- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
#include <poseidon2_external_relation.hpp>
Public Types | |
| using | FF = FF_ |
Static Public Member Functions | |
| template<typename AllEntities > | |
| static bool | skip (const AllEntities &in) |
| Returns true if the contribution from all subrelations for the provided inputs is identically zero. | |
| template<typename ContainerOverSubrelations , typename AllEntities , typename Parameters > | |
| static void | accumulate (ContainerOverSubrelations &evals, const AllEntities &in, const Parameters &, const FF &scaling_factor) |
| Expression for the poseidon2 external round relation, based on \( E_i \) in Section 6 of https://eprint.iacr.org/2023/323.pdf. | |
Static Public Attributes | |
| static constexpr std::array< size_t, 4 > | SUBRELATION_PARTIAL_LENGTHS |
Definition at line 11 of file poseidon2_external_relation.hpp.
| using bb::Poseidon2ExternalRelationImpl< FF_ >::FF = FF_ |
Definition at line 13 of file poseidon2_external_relation.hpp.
|
inlinestatic |
Expression for the poseidon2 external round relation, based on \( E_i \) in Section 6 of https://eprint.iacr.org/2023/323.pdf.
For state \( \mathbf{u} = (u_1, u_2, u_3, u_4)\) with \( u_i = \big(w_i + c_i^{(i)}\big)^5 \), the external round computes \( \mathbf{v} = M_E \cdot \mathbf{u}^{\top}\), where \(M_E\) is the external round matrix defined as follows:
\[ M_E = \begin{bmatrix} 5 & 7 & 1 & 3 \\ 4 & 6 & 1 & 1 \\ 1 & 3 & 5 & 7 \\ 1 & 1 & 4 & 6 \end{bmatrix} \]
i.e.
\begin{align} v_1 &= 5u_1 + 7u_2 + u_3 + 3u_4 \\ v_2 &= 4u_1 + 6u_2 + u_3 + u_4 \\ v_3 &= u_1 + 3u_2 + 5u_3 + 7u_4 \\ v_4 &= u_1 + u_2 + 4u_3 + 6u_4 \end{align}
The relation enforces \( v_k = w_{k,shift}\) for \( k \in \{1,2,3,4\}\). Concretely, the relation is encoded as four independent constraints multiplied by the \(\text{q_poseidon2_external}\) selector and the scaling factor \(\hat{g}\) arising from the GateSeparatorPolynomial. These contributions are added to the corresponding univariate accumulator \( A_i
\):
\begin{align} A_1 &\;\mathrel{+}= \text{q_poseidon2_internal}\cdot \big(v_1 - w_{1,\text{shift}}\big) \cdot \hat{g} \\ A_2 &\;\mathrel{+}= \text{q_poseidon2_internal}\cdot \big(v_1 - w_{1,\text{shift}}\big) \cdot \hat{g} \\ A_3 &\;\mathrel{+}= \text{q_poseidon2_internal}\cdot \big(v_3 - w_{3,\text{shift}}\big) \cdot \hat{g} \\ A_4 &\;\mathrel{+}= \text{q_poseidon2_internal}\cdot \big(v_4 - w_{4,\text{shift}}\big) \cdot \hat{g} \end{align}
At the end of each Sumcheck Round, the subrelation accumulators are aggregated with independent challenges \(\alpha_{i} = \alpha_{i, \text{Poseidon2Ext}}\) taken from the array of SubrelationSeparators
\[ \alpha_{0} A_1 + \alpha_{1} A_2 + \alpha_{2} A_3 + \alpha_{3} A_4 \]
and multiplied by the linear factor of the GateSeparatorPolynomial.
| evals | a tuple of tuples of univariate accumulators, the subtuple corresponding to this relation consists of \( [A_0, A_1, A_2, A_3]\) , such that \( \deg(A_i) = \text{SUBRELATION_PARTIAL_LENGTHS}[i] - 1 \). |
| in | In round \( k \) of Sumcheck at the point \(i_{>k} = (i_{k+1}, \ldots, i_{d-1})\) on the \(d-k-1\)-dimensional hypercube, given by an array containing the restrictions of the prover polynomials \( P_i(u_{<k}, X_k, i_{>k}) \). |
| parameters | Not used in this relation |
| scaling_factor | scaling term coming from GateSeparatorPolynomial. |
Definition at line 88 of file poseidon2_external_relation.hpp.
|
inlinestatic |
Returns true if the contribution from all subrelations for the provided inputs is identically zero.
Definition at line 26 of file poseidon2_external_relation.hpp.
|
staticconstexpr |
Definition at line 15 of file poseidon2_external_relation.hpp.
1.9.8