Barretenberg: src/barretenberg/ecc/groups/element.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include "affine_element.hpp"

#include "barretenberg/common/compiler_hints.hpp"

#include "barretenberg/common/mem.hpp"

#include "barretenberg/numeric/random/engine.hpp"

#include "barretenberg/numeric/uint256/uint256.hpp"

#include "wnaf.hpp"

#include <array>

#include <random>

#include <vector>


namespace bb::group_elements {


template <class Fq, class Fr, class Params> class alignas(32) element {

  public:

    static constexpr Fq curve_b = Params::b;


    element() noexcept = default;


    constexpr element(const Fq& a, const Fq& b, const Fq& c) noexcept;

    constexpr element(const element& other) noexcept;

    constexpr element(element&& other) noexcept;

    constexpr element(const affine_element<Fq, Fr, Params>& other) noexcept;

    ~element() noexcept = default;


    static constexpr element one() noexcept { return { Params::one_x, Params::one_y, Fq::one() }; };


    static constexpr element zero() noexcept

    {

        element zero;

        zero.self_set_infinity();

        return zero;

    };


    constexpr element& operator=(const element& other) noexcept;

    constexpr element& operator=(element&& other) noexcept;


    constexpr operator affine_element<Fq, Fr, Params>() const noexcept;


    static element random_element(numeric::RNG* engine = nullptr) noexcept;


    constexpr element dbl() const noexcept;

    constexpr void self_dbl() noexcept;

    constexpr void self_mixed_add_or_sub(const affine_element<Fq, Fr, Params>& other, uint64_t predicate) noexcept;


    constexpr element operator+(const element& other) const noexcept;

    constexpr element operator+(const affine_element<Fq, Fr, Params>& other) const noexcept;

    constexpr element operator+=(const element& other) noexcept;

    constexpr element operator+=(const affine_element<Fq, Fr, Params>& other) noexcept;


    constexpr element operator-(const element& other) const noexcept;

    constexpr element operator-(const affine_element<Fq, Fr, Params>& other) const noexcept;

    constexpr element operator-() const noexcept;

    constexpr element operator-=(const element& other) noexcept;

    constexpr element operator-=(const affine_element<Fq, Fr, Params>& other) noexcept;


    friend constexpr element operator+(const affine_element<Fq, Fr, Params>& left, const element& right) noexcept

    {

        return right + left;

    }


    friend constexpr element operator-(const affine_element<Fq, Fr, Params>& left, const element& right) noexcept

    {

        return -right + left;

    }


    element operator*(const Fr& exponent) const noexcept;

    element operator*=(const Fr& exponent) noexcept;


    // If you end up implementing this, congrats, you've solved the DL problem!

    // P.S. This is a joke, don't even attempt! 😂

    // constexpr Fr operator/(const element& other) noexcept {}


    constexpr element normalize() const noexcept;

    static element infinity();

    BB_INLINE constexpr element set_infinity() const noexcept;

    BB_INLINE constexpr void self_set_infinity() noexcept;

    [[nodiscard]] BB_INLINE constexpr bool is_point_at_infinity() const noexcept;

    [[nodiscard]] BB_INLINE constexpr bool on_curve() const noexcept;

    BB_INLINE constexpr bool operator==(const element& other) const noexcept;


    static void batch_normalize(element* elements, size_t num_elements) noexcept;

    static void batch_affine_add(const std::span<affine_element<Fq, Fr, Params>>& first_group,

                                 const std::span<affine_element<Fq, Fr, Params>>& second_group,

                                 const std::span<affine_element<Fq, Fr, Params>>& results) noexcept;

    static std::vector<affine_element<Fq, Fr, Params>> batch_mul_with_endomorphism(

        const std::span<const affine_element<Fq, Fr, Params>>& points, const Fr& scalar) noexcept;


    Fq x;

    Fq y;

    Fq z;


  private:

    // For test access to mul_without_endomorphism

    friend class TestElementPrivate;

    element mul_without_endomorphism(const Fr& scalar) const noexcept;

    element mul_with_endomorphism(const Fr& scalar) const noexcept;


    template <typename = typename std::enable_if<Params::can_hash_to_curve>>

    static element random_coordinates_on_curve(numeric::RNG* engine = nullptr) noexcept;

    // {

    //     bool found_one = false;

    //     Fq yy;

    //     Fq x;

    //     Fq y;

    //     Fq t0;

    //     while (!found_one) {

    //         x = Fq::random_element(engine);

    //         yy = x.sqr() * x + Params::b;

    //         if constexpr (Params::has_a) {

    //             yy += (x * Params::a);

    //         }

    //         y = yy.sqrt();

    //         t0 = y.sqr();

    //         found_one = (yy == t0);

    //     }

    //     return { x, y, Fq::one() };

    // }

    // TODO(https://github.com/AztecProtocol/barretenberg/issues/908) point at inifinty isn't handled

    // To reenable this do NOT do use MSGPACK_FIELDS macro below, instead follow the logic in affine_element

    // MSGPACK_FIELDS(x, y, z);


    static void conditional_negate_affine(const affine_element<Fq, Fr, Params>& in,

                                          affine_element<Fq, Fr, Params>& out,

                                          uint64_t predicate) noexcept;


    friend std::ostream& operator<<(std::ostream& os, const element& a)

    {

        os << "{ " << a.x << ", " << a.y << ", " << a.z << " }";

        return os;

    }


};


template <class Fq, class Fr, class Params> std::ostream& operator<<(std::ostream& os, element<Fq, Fr, Params> const& e)

{

    return os << "x:" << e.x << " y:" << e.y << " z:" << e.z;

}


// constexpr element<Fq, Fr, Params>::one = element<Fq, Fr, Params>{ Params::one_x, Params::one_y, Fq::one() };

// constexpr element<Fq, Fr, Params>::point_at_infinity = one.set_infinity();

// constexpr element<Fq, Fr, Params>::curve_b = Params::b;

} // namespace bb::group_elements


#include "./element_impl.hpp"

affine_element.hpp

bb::group_elements::TestElementPrivate
Definition affine_element.test.cpp:267

bb::group_elements::affine_element
Definition affine_element.hpp:21

bb::group_elements::element
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic....
Definition element.hpp:33

bb::group_elements::element::operator*=
element operator*=(const Fr &exponent) noexcept
Definition element_impl.hpp:485

bb::group_elements::element::set_infinity
BB_INLINE constexpr element set_infinity() const noexcept
Definition element_impl.hpp:504

bb::group_elements::element::mul_with_endomorphism
element mul_with_endomorphism(const Fr &scalar) const noexcept
Definition element_impl.hpp:658

bb::group_elements::element::infinity
static element infinity()
Definition element_impl.hpp:497

bb::group_elements::element::y
Fq y
Definition element.hpp:107

bb::group_elements::element::batch_mul_with_endomorphism
static std::vector< affine_element< Fq, Fr, Params > > batch_mul_with_endomorphism(const std::span< const affine_element< Fq, Fr, Params > > &points, const Fr &scalar) noexcept
Multiply each point by the same scalar.
Definition element_impl.hpp:794

bb::group_elements::element::zero
static constexpr element zero() noexcept
Definition element.hpp:46

bb::group_elements::element::z
Fq z
Definition element.hpp:108

bb::group_elements::element::dbl
constexpr element dbl() const noexcept
Definition element_impl.hpp:151

bb::group_elements::element::normalize
constexpr element normalize() const noexcept
Definition element_impl.hpp:491

bb::group_elements::element::operator-
friend constexpr element operator-(const affine_element< Fq, Fr, Params > &left, const element &right) noexcept
Definition element.hpp:79

bb::group_elements::element::self_dbl
constexpr void self_dbl() noexcept
Definition element_impl.hpp:82

bb::group_elements::element::random_element
static element random_element(numeric::RNG *engine=nullptr) noexcept
Definition element_impl.hpp:586

bb::group_elements::element::batch_normalize
static void batch_normalize(element *elements, size_t num_elements) noexcept
Definition element_impl.hpp:1044

bb::group_elements::element::one
static constexpr element one() noexcept
Definition element.hpp:45

bb::group_elements::element::batch_affine_add
static void batch_affine_add(const std::span< affine_element< Fq, Fr, Params > > &first_group, const std::span< affine_element< Fq, Fr, Params > > &second_group, const std::span< affine_element< Fq, Fr, Params > > &results) noexcept
Pairwise affine add points in first and second group.
Definition element_impl.hpp:722

bb::group_elements::element::on_curve
BB_INLINE constexpr bool on_curve() const noexcept
Definition element_impl.hpp:538

bb::group_elements::element::operator*
element operator*(const Fr &exponent) const noexcept
Definition element_impl.hpp:477

bb::group_elements::element::self_mixed_add_or_sub
constexpr void self_mixed_add_or_sub(const affine_element< Fq, Fr, Params > &other, uint64_t predicate) noexcept
Definition element_impl.hpp:159

bb::group_elements::element::curve_b
static constexpr Fq curve_b
Definition element.hpp:35

bb::group_elements::element::x
Fq x
Definition element.hpp:106

bb::group_elements::element::element
element() noexcept=default

bb::group_elements::element::conditional_negate_affine
static void conditional_negate_affine(const affine_element< Fq, Fr, Params > &in, affine_element< Fq, Fr, Params > &out, uint64_t predicate) noexcept
Definition element_impl.hpp:1036

bb::group_elements::element::random_coordinates_on_curve
static element random_coordinates_on_curve(numeric::RNG *engine=nullptr) noexcept

bb::group_elements::element::mul_without_endomorphism
element mul_without_endomorphism(const Fr &scalar) const noexcept
Definition element_impl.hpp:603

bb::group_elements::element::operator=
constexpr element & operator=(const element &other) noexcept
Definition element_impl.hpp:46

bb::group_elements::element::self_set_infinity
BB_INLINE constexpr void self_set_infinity() noexcept
Definition element_impl.hpp:511

bb::group_elements::element::is_point_at_infinity
BB_INLINE constexpr bool is_point_at_infinity() const noexcept
Definition element_impl.hpp:527

bb::numeric::RNG
Definition engine.hpp:17

compiler_hints.hpp

BB_INLINE
#define BB_INLINE
Definition compiler_hints.hpp:6

a
FF a
Definition field_gt.test.cpp:51

b
FF b
Definition field_gt.test.cpp:52

engine
numeric::RNG & engine
Definition eccvm_transcript.test.cpp:282

element_impl.hpp

engine.hpp

Params
crypto::Poseidon2Bn254ScalarFieldParams Params
Definition graph_description_poseidon2s_permutation.test.cpp:21

mem.hpp

bb::group_elements
Definition affine_element.hpp:18

bb::group_elements::operator<<
std::ostream & operator<<(std::ostream &os, element< Fq, Fr, Params > const &e)
Definition element.hpp:151

std
STL namespace.

bb::field< Bn254FqParams >

bb::field< Bn254FqParams >::one
static constexpr field one()
Definition field_declarations.hpp:242

uint256.hpp

wnaf.hpp