Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Public Types | Static Public Member Functions | Static Public Attributes | List of all members
bb::group< Fq_, Fr_, Params > Class Template Reference

group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr More...

#include <group.hpp>

Public Types

using Fq = Fq_
 
using Fr = Fr_
 
using element = group_elements::element< Fq, Fr, Params >
 
using affine_element = group_elements::affine_element< Fq, Fr, Params >
 

Static Public Member Functions

static std::vector< affine_elementderive_generators (const std::vector< uint8_t > &domain_separator_bytes, const size_t num_generators, const size_t starting_index=0)
 Derives generator points via hash-to-curve.
 
static std::vector< affine_elementderive_generators (const std::string_view &domain_separator, const size_t num_generators, const size_t starting_index=0)
 
static BB_INLINE void conditional_negate_affine (const affine_element *src, affine_element *dest, uint64_t predicate)
 

Static Public Attributes

static constexpr bool USE_ENDOMORPHISM = Params::USE_ENDOMORPHISM
 
static constexpr bool has_a = Params::has_a
 
static constexpr element one { Params::one_x, Params::one_y, Fq::one() }
 
static constexpr element point_at_infinity = one.set_infinity()
 
static constexpr affine_element affine_one { Params::one_x, Params::one_y }
 
static constexpr affine_element affine_point_at_infinity = affine_one.set_infinity()
 
static constexpr Fq curve_a = Params::a
 
static constexpr Fq curve_b = Params::b
 

Detailed Description

template<typename Fq_, typename Fr_, typename Params>
class bb::group< Fq_, Fr_, Params >

group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr

Note: Currently subgroup checks are NOT IMPLEMENTED Our current implementation uses G1 points that have a cofactor of 1. All G2 points are precomputed (generator [1]_2 and trusted setup point [x]_2). Explicitly assume precomputed points are valid members of the prime-order subgroup for G2.

Template Parameters
Fq
subgroup_field
Params

Definition at line 36 of file group.hpp.

Member Typedef Documentation

◆ affine_element

template<typename Fq_ , typename Fr_ , typename Params >
using bb::group< Fq_, Fr_, Params >::affine_element = group_elements::affine_element<Fq, Fr, Params>

Definition at line 42 of file group.hpp.

◆ element

template<typename Fq_ , typename Fr_ , typename Params >
using bb::group< Fq_, Fr_, Params >::element = group_elements::element<Fq, Fr, Params>

Definition at line 41 of file group.hpp.

◆ Fq

template<typename Fq_ , typename Fr_ , typename Params >
using bb::group< Fq_, Fr_, Params >::Fq = Fq_

Definition at line 39 of file group.hpp.

◆ Fr

template<typename Fq_ , typename Fr_ , typename Params >
using bb::group< Fq_, Fr_, Params >::Fr = Fr_

Definition at line 40 of file group.hpp.

Member Function Documentation

◆ conditional_negate_affine()

template<typename Fq_ , typename Fr_ , typename Params >
static BB_INLINE void bb::group< Fq_, Fr_, Params >::conditional_negate_affine ( const affine_element src,
affine_element dest,
uint64_t  predicate 
)
static

◆ derive_generators() [1/2]

template<typename Fq_ , typename Fr_ , typename Params >
static std::vector< affine_element > bb::group< Fq_, Fr_, Params >::derive_generators ( const std::string_view &  domain_separator,
const size_t  num_generators,
const size_t  starting_index = 0 
)
inlinestatic

Definition at line 111 of file group.hpp.

◆ derive_generators() [2/2]

template<typename Fq_ , typename Fr_ , typename Params >
static std::vector< affine_element > bb::group< Fq_, Fr_, Params >::derive_generators ( const std::vector< uint8_t > &  domain_separator_bytes,
const size_t  num_generators,
const size_t  starting_index = 0 
)
inlinestatic

Derives generator points via hash-to-curve.

ALGORITHM DESCRIPTION:

  1. Each generator has an associated "generator index" described by its location in the vector
  2. a 64-byte preimage buffer is generated with the following structure: bytes 0-31: BLAKE3 hash of domain_separator bytes 32-63: generator index in big-endian form
  3. The hash-to-curve algorithm is used to hash the above into a group element: a. iterate count upwards from 0 b. append count to the preimage buffer as a 1-byte integer in big-endian form c. compute BLAKE3 hash of concat(preimage buffer, 0) d. compute BLAKE3 hash of concat(preimage buffer, 1) e. interpret (c, d) as (hi, low) limbs of a 512-bit integer f. reduce 512-bit integer modulo Fq to produce x-coordinate g. attempt to derive y-coordinate. If not successful go to step (a) and continue h. if parity of y-coordinate's least significant bit does not match parity of most significant bit of (d), invert y-coordinate. j. return (x, y)

NOTE: In step 3b it is sufficient to use 1 byte to store count. Step 3 has a 50% chance of returning, the probability of count exceeding 256 is 1 in 2^256 NOTE: The domain separator is included to ensure that it is possible to derive independent sets of index-addressable generators. NOTE: we produce 64 bytes of BLAKE3 output when producing x-coordinate field element, to ensure that x-coordinate is uniformly randomly distributed in the field. Using a 256-bit input adds significant bias when reducing modulo a ~256-bit Fq NOTE: We ensure y-parity is linked to preimage hash because there is no canonical deterministic square root algorithm (i.e. if a field element has a square root, there are two of them and field::sqrt may return either one)

Parameters
num_generators
domain_separator
Returns
std::vector<affine_element>

Definition at line 87 of file group.hpp.

Member Data Documentation

◆ affine_one

template<typename Fq_ , typename Fr_ , typename Params >
constexpr affine_element bb::group< Fq_, Fr_, Params >::affine_one { Params::one_x, Params::one_y }
staticconstexpr

Definition at line 48 of file group.hpp.

◆ affine_point_at_infinity

template<typename Fq_ , typename Fr_ , typename Params >
constexpr affine_element bb::group< Fq_, Fr_, Params >::affine_point_at_infinity = affine_one.set_infinity()
staticconstexpr

Definition at line 49 of file group.hpp.

◆ curve_a

template<typename Fq_ , typename Fr_ , typename Params >
constexpr Fq bb::group< Fq_, Fr_, Params >::curve_a = Params::a
staticconstexpr

Definition at line 50 of file group.hpp.

◆ curve_b

template<typename Fq_ , typename Fr_ , typename Params >
constexpr Fq bb::group< Fq_, Fr_, Params >::curve_b = Params::b
staticconstexpr

Definition at line 51 of file group.hpp.

◆ has_a

template<typename Fq_ , typename Fr_ , typename Params >
constexpr bool bb::group< Fq_, Fr_, Params >::has_a = Params::has_a
staticconstexpr

Definition at line 44 of file group.hpp.

◆ one

template<typename Fq_ , typename Fr_ , typename Params >
constexpr element bb::group< Fq_, Fr_, Params >::one { Params::one_x, Params::one_y, Fq::one() }
staticconstexpr

Definition at line 46 of file group.hpp.

◆ point_at_infinity

template<typename Fq_ , typename Fr_ , typename Params >
constexpr element bb::group< Fq_, Fr_, Params >::point_at_infinity = one.set_infinity()
staticconstexpr

Definition at line 47 of file group.hpp.

◆ USE_ENDOMORPHISM

template<typename Fq_ , typename Fr_ , typename Params >
constexpr bool bb::group< Fq_, Fr_, Params >::USE_ENDOMORPHISM = Params::USE_ENDOMORPHISM
staticconstexpr

Definition at line 43 of file group.hpp.

The documentation for this class was generated from the following file: