- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
cycle_scalar represents a member of the cycle curve SCALAR FIELD. This is NOT the native circuit field type. i.e. for a BN254 circuit, cycle_group will be Grumpkin and cycle_scalar will be Grumpkin::ScalarField (BN254 native field is BN254::ScalarField == Grumpkin::BaseField) More...
#include <cycle_scalar.hpp>
Public Types | |
| using | field_t = stdlib::field_t< Builder > |
| using | Curve = typename Builder::EmbeddedCurve |
| using | ScalarField = typename Curve::ScalarField |
| using | BigScalarField = stdlib::bigfield< Builder, typename ScalarField::Params > |
Public Member Functions | |
| cycle_scalar (const field_t &_lo, const field_t &_hi, const size_t bits, const bool skip_primality_test, const bool use_bn254_scalar_field_for_primality_test) | |
| cycle_scalar (const ScalarField &_in=0) | |
| cycle_scalar (const field_t &_lo, const field_t &_hi) | |
| cycle_scalar (const field_t &_in) | |
| bool | is_constant () const |
| ScalarField | get_value () const |
| Builder * | get_context () const |
| size_t | num_bits () const |
| bool | skip_primality_test () const |
| bool | use_bn254_scalar_field_for_primality_test () const |
| void | validate_scalar_is_in_field () const |
| Checks that a cycle_scalar value is smaller than a prime field modulus when evaluated over the INTEGERS N.B. The prime we check can be either the SNARK curve group order or the circuit's embedded curve group order (i.e. BN254 or Grumpkin) For a canonical scalar mul, we check against the embedded curve (i.e. the curve cycle_group implements). HOWEVER: for Pedersen hashes and Pedersen commitments, the hashed/committed data will be native circuit field elements i.e. for a BN254 snark, cycle_group = Grumpkin and we will be committing/hashing BN254::ScalarField values NOT Grumpkin::ScalarFIeld values. TLDR: whether the input scalar has to be < BN254::ScalarField or < Grumpkin::ScalarField is context-dependent. | |
| cycle_scalar (BigScalarField &) | |
| Construct a new cycle scalar from a bigfield _value, over the same ScalarField Field. If _value is a witness, we add constraints to ensure the conversion is correct by reconstructing a bigfield from the limbs of the cycle_scalar and checking equality with the initial _value. | |
| OriginTag | get_origin_tag () const |
| Get the origin tag of the cycle_scalar (a merge of the lo and hi tags) | |
| void | set_origin_tag (const OriginTag &tag) const |
| Set the origin tag of lo and hi members of cycle scalar. | |
| void | set_free_witness_tag () |
| Set the free witness flag for the cycle scalar's tags. | |
| void | unset_free_witness_tag () |
| Unset the free witness flag for the cycle scalar's tags. | |
Static Public Member Functions | |
| static cycle_scalar | from_witness (Builder *context, const ScalarField &value) |
| static cycle_scalar | from_witness_bitstring (Builder *context, const uint256_t &bitstring, size_t num_bits) |
| Use when we want to multiply a group element by a string of bits of known size. N.B. using this constructor method will make our scalar multiplication methods not perform primality tests. | |
| static cycle_scalar | create_from_bn254_scalar (const field_t &_in, bool skip_primality_test=false) |
| Use when we want to multiply a group element by a string of bits of known size. N.B. using this constructor method will make our scalar multiplication methods not perform primality tests. | |
Public Attributes | |
| field_t | lo |
| field_t | hi |
Static Public Attributes | |
| static constexpr size_t | NUM_BITS = ScalarField::modulus.get_msb() + 1 |
| static constexpr size_t | LO_BITS = field_t::native::Params::MAX_BITS_PER_ENDOMORPHISM_SCALAR |
| static constexpr size_t | HI_BITS = NUM_BITS - LO_BITS |
Private Attributes | |
| size_t | _num_bits = NUM_BITS |
| bool | _skip_primality_test = false |
| bool | _use_bn254_scalar_field_for_primality_test = false |
cycle_scalar represents a member of the cycle curve SCALAR FIELD. This is NOT the native circuit field type. i.e. for a BN254 circuit, cycle_group will be Grumpkin and cycle_scalar will be Grumpkin::ScalarField (BN254 native field is BN254::ScalarField == Grumpkin::BaseField)
We convert scalar multiplication inputs into cycle_scalars to enable scalar multiplication to be complete i.e. Grumpkin points multiplied by BN254 scalars does not produce a cyclic group as BN254::ScalarField < Grumpkin::ScalarField This complexity should not leak outside the cycle_group / cycle_scalar implementations, as cycle_scalar performs all required conversions if the input scalars are stdlib::field_t elements
cycle_scalar instead of using bigfield, as bigfield is inefficient in this context. All required range checks for cycle_scalar can be obtained for free from the batch_mul algorithm, making the range checks performed by bigfield largely redundant. Definition at line 34 of file cycle_scalar.hpp.
| using bb::stdlib::cycle_scalar< Builder >::BigScalarField = stdlib::bigfield<Builder, typename ScalarField::Params> |
Definition at line 39 of file cycle_scalar.hpp.
| using bb::stdlib::cycle_scalar< Builder >::Curve = typename Builder::EmbeddedCurve |
Definition at line 37 of file cycle_scalar.hpp.
| using bb::stdlib::cycle_scalar< Builder >::field_t = stdlib::field_t<Builder> |
Definition at line 36 of file cycle_scalar.hpp.
| using bb::stdlib::cycle_scalar< Builder >::ScalarField = typename Curve::ScalarField |
Definition at line 38 of file cycle_scalar.hpp.
|
inline |
Definition at line 56 of file cycle_scalar.hpp.
| bb::stdlib::cycle_scalar< Builder >::cycle_scalar | ( | const ScalarField & | _in = 0 | ) |
Definition at line 42 of file cycle_scalar.cpp.
| bb::stdlib::cycle_scalar< Builder >::cycle_scalar | ( | const field_t & | _lo, |
| const field_t & | _hi | ||
| ) |
Definition at line 15 of file cycle_scalar.cpp.
| bb::stdlib::cycle_scalar< Builder >::cycle_scalar | ( | const field_t & | _in | ) |
Definition at line 20 of file cycle_scalar.cpp.
|
explicit |
Construct a new cycle scalar from a bigfield _value, over the same ScalarField Field. If _value is a witness, we add constraints to ensure the conversion is correct by reconstructing a bigfield from the limbs of the cycle_scalar and checking equality with the initial _value.
| Builder |
| _value |
Definition at line 130 of file cycle_scalar.cpp.
|
static |
Use when we want to multiply a group element by a string of bits of known size. N.B. using this constructor method will make our scalar multiplication methods not perform primality tests.
| Builder |
| context | |
| value | |
| num_bits |
Definition at line 101 of file cycle_scalar.cpp.
|
static |
Definition at line 52 of file cycle_scalar.cpp.
|
static |
Use when we want to multiply a group element by a string of bits of known size. N.B. using this constructor method will make our scalar multiplication methods not perform primality tests.
| Builder |
| context | |
| value | |
| num_bits |
Definition at line 75 of file cycle_scalar.cpp.
|
inline |
Definition at line 74 of file cycle_scalar.hpp.
|
inline |
Get the origin tag of the cycle_scalar (a merge of the lo and hi tags)
Definition at line 89 of file cycle_scalar.hpp.
| cycle_scalar< Builder >::ScalarField bb::stdlib::cycle_scalar< Builder >::get_value | ( | ) | const |
Definition at line 302 of file cycle_scalar.cpp.
| bool bb::stdlib::cycle_scalar< Builder >::is_constant | ( | ) | const |
Definition at line 248 of file cycle_scalar.cpp.
|
inline |
Definition at line 75 of file cycle_scalar.hpp.
|
inline |
Set the free witness flag for the cycle scalar's tags.
Definition at line 103 of file cycle_scalar.hpp.
|
inline |
Set the origin tag of lo and hi members of cycle scalar.
| tag |
Definition at line 95 of file cycle_scalar.hpp.
|
inline |
Definition at line 76 of file cycle_scalar.hpp.
|
inline |
Unset the free witness flag for the cycle scalar's tags.
Definition at line 111 of file cycle_scalar.hpp.
|
inline |
Definition at line 77 of file cycle_scalar.hpp.
| void bb::stdlib::cycle_scalar< Builder >::validate_scalar_is_in_field | ( | ) | const |
Checks that a cycle_scalar value is smaller than a prime field modulus when evaluated over the INTEGERS N.B. The prime we check can be either the SNARK curve group order or the circuit's embedded curve group order (i.e. BN254 or Grumpkin) For a canonical scalar mul, we check against the embedded curve (i.e. the curve cycle_group implements). HOWEVER: for Pedersen hashes and Pedersen commitments, the hashed/committed data will be native circuit field elements i.e. for a BN254 snark, cycle_group = Grumpkin and we will be committing/hashing BN254::ScalarField values NOT Grumpkin::ScalarFIeld values. TLDR: whether the input scalar has to be < BN254::ScalarField or < Grumpkin::ScalarField is context-dependent.
| Builder |
Definition at line 266 of file cycle_scalar.cpp.
|
private |
Definition at line 49 of file cycle_scalar.hpp.
|
private |
Definition at line 50 of file cycle_scalar.hpp.
|
private |
Definition at line 53 of file cycle_scalar.hpp.
| field_t bb::stdlib::cycle_scalar< Builder >::hi |
Definition at line 46 of file cycle_scalar.hpp.
|
staticconstexpr |
Definition at line 43 of file cycle_scalar.hpp.
| field_t bb::stdlib::cycle_scalar< Builder >::lo |
Definition at line 45 of file cycle_scalar.hpp.
|
staticconstexpr |
Definition at line 42 of file cycle_scalar.hpp.
|
staticconstexpr |
Definition at line 41 of file cycle_scalar.hpp.
1.9.8