Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
eccvm_builder_types.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8
9#include "barretenberg/ecc/curves/bn254/bn254.hpp"
10#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
11
12namespace bb::eccvm {
13static constexpr size_t NUM_SCALAR_BITS = 128; // The length of scalars handled by the ECCVVM
14static constexpr size_t NUM_WNAF_DIGIT_BITS = 4; // Scalars are decomposed into base 16 in wNAF form
15static constexpr size_t NUM_WNAF_DIGITS_PER_SCALAR = NUM_SCALAR_BITS / NUM_WNAF_DIGIT_BITS; // 32
16static constexpr uint64_t WNAF_MASK = static_cast<uint64_t>((1ULL << NUM_WNAF_DIGIT_BITS) - 1ULL);
17static constexpr size_t POINT_TABLE_SIZE =
18 1ULL << (NUM_WNAF_DIGIT_BITS); // Corresponds to the odd multiples of [P] between -(2^w - 1) and 2^w - 1.
19static constexpr size_t WNAF_DIGITS_PER_ROW = 4;
20static constexpr size_t ADDITIONS_PER_ROW =
21 4; // In the Straus algorithm for MSM, we proceed "digit-by-digit". (Here, digit means wNAF digit.) We chunk
22 // `ADDITIONS_PER_ROW` additions, all in the *same digit-slot*, in a row of the ECCVM's MSM table. Various parts
23 // of the implemention exploit the fact that `ADDITIONS_PER_ROWS == NUM_WNAF_DIGIT_BITS`.
24
25template <typename CycleGroup> struct ScalarMul {
26 uint32_t pc;
27 uint256_t scalar;
28 typename CycleGroup::affine_element base_point;
29 std::array<int, NUM_WNAF_DIGITS_PER_SCALAR>
30 wnaf_digits; // [a_{n-1}, a_{n-1}, ..., a_{0}], where each a_i ∈ {-2ʷ⁻¹ + 1, -2ʷ⁻¹ + 3, ..., 2ʷ⁻¹ - 3, 2ʷ⁻¹ -
31 // 1} ∪ {0}. (here, w = `NUM_WNAF_DIGIT_BITS`). in particular, a_i is an odd integer with
32 // absolute value less than 2ʷ. Represents the number `scalar` = ∑ᵢ aᵢ 2⁴ⁱ - `wnaf_skew`.
33 bool wnaf_skew; // necessary to represent _even_ integers
34 // size bumped by 1 to record base_point.dbl()
35 std::array<typename CycleGroup::affine_element, POINT_TABLE_SIZE + 1> precomputed_table;
36};
37
38template <typename CycleGroup> using MSM = std::vector<ScalarMul<CycleGroup>>;
39
40} // namespace bb::eccvm
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::eccvm::MSM
std::vector< ScalarMul< CycleGroup > > MSM
Definition eccvm_builder_types.hpp:38
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::eccvm::ScalarMul::precomputed_table
std::array< typename CycleGroup::affine_element, POINT_TABLE_SIZE+1 > precomputed_table
Definition eccvm_builder_types.hpp:35
bb::eccvm::ScalarMul::wnaf_digits
std::array< int, NUM_WNAF_DIGITS_PER_SCALAR > wnaf_digits
Definition eccvm_builder_types.hpp:30
bb::eccvm::ScalarMul::base_point
CycleGroup::affine_element base_point
Definition eccvm_builder_types.hpp:28