- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l More...
#include <element.hpp>
Public Member Functions | |
| element () noexcept=default | |
| constexpr | element (const Fq &a, const Fq &b, const Fq &c) noexcept |
| constexpr | element (const element &other) noexcept |
| constexpr | element (element &&other) noexcept |
| constexpr | element (const affine_element< Fq, Fr, Params > &other) noexcept |
| ~element () noexcept=default | |
| constexpr element & | operator= (const element &other) noexcept |
| constexpr element & | operator= (element &&other) noexcept |
| constexpr | operator affine_element< Fq, Fr, Params > () const noexcept |
| constexpr element | dbl () const noexcept |
| constexpr void | self_dbl () noexcept |
| constexpr void | self_mixed_add_or_sub (const affine_element< Fq, Fr, Params > &other, uint64_t predicate) noexcept |
| constexpr element | operator+ (const element &other) const noexcept |
| constexpr element | operator+ (const affine_element< Fq, Fr, Params > &other) const noexcept |
| constexpr element | operator+= (const element &other) noexcept |
| constexpr element | operator+= (const affine_element< Fq, Fr, Params > &other) noexcept |
| constexpr element | operator- (const element &other) const noexcept |
| constexpr element | operator- (const affine_element< Fq, Fr, Params > &other) const noexcept |
| constexpr element | operator- () const noexcept |
| constexpr element | operator-= (const element &other) noexcept |
| constexpr element | operator-= (const affine_element< Fq, Fr, Params > &other) noexcept |
| element | operator* (const Fr &exponent) const noexcept |
| element | operator*= (const Fr &exponent) noexcept |
| constexpr element | normalize () const noexcept |
| BB_INLINE constexpr element | set_infinity () const noexcept |
| BB_INLINE constexpr void | self_set_infinity () noexcept |
| BB_INLINE constexpr bool | is_point_at_infinity () const noexcept |
| BB_INLINE constexpr bool | on_curve () const noexcept |
| BB_INLINE constexpr bool | operator== (const element &other) const noexcept |
| template<typename > | |
| element< Fq, Fr, T > | random_coordinates_on_curve (numeric::RNG *engine) noexcept |
Static Public Member Functions | |
| static constexpr element | one () noexcept |
| static constexpr element | zero () noexcept |
| static element | random_element (numeric::RNG *engine=nullptr) noexcept |
| static element | infinity () |
| static void | batch_normalize (element *elements, size_t num_elements) noexcept |
| static void | batch_affine_add (const std::span< affine_element< Fq, Fr, Params > > &first_group, const std::span< affine_element< Fq, Fr, Params > > &second_group, const std::span< affine_element< Fq, Fr, Params > > &results) noexcept |
| Pairwise affine add points in first and second group. | |
| static std::vector< affine_element< Fq, Fr, Params > > | batch_mul_with_endomorphism (const std::span< const affine_element< Fq, Fr, Params > > &points, const Fr &scalar) noexcept |
| Multiply each point by the same scalar. | |
Public Attributes | |
| Fq | x |
| Fq | y |
| Fq | z |
Static Public Attributes | |
| static constexpr Fq | curve_b = Params::b |
Private Member Functions | |
| element | mul_without_endomorphism (const Fr &scalar) const noexcept |
| element | mul_with_endomorphism (const Fr &scalar) const noexcept |
Static Private Member Functions | |
| template<typename = typename std::enable_if<Params::can_hash_to_curve>> | |
| static element | random_coordinates_on_curve (numeric::RNG *engine=nullptr) noexcept |
| static void | conditional_negate_affine (const affine_element< Fq, Fr, Params > &in, affine_element< Fq, Fr, Params > &out, uint64_t predicate) noexcept |
Friends | |
| class | TestElementPrivate |
| constexpr element | operator+ (const affine_element< Fq, Fr, Params > &left, const element &right) noexcept |
| constexpr element | operator- (const affine_element< Fq, Fr, Params > &left, const element &right) noexcept |
| std::ostream & | operator<< (std::ostream &os, const element &a) |
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
Note: Currently subgroup checks are NOT IMPLEMENTED Our current implementation uses G1 points that have a cofactor of 1. All G2 points are precomputed (generator [1]_2 and trusted setup point [x]_2). Explicitly assume precomputed points are valid members of the prime-order subgroup for G2.
| Fq | prime field the curve is defined over |
| Fr | prime field whose characteristic equals the size of the prime-order elliptic curve subgroup |
| Params | curve parameters |
Definition at line 33 of file element.hpp.
|
defaultnoexcept |
|
constexprnoexcept |
Definition at line 18 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 25 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 32 of file element_impl.hpp.
|
constexprnoexcept |
|
defaultnoexcept |
|
staticnoexcept |
Pairwise affine add points in first and second group.
| first_group | |
| second_group | |
| results |
Perform point addition rhs[i]=rhs[i]+lhs[i] with batch inversion
Perform batch affine addition in parallel
Definition at line 722 of file element_impl.hpp.
|
staticnoexcept |
Multiply each point by the same scalar.
We use the fact that all points are being multiplied by the same scalar to batch the operations (perform batch affine additions and doublings with batch inversion trick)
| points | The span of individual points that need to be scaled |
| scalar | The scalar we multiply all the points by |
Perform point addition rhs[i]=rhs[i]+lhs[i] with batch inversion
Perform point doubling lhs[i]=lhs[i]+lhs[i] with batch inversion
Definition at line 794 of file element_impl.hpp.
|
staticnoexcept |
We now proceed to iterate back down the array of points. At each iteration we update the accumulator to contain the z-coordinate of the currently worked-upon z-coordinate. We can then multiply this accumulator with temporaries, to get a scalar that is equal to the inverse of the z-coordinate of the point at the next iteration cycle e.g. Imagine we have 4 points, such that:
accumulator = 1 / z.data[0]*z.data[1]*z.data[2]*z.data[3] temporaries[3] = z.data[0]*z.data[1]*z.data[2] temporaries[2] = z.data[0]*z.data[1] temporaries[1] = z.data[0] temporaries[0] = 1
At the first iteration, accumulator * temporaries[3] = z.data[0]*z.data[1]*z.data[2] / z.data[0]*z.data[1]*z.data[2]*z.data[3] = (1 / z.data[3]) We then update accumulator, such that:
accumulator = accumulator * z.data[3] = 1 / z.data[0]*z.data[1]*z.data[2]
At the second iteration, accumulator * temporaries[2] = z.data[0]*z.data[1] / z.data[0]*z.data[1]*z.data[2] = (1 z.data[2]) And so on, until we have computed every z-inverse!
We can then convert out of Jacobian form (x = X / Z^2, y = Y / Z^3) with 4 muls and 1 square.
Definition at line 1013 of file element_impl.hpp.
|
staticprivatenoexcept |
Definition at line 1005 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 151 of file element_impl.hpp.
Definition at line 497 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 527 of file element_impl.hpp.
|
privatenoexcept |
Definition at line 658 of file element_impl.hpp.
|
privatenoexcept |
Definition at line 603 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 491 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 538 of file element_impl.hpp.
|
inlinestaticconstexprnoexcept |
Definition at line 45 of file element.hpp.
|
constexprnoexcept |
|
noexcept |
Definition at line 477 of file element_impl.hpp.
|
noexcept |
Definition at line 485 of file element_impl.hpp.
|
constexprnoexcept |
|
constexprnoexcept |
Definition at line 451 of file element_impl.hpp.
|
constexprnoexcept |
|
constexprnoexcept |
Definition at line 362 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 471 of file element_impl.hpp.
|
constexprnoexcept |
|
constexprnoexcept |
Definition at line 465 of file element_impl.hpp.
|
constexprnoexcept |
|
constexprnoexcept |
Definition at line 458 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 46 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 58 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 559 of file element_impl.hpp.
|
noexcept |
Definition at line 1067 of file element_impl.hpp.
|
staticprivatenoexcept |
|
staticnoexcept |
Definition at line 586 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 82 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 159 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 511 of file element_impl.hpp.
|
constexprnoexcept |
Definition at line 504 of file element_impl.hpp.
|
inlinestaticconstexprnoexcept |
Definition at line 46 of file element.hpp.
|
friend |
Definition at line 75 of file element.hpp.
|
friend |
Definition at line 79 of file element.hpp.
Definition at line 144 of file element.hpp.
|
friend |
Definition at line 112 of file element.hpp.
|
staticconstexpr |
Definition at line 35 of file element.hpp.
Definition at line 106 of file element.hpp.
Definition at line 107 of file element.hpp.
Definition at line 108 of file element.hpp.
1.9.8