- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
#include <ecc_set_relation.hpp>
Public Types | |
| using | FF = FF_ |
Static Public Member Functions | |
| template<typename AllEntities > | |
| static bool | skip (const AllEntities &in) |
| template<typename Accumulator > | |
| static Accumulator | convert_to_wnaf (const auto &s0, const auto &s1) |
| static auto & | get_grand_product_polynomial (auto &input) |
| static auto & | get_shifted_grand_product_polynomial (auto &input) |
| template<typename Accumulator , typename AllEntities , typename Parameters > | |
| static Accumulator | compute_grand_product_numerator (const AllEntities &in, const Parameters ¶ms) |
| Performs multiset equality checks for the ECCVM. This faciliates "communication" between disjoint sets of columns, which we view as tables: the Precomputed table, the MSM table, and the Transcript table. This used to be called a strict lookup argument (where every element written was read exactly once.) | |
| template<typename Accumulator , typename AllEntities , typename Parameters > | |
| static Accumulator | compute_grand_product_denominator (const AllEntities &in, const Parameters ¶ms) |
| template<typename ContainerOverSubrelations , typename AllEntities , typename Parameters > | |
| static void | accumulate (ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters ¶ms, const FF &scaling_factor) |
| Expression for the standard arithmetic gate. @dbetails The relation is defined as C(in(X)...) = (q_m * w_r * w_l) + (q_l * w_l) + (q_r * w_r) + (q_o * w_o) + q_c. | |
Static Public Attributes | |
| static constexpr std::array< size_t, 2 > | SUBRELATION_PARTIAL_LENGTHS |
Definition at line 17 of file ecc_set_relation.hpp.
| using bb::ECCVMSetRelationImpl< FF_ >::FF = FF_ |
Definition at line 19 of file ecc_set_relation.hpp.
|
static |
Expression for the standard arithmetic gate. @dbetails The relation is defined as C(in(X)...) = (q_m * w_r * w_l) + (q_l * w_l) + (q_r * w_r) + (q_o * w_o) + q_c.
| evals | transformed to evals + C(in(X)...)*scaling_factor |
| in | an std::array containing the fully extended Accumulator edges. |
| parameters | contains beta, gamma, and public_input_delta, .... |
| scaling_factor | optional term to scale the evaluation before adding to evals. |
Definition at line 440 of file ecc_set_relation_impl.hpp.
|
static |
First term: tuple of (pc, round, wnaf_slice), used to determine which points we extract from lookup tables when evaluaing MSMs in ECCVMMsmRelation. These values must be equivalent to the values computed in the 1st term of compute_grand_product_numerator
Second term: tuple of the form (transcript_pc, transcript_Px, transcript_Py, z1) OR (transcript_pc, \beta * transcript_Px, -transcript_Py, z2) for each scalar multiplication in ECCVMTranscriptRelation columns. Here \(\beta\) is a cube root of unity in \(\mathbb f_q\). These values must be equivalent to the second term values in compute_grand_product_numerator
Recall that every element of \(\mathbb F_r\) may be written as \(z_1 + \zeta z_2 = z_1 - \beta z_2\), where the \(z_i\) are 128 bit numbers and \(\zeta = -\beta\) is a sixth root of unity.
Third term: tuple of (pc, P.x, P.y, msm-size) from ECCVMTranscriptRelation. (P.x, P.y) is the claimed output of a multi-scalar-multiplication evaluated in ECCVMMSMRelation. We need to validate that the msm output produced in ECCVMMSMRelation is equivalent to the output present in transcript_msm_output_x, transcript_msm_output_y, for a given multi-scalar multiplication starting at transcript_pc and has size transcript_msm_count.
(transcript_msm_output_x, transcript_msm_output_y) is the value of the just-completed MSM + OFFSET (as this is what the MSM table computes with to avoid branch logic.)in transcript_msm_output_x, transcript_msm_output_y, for a given multi-scalar multiplication starting at transcript_pc and has size transcript_msm_count.
(transcript_msm_output_x, transcript_msm_output_y) is the value of the just-completed MSM + OFFSET (as this is what the MSM table computes with to avoid branch logic.)Definition at line 281 of file ecc_set_relation_impl.hpp.
|
static |
Performs multiset equality checks for the ECCVM. This faciliates "communication" between disjoint sets of columns, which we view as tables: the Precomputed table, the MSM table, and the Transcript table. This used to be called a strict lookup argument (where every element written was read exactly once.)
ECCVMSetRelationImpl validates the correctness of the "inputs"/"outputs" of the three main algorithms evaluated by the ECCVM. Note that the terminology of "inputs" and "outputs" is purely psychological; they each just name the multiset we are adding to.
It will be helpful to recall that pc always stands for point-counter. We use the terms interchangably.
FIRST TERM: tuple of (pc, round, wnaf_slice), computed when slicing scalar multipliers into slices, as part of ECCVMWnafRelation.
Input source: ECCVMWnafRelation Output source: ECCVMMSMRelation
SECOND TERM: tuple of (pc, P.x, P.y, scalar-multiplier), used in ECCVMWnafRelation.
Input source: ECCVMPointTableRelation Output source: ECCVMTranscriptRelation
Note that, from the latter table, this is only turned on when we are at a mul instruction. Similarly, from the former table, this is only turned on when precompute_point_transition == 1.
THIRD TERM: tuple of (pc, P.x, P.y,msm-size) from ECCVMMSMRelation, to link the output of the MSM computation from the MSM table to the values in the Transcript tables.
Input source: ECCVMMSMRelation Output source: ECCVMTranscriptRelation Note that, from the latter table, this is only turned on when we are at an MSM transition, so we don't record the "intermediate" transcript_pc values from the Transcript columns. This is compatible with the fact that the msm_pc values are constant on a fixed MSM.
| FF | |
| AccumulatorTypes |
| in | |
| relation_params | |
| index |
First term: tuple of (pc, round, wnaf_slice), computed when slicing scalar multipliers into slices, as part of ECCVMWnafRelation.
There are 4 tuple entries per row of the Precompute table. Moreover, the element that "increments" is 4 * precompute_round, due to the fact that the Precompute columns contain four "digits"/slices per row.
precompute_select == 1. Otherwise, we add a the tuple (0, 0, 0).Second term: tuple of (pc, P.x, P.y, scalar-multiplier), used in ECCVMWnafRelation and ECCVMPointTableRelation.
ECCVMWnafRelation validates the sum of the wnaf slices associated with point-counter equals scalar-multiplier. ECCVMPointTableRelation computes a table of muliples of [P]: { -15[P], -13[P], ..., 15[P] }. We need to validate that the scalar-multiplier and [P] = (P.x, P.y) come from MUL opcodes in the transcript columns; in other words, that the wNAF expansion of the scalar-multiplier is correct.
precompute_point_transition == 1.Third term: tuple of (pc, P.x, P.y, msm-size) from ECCVMMSMRelation. Third term: tuple of (pc, P.x, P.y, msm-size) from ECCVMMSMRelation. (P.x, P.y) is the output of a multi-scalar-multiplication evaluated in ECCVMMSMRelation. We need to validate that the same values (P.x, P.y) are present in the Transcript columns and describe a multi-scalar multiplication of size msm-size, starting at pc. multi-scalar multiplication of size msm-size, starting at pc.
If msm_transition_shift == 1, this indicates the current row is the last row of a multiscalar multiplication evaluation. The output of the MSM will be present on (msm_accumulator_x_shift, msm_accumulator_y_shift). The values of msm_accumulator_x_shift, msm_accumulator_y_shift, msm_pc, msm_size_of_msm must match up with equivalent values transcript_msm_output_x, transcript_msm_output_y, transcript_pc, transcript_msm_count present in the Transcript columns.
Checking msm_size is correct (it is tied to the pc) is necessary to make sure the msm_pc increments correctly after it completes an MSM.
Definition at line 60 of file ecc_set_relation_impl.hpp.
|
inlinestatic |
Definition at line 49 of file ecc_set_relation.hpp.
|
inlinestatic |
Definition at line 59 of file ecc_set_relation.hpp.
|
inlinestatic |
Definition at line 60 of file ecc_set_relation.hpp.
|
inlinestatic |
Definition at line 26 of file ecc_set_relation.hpp.
|
staticconstexpr |
Definition at line 21 of file ecc_set_relation.hpp.
1.9.8