Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
secp256k1.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8
9#include "../../fields/field.hpp"
10#include "../../groups/group.hpp"
11#include "../types.hpp"
12
13// NOLINTBEGIN(cppcoreguidelines-avoid-c-arrays)
14
15namespace bb::secp256k1 {
16struct FqParams {
17 // There is a helper script in ecc/fields/parameter_helper.py that can be used to extract these parameters from the
18 // source code
19
20 // A little-endian representation of the modulus split into 4 64-bit words
21 static constexpr uint64_t modulus_0 = 0xFFFFFFFEFFFFFC2FULL;
22 static constexpr uint64_t modulus_1 = 0xFFFFFFFFFFFFFFFFULL;
23 static constexpr uint64_t modulus_2 = 0xFFFFFFFFFFFFFFFFULL;
24 static constexpr uint64_t modulus_3 = 0xFFFFFFFFFFFFFFFFULL;
25
26 // A little-endian representation of R^2 modulo the modulus (R=2^256 mod modulus) split into 4 64-bit words
27 static constexpr uint64_t r_squared_0 = 8392367050913ULL;
28 static constexpr uint64_t r_squared_1 = 1;
29 static constexpr uint64_t r_squared_2 = 0;
30 static constexpr uint64_t r_squared_3 = 0;
31
32 // Coset generators in Montgomery form for R=2^256 mod Modulus. Used in FFT-based proving systems
33 static constexpr uint64_t coset_generators_0[8]{
34 0x300000b73ULL, 0x400000f44ULL, 0x500001315ULL, 0x6000016e6ULL,
35 0x700001ab7ULL, 0x800001e88ULL, 0x900002259ULL, 0xa0000262aULL,
36 };
37 static constexpr uint64_t coset_generators_1[8]{
38 0, 0, 0, 0, 0, 0, 0, 0,
39 };
40 static constexpr uint64_t coset_generators_2[8]{
41 0, 0, 0, 0, 0, 0, 0, 0,
42 };
43 static constexpr uint64_t coset_generators_3[8]{
44 0, 0, 0, 0, 0, 0, 0, 0,
45 };
46
47 // -(Modulus^-1) mod 2^64
48 // This is used to compute k = r_inv * lower_limb(scalar), such that scalar + k*modulus in integers would have 0 in
49 // the lowest limb By performing this sequentially for 4 limbs, we get an 8-limb representation of the scalar, where
50 // the lowest 4 limbs are zeros. Then we can immediately divide by 2^256 by simply getting rid of the lowest 4 limbs
51 static constexpr uint64_t r_inv = 15580212934572586289ULL;
52
53 // 2^(-64) mod Modulus
54 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
55 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
56 // This saves us from having to compute k
57 static constexpr uint64_t r_inv_0 = 0xffffffff27c7f3a9UL;
58 static constexpr uint64_t r_inv_1 = 0xffffffffffffffffUL;
59 static constexpr uint64_t r_inv_2 = 0xffffffffffffffffUL;
60 static constexpr uint64_t r_inv_3 = 0xd838091dd2253530UL;
61
62 // 2^(-29) mod Modulus
63 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
64 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 10 limbs.
65 // This saves us from having to compute k
66 static constexpr uint64_t r_inv_wasm_0 = 0xed6544e;
67 static constexpr uint64_t r_inv_wasm_1 = 0x1ffffffb;
68 static constexpr uint64_t r_inv_wasm_2 = 0x1fffffff;
69 static constexpr uint64_t r_inv_wasm_3 = 0x1fffffff;
70 static constexpr uint64_t r_inv_wasm_4 = 0x1fffffff;
71 static constexpr uint64_t r_inv_wasm_5 = 0x1fffffff;
72 static constexpr uint64_t r_inv_wasm_6 = 0x1fffffff;
73 static constexpr uint64_t r_inv_wasm_7 = 0x10ffffff;
74 static constexpr uint64_t r_inv_wasm_8 = 0x9129a9;
75
76 // A little-endian representation of the cubic root of 1 in Fq in Montgomery form split into 4 64-bit words
77 static constexpr uint64_t cube_root_0 = 0x58a4361c8e81894eULL;
78 static constexpr uint64_t cube_root_1 = 0x03fde1631c4b80afULL;
79 static constexpr uint64_t cube_root_2 = 0xf8e98978d02e3905ULL;
80 static constexpr uint64_t cube_root_3 = 0x7a4a36aebcbb3d53ULL;
81
82 // Not used for secp256k1
83 static constexpr uint64_t primitive_root_0 = 0UL;
84 static constexpr uint64_t primitive_root_1 = 0UL;
85 static constexpr uint64_t primitive_root_2 = 0UL;
86 static constexpr uint64_t primitive_root_3 = 0UL;
87
88 // A little-endian representation of the modulus split into 9 29-bit limbs
89 // This is used in wasm because we can only do multiplication with 64-bit result instead of 128-bit like in x86_64
90 static constexpr uint64_t modulus_wasm_0 = 0x1ffffc2f;
91 static constexpr uint64_t modulus_wasm_1 = 0x1ffffff7;
92 static constexpr uint64_t modulus_wasm_2 = 0x1fffffff;
93 static constexpr uint64_t modulus_wasm_3 = 0x1fffffff;
94 static constexpr uint64_t modulus_wasm_4 = 0x1fffffff;
95 static constexpr uint64_t modulus_wasm_5 = 0x1fffffff;
96 static constexpr uint64_t modulus_wasm_6 = 0x1fffffff;
97 static constexpr uint64_t modulus_wasm_7 = 0x1fffffff;
98 static constexpr uint64_t modulus_wasm_8 = 0xffffff;
99
100 // A little-endian representation of R^2 modulo the modulus (R=2^261 mod modulus) split into 4 64-bit words
101 // We use 2^261 in wasm, because 261=29*9, the 9 29-bit limbs used for arithmetic in
102 static constexpr uint64_t r_squared_wasm_0 = 0x001e88003a428400UL;
103 static constexpr uint64_t r_squared_wasm_1 = 0x0000000000000400UL;
104 static constexpr uint64_t r_squared_wasm_2 = 0x0000000000000000UL;
105 static constexpr uint64_t r_squared_wasm_3 = 0x0000000000000000UL;
106
107 // A little-endian representation of the cube root of 1 in Fq in Montgomery form for wasm (R=2^261 mod modulus)
108 // split into 4 64-bit words
109 static constexpr uint64_t cube_root_wasm_0 = 0x1486c3a0d03162ffUL;
110 static constexpr uint64_t cube_root_wasm_1 = 0x7fbc2c63897015ebUL;
111 static constexpr uint64_t cube_root_wasm_2 = 0x1d312f1a05c720a0UL;
112 static constexpr uint64_t cube_root_wasm_3 = 0x4946d5d79767aa7fUL;
113
114 // Not used in secp256k1, since this is not for proving systems
115 static constexpr uint64_t primitive_root_wasm_0 = 0x0000000000000000UL;
116 static constexpr uint64_t primitive_root_wasm_1 = 0x0000000000000000UL;
117 static constexpr uint64_t primitive_root_wasm_2 = 0x0000000000000000UL;
118 static constexpr uint64_t primitive_root_wasm_3 = 0x0000000000000000UL;
119
120 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
121 // them here
122 static constexpr uint64_t coset_generators_wasm_0[8] = { 0x0000006000016e60ULL, 0x000000800001e880ULL,
123 0x000000a0000262a0ULL, 0x000000c00002dcc0ULL,
124 0x000000e0000356e0ULL, 0x000001000003d100ULL,
125 0x0000012000044b20ULL, 0x000001400004c540ULL };
126 static constexpr uint64_t coset_generators_wasm_1[8] = { 0x0000000000000000ULL, 0x0000000000000000ULL,
127 0x0000000000000000ULL, 0x0000000000000000ULL,
128 0x0000000000000000ULL, 0x0000000000000000ULL,
129 0x0000000000000000ULL, 0x0000000000000000ULL };
130 static constexpr uint64_t coset_generators_wasm_2[8] = { 0x0000000000000000ULL, 0x0000000000000000ULL,
131 0x0000000000000000ULL, 0x0000000000000000ULL,
132 0x0000000000000000ULL, 0x0000000000000000ULL,
133 0x0000000000000000ULL, 0x0000000000000000ULL };
134 static constexpr uint64_t coset_generators_wasm_3[8] = { 0x0000000000000000ULL, 0x0000000000000000ULL,
135 0x0000000000000000ULL, 0x0000000000000000ULL,
136 0x0000000000000000ULL, 0x0000000000000000ULL,
137 0x0000000000000000ULL, 0x0000000000000000ULL };
138
139 // For consistency with bb::fq, if we ever represent an element of bb::secp256k1::fq in the public inputs, we do so
140 // as a bigfield element, so with 4 public inputs
141 static constexpr size_t PUBLIC_INPUTS_SIZE = BIGFIELD_PUBLIC_INPUTS_SIZE;
142};
143using fq = field<FqParams>;
144
145struct FrParams {
146
147 // A little-endian representation of the modulus split into 4 64-bit words
148 static constexpr uint64_t modulus_0 = 0xBFD25E8CD0364141ULL;
149 static constexpr uint64_t modulus_1 = 0xBAAEDCE6AF48A03BULL;
150 static constexpr uint64_t modulus_2 = 0xFFFFFFFFFFFFFFFEULL;
151 static constexpr uint64_t modulus_3 = 0xFFFFFFFFFFFFFFFFULL;
152
153 // A little-endian representation of R^2 modulo the modulus (R=2^256 mod modulus) split into 4 64-bit words
154 static constexpr uint64_t r_squared_0 = 9902555850136342848ULL;
155 static constexpr uint64_t r_squared_1 = 8364476168144746616ULL;
156 static constexpr uint64_t r_squared_2 = 16616019711348246470ULL;
157 static constexpr uint64_t r_squared_3 = 11342065889886772165ULL;
158
159 // -(Modulus^-1) mod 2^64
160 // This is used to compute k = r_inv * lower_limb(scalar), such that scalar + k*modulus in integers would have 0 in
161 // the lowest limb By performing this sequentially for 4 limbs, we get an 8-limb representation of the scalar, where
162 // the lowest 4 limbs are zeros. Then we can immediately divide by 2^256 by simply getting rid of the lowest 4 limbs
163 static constexpr uint64_t r_inv = 5408259542528602431ULL;
164
165 // 2^(-64) mod Modulus
166 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
167 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
168 // This saves us from having to compute k
169 static constexpr uint64_t r_inv_0 = 0x9d4ad302583de6dcUL;
170 static constexpr uint64_t r_inv_1 = 0xa09f710af0155525UL;
171 static constexpr uint64_t r_inv_2 = 0xffffffffffffffffUL;
172 static constexpr uint64_t r_inv_3 = 0x4b0dff665588b13eUL;
173
174 // 2^(-29) mod Modulus
175 // Used in the reduction mechanism from https://hackmd.io/@Ingonyama/Barret-Montgomery
176 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 10 limbs.
177 // This saves us from having to compute k
178 static constexpr uint64_t r_inv_wasm_0 = 0x3d864e;
179 static constexpr uint64_t r_inv_wasm_1 = 0x8b9f61c;
180 static constexpr uint64_t r_inv_wasm_2 = 0x3df60c0;
181 static constexpr uint64_t r_inv_wasm_3 = 0xa3c71eb;
182 static constexpr uint64_t r_inv_wasm_4 = 0x1ffff251;
183 static constexpr uint64_t r_inv_wasm_5 = 0x1fffffff;
184 static constexpr uint64_t r_inv_wasm_6 = 0x1fffffff;
185 static constexpr uint64_t r_inv_wasm_7 = 0x1effffff;
186 static constexpr uint64_t r_inv_wasm_8 = 0xac4589;
187
188 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
189 // them here
190 static constexpr uint64_t coset_generators_0[8]{
191 0x40e4273feef0b9bbULL, 0x8111c8b31eba787aULL, 0xc13f6a264e843739ULL, 0x16d0b997e4df5f8ULL,
192 0x419aad0cae17b4b7ULL, 0x81c84e7fdde17376ULL, 0xc1f5eff30dab3235ULL, 0x22391663d74f0f4ULL,
193 };
194 static constexpr uint64_t coset_generators_1[8]{
195 0x5a95af7e9394ded5ULL, 0x9fe6d297e44c3e99ULL, 0xe537f5b135039e5dULL, 0x2a8918ca85bafe22ULL,
196 0x6fda3be3d6725de6ULL, 0xb52b5efd2729bdaaULL, 0xfa7c821677e11d6eULL, 0x3fcda52fc8987d33ULL,
197 };
198 static constexpr uint64_t coset_generators_2[8]{
199 0x6ULL, 0x7ULL, 0x8ULL, 0xaULL, 0xbULL, 0xcULL, 0xdULL, 0xfULL,
200 };
201 static constexpr uint64_t coset_generators_3[8]{
202 0, 0, 0, 0, 0, 0, 0, 0,
203 };
204
205 // A little-endian representation of the cubic root of 1 in Fr in Montgomery form split into 4 64-bit words
206 static constexpr uint64_t cube_root_0 = 0xf07deb3dc9926c9eULL;
207 static constexpr uint64_t cube_root_1 = 0x2c93e7ad83c6944cULL;
208 static constexpr uint64_t cube_root_2 = 0x73a9660652697d91ULL;
209 static constexpr uint64_t cube_root_3 = 0x532840178558d639ULL;
210
211 // Not needed, since there is no endomorphism for secp256k1
212 static constexpr uint64_t endo_minus_b1_lo = 0x6F547FA90ABFE4C3ULL;
213 static constexpr uint64_t endo_minus_b1_mid = 0xE4437ED6010E8828ULL;
214
215 static constexpr uint64_t endo_b2_lo = 0xe86c90e49284eb15ULL;
216 static constexpr uint64_t endo_b2_mid = 0x3086d221a7d46bcdULL;
217
218 static constexpr uint64_t endo_g1_lo = 0xE893209A45DBB031ULL;
219 static constexpr uint64_t endo_g1_mid = 0x3DAA8A1471E8CA7FULL;
220 static constexpr uint64_t endo_g1_hi = 0xE86C90E49284EB15ULL;
221 static constexpr uint64_t endo_g1_hihi = 0x3086D221A7D46BCDULL;
222
223 static constexpr uint64_t endo_g2_lo = 0x1571B4AE8AC47F71ULL;
224 static constexpr uint64_t endo_g2_mid = 0x221208AC9DF506C6ULL;
225 static constexpr uint64_t endo_g2_hi = 0x6F547FA90ABFE4C4ULL;
226 static constexpr uint64_t endo_g2_hihi = 0xE4437ED6010E8828ULL;
227
228 // Not used in secp256k1
229 static constexpr uint64_t primitive_root_0 = 0UL;
230 static constexpr uint64_t primitive_root_1 = 0UL;
231 static constexpr uint64_t primitive_root_2 = 0UL;
232 static constexpr uint64_t primitive_root_3 = 0UL;
233
234 // A little-endian representation of the modulus split into 9 29-bit limbs
235 // This is used in wasm because we can only do multiplication with 64-bit result instead of 128-bit like in x86_64
236 static constexpr uint64_t modulus_wasm_0 = 0x10364141;
237 static constexpr uint64_t modulus_wasm_1 = 0x1e92f466;
238 static constexpr uint64_t modulus_wasm_2 = 0x12280eef;
239 static constexpr uint64_t modulus_wasm_3 = 0x1db9cd5e;
240 static constexpr uint64_t modulus_wasm_4 = 0x1fffebaa;
241 static constexpr uint64_t modulus_wasm_5 = 0x1fffffff;
242 static constexpr uint64_t modulus_wasm_6 = 0x1fffffff;
243 static constexpr uint64_t modulus_wasm_7 = 0x1fffffff;
244 static constexpr uint64_t modulus_wasm_8 = 0xffffff;
245
246 // A little-endian representation of R^2 modulo the modulus (R=2^261 mod modulus) split into 4 64-bit words
247 // We use 2^261 in wasm, because 261=29*9, the 9 29-bit limbs used for arithmetic in
248 static constexpr uint64_t r_squared_wasm_0 = 0x63e601a3c9f6ab4bUL;
249 static constexpr uint64_t r_squared_wasm_1 = 0xa2b6456d46702f57UL;
250 static constexpr uint64_t r_squared_wasm_2 = 0x5fd7916f341f1cefUL;
251 static constexpr uint64_t r_squared_wasm_3 = 0x9c7356071a6f179aUL;
252
253 // A little-endian representation of the cube root of 1 in Fr in Montgomery form for wasm (R=2^261 mod modulus)
254 // split into 4 64-bit words
255 static constexpr uint64_t cube_root_wasm_0 = 0x9185b639102f0736UL;
256 static constexpr uint64_t cube_root_wasm_1 = 0x47a854ad9ffc4748UL;
257 static constexpr uint64_t cube_root_wasm_2 = 0x752cc0ca4d2fb232UL;
258 static constexpr uint64_t cube_root_wasm_3 = 0x650802f0ab1ac72eUL;
259
260 // Not used in secp256k1
261 static constexpr uint64_t primitive_root_wasm_0 = 0x0000000000000000UL;
262 static constexpr uint64_t primitive_root_wasm_1 = 0x0000000000000000UL;
263 static constexpr uint64_t primitive_root_wasm_2 = 0x0000000000000000UL;
264 static constexpr uint64_t primitive_root_wasm_3 = 0x0000000000000000UL;
265
266 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
267 // them here
268 static constexpr uint64_t coset_generators_wasm_0[8] = { 0x1c84e7fdde173760ULL, 0x22391663d74f0f40ULL,
269 0x27ed44c9d086e720ULL, 0x2da1732fc9bebf00ULL,
270 0x3355a195c2f696e0ULL, 0x3909cffbbc2e6ec0ULL,
271 0x3ebdfe61b56646a0ULL, 0x44722cc7ae9e1e80ULL };
272 static constexpr uint64_t coset_generators_wasm_1[8] = { 0x52b5efd2729bdaa8ULL, 0xfcda52fc8987d330ULL,
273 0xa6feb626a073cbb8ULL, 0x51231950b75fc440ULL,
274 0xfb477c7ace4bbcc8ULL, 0xa56bdfa4e537b550ULL,
275 0x4f9042cefc23add8ULL, 0xf9b4a5f9130fa660ULL };
276 static constexpr uint64_t coset_generators_wasm_2[8] = { 0x00000000000000cbULL, 0x00000000000000f3ULL,
277 0x000000000000011cULL, 0x0000000000000145ULL,
278 0x000000000000016dULL, 0x0000000000000196ULL,
279 0x00000000000001bfULL, 0x00000000000001e7ULL };
280 static constexpr uint64_t coset_generators_wasm_3[8] = { 0x0000000000000000ULL, 0x0000000000000000ULL,
281 0x0000000000000000ULL, 0x0000000000000000ULL,
282 0x0000000000000000ULL, 0x0000000000000000ULL,
283 0x0000000000000000ULL, 0x0000000000000000ULL };
284
285 // For consistency with bb::fq, if we ever represent an element of bb::secp256k1::fr in the public inputs, we do so
286 // as a bigfield element, so with 4 public inputs
287 static constexpr size_t PUBLIC_INPUTS_SIZE = BIGFIELD_PUBLIC_INPUTS_SIZE;
288};
289using fr = field<FrParams>;
290
291struct G1Params {
292 static constexpr bool USE_ENDOMORPHISM = false;
293 static constexpr bool can_hash_to_curve = true;
294 static constexpr bool small_elements = true;
295 static constexpr bool has_a = false;
296
297 static constexpr fq b = fq(7);
298 static constexpr fq a = fq(0);
299
300 static constexpr fq one_x =
301 fq(0x59F2815B16F81798UL, 0x029BFCDB2DCE28D9UL, 0x55A06295CE870B07UL, 0x79BE667EF9DCBBACUL).to_montgomery_form();
302 static constexpr fq one_y =
303 fq(0x9C47D08FFB10D4B8UL, 0xFD17B448A6855419UL, 0x5DA4FBFC0E1108A8UL, 0x483ADA7726A3C465UL).to_montgomery_form();
304};
305using g1 = group<fq, fr, G1Params>;
306} // namespace bb::secp256k1
307
308namespace bb::curve {
317} // namespace bb::curve
318
319// NOLINTEND(cppcoreguidelines-avoid-c-arrays)
bb::curve::SECP256K1::Element
typename Group::element Element
Definition secp256k1.hpp:314
bb::curve::SECP256K1::AffineElement
typename Group::affine_element AffineElement
Definition secp256k1.hpp:315
bb::group
group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr
Definition group.hpp:36
bb::group::affine_element
group_elements::affine_element< Fq, Fr, Params > affine_element
Definition group.hpp:42
bb::group::element
group_elements::element< Fq, Fr, Params > element
Definition group.hpp:41
bb::secp256k1::fr
field< FrParams > fr
Definition secp256k1.hpp:289
bb::secp256k1::g1
group< fq, fr, G1Params > g1
Definition secp256k1.hpp:305
bb::secp256k1::fq
field< FqParams > fq
Definition secp256k1.hpp:143
bb::field
General class for prime fields see Prime field documentation["field documentation"] for general imple...
Definition field_declarations.hpp:36
bb::field::to_montgomery_form
BB_INLINE constexpr field to_montgomery_form() const noexcept
Definition field_impl.hpp:283
bb::secp256k1::FqParams::primitive_root_wasm_0
static constexpr uint64_t primitive_root_wasm_0
Definition secp256k1.hpp:115
bb::secp256k1::FqParams::coset_generators_1
static constexpr uint64_t coset_generators_1[8]
Definition secp256k1.hpp:37
bb::secp256k1::FqParams::primitive_root_2
static constexpr uint64_t primitive_root_2
Definition secp256k1.hpp:85
bb::secp256k1::FqParams::modulus_wasm_4
static constexpr uint64_t modulus_wasm_4
Definition secp256k1.hpp:94
bb::secp256k1::FqParams::r_inv_3
static constexpr uint64_t r_inv_3
Definition secp256k1.hpp:60
bb::secp256k1::FqParams::primitive_root_3
static constexpr uint64_t primitive_root_3
Definition secp256k1.hpp:86
bb::secp256k1::FqParams::modulus_wasm_8
static constexpr uint64_t modulus_wasm_8
Definition secp256k1.hpp:98
bb::secp256k1::FqParams::r_inv_0
static constexpr uint64_t r_inv_0
Definition secp256k1.hpp:57
bb::secp256k1::FqParams::modulus_wasm_0
static constexpr uint64_t modulus_wasm_0
Definition secp256k1.hpp:90
bb::secp256k1::FqParams::r_squared_2
static constexpr uint64_t r_squared_2
Definition secp256k1.hpp:29
bb::secp256k1::FqParams::r_inv
static constexpr uint64_t r_inv
Definition secp256k1.hpp:51
bb::secp256k1::FqParams::modulus_wasm_7
static constexpr uint64_t modulus_wasm_7
Definition secp256k1.hpp:97
bb::secp256k1::FqParams::modulus_wasm_2
static constexpr uint64_t modulus_wasm_2
Definition secp256k1.hpp:92
bb::secp256k1::FqParams::r_inv_wasm_4
static constexpr uint64_t r_inv_wasm_4
Definition secp256k1.hpp:70
bb::secp256k1::FqParams::r_squared_wasm_1
static constexpr uint64_t r_squared_wasm_1
Definition secp256k1.hpp:103
bb::secp256k1::FqParams::r_inv_wasm_1
static constexpr uint64_t r_inv_wasm_1
Definition secp256k1.hpp:67
bb::secp256k1::FqParams::cube_root_wasm_0
static constexpr uint64_t cube_root_wasm_0
Definition secp256k1.hpp:109
bb::secp256k1::FqParams::r_squared_wasm_0
static constexpr uint64_t r_squared_wasm_0
Definition secp256k1.hpp:102
bb::secp256k1::FqParams::r_squared_3
static constexpr uint64_t r_squared_3
Definition secp256k1.hpp:30
bb::secp256k1::FqParams::primitive_root_wasm_1
static constexpr uint64_t primitive_root_wasm_1
Definition secp256k1.hpp:116
bb::secp256k1::FqParams::modulus_0
static constexpr uint64_t modulus_0
Definition secp256k1.hpp:21
bb::secp256k1::FqParams::modulus_wasm_5
static constexpr uint64_t modulus_wasm_5
Definition secp256k1.hpp:95
bb::secp256k1::FqParams::cube_root_0
static constexpr uint64_t cube_root_0
Definition secp256k1.hpp:77
bb::secp256k1::FqParams::modulus_1
static constexpr uint64_t modulus_1
Definition secp256k1.hpp:22
bb::secp256k1::FqParams::r_inv_wasm_5
static constexpr uint64_t r_inv_wasm_5
Definition secp256k1.hpp:71
bb::secp256k1::FqParams::coset_generators_wasm_2
static constexpr uint64_t coset_generators_wasm_2[8]
Definition secp256k1.hpp:130
bb::secp256k1::FqParams::cube_root_wasm_3
static constexpr uint64_t cube_root_wasm_3
Definition secp256k1.hpp:112
bb::secp256k1::FqParams::coset_generators_2
static constexpr uint64_t coset_generators_2[8]
Definition secp256k1.hpp:40
bb::secp256k1::FqParams::r_inv_wasm_8
static constexpr uint64_t r_inv_wasm_8
Definition secp256k1.hpp:74
bb::secp256k1::FqParams::r_squared_1
static constexpr uint64_t r_squared_1
Definition secp256k1.hpp:28
bb::secp256k1::FqParams::primitive_root_wasm_3
static constexpr uint64_t primitive_root_wasm_3
Definition secp256k1.hpp:118
bb::secp256k1::FqParams::r_squared_wasm_2
static constexpr uint64_t r_squared_wasm_2
Definition secp256k1.hpp:104
bb::secp256k1::FqParams::primitive_root_1
static constexpr uint64_t primitive_root_1
Definition secp256k1.hpp:84
bb::secp256k1::FqParams::r_squared_wasm_3
static constexpr uint64_t r_squared_wasm_3
Definition secp256k1.hpp:105
bb::secp256k1::FqParams::modulus_2
static constexpr uint64_t modulus_2
Definition secp256k1.hpp:23
bb::secp256k1::FqParams::r_inv_1
static constexpr uint64_t r_inv_1
Definition secp256k1.hpp:58
bb::secp256k1::FqParams::coset_generators_wasm_3
static constexpr uint64_t coset_generators_wasm_3[8]
Definition secp256k1.hpp:134
bb::secp256k1::FqParams::r_inv_wasm_7
static constexpr uint64_t r_inv_wasm_7
Definition secp256k1.hpp:73
bb::secp256k1::FqParams::coset_generators_3
static constexpr uint64_t coset_generators_3[8]
Definition secp256k1.hpp:43
bb::secp256k1::FqParams::r_squared_0
static constexpr uint64_t r_squared_0
Definition secp256k1.hpp:27
bb::secp256k1::FqParams::r_inv_wasm_3
static constexpr uint64_t r_inv_wasm_3
Definition secp256k1.hpp:69
bb::secp256k1::FqParams::primitive_root_wasm_2
static constexpr uint64_t primitive_root_wasm_2
Definition secp256k1.hpp:117
bb::secp256k1::FqParams::primitive_root_0
static constexpr uint64_t primitive_root_0
Definition secp256k1.hpp:83
bb::secp256k1::FqParams::modulus_wasm_1
static constexpr uint64_t modulus_wasm_1
Definition secp256k1.hpp:91
bb::secp256k1::FqParams::r_inv_wasm_0
static constexpr uint64_t r_inv_wasm_0
Definition secp256k1.hpp:66
bb::secp256k1::FqParams::coset_generators_wasm_0
static constexpr uint64_t coset_generators_wasm_0[8]
Definition secp256k1.hpp:122
bb::secp256k1::FqParams::cube_root_2
static constexpr uint64_t cube_root_2
Definition secp256k1.hpp:79
bb::secp256k1::FqParams::cube_root_wasm_1
static constexpr uint64_t cube_root_wasm_1
Definition secp256k1.hpp:110
bb::secp256k1::FqParams::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition secp256k1.hpp:141
bb::secp256k1::FqParams::coset_generators_0
static constexpr uint64_t coset_generators_0[8]
Definition secp256k1.hpp:33
bb::secp256k1::FqParams::cube_root_wasm_2
static constexpr uint64_t cube_root_wasm_2
Definition secp256k1.hpp:111
bb::secp256k1::FqParams::modulus_wasm_6
static constexpr uint64_t modulus_wasm_6
Definition secp256k1.hpp:96
bb::secp256k1::FqParams::cube_root_1
static constexpr uint64_t cube_root_1
Definition secp256k1.hpp:78
bb::secp256k1::FqParams::coset_generators_wasm_1
static constexpr uint64_t coset_generators_wasm_1[8]
Definition secp256k1.hpp:126
bb::secp256k1::FqParams::modulus_wasm_3
static constexpr uint64_t modulus_wasm_3
Definition secp256k1.hpp:93
bb::secp256k1::FqParams::r_inv_wasm_2
static constexpr uint64_t r_inv_wasm_2
Definition secp256k1.hpp:68
bb::secp256k1::FqParams::r_inv_wasm_6
static constexpr uint64_t r_inv_wasm_6
Definition secp256k1.hpp:72
bb::secp256k1::FqParams::r_inv_2
static constexpr uint64_t r_inv_2
Definition secp256k1.hpp:59
bb::secp256k1::FqParams::cube_root_3
static constexpr uint64_t cube_root_3
Definition secp256k1.hpp:80
bb::secp256k1::FqParams::modulus_3
static constexpr uint64_t modulus_3
Definition secp256k1.hpp:24
bb::secp256k1::FrParams::r_squared_3
static constexpr uint64_t r_squared_3
Definition secp256k1.hpp:157
bb::secp256k1::FrParams::r_inv_wasm_5
static constexpr uint64_t r_inv_wasm_5
Definition secp256k1.hpp:183
bb::secp256k1::FrParams::cube_root_wasm_0
static constexpr uint64_t cube_root_wasm_0
Definition secp256k1.hpp:255
bb::secp256k1::FrParams::modulus_wasm_5
static constexpr uint64_t modulus_wasm_5
Definition secp256k1.hpp:241
bb::secp256k1::FrParams::coset_generators_1
static constexpr uint64_t coset_generators_1[8]
Definition secp256k1.hpp:194
bb::secp256k1::FrParams::endo_g1_hi
static constexpr uint64_t endo_g1_hi
Definition secp256k1.hpp:220
bb::secp256k1::FrParams::modulus_wasm_7
static constexpr uint64_t modulus_wasm_7
Definition secp256k1.hpp:243
bb::secp256k1::FrParams::r_inv
static constexpr uint64_t r_inv
Definition secp256k1.hpp:163
bb::secp256k1::FrParams::modulus_wasm_6
static constexpr uint64_t modulus_wasm_6
Definition secp256k1.hpp:242
bb::secp256k1::FrParams::modulus_wasm_1
static constexpr uint64_t modulus_wasm_1
Definition secp256k1.hpp:237
bb::secp256k1::FrParams::modulus_0
static constexpr uint64_t modulus_0
Definition secp256k1.hpp:148
bb::secp256k1::FrParams::r_squared_wasm_3
static constexpr uint64_t r_squared_wasm_3
Definition secp256k1.hpp:251
bb::secp256k1::FrParams::endo_g1_mid
static constexpr uint64_t endo_g1_mid
Definition secp256k1.hpp:219
bb::secp256k1::FrParams::primitive_root_wasm_3
static constexpr uint64_t primitive_root_wasm_3
Definition secp256k1.hpp:264
bb::secp256k1::FrParams::primitive_root_2
static constexpr uint64_t primitive_root_2
Definition secp256k1.hpp:231
bb::secp256k1::FrParams::endo_minus_b1_lo
static constexpr uint64_t endo_minus_b1_lo
Definition secp256k1.hpp:212
bb::secp256k1::FrParams::r_inv_1
static constexpr uint64_t r_inv_1
Definition secp256k1.hpp:170
bb::secp256k1::FrParams::endo_g1_lo
static constexpr uint64_t endo_g1_lo
Definition secp256k1.hpp:218
bb::secp256k1::FrParams::cube_root_wasm_1
static constexpr uint64_t cube_root_wasm_1
Definition secp256k1.hpp:256
bb::secp256k1::FrParams::cube_root_wasm_3
static constexpr uint64_t cube_root_wasm_3
Definition secp256k1.hpp:258
bb::secp256k1::FrParams::coset_generators_wasm_1
static constexpr uint64_t coset_generators_wasm_1[8]
Definition secp256k1.hpp:272
bb::secp256k1::FrParams::modulus_wasm_8
static constexpr uint64_t modulus_wasm_8
Definition secp256k1.hpp:244
bb::secp256k1::FrParams::r_inv_wasm_6
static constexpr uint64_t r_inv_wasm_6
Definition secp256k1.hpp:184
bb::secp256k1::FrParams::r_inv_0
static constexpr uint64_t r_inv_0
Definition secp256k1.hpp:169
bb::secp256k1::FrParams::modulus_3
static constexpr uint64_t modulus_3
Definition secp256k1.hpp:151
bb::secp256k1::FrParams::r_inv_wasm_2
static constexpr uint64_t r_inv_wasm_2
Definition secp256k1.hpp:180
bb::secp256k1::FrParams::modulus_1
static constexpr uint64_t modulus_1
Definition secp256k1.hpp:149
bb::secp256k1::FrParams::modulus_wasm_2
static constexpr uint64_t modulus_wasm_2
Definition secp256k1.hpp:238
bb::secp256k1::FrParams::r_inv_wasm_8
static constexpr uint64_t r_inv_wasm_8
Definition secp256k1.hpp:186
bb::secp256k1::FrParams::endo_minus_b1_mid
static constexpr uint64_t endo_minus_b1_mid
Definition secp256k1.hpp:213
bb::secp256k1::FrParams::r_inv_wasm_0
static constexpr uint64_t r_inv_wasm_0
Definition secp256k1.hpp:178
bb::secp256k1::FrParams::endo_b2_mid
static constexpr uint64_t endo_b2_mid
Definition secp256k1.hpp:216
bb::secp256k1::FrParams::modulus_wasm_3
static constexpr uint64_t modulus_wasm_3
Definition secp256k1.hpp:239
bb::secp256k1::FrParams::r_inv_wasm_1
static constexpr uint64_t r_inv_wasm_1
Definition secp256k1.hpp:179
bb::secp256k1::FrParams::r_inv_2
static constexpr uint64_t r_inv_2
Definition secp256k1.hpp:171
bb::secp256k1::FrParams::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition secp256k1.hpp:287
bb::secp256k1::FrParams::coset_generators_0
static constexpr uint64_t coset_generators_0[8]
Definition secp256k1.hpp:190
bb::secp256k1::FrParams::coset_generators_wasm_0
static constexpr uint64_t coset_generators_wasm_0[8]
Definition secp256k1.hpp:268
bb::secp256k1::FrParams::primitive_root_wasm_2
static constexpr uint64_t primitive_root_wasm_2
Definition secp256k1.hpp:263
bb::secp256k1::FrParams::primitive_root_0
static constexpr uint64_t primitive_root_0
Definition secp256k1.hpp:229
bb::secp256k1::FrParams::cube_root_wasm_2
static constexpr uint64_t cube_root_wasm_2
Definition secp256k1.hpp:257
bb::secp256k1::FrParams::endo_b2_lo
static constexpr uint64_t endo_b2_lo
Definition secp256k1.hpp:215
bb::secp256k1::FrParams::r_squared_2
static constexpr uint64_t r_squared_2
Definition secp256k1.hpp:156
bb::secp256k1::FrParams::cube_root_3
static constexpr uint64_t cube_root_3
Definition secp256k1.hpp:209
bb::secp256k1::FrParams::coset_generators_3
static constexpr uint64_t coset_generators_3[8]
Definition secp256k1.hpp:201
bb::secp256k1::FrParams::endo_g1_hihi
static constexpr uint64_t endo_g1_hihi
Definition secp256k1.hpp:221
bb::secp256k1::FrParams::endo_g2_hihi
static constexpr uint64_t endo_g2_hihi
Definition secp256k1.hpp:226
bb::secp256k1::FrParams::endo_g2_hi
static constexpr uint64_t endo_g2_hi
Definition secp256k1.hpp:225
bb::secp256k1::FrParams::r_inv_wasm_7
static constexpr uint64_t r_inv_wasm_7
Definition secp256k1.hpp:185
bb::secp256k1::FrParams::primitive_root_1
static constexpr uint64_t primitive_root_1
Definition secp256k1.hpp:230
bb::secp256k1::FrParams::coset_generators_wasm_3
static constexpr uint64_t coset_generators_wasm_3[8]
Definition secp256k1.hpp:280
bb::secp256k1::FrParams::primitive_root_wasm_0
static constexpr uint64_t primitive_root_wasm_0
Definition secp256k1.hpp:261
bb::secp256k1::FrParams::r_squared_0
static constexpr uint64_t r_squared_0
Definition secp256k1.hpp:154
bb::secp256k1::FrParams::r_squared_wasm_2
static constexpr uint64_t r_squared_wasm_2
Definition secp256k1.hpp:250
bb::secp256k1::FrParams::modulus_2
static constexpr uint64_t modulus_2
Definition secp256k1.hpp:150
bb::secp256k1::FrParams::r_squared_wasm_1
static constexpr uint64_t r_squared_wasm_1
Definition secp256k1.hpp:249
bb::secp256k1::FrParams::coset_generators_wasm_2
static constexpr uint64_t coset_generators_wasm_2[8]
Definition secp256k1.hpp:276
bb::secp256k1::FrParams::modulus_wasm_4
static constexpr uint64_t modulus_wasm_4
Definition secp256k1.hpp:240
bb::secp256k1::FrParams::coset_generators_2
static constexpr uint64_t coset_generators_2[8]
Definition secp256k1.hpp:198
bb::secp256k1::FrParams::r_inv_wasm_4
static constexpr uint64_t r_inv_wasm_4
Definition secp256k1.hpp:182
bb::secp256k1::FrParams::cube_root_2
static constexpr uint64_t cube_root_2
Definition secp256k1.hpp:208
bb::secp256k1::FrParams::endo_g2_lo
static constexpr uint64_t endo_g2_lo
Definition secp256k1.hpp:223
bb::secp256k1::FrParams::r_squared_wasm_0
static constexpr uint64_t r_squared_wasm_0
Definition secp256k1.hpp:248
bb::secp256k1::FrParams::endo_g2_mid
static constexpr uint64_t endo_g2_mid
Definition secp256k1.hpp:224
bb::secp256k1::FrParams::r_squared_1
static constexpr uint64_t r_squared_1
Definition secp256k1.hpp:155
bb::secp256k1::FrParams::primitive_root_3
static constexpr uint64_t primitive_root_3
Definition secp256k1.hpp:232
bb::secp256k1::FrParams::cube_root_0
static constexpr uint64_t cube_root_0
Definition secp256k1.hpp:206
bb::secp256k1::FrParams::r_inv_3
static constexpr uint64_t r_inv_3
Definition secp256k1.hpp:172
bb::secp256k1::FrParams::primitive_root_wasm_1
static constexpr uint64_t primitive_root_wasm_1
Definition secp256k1.hpp:262
bb::secp256k1::FrParams::modulus_wasm_0
static constexpr uint64_t modulus_wasm_0
Definition secp256k1.hpp:236
bb::secp256k1::FrParams::cube_root_1
static constexpr uint64_t cube_root_1
Definition secp256k1.hpp:207
bb::secp256k1::FrParams::r_inv_wasm_3
static constexpr uint64_t r_inv_wasm_3
Definition secp256k1.hpp:181
bb::secp256k1::G1Params::small_elements
static constexpr bool small_elements
Definition secp256k1.hpp:294
bb::secp256k1::G1Params::b
static constexpr fq b
Definition secp256k1.hpp:297
bb::secp256k1::G1Params::can_hash_to_curve
static constexpr bool can_hash_to_curve
Definition secp256k1.hpp:293
bb::secp256k1::G1Params::one_x
static constexpr fq one_x
Definition secp256k1.hpp:300
bb::secp256k1::G1Params::one_y
static constexpr fq one_y
Definition secp256k1.hpp:302
bb::secp256k1::G1Params::has_a
static constexpr bool has_a
Definition secp256k1.hpp:295
bb::secp256k1::G1Params::USE_ENDOMORPHISM
static constexpr bool USE_ENDOMORPHISM
Definition secp256k1.hpp:292
bb::secp256k1::G1Params::a
static constexpr fq a
Definition secp256k1.hpp:298