Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
field12.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#pragma once
8#include "barretenberg/numeric/random/engine.hpp"
9
10namespace bb {
11template <typename quadratic_field, typename base_field, typename Fq12Params> class field12 {
12 public:
13 constexpr field12(const base_field& a = base_field::zero(), const base_field& b = base_field::zero())
14 : c0(a)
15 , c1(b)
16 {}
17
18 constexpr field12(const field12& other)
19 : c0(other.c0)
20 , c1(other.c1)
21 {}
22
23 constexpr field12(field12&& other) noexcept
24 : c0(other.c0)
25 , c1(other.c1)
26 {}
27
28 constexpr field12& operator=(const field12& other) noexcept
29 {
30 if (this == &other) {
31 return *this;
32 }
33 c0 = other.c0;
34 c1 = other.c1;
35 return *this;
36 }
37
38 constexpr field12& operator=(field12&& other) noexcept
39 {
40 c0 = other.c0;
41 c1 = other.c1;
42 return *this;
43 }
44
45 constexpr ~field12() noexcept = default;
46
47 base_field c0;
48 base_field c1;
49
50 struct ell_coeffs {
51 quadratic_field o;
52 quadratic_field vw;
53 quadratic_field vv;
54 };
55
56 static constexpr field12 zero() { return { base_field::zero(), base_field::zero() }; };
57 static constexpr field12 one() { return { base_field::one(), base_field::zero() }; };
58
59 static constexpr base_field mul_by_non_residue(const base_field& a)
60 {
61 return {
62 base_field::mul_by_non_residue(a.c2),
63 a.c0,
64 a.c1,
65 };
66 }
67
68 constexpr field12 operator+(const field12& other) const
69 {
70 return {
71 c0 + other.c0,
72 c1 + other.c1,
73 };
74 }
75
76 constexpr field12 operator-(const field12& other) const
77 {
78 return {
79 c0 - other.c0,
80 c1 - other.c1,
81 };
82 }
83
84 constexpr field12 operator*(const field12& other) const
85 {
86 base_field T0 = c0 * other.c0;
87 base_field T1 = c1 * other.c1;
88 base_field T2 = c0 + c1;
89 base_field T3 = other.c0 + other.c1;
90
91 return {
92 mul_by_non_residue(T1) + T0,
93 T2 * T3 - (T0 + T1),
94 };
95 }
96
97 constexpr field12 operator/(const field12& other) const { return operator*(other.invert()); }
98
99 constexpr field12 operator+=(const field12& other)
100 {
101 c0 += other.c0;
102 c1 += other.c1;
103 return *this;
104 }
105
106 constexpr field12 operator-=(const field12& other)
107 {
108 c0 -= other.c0;
109 c1 -= other.c1;
110 return *this;
111 }
112
113 constexpr field12 operator*=(const field12& other)
114 {
115 *this = operator*(other);
116 return *this;
117 }
118
119 constexpr field12 operator/=(const field12& other)
120 {
121 *this = operator/(other);
122 return *this;
123 }
124
125 constexpr void self_sparse_mul(const ell_coeffs& ell)
126 {
127 // multiplicand is sparse fp12 element (ell.0, 0, ell.vv) + \beta(0, ell.vw, 0)
128 quadratic_field d0 = c0.c0 * ell.o;
129 quadratic_field d2 = c0.c2 * ell.vv;
130 quadratic_field d4 = c1.c1 * ell.vw;
131 quadratic_field t2 = c0.c0 + c1.c1;
132 quadratic_field t1 = c0.c0 + c0.c2;
133 quadratic_field s0 = c0.c1 + c1.c0;
134 s0 += c1.c2;
135
136 quadratic_field s1 = c0.c1 * ell.vv;
137 quadratic_field t3 = s1 + d4;
138 quadratic_field t4 = base_field::mul_by_non_residue(t3);
139 c0.c0 = t4 + d0;
140
141 t3 = c1.c2 * ell.vw;
142 s1 += t3;
143 t3 += d2;
144 t4 = base_field::mul_by_non_residue(t3);
145 t3 = c0.c1 * ell.o;
146 s1 += t3;
147 c0.c1 = t4 + t3;
148
149 quadratic_field t0 = ell.o + ell.vv;
150 t3 = t1 * t0;
151 t3 -= d0;
152 t3 -= d2;
153 t4 = c1.c0 * ell.vw;
154 s1 += t4;
155
156 t0 = c0.c2 + c1.c1;
157 c0.c2 = t3 + t4;
158
159 t1 = ell.vv + ell.vw;
160 t3 = t0 * t1;
161 t3 -= d2;
162 t3 -= d4;
163 t4 = base_field::mul_by_non_residue(t3);
164 t3 = c1.c0 * ell.o;
165 s1 += t3;
166 c1.c0 = t3 + t4;
167
168 t3 = c1.c2 * ell.vv;
169 s1 += t3;
170 t4 = base_field::mul_by_non_residue(t3);
171 t0 = ell.o + ell.vw;
172 t3 = t0 * t2;
173 t3 -= d0;
174 t3 -= d4;
175 c1.c1 = t3 + t4;
176
177 t0 = ell.o + ell.vv;
178 t0 += ell.vw;
179 t3 = s0 * t0;
180 c1.c2 = t3 - s1;
181 }
182
183 constexpr field12 sqr() const
184 {
185 base_field T0 = c0 + c1;
186 base_field T1 = mul_by_non_residue(c1) + c0;
187
188 T0 *= T1;
189 T1 = c0 * c1;
190
191 return {
192 T0 - (T1 + mul_by_non_residue(T1)),
193 T1 + T1,
194 };
195 }
196
197 constexpr field12 invert() const
198 {
199 /* From "High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves"; Algorithm 8
200 */
201 base_field T0 = (c0.sqr() - mul_by_non_residue(c1.sqr())).invert();
202 return {
203 c0 * T0,
204 -(c1 * T0),
205 };
206 }
207
208 constexpr field12 frobenius_map_three() const
209 {
210 return {
211 c0.frobenius_map_three(),
212 c1.frobenius_map_three().mul_by_fq2(Fq12Params::frobenius_coefficients_3),
213 };
214 }
215
216 constexpr field12 frobenius_map_two() const
217 {
218 return {
219 c0.frobenius_map_two(),
220 c1.frobenius_map_two().mul_by_fq2(Fq12Params::frobenius_coefficients_2),
221 };
222 }
223
224 constexpr field12 frobenius_map_one() const
225 {
226 return {
227 c0.frobenius_map_one(),
228 c1.frobenius_map_one().mul_by_fq2(Fq12Params::frobenius_coefficients_1),
229 };
230 }
231
232 constexpr field12 cyclotomic_squared() const
233 {
234 // Possible Optimization: The cyclotomic squaring can be implemented more than efficiently
235 // than the generic squaring.
236 return sqr();
237 }
238
239 constexpr field12 unitary_inverse() const
240 {
241 return {
242 c0,
243 -c1,
244 };
245 }
246
247 static constexpr field12 random_element(numeric::RNG* engine = nullptr)
248 {
249 return {
250 base_field::random_element(engine),
251 base_field::random_element(engine),
252 };
253 }
254
255 constexpr field12 to_montgomery_form()
256 {
257 return {
258 c0.to_montgomery_form(),
259 c1.to_montgomery_form(),
260 };
261 }
262
263 constexpr field12 from_montgomery_form()
264 {
265 return {
266 c0.from_montgomery_form(),
267 c1.from_montgomery_form(),
268 };
269 }
270
271 [[nodiscard]] constexpr bool is_zero() const { return c0.is_zero() && c1.is_zero(); }
272
273 constexpr bool operator==(const field12& other) const { return c0 == other.c0 && c1 == other.c1; }
274};
275} // namespace bb
bb::field12::operator-
constexpr field12 operator-(const field12 &other) const
Definition field12.hpp:76
bb::field12::c1
base_field c1
Definition field12.hpp:48
bb::field12::zero
static constexpr field12 zero()
Definition field12.hpp:56
bb::field12::cyclotomic_squared
constexpr field12 cyclotomic_squared() const
Definition field12.hpp:232
bb::field12::operator*=
constexpr field12 operator*=(const field12 &other)
Definition field12.hpp:113
bb::field12::operator=
constexpr field12 & operator=(field12 &&other) noexcept
Definition field12.hpp:38
bb::field12::operator==
constexpr bool operator==(const field12 &other) const
Definition field12.hpp:273
bb::field12::operator+
constexpr field12 operator+(const field12 &other) const
Definition field12.hpp:68
bb::field12::frobenius_map_three
constexpr field12 frobenius_map_three() const
Definition field12.hpp:208
bb::field12::invert
constexpr field12 invert() const
Definition field12.hpp:197
bb::field12::field12
constexpr field12(field12 &&other) noexcept
Definition field12.hpp:23
bb::field12::operator/
constexpr field12 operator/(const field12 &other) const
Definition field12.hpp:97
bb::field12::random_element
static constexpr field12 random_element(numeric::RNG *engine=nullptr)
Definition field12.hpp:247
bb::field12::is_zero
constexpr bool is_zero() const
Definition field12.hpp:271
bb::field12::unitary_inverse
constexpr field12 unitary_inverse() const
Definition field12.hpp:239
bb::field12::field12
constexpr field12(const field12 &other)
Definition field12.hpp:18
bb::field12::field12
constexpr field12(const base_field &a=base_field::zero(), const base_field &b=base_field::zero())
Definition field12.hpp:13
bb::field12::operator+=
constexpr field12 operator+=(const field12 &other)
Definition field12.hpp:99
bb::field12::operator/=
constexpr field12 operator/=(const field12 &other)
Definition field12.hpp:119
bb::field12::self_sparse_mul
constexpr void self_sparse_mul(const ell_coeffs &ell)
Definition field12.hpp:125
bb::field12::operator=
constexpr field12 & operator=(const field12 &other) noexcept
Definition field12.hpp:28
bb::field12::one
static constexpr field12 one()
Definition field12.hpp:57
bb::field12::~field12
constexpr ~field12() noexcept=default
bb::field12::from_montgomery_form
constexpr field12 from_montgomery_form()
Definition field12.hpp:263
bb::field12::sqr
constexpr field12 sqr() const
Definition field12.hpp:183
bb::field12::operator-=
constexpr field12 operator-=(const field12 &other)
Definition field12.hpp:106
bb::field12::mul_by_non_residue
static constexpr base_field mul_by_non_residue(const base_field &a)
Definition field12.hpp:59
bb::field12::c0
base_field c0
Definition field12.hpp:47
bb::field12::operator*
constexpr field12 operator*(const field12 &other) const
Definition field12.hpp:84
bb::field12::frobenius_map_two
constexpr field12 frobenius_map_two() const
Definition field12.hpp:216
bb::field12::frobenius_map_one
constexpr field12 frobenius_map_one() const
Definition field12.hpp:224
bb::field12::to_montgomery_form
constexpr field12 to_montgomery_form()
Definition field12.hpp:255
a
FF a
Definition field_gt.test.cpp:51
b
FF b
Definition field_gt.test.cpp:52
engine
numeric::RNG & engine
Definition eccvm_transcript.test.cpp:282
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::field12::ell_coeffs
Definition field12.hpp:50
bb::field12::ell_coeffs::vv
quadratic_field vv
Definition field12.hpp:53
bb::field12::ell_coeffs::vw
quadratic_field vw
Definition field12.hpp:52
bb::field12::ell_coeffs::o
quadratic_field o
Definition field12.hpp:51