bn254.hpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }
// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }
// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }
// =====================
 
#pragma once
#include "../bigfield/bigfield.hpp"
#include "../biggroup/biggroup.hpp"
#include "../field/field.hpp"
#include "barretenberg/ecc/curves/types.hpp"
 
namespace bb::stdlib {
 
template <typename CircuitBuilder> struct bn254 {
    static constexpr bb::CurveType type = bb::CurveType::BN254;
    // TODO(#673): This flag is temporary. It is needed in the verifier classes (GeminiVerifier, etc.) while these
    // classes are instantiated with "native" curve types. Eventually, the verifier classes will be instantiated only
    // with stdlib types, and "native" verification will be acheived via a simulated builder.
    static constexpr bool is_stdlib_type = true;
    using NativeCurve = curve::BN254;
 
    // Corresponding native types (used exclusively for testing)
    using ScalarFieldNative = curve::BN254::ScalarField;
    using BaseFieldNative = curve::BN254::BaseField;
    using GroupNative = curve::BN254::Group;
    using ElementNative = GroupNative::element;
    using AffineElementNative = GroupNative::affine_element;
 
    // Stdlib types corresponding to those defined in the native description of the curve.
    // Note: its useful to have these type names match the native analog exactly so that components that digest a Curve
    // (e.g. Gemini) can be agnostic as to whether they're operating on native or stdlib types.
    using ScalarField = field_t<CircuitBuilder>;
    using Group = element<CircuitBuilder, bigfield<CircuitBuilder, bb::Bn254FqParams>, ScalarField, GroupNative>;
    using BaseField = Group::BaseField;
    using Element = Group;
    using AffineElement = Group;
 
    // Additional types with no analog in the native description of the curve
    using Builder = CircuitBuilder;
    using witness_ct = witness_t<CircuitBuilder>;
    using public_witness_ct = public_witness_t<CircuitBuilder>;
    using byte_array_ct = byte_array<CircuitBuilder>;
    using bool_ct = bool_t<CircuitBuilder>;
 
    using bigfr_ct = bigfield<CircuitBuilder, bb::Bn254FrParams>;
    using g1_bigfr_ct = element<CircuitBuilder, BaseField, bigfr_ct, GroupNative>;
 
    // Required by SmallSubgroupIPA argument
    static constexpr size_t SUBGROUP_SIZE = 256;
    // BN254's scalar field has a multiplicative subgroup of order 2^28. It is generated by 5. The generator below is
    // 5^{2^{20}}. To avoid inversion in the recursive verifier, we also store ir
    static constexpr bb::fr subgroup_generator =
        bb::fr(uint256_t("0x07b0c561a6148404f086204a9f36ffb0617942546750f230c893619174a57a76"));
    static constexpr bb::fr subgroup_generator_inverse =
        bb::fr(uint256_t("0x204bd3277422fad364751ad938e2b5e6a54cf8c68712848a692c553d0329f5d6"));
    // The length of the polynomials used to mask the Sumcheck Round Univariates. Computed as
    // max(BATCHED_PARTIAL_RELATION_LENGTH) for BN254 Flavors with ZK
    static constexpr uint32_t LIBRA_UNIVARIATES_LENGTH = 9;
 
}; // namespace bn254
 
} // namespace bb::stdlib