TranslatorCircuitBuilder creates a circuit that evaluates the correctness of the evaluation of EccOpQueue in Fq while operating in the Fr scalar field (r is the modulus of Fr and q is the modulus of Fq) More...

#include <translator_circuit_builder.hpp>

Inheritance diagram for bb::TranslatorCircuitBuilder:

Classes
struct	AccumulationInput
	The accumulation input structure contains all the necessary values to initalize an accumulation gate as well as additional values for checking its correctness. More...

Public Types
enum	WireIds : size_t { OP , X_LOW_Y_HI , X_HIGH_Z_1 , Y_LOW_Z_2 , P_X_LOW_LIMBS , P_X_HIGH_LIMBS , P_Y_LOW_LIMBS , P_Y_HIGH_LIMBS , Z_LOW_LIMBS , Z_HIGH_LIMBS , ACCUMULATORS_BINARY_LIMBS_0 , ACCUMULATORS_BINARY_LIMBS_1 , ACCUMULATORS_BINARY_LIMBS_2 , ACCUMULATORS_BINARY_LIMBS_3 , QUOTIENT_LOW_BINARY_LIMBS , QUOTIENT_HIGH_BINARY_LIMBS , RELATION_WIDE_LIMBS , P_X_LOW_LIMBS_RANGE_CONSTRAINT_0 , P_X_LOW_LIMBS_RANGE_CONSTRAINT_1 , P_X_LOW_LIMBS_RANGE_CONSTRAINT_2 , P_X_LOW_LIMBS_RANGE_CONSTRAINT_3 , P_X_LOW_LIMBS_RANGE_CONSTRAINT_4 , P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL , P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0 , P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1 , P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2 , P_X_HIGH_LIMBS_RANGE_CONSTRAINT_3 , P_X_HIGH_LIMBS_RANGE_CONSTRAINT_4 , P_X_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL , P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0 , P_Y_LOW_LIMBS_RANGE_CONSTRAINT_1 , P_Y_LOW_LIMBS_RANGE_CONSTRAINT_2 , P_Y_LOW_LIMBS_RANGE_CONSTRAINT_3 , P_Y_LOW_LIMBS_RANGE_CONSTRAINT_4 , P_Y_LOW_LIMBS_RANGE_CONSTRAINT_TAIL , P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0 , P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_1 , P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_2 , P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_3 , P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_4 , P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL , Z_LOW_LIMBS_RANGE_CONSTRAINT_0 , Z_LOW_LIMBS_RANGE_CONSTRAINT_1 , Z_LOW_LIMBS_RANGE_CONSTRAINT_2 , Z_LOW_LIMBS_RANGE_CONSTRAINT_3 , Z_LOW_LIMBS_RANGE_CONSTRAINT_4 , Z_LOW_LIMBS_RANGE_CONSTRAINT_TAIL , Z_HIGH_LIMBS_RANGE_CONSTRAINT_0 , Z_HIGH_LIMBS_RANGE_CONSTRAINT_1 , Z_HIGH_LIMBS_RANGE_CONSTRAINT_2 , Z_HIGH_LIMBS_RANGE_CONSTRAINT_3 , Z_HIGH_LIMBS_RANGE_CONSTRAINT_4 , Z_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL , ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0 , ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_1 , ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_2 , ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_3 , ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_4 , ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_TAIL , ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_0 , ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_1 , ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_2 , ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_3 , ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_4 , ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL , QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_0 , QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_1 , QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_2 , QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_3 , QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_4 , QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_TAIL , QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_0 , QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_1 , QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_2 , QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_3 , QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_4 , QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_TAIL , RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0 , RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1 , RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2 , RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_3 , TOTAL_COUNT }
	There are so many wires that naming them has no sense, it is easier to access them with enums. More...

Public Types inherited from bb::CircuitBuilderBase< bb::fr >
using	FF = bb::fr

using	EmbeddedCurve = std::conditional_t< std::same_as< FF, bb::g1::Fq >, curve::BN254, curve::Grumpkin >

Public Member Functions
void	create_add_gate (const add_triple_< Fr > &) override

void	create_mul_gate (const mul_triple_< Fr > &) override

void	create_bool_gate (const uint32_t) override

void	create_poly_gate (const poly_triple_< Fr > &) override

size_t	get_num_constant_gates () const override

	TranslatorCircuitBuilder (Fq batching_challenge_v_, Fq evaluation_input_x_)
	Construct a new Translator Circuit Builder object.

	TranslatorCircuitBuilder (Fq batching_challenge_v_, Fq evaluation_input_x_, std::shared_ptr< ECCOpQueue > op_queue)
	Construct a new Translator Circuit Builder object and feed op_queue inside.

	TranslatorCircuitBuilder ()=default

	TranslatorCircuitBuilder (const TranslatorCircuitBuilder &other)=delete

	TranslatorCircuitBuilder (TranslatorCircuitBuilder &&other) noexcept

TranslatorCircuitBuilder &	operator= (const TranslatorCircuitBuilder &other)=delete

TranslatorCircuitBuilder &	operator= (TranslatorCircuitBuilder &&other) noexcept

	~TranslatorCircuitBuilder () override=default

void	create_accumulation_gate (const AccumulationInput &acc_step)
	Create a single accumulation gate.

void	populate_wires_from_ultra_op (const UltraOp &ultra_op)

void	insert_pair_into_wire (WireIds wire_index, Fr first, Fr second)

void	feed_ecc_op_queue_into_circuit (const std::shared_ptr< ECCOpQueue > ecc_op_queue)
	Generate all the gates required to prove the correctness of batched evalution of polynomials representing commitments to ECCOpQueue.

Public Member Functions inherited from bb::CircuitBuilderBase< bb::fr >
	CircuitBuilderBase (size_t size_hint=0, bool has_dummy_witnesses=false)

	CircuitBuilderBase (const CircuitBuilderBase &other)=default

	CircuitBuilderBase (CircuitBuilderBase &&other) noexcept=default

CircuitBuilderBase &	operator= (const CircuitBuilderBase &other)=default

CircuitBuilderBase &	operator= (CircuitBuilderBase &&other) noexcept=default

virtual	~CircuitBuilderBase ()=default

bool	operator== (const CircuitBuilderBase &other) const=default

virtual size_t	get_num_finalized_gates () const

virtual size_t	get_estimated_num_finalized_gates () const

virtual void	print_num_estimated_finalized_gates () const

virtual size_t	get_num_variables () const

const std::vector< FF > &	get_variables () const

uint32_t	get_first_variable_in_class (uint32_t index) const

void	update_real_variable_indices (uint32_t index, uint32_t new_real_index)

FF	get_variable (const uint32_t index) const
	Get the value of the variable v_{index}.

void	set_variable (const uint32_t index, const FF &value)
	Set the value of the variable pointed to by a witness index.

const FF &	get_variable_reference (const uint32_t index) const

uint32_t	get_public_input_index (const uint32_t witness_index) const

FF	get_public_input (const uint32_t index) const

const std::vector< uint32_t > &	public_inputs () const

void	finalize_public_inputs ()
	Set the public_inputs_finalized_ to true to prevent any new public inputs from being added.

void	initialize_public_inputs (const std::vector< uint32_t > &public_inputs)
	Directly initialize the public inputs vector.

virtual uint32_t	add_variable (const FF &in)

virtual void	set_variable_name (uint32_t index, const std::string &name)

virtual void	update_variable_names (uint32_t index)

virtual msgpack::sbuffer	export_circuit ()

virtual uint32_t	add_public_variable (const FF &in)

virtual uint32_t	set_public_input (uint32_t witness_index)
	Make a witness variable public.

virtual void	assert_equal (uint32_t a_idx, uint32_t b_idx, std::string const &msg="assert_equal")

size_t	get_circuit_subgroup_size (size_t num_gates) const

size_t	num_public_inputs () const

void	assert_valid_variables (const std::vector< uint32_t > &variable_indices)

bool	failed () const

const std::string &	err () const

void	set_err (std::string msg)

void	failure (std::string msg)

Static Public Member Functions
static std::array< Fr, NUM_BINARY_LIMBS >	split_fq_into_limbs (const Fq &base)
	A small function to transform a native element Fq into its bigfield representation in Fr scalars.

static void	assert_well_formed_ultra_op (const UltraOp &ultra_op)

static void	assert_well_formed_accumulation_input (const AccumulationInput &acc_step)
	Ensures the accumulation input is well-formed and can be used to create a gate.

static AccumulationInput	generate_witness_values (const UltraOp &ultra_op, const Fq &previous_accumulator, const Fq &batching_challenge_v, const Fq &evaluation_input_x)
	Given the transcript values from the EccOpQueue, the values of the previous accumulator, batching challenge and input x, compute witness for one step of accumulation.

Public Attributes
Fq	batching_challenge_v

Fq	evaluation_input_x

std::array< SlabVector< uint32_t >, NUM_WIRES >	wires

Public Attributes inherited from bb::CircuitBuilderBase< bb::fr >
size_t	num_gates

bool	has_dummy_witnesses

std::unordered_map< uint32_t, std::string >	variable_names

std::vector< uint32_t >	next_var_index

std::vector< uint32_t >	prev_var_index

std::vector< uint32_t >	real_variable_index

std::vector< uint32_t >	real_variable_tags

uint32_t	current_tag

std::map< uint32_t, uint32_t >	tau

bool	is_recursive_circuit

bool	_failed

std::string	_err

uint32_t	zero_idx

uint32_t	one_idx

Static Public Attributes
static constexpr size_t	NUM_WIRES = 81

static constexpr size_t	NUM_SELECTORS = 0

static constexpr size_t	DEFAULT_TRANSLATOR_VM_LENGTH = 2048

static constexpr size_t	NUM_LIMB_BITS = 68

static constexpr size_t	NUM_LAST_LIMB_BITS = Fq::modulus.get_msb() + 1 - 3 * NUM_LIMB_BITS

static constexpr size_t	NUM_Z_LIMBS = 2

static constexpr size_t	NUM_QUOTIENT_BITS = 256

static constexpr size_t	NUM_LAST_QUOTIENT_LIMB_BITS = 256 - 3 * NUM_LIMB_BITS

static constexpr size_t	NUM_Z_BITS = 128

static constexpr size_t	MICRO_LIMB_BITS = 14

static constexpr auto	MAX_MICRO_LIMB_SIZE = (uint256_t(1) << MICRO_LIMB_BITS) - 1

static constexpr size_t	NUM_MICRO_LIMBS = 6

static constexpr size_t	NUM_BINARY_LIMBS = 4

static constexpr size_t	NUM_RELATION_WIDE_LIMBS = 2

static constexpr size_t	RELATION_WIDE_LIMB_BITS = 84

static constexpr uint256_t	MAX_RELATION_WIDE_LIMB_SIZE = uint256_t(1) << RELATION_WIDE_LIMB_BITS

static constexpr auto	MICRO_SHIFT = uint256_t(1) << MICRO_LIMB_BITS

static constexpr auto	MAX_LOW_WIDE_LIMB_SIZE = (uint256_t(1) << (NUM_LIMB_BITS * 2)) - 1

static constexpr auto	MAX_HIGH_WIDE_LIMB_SIZE = (uint256_t(1) << (NUM_LIMB_BITS + NUM_LAST_LIMB_BITS)) - 1

static constexpr size_t	RESULT_ROW = 2

static constexpr auto	SHIFT_1 = uint256_t(1) << NUM_LIMB_BITS

static constexpr auto	SHIFT_2 = uint256_t(1) << (NUM_LIMB_BITS << 1)

static constexpr auto	SHIFT_2_INVERSE = Fr(SHIFT_2).invert()

static constexpr auto	SHIFT_3 = uint256_t(1) << (NUM_LIMB_BITS * 3)

static constexpr uint512_t	MODULUS_U512 = uint512_t(Fq::modulus)

static constexpr uint512_t	BINARY_BASIS_MODULUS = uint512_t(1) << (NUM_LIMB_BITS << 2)

static constexpr uint512_t	NEGATIVE_PRIME_MODULUS = BINARY_BASIS_MODULUS - MODULUS_U512

static constexpr std::array< Fr, 5 >	NEGATIVE_MODULUS_LIMBS

static constexpr std::string_view	NAME_STRING = "TranslatorCircuitBuilder"

Static Public Attributes inherited from bb::CircuitBuilderBase< bb::fr >
static constexpr uint32_t	REAL_VARIABLE

static constexpr uint32_t	FIRST_VARIABLE_IN_CLASS

Private Types
using	Fr = bb::fr

using	Fq = bb::fq

Detailed Description

TranslatorCircuitBuilder creates a circuit that evaluates the correctness of the evaluation of EccOpQueue in Fq while operating in the Fr scalar field (r is the modulus of Fr and q is the modulus of Fq)

Translator Circuit Builder builds a circuit whose purpose is to calculate the batched evaluation of 5 polynomials in non-native field represented through coefficients in 4 native polynomials (op, x_lo_y_hi, x_hi_z_1, y_lo_z_2):

OP | X_LO | X_HI | Y_LO 0 | Y_HI | Z1 | Z2

OP is supposed to be { 0, 1, 2, 3, 4, 8 }. X_LO and Y_LO need to be < 2¹³⁶, X_HI and Y_LO < 2¹¹⁸, Z1 and Z2 < 2¹²⁸. X_* and Y_* are supposed to be the decompositions of bn254 base fields elements P.x and P.y and are split into two chunks each because the scalar field we are operating on can't fit them

Translator calculates the result of evaluation of a polynomial op + P.x⋅v +P.y⋅v² + z1 ⋅ v³ + z2⋅v⁴ at the given challenge x (evaluation_input_x). For this it uses logic similar to the stdlib bigfield class. We operate in Fr while trying to calculate values in Fq. To show that a⋅b=c mod q, we: 1) Compute a⋅b in integers 2) Compute quotient=a⋅b/q 3) Show that a⋅b - quotient⋅q - c = 0 mod 2²⁷² 4) Show that a⋅b - quotient⋅q - c = 0 mod r (scalar field modulus) This ensures that the logic is sound modulo 2²⁷²⋅r, which means it's correct in integers, if all the values are sufficiently constrained (there is no way to undeflow or overflow)

Concretely, Translator computes one accumulation every two gates: previous_accumulator⋅x + op + P.x⋅v +P.y⋅v² + z1⋅v³ + z2⋅v⁴ = current_accumulator mod p. Because of the nature of polynomial commitment, previous_accumulator is located at higher index than the current_accumulator. Values of x (evaluation_input_x) and v (batching_challenge_v) are precomputed and considered inputs to the relations.

P.x and P.y are deconstructed into 4 limbs (3 68-bit and 1 50-bit) for non-native arithmetic z1 and z2 are deconstructed into 2 limbs each (68 and 60 bits) op is small and doesn't have to be deconstructed

To show the accumulation is correct we also need to provide the quotient and accumulators as witnesses. Accumulator is split the same way as P.x and P.y, but quotient is 256 bits,so the top limb is 52 bits.

Ensuring that the relation mod 2²⁷² is correct is done through splitting this check into two checks modulo 2¹³⁶. First, we check that a proper combination of the values in the lower limbs gives the correct result modulo 2¹³⁶ (by dividing the result by 2¹³⁶ and range constraining it). Then we use the overlow and higher limbs to prove the same modulo 2¹³⁶ again and as a result we get correctness modulo 2²⁷².

One big issue are range constraints. In Translator we check ranges by decomposing LIMBS into special other range constrained MICROLIMBS (have "_CONSTRAINT_" in the name of their wires). These wires always have the range of 14 bits, so when we need to constrain something further we use two wires at once and scale the values (for example, 68 bits are decomposed into 5 14-bit limbs + 1 shifted limb, which is equal to the highest microlimb multiplied by 4). The shifted wires usually have "_TAIL" in the name, but that is not a strict rule. To save space and because of the proving system requirements we put some of the decomposed values from relation limbs (limbs which compute the result of computation modulo 2²⁷² divided by shifts) into constraint wires named after P.x, P.y, accumulator and quotient. This is due to the fact that the highest limb in these four is less than 56 bits, which frees up an extra microlimb.

Definition at line 69 of file translator_circuit_builder.hpp.

Member Typedef Documentation

◆ Fq

using bb::TranslatorCircuitBuilder::Fq = bb::fq

private

Definition at line 74 of file translator_circuit_builder.hpp.

◆ Fr

using bb::TranslatorCircuitBuilder::Fr = bb::fr

private

Definition at line 72 of file translator_circuit_builder.hpp.

Member Enumeration Documentation

◆ WireIds

enum bb::TranslatorCircuitBuilder::WireIds : size_t

There are so many wires that naming them has no sense, it is easier to access them with enums.

Enumerator
OP
X_LOW_Y_HI
X_HIGH_Z_1
Y_LOW_Z_2
P_X_LOW_LIMBS
P_X_HIGH_LIMBS
P_Y_LOW_LIMBS
P_Y_HIGH_LIMBS
Z_LOW_LIMBS
Z_HIGH_LIMBS
ACCUMULATORS_BINARY_LIMBS_0
ACCUMULATORS_BINARY_LIMBS_1
ACCUMULATORS_BINARY_LIMBS_2
ACCUMULATORS_BINARY_LIMBS_3
QUOTIENT_LOW_BINARY_LIMBS
QUOTIENT_HIGH_BINARY_LIMBS
RELATION_WIDE_LIMBS
P_X_LOW_LIMBS_RANGE_CONSTRAINT_0
P_X_LOW_LIMBS_RANGE_CONSTRAINT_1
P_X_LOW_LIMBS_RANGE_CONSTRAINT_2
P_X_LOW_LIMBS_RANGE_CONSTRAINT_3
P_X_LOW_LIMBS_RANGE_CONSTRAINT_4
P_X_LOW_LIMBS_RANGE_CONSTRAINT_TAIL
P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0
P_X_HIGH_LIMBS_RANGE_CONSTRAINT_1
P_X_HIGH_LIMBS_RANGE_CONSTRAINT_2
P_X_HIGH_LIMBS_RANGE_CONSTRAINT_3
P_X_HIGH_LIMBS_RANGE_CONSTRAINT_4
P_X_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL
P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0
P_Y_LOW_LIMBS_RANGE_CONSTRAINT_1
P_Y_LOW_LIMBS_RANGE_CONSTRAINT_2
P_Y_LOW_LIMBS_RANGE_CONSTRAINT_3
P_Y_LOW_LIMBS_RANGE_CONSTRAINT_4
P_Y_LOW_LIMBS_RANGE_CONSTRAINT_TAIL
P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0
P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_1
P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_2
P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_3
P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_4
P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL
Z_LOW_LIMBS_RANGE_CONSTRAINT_0
Z_LOW_LIMBS_RANGE_CONSTRAINT_1
Z_LOW_LIMBS_RANGE_CONSTRAINT_2
Z_LOW_LIMBS_RANGE_CONSTRAINT_3
Z_LOW_LIMBS_RANGE_CONSTRAINT_4
Z_LOW_LIMBS_RANGE_CONSTRAINT_TAIL
Z_HIGH_LIMBS_RANGE_CONSTRAINT_0
Z_HIGH_LIMBS_RANGE_CONSTRAINT_1
Z_HIGH_LIMBS_RANGE_CONSTRAINT_2
Z_HIGH_LIMBS_RANGE_CONSTRAINT_3
Z_HIGH_LIMBS_RANGE_CONSTRAINT_4
Z_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL
ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0
ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_1
ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_2
ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_3
ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_4
ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_TAIL
ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_0
ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_1
ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_2
ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_3
ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_4
ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_TAIL
QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_0
QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_1
QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_2
QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_3
QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_4
QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_TAIL
QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_0
QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_1
QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_2
QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_3
QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_4
QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_TAIL
RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0
RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1
RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2
RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_3
TOTAL_COUNT

Definition at line 93 of file translator_circuit_builder.hpp.

Constructor & Destructor Documentation

◆ TranslatorCircuitBuilder() [1/5]

bb::TranslatorCircuitBuilder::TranslatorCircuitBuilder	(	Fq	batching_challenge_v_,
		Fq	evaluation_input_x_
	)

inline

Construct a new Translator Circuit Builder object.

Translator Circuit builder has to be initializaed with evaluation input and batching challenge (they are used to compute witness and to store the value for the prover)

Parameters

batching_challenge_v_
evaluation_input_x_

Definition at line 324 of file translator_circuit_builder.hpp.

◆ TranslatorCircuitBuilder() [2/5]

bb::TranslatorCircuitBuilder::TranslatorCircuitBuilder	(	Fq	batching_challenge_v_,
		Fq	evaluation_input_x_,
		std::shared_ptr< ECCOpQueue >	op_queue
	)

inline

Construct a new Translator Circuit Builder object and feed op_queue inside.

Translator Circuit builder has to be initialized with evaluation input and batching challenge (they are used to compute witness and to store the value for the prover)

Parameters

batching_challenge_v_
evaluation_input_x_
op_queue

Definition at line 339 of file translator_circuit_builder.hpp.

◆ TranslatorCircuitBuilder() [3/5]

bb::TranslatorCircuitBuilder::TranslatorCircuitBuilder ( )

default

◆ TranslatorCircuitBuilder() [4/5]

bb::TranslatorCircuitBuilder::TranslatorCircuitBuilder ( const TranslatorCircuitBuilder & other )

delete

◆ TranslatorCircuitBuilder() [5/5]

bb::TranslatorCircuitBuilder::TranslatorCircuitBuilder ( TranslatorCircuitBuilder && other )

inlinenoexcept

Definition at line 348 of file translator_circuit_builder.hpp.

◆ ~TranslatorCircuitBuilder()

bb::TranslatorCircuitBuilder::~TranslatorCircuitBuilder ( )

overridedefault

Member Function Documentation

◆ assert_well_formed_accumulation_input()

void bb::TranslatorCircuitBuilder::assert_well_formed_accumulation_input ( const AccumulationInput & acc_step )

static

Ensures the accumulation input is well-formed and can be used to create a gate.

There are two main types of checks: that members of the AccumulationInput are within the appropriate ranges and that the members containing *limbs have been constructed appropriately from the original values, also present in the input.

Parameters

acc_step

Check correctness of limbs values

Definition at line 346 of file translator_circuit_builder.cpp.

◆ assert_well_formed_ultra_op()

void bb::TranslatorCircuitBuilder::assert_well_formed_ultra_op ( const UltraOp & ultra_op )

static

Definition at line 327 of file translator_circuit_builder.cpp.

◆ create_accumulation_gate()

void bb::TranslatorCircuitBuilder::create_accumulation_gate ( const AccumulationInput & acc_step )

Create a single accumulation gate.

An accumulation gate adds 2 rows from the op queue computing the accumulation of a single EccOpQueue step

Parameters

acc_step
acc_step

Put several values in sequential wires

Definition at line 422 of file translator_circuit_builder.cpp.

◆ create_add_gate()

void bb::TranslatorCircuitBuilder::create_add_gate ( const add_triple_< Fr > & )

inlineoverridevirtual

We won't need these standard gates that are defined as virtual in circuit builder base

Implements bb::CircuitBuilderBase< bb::fr >.

Definition at line 84 of file translator_circuit_builder.hpp.

◆ create_bool_gate()

void bb::TranslatorCircuitBuilder::create_bool_gate ( const uint32_t )

inlineoverridevirtual

Implements bb::CircuitBuilderBase< bb::fr >.

Definition at line 86 of file translator_circuit_builder.hpp.

◆ create_mul_gate()

void bb::TranslatorCircuitBuilder::create_mul_gate ( const mul_triple_< Fr > & )

inlineoverridevirtual

Implements bb::CircuitBuilderBase< bb::fr >.

Definition at line 85 of file translator_circuit_builder.hpp.

◆ create_poly_gate()

void bb::TranslatorCircuitBuilder::create_poly_gate ( const poly_triple_< Fr > & )

inlineoverridevirtual

Implements bb::CircuitBuilderBase< bb::fr >.

Definition at line 87 of file translator_circuit_builder.hpp.

◆ feed_ecc_op_queue_into_circuit()

void bb::TranslatorCircuitBuilder::feed_ecc_op_queue_into_circuit ( const std::shared_ptr< ECCOpQueue > ecc_op_queue )

Generate all the gates required to prove the correctness of batched evalution of polynomials representing commitments to ECCOpQueue.

Parameters

ecc_op_queue The queue

Definition at line 515 of file translator_circuit_builder.cpp.

◆ generate_witness_values()

TranslatorCircuitBuilder::AccumulationInput bb::TranslatorCircuitBuilder::generate_witness_values	(	const UltraOp &	ultra_op,
		const Fq &	previous_accumulator,
		const Fq &	batching_challenge_v,
		const Fq &	evaluation_input_x
	)

static

Given the transcript values from the EccOpQueue, the values of the previous accumulator, batching challenge and input x, compute witness for one step of accumulation.

Template Parameters

Fq
Fr

Parameters

ultra_op	The ultra op used to produce the wire data
previous_accumulator	The value of the previous accumulator (we assume standard decomposition into limbs)
batching_challenge_v	The value of the challenge for batching polynomial evaluations
evaluation_input_x	The value at which we evaluate the polynomials

Returns: TranslatorCircuitBuilder::AccumulationInput

A small function to transform a uint512_t element into its 4 68-bit limbs in Fr scalars

Split and integer stored in uint512_T into 4 68-bit chunks (we assume that it is lower than 2²⁷²), convert to Fr

A method for splitting wide limbs (P_x_lo, P_y_hi, etc) into two limbs

A method to split a full 68-bit limb into 5 14-bit limb and 1 shifted limb for a more secure constraint

A method to split the top 50-bit limb into 4 14-bit limbs and 1 shifted limb for a more secure constraint (plus there is 1 extra space for other constraints)

A method for splitting the top 60-bit z limb into microlimbs (differs from the 68-bit limb by the shift in the last limb)

Split a 72-bit relation limb into 6 14-bit limbs (we can allow the slack here, since we only need to ensure non-overflow of the modulus)

Definition at line 37 of file translator_circuit_builder.cpp.

◆ get_num_constant_gates()

size_t bb::TranslatorCircuitBuilder::get_num_constant_gates ( ) const

inlineoverridevirtual

Implements bb::CircuitBuilderBase< bb::fr >.

Definition at line 88 of file translator_circuit_builder.hpp.

◆ insert_pair_into_wire()

void bb::TranslatorCircuitBuilder::insert_pair_into_wire	(	WireIds	wire_index,
		Fr	first,
		Fr	second
	)

inline

Definition at line 399 of file translator_circuit_builder.hpp.

◆ operator=() [1/2]

TranslatorCircuitBuilder & bb::TranslatorCircuitBuilder::operator= ( const TranslatorCircuitBuilder & other )

delete

◆ operator=() [2/2]

TranslatorCircuitBuilder & bb::TranslatorCircuitBuilder::operator= ( TranslatorCircuitBuilder && other )

inlinenoexcept

Definition at line 351 of file translator_circuit_builder.hpp.

◆ populate_wires_from_ultra_op()

void bb::TranslatorCircuitBuilder::populate_wires_from_ultra_op ( const UltraOp & ultra_op )

Definition at line 403 of file translator_circuit_builder.cpp.

◆ split_fq_into_limbs()

static std::array< Fr, NUM_BINARY_LIMBS > bb::TranslatorCircuitBuilder::split_fq_into_limbs ( const Fq & base )

inlinestatic

A small function to transform a native element Fq into its bigfield representation in Fr scalars.

We transform Fq into an integer and then split it into 68-bit limbs, then convert them to Fr.

Definition at line 364 of file translator_circuit_builder.hpp.

Member Data Documentation

◆ batching_challenge_v

Fq bb::TranslatorCircuitBuilder::batching_challenge_v

Definition at line 308 of file translator_circuit_builder.hpp.

◆ BINARY_BASIS_MODULUS

constexpr uint512_t bb::TranslatorCircuitBuilder::BINARY_BASIS_MODULUS = uint512_t(1) << (NUM_LIMB_BITS << 2)

staticconstexpr

Definition at line 260 of file translator_circuit_builder.hpp.

◆ DEFAULT_TRANSLATOR_VM_LENGTH

constexpr size_t bb::TranslatorCircuitBuilder::DEFAULT_TRANSLATOR_VM_LENGTH = 2048

staticconstexpr

Definition at line 189 of file translator_circuit_builder.hpp.

◆ evaluation_input_x

Fq bb::TranslatorCircuitBuilder::evaluation_input_x

Definition at line 311 of file translator_circuit_builder.hpp.

◆ MAX_HIGH_WIDE_LIMB_SIZE

constexpr auto bb::TranslatorCircuitBuilder::MAX_HIGH_WIDE_LIMB_SIZE = (uint256_t(1) << (NUM_LIMB_BITS + NUM_LAST_LIMB_BITS)) - 1

staticconstexpr

Definition at line 239 of file translator_circuit_builder.hpp.

◆ MAX_LOW_WIDE_LIMB_SIZE

constexpr auto bb::TranslatorCircuitBuilder::MAX_LOW_WIDE_LIMB_SIZE = (uint256_t(1) << (NUM_LIMB_BITS * 2)) - 1

staticconstexpr

Definition at line 236 of file translator_circuit_builder.hpp.

◆ MAX_MICRO_LIMB_SIZE

constexpr auto bb::TranslatorCircuitBuilder::MAX_MICRO_LIMB_SIZE = (uint256_t(1) << MICRO_LIMB_BITS) - 1

staticconstexpr

Definition at line 213 of file translator_circuit_builder.hpp.

◆ MAX_RELATION_WIDE_LIMB_SIZE

constexpr uint256_t bb::TranslatorCircuitBuilder::MAX_RELATION_WIDE_LIMB_SIZE = uint256_t(1) << RELATION_WIDE_LIMB_BITS

staticconstexpr

Definition at line 230 of file translator_circuit_builder.hpp.

◆ MICRO_LIMB_BITS

constexpr size_t bb::TranslatorCircuitBuilder::MICRO_LIMB_BITS = 14

staticconstexpr

Definition at line 210 of file translator_circuit_builder.hpp.

◆ MICRO_SHIFT

constexpr auto bb::TranslatorCircuitBuilder::MICRO_SHIFT = uint256_t(1) << MICRO_LIMB_BITS

staticconstexpr

Definition at line 233 of file translator_circuit_builder.hpp.

◆ MODULUS_U512

constexpr uint512_t bb::TranslatorCircuitBuilder::MODULUS_U512 = uint512_t(Fq::modulus)

staticconstexpr

Definition at line 257 of file translator_circuit_builder.hpp.

◆ NAME_STRING

constexpr std::string_view bb::TranslatorCircuitBuilder::NAME_STRING = "TranslatorCircuitBuilder"

staticconstexpr

Definition at line 305 of file translator_circuit_builder.hpp.

◆ NEGATIVE_MODULUS_LIMBS

constexpr std::array<Fr, 5> bb::TranslatorCircuitBuilder::NEGATIVE_MODULUS_LIMBS

staticconstexpr

Initial value:

= {
        Fr(NEGATIVE_PRIME_MODULUS.slice(0, NUM_LIMB_BITS).lo),
        Fr(NEGATIVE_PRIME_MODULUS.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2).lo),
        Fr(NEGATIVE_PRIME_MODULUS.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3).lo),
        Fr(NEGATIVE_PRIME_MODULUS.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4).lo),
        -Fr(Fq::modulus)
    }

Definition at line 267 of file translator_circuit_builder.hpp.

◆ NEGATIVE_PRIME_MODULUS

constexpr uint512_t bb::TranslatorCircuitBuilder::NEGATIVE_PRIME_MODULUS = BINARY_BASIS_MODULUS - MODULUS_U512

staticconstexpr

Definition at line 263 of file translator_circuit_builder.hpp.

◆ NUM_BINARY_LIMBS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_BINARY_LIMBS = 4

staticconstexpr

Definition at line 221 of file translator_circuit_builder.hpp.

◆ NUM_LAST_LIMB_BITS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_LAST_LIMB_BITS = Fq::modulus.get_msb() + 1 - 3 * NUM_LIMB_BITS

staticconstexpr

Definition at line 195 of file translator_circuit_builder.hpp.

◆ NUM_LAST_QUOTIENT_LIMB_BITS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_LAST_QUOTIENT_LIMB_BITS = 256 - 3 * NUM_LIMB_BITS

staticconstexpr

Definition at line 204 of file translator_circuit_builder.hpp.

◆ NUM_LIMB_BITS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_LIMB_BITS = 68

staticconstexpr

Definition at line 192 of file translator_circuit_builder.hpp.

◆ NUM_MICRO_LIMBS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_MICRO_LIMBS = 6

staticconstexpr

Definition at line 217 of file translator_circuit_builder.hpp.

◆ NUM_QUOTIENT_BITS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_QUOTIENT_BITS = 256

staticconstexpr

Definition at line 201 of file translator_circuit_builder.hpp.

◆ NUM_RELATION_WIDE_LIMBS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_RELATION_WIDE_LIMBS = 2

staticconstexpr

Definition at line 224 of file translator_circuit_builder.hpp.

◆ NUM_SELECTORS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_SELECTORS = 0

staticconstexpr

Definition at line 78 of file translator_circuit_builder.hpp.

◆ NUM_WIRES

constexpr size_t bb::TranslatorCircuitBuilder::NUM_WIRES = 81

staticconstexpr

Definition at line 77 of file translator_circuit_builder.hpp.

◆ NUM_Z_BITS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_Z_BITS = 128

staticconstexpr

Definition at line 207 of file translator_circuit_builder.hpp.

◆ NUM_Z_LIMBS

constexpr size_t bb::TranslatorCircuitBuilder::NUM_Z_LIMBS = 2

staticconstexpr

Definition at line 198 of file translator_circuit_builder.hpp.

◆ RELATION_WIDE_LIMB_BITS

constexpr size_t bb::TranslatorCircuitBuilder::RELATION_WIDE_LIMB_BITS = 84

staticconstexpr

Definition at line 227 of file translator_circuit_builder.hpp.

◆ RESULT_ROW

constexpr size_t bb::TranslatorCircuitBuilder::RESULT_ROW = 2

staticconstexpr

Definition at line 242 of file translator_circuit_builder.hpp.

◆ SHIFT_1

constexpr auto bb::TranslatorCircuitBuilder::SHIFT_1 = uint256_t(1) << NUM_LIMB_BITS

staticconstexpr

Definition at line 245 of file translator_circuit_builder.hpp.

◆ SHIFT_2

constexpr auto bb::TranslatorCircuitBuilder::SHIFT_2 = uint256_t(1) << (NUM_LIMB_BITS << 1)

staticconstexpr

Definition at line 248 of file translator_circuit_builder.hpp.

◆ SHIFT_2_INVERSE

constexpr auto bb::TranslatorCircuitBuilder::SHIFT_2_INVERSE = Fr(SHIFT_2).invert()

staticconstexpr

Definition at line 251 of file translator_circuit_builder.hpp.

◆ SHIFT_3

constexpr auto bb::TranslatorCircuitBuilder::SHIFT_3 = uint256_t(1) << (NUM_LIMB_BITS * 3)

staticconstexpr

Definition at line 254 of file translator_circuit_builder.hpp.

◆ wires

std::array<SlabVector<uint32_t>, NUM_WIRES> bb::TranslatorCircuitBuilder::wires

Definition at line 313 of file translator_circuit_builder.hpp.

The documentation for this class was generated from the following files:

src/barretenberg/translator_vm/translator_circuit_builder.hpp
src/barretenberg/translator_vm/translator_circuit_builder.cpp

Classes

Public Types

Public Member Functions

Static Public Member Functions

Public Attributes

Static Public Attributes

Private Types

Detailed Description

Member Typedef Documentation

◆ Fq

◆ Fr

Member Enumeration Documentation

◆ WireIds

Constructor & Destructor Documentation

◆ TranslatorCircuitBuilder() [1/5]

◆ TranslatorCircuitBuilder() [2/5]

◆ TranslatorCircuitBuilder() [3/5]

◆ TranslatorCircuitBuilder() [4/5]

◆ TranslatorCircuitBuilder() [5/5]

◆ ~TranslatorCircuitBuilder()

Member Function Documentation

◆ assert_well_formed_accumulation_input()

◆ assert_well_formed_ultra_op()

◆ create_accumulation_gate()

◆ create_add_gate()

◆ create_bool_gate()

◆ create_mul_gate()

◆ create_poly_gate()

◆ feed_ecc_op_queue_into_circuit()

◆ generate_witness_values()

◆ get_num_constant_gates()

◆ insert_pair_into_wire()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ populate_wires_from_ultra_op()

◆ split_fq_into_limbs()

Member Data Documentation

◆ batching_challenge_v

◆ BINARY_BASIS_MODULUS

◆ DEFAULT_TRANSLATOR_VM_LENGTH

◆ evaluation_input_x

◆ MAX_HIGH_WIDE_LIMB_SIZE

◆ MAX_LOW_WIDE_LIMB_SIZE

◆ MAX_MICRO_LIMB_SIZE

◆ MAX_RELATION_WIDE_LIMB_SIZE

◆ MICRO_LIMB_BITS

◆ MICRO_SHIFT

◆ MODULUS_U512

◆ NAME_STRING

◆ NEGATIVE_MODULUS_LIMBS

◆ NEGATIVE_PRIME_MODULUS

◆ NUM_BINARY_LIMBS

◆ NUM_LAST_LIMB_BITS

◆ NUM_LAST_QUOTIENT_LIMB_BITS

◆ NUM_LIMB_BITS

◆ NUM_MICRO_LIMBS

◆ NUM_QUOTIENT_BITS

◆ NUM_RELATION_WIDE_LIMBS

◆ NUM_SELECTORS

◆ NUM_WIRES

◆ NUM_Z_BITS

◆ NUM_Z_LIMBS

◆ RELATION_WIDE_LIMB_BITS

◆ RESULT_ROW

◆ SHIFT_1

◆ SHIFT_2

◆ SHIFT_2_INVERSE

◆ SHIFT_3

◆ wires