biggroup_edgecase_handling.hpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }
// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }
// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }
// =====================
 
#pragma once
#include "barretenberg/common/assert.hpp"
#include "barretenberg/ecc/groups/precomputed_generators_bn254_impl.hpp"
#include "barretenberg/ecc/groups/precomputed_generators_secp256r1_impl.hpp"
#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"
 
namespace bb::stdlib::element_default {
 
template <typename C, class Fq, class Fr, class G>
typename G::affine_element element<C, Fq, Fr, G>::compute_table_offset_generator()
{
    constexpr typename G::affine_element offset_generator =
        get_precomputed_generators<G, "biggroup table offset generator", 1>()[0];
 
    return offset_generator;
}
 
template <typename C, class Fq, class Fr, class G>
std::pair<std::vector<element<C, Fq, Fr, G>>, std::vector<Fr>> element<C, Fq, Fr, G>::mask_points(
    const std::vector<element>& _points, const std::vector<Fr>& _scalars)
{
    std::vector<element> points;
    std::vector<Fr> scalars;
    BB_ASSERT_EQ(_points.size(), _scalars.size());
    using NativeFr = typename Fr::native;
    auto running_scalar = NativeFr::one();
    // Get the offset generator G_offset in native and in-circuit form
    auto native_offset_generator = element::compute_table_offset_generator();
    Fr last_scalar = Fr(0);
    NativeFr generator_coefficient = NativeFr(2).pow(_points.size());
    auto generator_coefficient_inverse = generator_coefficient.invert();
    // For each point and scalar
    for (size_t i = 0; i < _points.size(); i++) {
        scalars.push_back(_scalars[i]);
        // Convert point into point + 2ⁱ⋅G_offset
        points.push_back(_points[i] + (native_offset_generator * running_scalar));
        // Add \frac{2ⁱ⋅scalar}{2ⁿ} to the last scalar
        last_scalar += _scalars[i] * (running_scalar * generator_coefficient_inverse);
        // Double the running scalar
        running_scalar += running_scalar;
    }
 
    // Add a scalar -(<(1,2,4,...,2ⁿ⁻¹ ),(scalar₀,...,scalarₙ₋₁)> / 2ⁿ)
    scalars.push_back(-last_scalar);
    if constexpr (Fr::is_composite) {
        scalars.back().self_reduce();
    }
    // Add in-circuit G_offset to points
    points.push_back(element(native_offset_generator * generator_coefficient));
 
    return { points, scalars };
}
 
template <typename C, class Fq, class Fr, class G>
std::pair<std::vector<element<C, Fq, Fr, G>>, std::vector<Fr>> element<C, Fq, Fr, G>::handle_points_at_infinity(
    const std::vector<element>& _points, const std::vector<Fr>& _scalars)
{
    auto builder = _points[0].get_context();
    std::vector<element> points;
    std::vector<Fr> scalars;
    element one = element::one(builder);
 
    for (auto [_point, _scalar] : zip_view(_points, _scalars)) {
        bool_ct is_point_at_infinity = _point.is_point_at_infinity();
        if (is_point_at_infinity.get_value() && static_cast<bool>(is_point_at_infinity.is_constant())) {
            // if point is at infinity and a circuit constant we can just skip.
            continue;
        }
        if (_scalar.get_value() == 0 && _scalar.is_constant()) {
            // if scalar multiplier is 0 and also a constant, we can skip
            continue;
        }
        Fq updated_x = Fq::conditional_assign(is_point_at_infinity, one.x, _point.x);
        Fq updated_y = Fq::conditional_assign(is_point_at_infinity, one.y, _point.y);
        element point(updated_x, updated_y);
        Fr scalar = Fr::conditional_assign(is_point_at_infinity, 0, _scalar);
 
        points.push_back(point);
        scalars.push_back(scalar);
        // TODO(https://github.com/AztecProtocol/barretenberg/issues/1002): if both point and scalar are constant,
        // don't bother adding constraints
    }
 
    return { points, scalars };
}
} // namespace bb::stdlib::element_default