bb::stdlib::cycle_group< Builder > Class Template Reference

cycle_group represents a group Element of the proving system's embedded curve i.e. a curve with a cofactor 1 defined over a field equal to the circuit's native field Builder::FF More...

#include <cycle_group.hpp>

Classes
struct	batch_mul_internal_output
	Stores temporary variables produced by internal multiplication algorithms. More...

Public Types
using	field_t = stdlib::field_t< Builder >
using	bool_t = stdlib::bool_t< Builder >
using	witness_t = stdlib::witness_t< Builder >
using	FF = typename Builder::FF
using	Curve = typename Builder::EmbeddedCurve
using	Group = typename Curve::Group
using	Element = typename Curve::Element
using	AffineElement = typename Curve::AffineElement
using	GeneratorContext = crypto::GeneratorContext< Curve >
using	ScalarField = typename Curve::ScalarField
using	BigScalarField = stdlib::bigfield< Builder, typename ScalarField::Params >
using	cycle_scalar = ::bb::stdlib::cycle_scalar< Builder >
using	straus_lookup_table = ::bb::stdlib::straus_lookup_table< Builder >
using	straus_scalar_slice = ::bb::stdlib::straus_scalar_slice< Builder >

Public Member Functions
	cycle_group (Builder *_context=nullptr)
	Construct a new cycle group<Builder>::cycle group object defaults to a constant point at infinity.
	cycle_group (field_t _x, field_t _y, bool_t _is_infinity)
	Construct a new cycle group<Builder>::cycle group object.
	cycle_group (const FF &_x, const FF &_y, bool _is_infinity)
	Construct a new cycle group<Builder>::cycle group object.
	cycle_group (const AffineElement &_in)
	Construct a cycle_group object out of an AffineElement object.
Builder *	get_context (const cycle_group &other) const
Builder *	get_context () const
AffineElement	get_value () const
bool	is_constant () const
bool_t	is_point_at_infinity () const
void	set_point_at_infinity (const bool_t &is_infinity)
	Set the point to the point at infinity. Depending on constant'ness of the predicate put the coordinates in an apropriate standard form.
void	standardize ()
	Get the point to the standard form. If the point is a point at infinity, ensure the coordinates are (0,0) If the point is already standard nothing changes.
bool	is_standard () const
cycle_group	get_standard_form ()
	Get point in standard form. If the point is a point at infinity, ensure the coordinates are (0,0)
void	validate_is_on_curve () const
	On-curve check.
cycle_group	dbl (const std::optional< AffineElement > hint=std::nullopt) const
	Evaluates a doubling. Uses Ultra double gate.
cycle_group	unconditional_add (const cycle_group &other, const std::optional< AffineElement > hint=std::nullopt) const
	Will evaluate ECC point addition over *this and other. Incomplete addition formula edge cases are NOT checked! Only use this method if you know the x-coordinates of the operands cannot collide and none of the operands is a point at infinity Ultra version that uses ecc group gate.
cycle_group	unconditional_subtract (const cycle_group &other, const std::optional< AffineElement > hint=std::nullopt) const
	will evaluate ECC point subtraction over *this and other. Incomplete addition formula edge cases are NOT checked! Only use this method if you know the x-coordinates of the operands cannot collide and none of the operands is a point at infinity
cycle_group	checked_unconditional_add (const cycle_group &other, const std::optional< AffineElement > hint=std::nullopt) const
	Will evaluate ECC point addition over *this and other. Uses incomplete addition formula If incomplete addition formula edge cases are triggered (x-coordinates of operands collide), the constraints produced by this method will be unsatisfiable. Useful when an honest prover will not produce a point collision with overwhelming probability, but a cheating prover will be able to.
cycle_group	checked_unconditional_subtract (const cycle_group &other, const std::optional< AffineElement > hint=std::nullopt) const
	Will evaluate ECC point subtraction over *this and other. Uses incomplete addition formula If incomplete addition formula edge cases are triggered (x-coordinates of operands collide), the constraints produced by this method will be unsatisfiable. Useful when an honest prover will not produce a point collision with overwhelming probability, but a cheating prover will be able to.
cycle_group	operator+ (const cycle_group &other) const
	Will evaluate ECC point addition over *this and other. This method uses complete addition i.e. is compatible with edge cases. Method is expensive due to needing to evaluate both an addition, a doubling, plus conditional logic to handle points at infinity.
cycle_group	operator- (const cycle_group &other) const
	Will evaluate ECC point subtraction over *this and other. This method uses complete addition i.e. is compatible with edge cases. Method is expensive due to needing to evaluate both an addition, a doubling, plus conditional logic to handle points at infinity.
cycle_group	operator- () const
	Negates a point.
cycle_group &	operator+= (const cycle_group &other)
cycle_group &	operator-= (const cycle_group &other)
cycle_group	operator* (const cycle_scalar &scalar) const
cycle_group &	operator*= (const cycle_scalar &scalar)
cycle_group	operator* (const BigScalarField &scalar) const
cycle_group &	operator*= (const BigScalarField &scalar)
bool_t	operator== (cycle_group &other)
void	assert_equal (cycle_group &other, std::string const &msg="cycle_group::assert_equal")
cycle_group	operator/ (const cycle_group &other) const
void	set_origin_tag (OriginTag tag) const
	Set the origin tag for x, y and _is_infinity members of cycle_group.
OriginTag	get_origin_tag () const
	Get the origin tag of cycle_group (a merege of origin tags of x, y and _is_infinity members)
void	set_free_witness_tag ()
	Set the free witness flag for the cycle_group's tags.
void	unset_free_witness_tag ()
	Unset the free witness flag for the cycle_group's tags.
void	fix_witness ()
uint32_t	set_public ()
	Set the witness indices representing the cycle_group to public.

Static Public Member Functions
static cycle_group	one (Builder *_context)
	Construct a cycle_group representation of Group::one.
static cycle_group	from_witness (Builder *_context, const AffineElement &_in)
	Converts an AffineElement into a circuit witness.
static cycle_group	from_constant_witness (Builder *_context, const AffineElement &_in)
	Converts a native AffineElement into a witness, but constrains the witness values to be known constants.
static cycle_group	batch_mul (const std::vector< cycle_group > &base_points, const std::vector< BigScalarField > &scalars, GeneratorContext context={})
static cycle_group	batch_mul (const std::vector< cycle_group > &base_points, const std::vector< cycle_scalar > &scalars, GeneratorContext context={})
	Multiscalar multiplication algorithm.
static cycle_group	conditional_assign (const bool_t &predicate, const cycle_group &lhs, const cycle_group &rhs)
static cycle_group	reconstruct_from_public (const std::span< const field_t, 2 > &limbs)
	Reconstruct a cycle_group from limbs (generally stored in the public inputs)

Public Attributes
field_t	x
field_t	y

Static Public Attributes
static constexpr size_t	STANDARD_NUM_TABLE_BITS = 1
static constexpr size_t	ULTRA_NUM_TABLE_BITS = 4
static constexpr bool	IS_ULTRA = Builder::CIRCUIT_TYPE == CircuitType::ULTRA
static constexpr size_t	TABLE_BITS = IS_ULTRA ? ULTRA_NUM_TABLE_BITS : STANDARD_NUM_TABLE_BITS
static constexpr size_t	NUM_BITS = ScalarField::modulus.get_msb() + 1
static constexpr size_t	NUM_ROUNDS = (NUM_BITS + TABLE_BITS - 1) / TABLE_BITS
static constexpr std::string_view	OFFSET_GENERATOR_DOMAIN_SEPARATOR = "cycle_group_offset_generator"
static constexpr size_t	PUBLIC_INPUTS_SIZE = 2

Static Private Member Functions
static batch_mul_internal_output	_variable_base_batch_mul_internal (std::span< cycle_scalar > scalars, std::span< cycle_group > base_points, std::span< AffineElement const > offset_generators, bool unconditional_add)
	Internal algorithm to perform a variable-base batch mul.
static batch_mul_internal_output	_fixed_base_batch_mul_internal (std::span< cycle_scalar > scalars, std::span< AffineElement > base_points, std::span< AffineElement const > offset_generators)
	Internal algorithm to perform a fixed-base batch mul for ULTRA Builder.

Private Attributes
bool_t	_is_infinity
bool	_is_constant
bool	_is_standard
Builder *	context

Detailed Description

template<typename Builder>
class bb::stdlib::cycle_group< Builder >

cycle_group represents a group Element of the proving system's embedded curve i.e. a curve with a cofactor 1 defined over a field equal to the circuit's native field Builder::FF

(todo @zac-williamson) once the pedersen refactor project is finished, this class will supercede stdlib::group

Template Parameters

Builder

Definition at line 36 of file cycle_group.hpp.

Member Typedef Documentation

AffineElement

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::AffineElement = typename Curve::AffineElement

Definition at line 45 of file cycle_group.hpp.

BigScalarField

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::BigScalarField = stdlib::bigfield<Builder, typename ScalarField::Params>

Definition at line 48 of file cycle_group.hpp.

bool_t

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::bool_t = stdlib::bool_t<Builder>

Definition at line 39 of file cycle_group.hpp.

Curve

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::Curve = typename Builder::EmbeddedCurve

Definition at line 42 of file cycle_group.hpp.

cycle_scalar

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::cycle_scalar = ::bb::stdlib::cycle_scalar<Builder>

Definition at line 61 of file cycle_group.hpp.

Element

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::Element = typename Curve::Element

Definition at line 44 of file cycle_group.hpp.

FF

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::FF = typename Builder::FF

Definition at line 41 of file cycle_group.hpp.

field_t

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::field_t = stdlib::field_t<Builder>

Definition at line 38 of file cycle_group.hpp.

GeneratorContext

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::GeneratorContext = crypto::GeneratorContext<Curve>

Definition at line 46 of file cycle_group.hpp.

Group

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::Group = typename Curve::Group

Definition at line 43 of file cycle_group.hpp.

ScalarField

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::ScalarField = typename Curve::ScalarField

Definition at line 47 of file cycle_group.hpp.

straus_lookup_table

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::straus_lookup_table = ::bb::stdlib::straus_lookup_table<Builder>

Definition at line 62 of file cycle_group.hpp.

straus_scalar_slice

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::straus_scalar_slice = ::bb::stdlib::straus_scalar_slice<Builder>

Definition at line 63 of file cycle_group.hpp.

witness_t

template<typename Builder >

using bb::stdlib::cycle_group< Builder >::witness_t = stdlib::witness_t<Builder>

Definition at line 40 of file cycle_group.hpp.

Constructor & Destructor Documentation

cycle_group() [1/4]

template<typename Builder >

bb::stdlib::cycle_group< Builder >::cycle_group

(

Builder *

_context = nullptr

)

Construct a new cycle group<Builder>::cycle group object defaults to a constant point at infinity.

Note

Please don't use this constructor in case you want to assign the coordinates later.

Definition at line 29 of file cycle_group.cpp.

cycle_group() [2/4]

template<typename Builder >

bb::stdlib::cycle_group< Builder >::cycle_group	(	field_t	_x,
		field_t	_y,
		bool_t	is_infinity
	)

Construct a new cycle group<Builder>::cycle group object.

Parameters

_x
_y
is_infinity

Definition at line 46 of file cycle_group.cpp.

cycle_group() [3/4]

template<typename Builder >

bb::stdlib::cycle_group< Builder >::cycle_group	(	const FF &	_x,
		const FF &	_y,
		bool	is_infinity
	)

Construct a new cycle group<Builder>::cycle group object.

is_infinity is a circuit constant. We EXPLICITLY require that whether this point is infinity/not infinity is known at circuit-construction time and we know this point is on the curve. These checks are not constrained. Use from_witness if these conditions are not met. Examples of when conditions are met: point is a derived from a point that is on the curve + not at infinity. e.g. output of a doubling operation

Template Parameters

Builder

Parameters

_x
_y
is_infinity

Definition at line 88 of file cycle_group.cpp.

cycle_group() [4/4]

template<typename Builder >

bb::stdlib::cycle_group< Builder >::cycle_group

(

const AffineElement &

_in

)

Construct a cycle_group object out of an AffineElement object.

Note

This produces a circuit-constant object i.e. known at compile-time, no constraints. If _in is not fixed for a given circuit, use from_witness instead

ensures the representation of point at infinity is consistent

Template Parameters

Builder

Parameters

_in

Definition at line 110 of file cycle_group.cpp.

Member Function Documentation

_fixed_base_batch_mul_internal()

template<typename Builder >
requires IsUltraArithmetic<Builder>

cycle_group< Builder >::batch_mul_internal_output bb::stdlib::cycle_group< Builder >::_fixed_base_batch_mul_internal ( std::span< cycle_scalar >  scalars, std::span< AffineElement >  base_points, std::span< AffineElement const >  offset_generators  )

staticprivate

Internal algorithm to perform a fixed-base batch mul for ULTRA Builder.

Uses plookup tables which contain lookups for precomputed multiples of the input base points. Means we can avoid all point doublings and reduce one scalar mul to ~29 lookups + 29 ecc addition gates

Template Parameters

Builder

Parameters

scalars
base_points

return cycle_group<Builder>::batch_mul_internal_output

Compute the witness values of the batch_mul algorithm natively, as Element types with a Z-coordinate. We then batch-convert to AffineElement types, and feed these points as "hints" into the cycle_group methods. This avoids the need to compute modular inversions for every group operation, which dramatically reduces witness generation times

offset_generator_accumulator represents the sum of all the offset generator terms present in accumulator. We don't subtract off yet, as we may be able to combine offset_generator_accumulator with other constant terms in batch_mul before performing the subtraction.

Definition at line 1005 of file cycle_group.cpp.

_variable_base_batch_mul_internal()

template<typename Builder >

cycle_group< Builder >::batch_mul_internal_output bb::stdlib::cycle_group< Builder >::_variable_base_batch_mul_internal ( std::span< cycle_scalar >  scalars, std::span< cycle_group< Builder > >  base_points, std::span< AffineElement const >  offset_generators, bool  unconditional_add  )

staticprivate

Internal algorithm to perform a variable-base batch mul.

Note

Explicit assumption that all base_points are witnesses and not constants! Constant points must be filtered out by batch_mul before calling this.

batch mul performed via the Straus multiscalar multiplication algorithm (optimal for MSMs where num points <128-ish). If Builder is not ULTRA, number of bits per Straus round = 1, which reduces to the basic double-and-add algorithm

If unconditional_add = true, we use unconditional_add instead of checked_unconditional_add. Use with caution! Only should be true if we're doing an ULTRA fixed-base MSM so we know the points cannot collide with the offset generators.

Note

ULTRA Builder will call _variable_base_batch_mul_internal to evaluate fixed-base MSMs over points that do not exist in our precomputed plookup tables. This is a comprimise between maximising circuit efficiency and minimizing the blowup size of our precomputed table polynomials. variable-base mul uses small ROM lookup tables which are witness-defined and not part of the plookup protocol.

Template Parameters

Builder

Parameters

scalars
base_points
offset_generators
unconditional_add

Returns

cycle_group<Builder>::batch_mul_internal_output

Compute the witness values of the batch_mul algorithm natively, as Element types with a Z-coordinate. We then batch-convert to AffineElement types, and feed these points as "hints" into the cycle_group methods. This avoids the need to compute modular inversions for every group operation, which dramatically reduces witness generation times

offset_generator_accumulator represents the sum of all the offset generator terms present in accumulator. We don't subtract off yet, as we may be able to combine offset_generator_accumulator with other constant terms in batch_mul before performing the subtraction.

Definition at line 824 of file cycle_group.cpp.

assert_equal()

template<typename Builder >

void bb::stdlib::cycle_group< Builder >::assert_equal	(	cycle_group< Builder > &	other,
		std::string const &	msg = "cycle_group< Builder >::assert_equal"
	)

Definition at line 1299 of file cycle_group.cpp.

batch_mul() [1/2]

template<typename Builder >

static cycle_group bb::stdlib::cycle_group< Builder >::batch_mul ( const std::vector< cycle_group< Builder > > &  base_points, const std::vector< BigScalarField > &  scalars, GeneratorContext  context = {}  )

inlinestatic

Definition at line 109 of file cycle_group.hpp.

batch_mul() [2/2]

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::batch_mul ( const std::vector< cycle_group< Builder > > &  base_points, const std::vector< cycle_scalar > &  scalars, GeneratorContext  context = {}  )

static

Multiscalar multiplication algorithm.

Uses the Straus MSM algorithm. batch_mul splits inputs into three categories:

1. point and scalar multiplier are both constant
2. point is constant, scalar multiplier is a witness
3. point is a witness, scalar multiplier can be witness or constant

For Category 1, the scalar mul can be precomuted without constraints For Category 2, we use a fixed-base variant of Straus (with plookup tables if available). For Category 3, we use standard Straus. The results from all 3 categories are combined and returned as an output point.

Note

batch_mul can handle all known cases of trigger incomplete addition formula exceptions and other weirdness:

1. some/all of the input points are points at infinity
2. some/all of the input scalars are 0
3. some/all input points are equal to each other
4. output is the point at infinity
5. input vectors are empty

offset_generator_data is a pointer to precomputed offset generator list. There is a default parameter point that poitns to a list with DEFAULT_NUM_GENERATORS generator points (32) If more offset generators are required, they will be derived in-place which can be expensive. (num required offset generators is either num input points + 1 or num input points + 2, depends on if one or both of _fixed_base_batch_mul_internal, _variable_base_batch_mul_internal are called) If you're calling this function repeatedly and you KNOW you need >32 offset generators, it's faster to create a generator_data object with the required size and pass it in as a parameter.

Template Parameters

Builder

Parameters

scalars
base_points
offset_generator_data

Returns

cycle_group<Builder>

Definition at line 1125 of file cycle_group.cpp.

checked_unconditional_add()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::checked_unconditional_add	(	const cycle_group< Builder > &	other,
		const std::optional< AffineElement >	hint = std::nullopt
	)		const

Will evaluate ECC point addition over *this and other. Uses incomplete addition formula If incomplete addition formula edge cases are triggered (x-coordinates of operands collide), the constraints produced by this method will be unsatisfiable. Useful when an honest prover will not produce a point collision with overwhelming probability, but a cheating prover will be able to.

Template Parameters

Builder

Parameters

other
hint	: value of output point witness, if known ahead of time (used to avoid modular inversions during witgen)

Returns

cycle_group<Builder>

Definition at line 572 of file cycle_group.cpp.

checked_unconditional_subtract()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::checked_unconditional_subtract	(	const cycle_group< Builder > &	other,
		const std::optional< AffineElement >	hint = std::nullopt
	)		const

Will evaluate ECC point subtraction over *this and other. Uses incomplete addition formula If incomplete addition formula edge cases are triggered (x-coordinates of operands collide), the constraints produced by this method will be unsatisfiable. Useful when an honest prover will not produce a point collision with overwhelming probability, but a cheating prover will be able to.

Template Parameters

Builder

Parameters

other
hint	: value of output point witness, if known ahead of time (used to avoid modular inversions during witgen)

Returns

cycle_group<Builder>

Definition at line 598 of file cycle_group.cpp.

conditional_assign()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::conditional_assign ( const bool_t &  predicate, const cycle_group< Builder > &  lhs, const cycle_group< Builder > &  rhs  )

static

Definition at line 1309 of file cycle_group.cpp.

dbl()

template<typename Builder >
requires IsUltraArithmetic<Builder>

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::dbl

(

const std::optional< AffineElement >

hint = std::nullopt

)

const

Evaluates a doubling. Uses Ultra double gate.

Template Parameters

Builder

Parameters

hint	: value of output point witness, if known ahead of time (used to avoid modular inversions during witgen)

Returns

cycle_group<Builder>

Definition at line 349 of file cycle_group.cpp.

fix_witness()

template<typename Builder >

void bb::stdlib::cycle_group< Builder >::fix_witness ( )

inline

Fix a witness. The value of the witness is constrained with a selector

Definition at line 175 of file cycle_group.hpp.

from_constant_witness()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::from_constant_witness ( Builder *  _context, const AffineElement &  _in  )

static

Converts a native AffineElement into a witness, but constrains the witness values to be known constants.

When performing group operations where one operand is a witness and one is a constant, it can be more efficient to convert the constant element into a witness. This is because we have custom gates that evaluate additions in one constraint, but only if both operands are witnesses.

Template Parameters

Builder

Parameters

_context
_in

Returns

cycle_group<Builder>

Definition at line 181 of file cycle_group.cpp.

from_witness()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::from_witness ( Builder *  _context, const AffineElement &  _in  )

static

Converts an AffineElement into a circuit witness.

Somewhat expensive as we do an on-curve check and _is_infinity is a witness and not a constant. If an element is being converted where it is known the element is on the curve and/or cannot be point at infinity, it is best to use other methods (e.g. direct conversion of field_t coordinates)

Template Parameters

Builder

Parameters

_context
_in

Returns

cycle_group<Builder>

Definition at line 146 of file cycle_group.cpp.

get_context() [1/2]

template<typename Builder >

Builder * bb::stdlib::cycle_group< Builder >::get_context ( ) const

inline

Definition at line 84 of file cycle_group.hpp.

get_context() [2/2]

template<typename Builder >

Builder * bb::stdlib::cycle_group< Builder >::get_context

(

const cycle_group< Builder > &

other

)

const

Definition at line 206 of file cycle_group.cpp.

get_origin_tag()

template<typename Builder >

OriginTag bb::stdlib::cycle_group< Builder >::get_origin_tag ( ) const

inline

Get the origin tag of cycle_group (a merege of origin tags of x, y and _is_infinity members)

Returns

OriginTag

Definition at line 147 of file cycle_group.hpp.

get_standard_form()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::get_standard_form

(

)

Get point in standard form. If the point is a point at infinity, ensure the coordinates are (0,0)

Definition at line 244 of file cycle_group.cpp.

get_value()

template<typename Builder >

cycle_group< Builder >::AffineElement bb::stdlib::cycle_group< Builder >::get_value

(

)

const

Definition at line 214 of file cycle_group.cpp.

is_constant()

template<typename Builder >

bool bb::stdlib::cycle_group< Builder >::is_constant ( ) const

inline

Definition at line 86 of file cycle_group.hpp.

is_point_at_infinity()

template<typename Builder >

bool_t bb::stdlib::cycle_group< Builder >::is_point_at_infinity ( ) const

inline

Definition at line 87 of file cycle_group.hpp.

is_standard()

template<typename Builder >

bool bb::stdlib::cycle_group< Builder >::is_standard ( ) const

inline

Definition at line 90 of file cycle_group.hpp.

one()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::one ( Builder *  _context )

static

Construct a cycle_group representation of Group::one.

Template Parameters

Builder

Parameters

_context

Returns

cycle_group<Builder>

Definition at line 126 of file cycle_group.cpp.

operator*() [1/2]

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::operator*

(

const BigScalarField &

scalar

)

const

Definition at line 1280 of file cycle_group.cpp.

operator*() [2/2]

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::operator*

(

const cycle_scalar &

scalar

)

const

Definition at line 1269 of file cycle_group.cpp.

operator*=() [1/2]

template<typename Builder >

cycle_group< Builder > & bb::stdlib::cycle_group< Builder >::operator*=

(

const BigScalarField &

scalar

)

Definition at line 1285 of file cycle_group.cpp.

operator*=() [2/2]

template<typename Builder >

cycle_group< Builder > & bb::stdlib::cycle_group< Builder >::operator*=

(

const cycle_scalar &

scalar

)

Definition at line 1274 of file cycle_group.cpp.

operator+()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::operator+

(

const cycle_group< Builder > &

other

)

const

Will evaluate ECC point addition over *this and other. This method uses complete addition i.e. is compatible with edge cases. Method is expensive due to needing to evaluate both an addition, a doubling, plus conditional logic to handle points at infinity.

Template Parameters

Builder

Parameters

other

Returns

cycle_group<Builder>

Definition at line 620 of file cycle_group.cpp.

operator+=()

template<typename Builder >

cycle_group< Builder > & bb::stdlib::cycle_group< Builder >::operator+=

(

const cycle_group< Builder > &

other

)

Definition at line 785 of file cycle_group.cpp.

operator-() [1/2]

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::operator-

(

)

const

Negates a point.

Template Parameters

Builder

Parameters

other

Returns

cycle_group<Builder>

Definition at line 775 of file cycle_group.cpp.

operator-() [2/2]

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::operator-

(

const cycle_group< Builder > &

other

)

const

Will evaluate ECC point subtraction over *this and other. This method uses complete addition i.e. is compatible with edge cases. Method is expensive due to needing to evaluate both an addition, a doubling, plus conditional logic to handle points at infinity.

Template Parameters

Builder

Parameters

other

Returns

cycle_group<Builder>

Definition at line 693 of file cycle_group.cpp.

operator-=()

template<typename Builder >

cycle_group< Builder > & bb::stdlib::cycle_group< Builder >::operator-=

(

const cycle_group< Builder > &

other

)

Definition at line 791 of file cycle_group.cpp.

operator/()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::operator/

(

const cycle_group< Builder > &

other

)

const

Definition at line 1334 of file cycle_group.cpp.

operator==()

template<typename Builder >

bool_t< Builder > bb::stdlib::cycle_group< Builder >::operator==

(

cycle_group< Builder > &

other

)

Definition at line 1291 of file cycle_group.cpp.

reconstruct_from_public()

template<typename Builder >

static cycle_group bb::stdlib::cycle_group< Builder >::reconstruct_from_public ( const std::span< const field_t, 2 > &  limbs )

inlinestatic

Reconstruct a cycle_group from limbs (generally stored in the public inputs)

The base field of the cycle_group curve is the same as the circuit's native field so each coordinate is represented by a single "limb".

Parameters

limbs

The coordinates of the cycle_group element

Returns

cycle_group

Definition at line 205 of file cycle_group.hpp.

set_free_witness_tag()

template<typename Builder >

void bb::stdlib::cycle_group< Builder >::set_free_witness_tag ( )

inline

Set the free witness flag for the cycle_group's tags.

Definition at line 155 of file cycle_group.hpp.

set_origin_tag()

template<typename Builder >

void bb::stdlib::cycle_group< Builder >::set_origin_tag ( OriginTag  tag ) const

inline

Set the origin tag for x, y and _is_infinity members of cycle_group.

Parameters

tag

Definition at line 136 of file cycle_group.hpp.

set_point_at_infinity()

template<typename Builder >

void bb::stdlib::cycle_group< Builder >::set_point_at_infinity

(

const bool_t &

is_infinity

)

Set the point to the point at infinity. Depending on constant'ness of the predicate put the coordinates in an apropriate standard form.

Definition at line 255 of file cycle_group.cpp.

set_public()

template<typename Builder >

uint32_t bb::stdlib::cycle_group< Builder >::set_public ( )

inline

Set the witness indices representing the cycle_group to public.

Returns

uint32_t Index into the public inputs array at which the representation is stored

Definition at line 190 of file cycle_group.hpp.

standardize()

template<typename Builder >

void bb::stdlib::cycle_group< Builder >::standardize

(

)

Get the point to the standard form. If the point is a point at infinity, ensure the coordinates are (0,0) If the point is already standard nothing changes.

Definition at line 323 of file cycle_group.cpp.

unconditional_add()

template<typename Builder >
requires IsUltraArithmetic<Builder>

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::unconditional_add	(	const cycle_group< Builder > &	other,
		const std::optional< AffineElement >	hint = std::nullopt
	)		const

Will evaluate ECC point addition over *this and other. Incomplete addition formula edge cases are NOT checked! Only use this method if you know the x-coordinates of the operands cannot collide and none of the operands is a point at infinity Ultra version that uses ecc group gate.

Template Parameters

Builder

Parameters

other
hint	: value of output point witness, if known ahead of time (used to avoid modular inversions during witgen)

Returns

cycle_group<Builder>

Definition at line 426 of file cycle_group.cpp.

unconditional_subtract()

template<typename Builder >

cycle_group< Builder > bb::stdlib::cycle_group< Builder >::unconditional_subtract	(	const cycle_group< Builder > &	other,
		const std::optional< AffineElement >	hint = std::nullopt
	)		const

will evaluate ECC point subtraction over *this and other. Incomplete addition formula edge cases are NOT checked! Only use this method if you know the x-coordinates of the operands cannot collide and none of the operands is a point at infinity

Template Parameters

Builder

Parameters

other
hint	: value of output point witness, if known ahead of time (used to avoid modular inversions during witgen)

Returns

cycle_group<Builder>

Definition at line 496 of file cycle_group.cpp.

unset_free_witness_tag()

template<typename Builder >

void bb::stdlib::cycle_group< Builder >::unset_free_witness_tag ( )

inline

Unset the free witness flag for the cycle_group's tags.

Definition at line 165 of file cycle_group.hpp.

validate_is_on_curve()

template<typename Builder >

void bb::stdlib::cycle_group< Builder >::validate_is_on_curve

(

)

const

On-curve check.

Template Parameters

Builder

Definition at line 228 of file cycle_group.cpp.

Member Data Documentation

_is_constant

template<typename Builder >

bool bb::stdlib::cycle_group< Builder >::_is_constant

private

Definition at line 215 of file cycle_group.hpp.

_is_infinity

template<typename Builder >

bool_t bb::stdlib::cycle_group< Builder >::_is_infinity

private

Definition at line 214 of file cycle_group.hpp.

_is_standard

template<typename Builder >

bool bb::stdlib::cycle_group< Builder >::_is_standard

private

Definition at line 223 of file cycle_group.hpp.

context

template<typename Builder >

Builder* bb::stdlib::cycle_group< Builder >::context

private

Definition at line 224 of file cycle_group.hpp.

IS_ULTRA

template<typename Builder >

constexpr bool bb::stdlib::cycle_group< Builder >::IS_ULTRA = Builder::CIRCUIT_TYPE == CircuitType::ULTRA

staticconstexpr

Definition at line 52 of file cycle_group.hpp.

NUM_BITS

template<typename Builder >

constexpr size_t bb::stdlib::cycle_group< Builder >::NUM_BITS = ScalarField::modulus.get_msb() + 1

staticconstexpr

Definition at line 54 of file cycle_group.hpp.

NUM_ROUNDS

template<typename Builder >

constexpr size_t bb::stdlib::cycle_group< Builder >::NUM_ROUNDS = (NUM_BITS + TABLE_BITS - 1) / TABLE_BITS

staticconstexpr

Definition at line 55 of file cycle_group.hpp.

OFFSET_GENERATOR_DOMAIN_SEPARATOR

template<typename Builder >

constexpr std::string_view bb::stdlib::cycle_group< Builder >::OFFSET_GENERATOR_DOMAIN_SEPARATOR = "cycle_group_offset_generator"

inlinestaticconstexpr

Definition at line 56 of file cycle_group.hpp.

PUBLIC_INPUTS_SIZE

template<typename Builder >

constexpr size_t bb::stdlib::cycle_group< Builder >::PUBLIC_INPUTS_SIZE = 2

staticconstexpr

Definition at line 59 of file cycle_group.hpp.

STANDARD_NUM_TABLE_BITS

template<typename Builder >

constexpr size_t bb::stdlib::cycle_group< Builder >::STANDARD_NUM_TABLE_BITS = 1

staticconstexpr

Definition at line 50 of file cycle_group.hpp.

TABLE_BITS

template<typename Builder >

constexpr size_t bb::stdlib::cycle_group< Builder >::TABLE_BITS = IS_ULTRA ? ULTRA_NUM_TABLE_BITS : STANDARD_NUM_TABLE_BITS

staticconstexpr

Definition at line 53 of file cycle_group.hpp.

ULTRA_NUM_TABLE_BITS

template<typename Builder >

constexpr size_t bb::stdlib::cycle_group< Builder >::ULTRA_NUM_TABLE_BITS = 4

staticconstexpr

Definition at line 51 of file cycle_group.hpp.

x

template<typename Builder >

field_t bb::stdlib::cycle_group< Builder >::x

Definition at line 210 of file cycle_group.hpp.

y

template<typename Builder >

field_t bb::stdlib::cycle_group< Builder >::y

Definition at line 211 of file cycle_group.hpp.

---

The documentation for this class was generated from the following files:

• src/barretenberg/stdlib/primitives/group/cycle_group.hpp
• src/barretenberg/stdlib/primitives/group/cycle_group.cpp