Barretenberg: src/barretenberg/commitment_schemes/pairing_points.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include "barretenberg/commitment_schemes/commitment_key.hpp"

#include "barretenberg/commitment_schemes/verification_key.hpp"

#include "barretenberg/polynomials/polynomial.hpp"

#include "barretenberg/stdlib/primitives/curves/grumpkin.hpp"


namespace bb {


class PairingPoints {

    using Curve = curve::BN254;

    using CK = CommitmentKey<Curve>;

    using Point = typename Curve::AffineElement;

    using Fr = typename Curve::ScalarField;

    using Fq = typename Curve::BaseField;

    using VerifierCK = VerifierCommitmentKey<curve::BN254>;


  public:

    static constexpr size_t PUBLIC_INPUTS_SIZE = PAIRING_POINTS_SIZE;


    Point P0 = Point::infinity();

    Point P1 = Point::infinity();


    PairingPoints() = default;


    PairingPoints(const Point& P0, const Point& P1)

        : P0(P0)

        , P1(P1)

    {}


    static PairingPoints reconstruct_from_public(const std::span<const Fr, PUBLIC_INPUTS_SIZE>& limbs_in)

    {

        const std::span<const bb::fr, Point::PUBLIC_INPUTS_SIZE> P0_limbs(limbs_in.data(), Point::PUBLIC_INPUTS_SIZE);

        const std::span<const bb::fr, Point::PUBLIC_INPUTS_SIZE> P1_limbs(limbs_in.data() + Point::PUBLIC_INPUTS_SIZE,

                                                                          Point::PUBLIC_INPUTS_SIZE);

        Point P0 = Point::reconstruct_from_public(P0_limbs);

        Point P1 = Point::reconstruct_from_public(P1_limbs);


        return PairingPoints{ P0, P1 };

    }


    void aggregate(const PairingPoints& other)

    {

        if (P0 == Point::infinity() || P1 == Point::infinity() || other.P0 == Point::infinity() ||

            other.P1 == Point::infinity()) {

            throw_or_abort("WARNING: Shouldn't be aggregating with Point at infinity! The pairing points are probably "

                           "uninitialized.");

        }

        Fr aggregation_separator = Fr::random_element();

        P0 = P0 + other.P0 * aggregation_separator;

        P1 = P1 + other.P1 * aggregation_separator;

    }


    bool check() const

    {

        VerifierCK pcs_vkey{};

        // TODO(https://github.com/AztecProtocol/barretenberg/issues/1423): Rename to verifier_pcs_key or vckey or

        // something. Issue exists in many places besides just here.

        return pcs_vkey.pairing_check(P0, P1);

    }


    bool operator==(const PairingPoints& other) const = default;

};


} // namespace bb

bb::CommitmentKey
CommitmentKey object over a pairing group 𝔾₁.
Definition commitment_key.hpp:40

bb::PairingPoints
An object storing two bn254 points that represent the inputs to a pairing check.
Definition pairing_points.hpp:23

bb::PairingPoints::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition pairing_points.hpp:32

bb::PairingPoints::check
bool check() const
Perform the pairing check.
Definition pairing_points.hpp:76

bb::PairingPoints::operator==
bool operator==(const PairingPoints &other) const =default

bb::PairingPoints::PairingPoints
PairingPoints()=default

bb::PairingPoints::Fq
typename Curve::BaseField Fq
Definition pairing_points.hpp:28

bb::PairingPoints::Fr
typename Curve::ScalarField Fr
Definition pairing_points.hpp:27

bb::PairingPoints::aggregate
void aggregate(const PairingPoints &other)
Aggregate the current pairing points with another set of pairing points using a random scalar.
Definition pairing_points.hpp:61

bb::PairingPoints::reconstruct_from_public
static PairingPoints reconstruct_from_public(const std::span< const Fr, PUBLIC_INPUTS_SIZE > &limbs_in)
Reconstruct the pairing points from limbs stored on the public inputs.
Definition pairing_points.hpp:47

bb::PairingPoints::PairingPoints
PairingPoints(const Point &P0, const Point &P1)
Definition pairing_points.hpp:38

bb::PairingPoints::P0
Point P0
Definition pairing_points.hpp:34

bb::PairingPoints::Point
typename Curve::AffineElement Point
Definition pairing_points.hpp:26

bb::PairingPoints::P1
Point P1
Definition pairing_points.hpp:35

bb::VerifierCommitmentKey< curve::BN254 >
Specialization for bn254.
Definition verification_key.hpp:36

bb::VerifierCommitmentKey< curve::BN254 >::pairing_check
bool pairing_check(const GroupElement &p0, const GroupElement &p1)
verifies a pairing equation over 2 points using the verifier SRS
Definition verification_key.hpp:67

bb::VerifierCommitmentKey
Representation of the Grumpkin Verifier Commitment Key inside a bn254 circuit.
Definition verifier_commitment_key.hpp:16

bb::curve::BN254
Definition bn254.hpp:16

bb::curve::BN254::BaseField
bb::fq BaseField
Definition bn254.hpp:19

bb::curve::BN254::AffineElement
typename Group::affine_element AffineElement
Definition bn254.hpp:22

bb::curve::BN254::ScalarField
bb::fr ScalarField
Definition bn254.hpp:18

commitment_key.hpp

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

polynomial.hpp

grumpkin.hpp

bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665

throw_or_abort
void throw_or_abort(std::string const &err)
Definition throw_or_abort.hpp:6

verification_key.hpp