_t i = 0; i < input.points.size(); i += 3) {
107 cycle_group_ct input_point =
108 to_grumpkin_point(input.points[i], input.points[i + 1], input.points[i + 2], predicate, builder);
109
110 cycle_scalar_ct scalar =
111 to_grumpkin_scalar(input.scalars[2 * (i / 3)], input.scalars[2 * (i / 3) + 1], predicate, builder);
112
113 points.push_back(input_point);
114 scalars.push_back(scalar);
115 }
116
117 return { predicate, input_result, points, scalars };
118}
119
120template void create_multi_scalar_mul_constraint<UltraCircuitBuilder>(UltraCircuitBuilder& builder,
121 const MultiScalarMul& input);
122template void create_multi_scalar_mul_constraint<MegaCircuitBuilder>(MegaCircuitBuilder& builder,
123 const MultiScalarMul& input);
124
125} // namespace acir_format
BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:67
bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19
bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:41
bb::group_elements::affine_element::x
Fq x
Definition affine_element.hpp:202
bb::group_elements::affine_element::y
Fq y
Definition affine_element.hpp:203
bb::group::affine_one
static constexpr affine_element affine_one
Definition group.hpp:48
bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:59
bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve, i.e....
Definition cycle_group.hpp:37
bb::stdlib::field_t< Builder >
bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:62
bb::stdlib::field_t::get_witness_index
uint32_t get_witness_index() const
Get the witness index of the current field element.
Definition field.hpp:506
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
cycle_group.hpp
gate_data.hpp
multi_scalar_mul.hpp
acir_format
Definition acir_format.cpp:31
acir_format::create_multi_scalar_mul_constraint< UltraCircuitBuilder >
template void create_multi_scalar_mul_constraint< UltraCircuitBuilder >(UltraCircuitBuilder &builder, const MultiScalarMul &input)
acir_format::to_grumpkin_point
bb::stdlib::cycle_group< Builder > to_grumpkin_point(const WitnessOrConstant< typename Builder::FF > &input_x, const WitnessOrConstant< typename Builder::FF > &input_y, const WitnessOrConstant< typename Builder::FF > &input_infinite, const bb::stdlib::bool_t< Builder > &predicate, Builder &builder)
Convert inputs representing a Grumpkin point into a cycle_group element.
Definition witness_constant.cpp:34
acir_format::to_grumpkin_scalar
bb::stdlib::cycle_group< Builder >::cycle_scalar to_grumpkin_scalar(const WitnessOrConstant< typename Builder::FF > &scalar_lo, const WitnessOrConstant< typename Builder::FF > &scalar_hi, const bb::stdlib::bool_t< Builder > &predicate, Builder &builder)
Convert inputs representing a Grumpkin scalar into a cycle_scalar element.
Definition witness_constant.cpp:102
acir_format::create_multi_scalar_mul_constraint< MegaCircuitBuilder >
template void create_multi_scalar_mul_constraint< MegaCircuitBuilder >(MegaCircuitBuilder &builder, const MultiScalarMul &input)
acir_format::create_multi_scalar_mul_constraint
void create_multi_scalar_mul_constraint(Builder &builder, const MultiScalarMul &constraint_input)
Create constraints for multi-scalar multiplication on the Grumpkin curve.
Definition multi_scalar_mul.cpp:49
acir_format::to_field_ct
bb::stdlib::field_t< Builder > to_field_ct(const WitnessOrConstant< typename Builder::FF > &input, Builder &builder)
Definition witness_constant.hpp:40
bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
acir_format::MsmInputs
Definition multi_scalar_mul.cpp:19
acir_format::MsmInputs::predicate
bb::stdlib::bool_t< Builder > predicate
Definition multi_scalar_mul.cpp:20
acir_format::MsmInputs::points
std::vector< bb::stdlib::cycle_group< Builder > > points
Definition multi_scalar_mul.cpp:22
acir_format::MsmInputs::result
bb::stdlib::cycle_group< Builder > result
Definition multi_scalar_mul.cpp:21
acir_format::MsmInputs::scalars
std::vector< typename bb::stdlib::cycle_group< Builder >::cycle_scalar > scalars
Definition multi_scalar_mul.cpp:23
acir_format::MultiScalarMul
Definition multi_scalar_mul.hpp:17