Barretenberg: src/barretenberg/stdlib/primitives/group/cycle_scalar.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"

#include "barretenberg/stdlib/primitives/field/field.hpp"

#include "barretenberg/transcript/origin_tag.hpp"


namespace bb::stdlib {


// Forward declaration

template <typename Builder> class cycle_group;


template <typename Builder> class cycle_scalar {

  public:

    using field_t = stdlib::field_t<Builder>;

    using Curve = typename Builder::EmbeddedCurve;

    using ScalarField = typename Curve::ScalarField;

    using BigScalarField = stdlib::bigfield<Builder, typename ScalarField::Params>;


    static constexpr size_t NUM_BITS = ScalarField::modulus.get_msb() + 1; // equivalent for both bn254 and grumpkin

    static constexpr size_t LO_BITS = field_t::native::Params::MAX_BITS_PER_ENDOMORPHISM_SCALAR;

    static constexpr size_t HI_BITS = NUM_BITS - LO_BITS;


    field_t lo; // LO_BITS of the scalar

    field_t hi; // Remaining HI_BITS of the scalar


  private:

    size_t _num_bits = NUM_BITS;

    bool _skip_primality_test = false;

    // if our scalar multiplier is a bn254 FF scalar (e.g. pedersen hash),

    // we want to validate the cycle_scalar < bn254::fr::modulus *not* grumpkin::fr::modulus

    bool _use_bn254_scalar_field_for_primality_test = false;


    static std::pair<uint256_t, uint256_t> decompose_into_lo_hi_u256(const uint256_t& value)

    {

        return { value.slice(0, LO_BITS), value.slice(LO_BITS, NUM_BITS) };

    }


    cycle_scalar(const field_t& _lo,

                 const field_t& _hi,

                 const size_t bits,

                 const bool skip_primality_test,

                 const bool use_bn254_scalar_field_for_primality_test)

        : lo(_lo)

        , hi(_hi)

        , _num_bits(bits)

        , _skip_primality_test(skip_primality_test)

        , _use_bn254_scalar_field_for_primality_test(use_bn254_scalar_field_for_primality_test) {};


  public:

    // AUDITTODO: this is used only in the fuzzer.

    cycle_scalar(const ScalarField& _in = 0);

    cycle_scalar(const field_t& _lo, const field_t& _hi);

    // AUDITTODO: this is used only in the fuzzer. Its not inherently problematic, but perhaps the fuzzer should use a

    // production entrypoint.

    static cycle_scalar from_witness(Builder* context, const ScalarField& value);

    static cycle_scalar from_u256_witness(Builder* context, const uint256_t& bitstring);

    static cycle_scalar create_from_bn254_scalar(const field_t& _in);

    explicit cycle_scalar(BigScalarField& scalar);


    [[nodiscard]] bool is_constant() const;

    ScalarField get_value() const;

    Builder* get_context() const { return lo.get_context() != nullptr ? lo.get_context() : hi.get_context(); }

    [[nodiscard]] size_t num_bits() const { return _num_bits; }

    [[nodiscard]] bool skip_primality_test() const { return _skip_primality_test; }


    [[nodiscard]] bool use_bn254_scalar_field_for_primality_test() const

    {

        return _use_bn254_scalar_field_for_primality_test;

    }


    void validate_scalar_is_in_field() const;


    OriginTag get_origin_tag() const { return OriginTag(lo.get_origin_tag(), hi.get_origin_tag()); }


    void set_origin_tag(const OriginTag& tag) const

    {

        lo.set_origin_tag(tag);

        hi.set_origin_tag(tag);

    }


    void set_free_witness_tag()

    {

        lo.set_free_witness_tag();

        hi.set_free_witness_tag();

    }


    void unset_free_witness_tag()

    {

        lo.unset_free_witness_tag();

        hi.unset_free_witness_tag();

    }


};


} // namespace bb::stdlib

bigfield.hpp

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:52

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::stdlib::bigfield
Definition bigfield.hpp:21

bb::stdlib::cycle_scalar
Represents a member of the Grumpkin curve scalar field (i.e. BN254 base field).
Definition cycle_scalar.hpp:30

bb::stdlib::cycle_scalar::Curve
typename Builder::EmbeddedCurve Curve
Definition cycle_scalar.hpp:33

bb::stdlib::cycle_scalar::ScalarField
typename Curve::ScalarField ScalarField
Definition cycle_scalar.hpp:34

bb::stdlib::cycle_scalar::skip_primality_test
bool skip_primality_test() const
Definition cycle_scalar.hpp:88

bb::stdlib::cycle_scalar::hi
field_t hi
Definition cycle_scalar.hpp:42

bb::stdlib::cycle_scalar::use_bn254_scalar_field_for_primality_test
bool use_bn254_scalar_field_for_primality_test() const
Definition cycle_scalar.hpp:89

bb::stdlib::cycle_scalar::from_u256_witness
static cycle_scalar from_u256_witness(Builder *context, const uint256_t &bitstring)
Construct a cycle scalar from a uint256_t witness bitstring.
Definition cycle_scalar.cpp:68

bb::stdlib::cycle_scalar::lo
field_t lo
Definition cycle_scalar.hpp:41

bb::stdlib::cycle_scalar::BigScalarField
stdlib::bigfield< Builder, typename ScalarField::Params > BigScalarField
Definition cycle_scalar.hpp:35

bb::stdlib::cycle_scalar::_num_bits
size_t _num_bits
Definition cycle_scalar.hpp:45

bb::stdlib::cycle_scalar::NUM_BITS
static constexpr size_t NUM_BITS
Definition cycle_scalar.hpp:37

bb::stdlib::cycle_scalar::get_value
ScalarField get_value() const
Definition cycle_scalar.cpp:228

bb::stdlib::cycle_scalar::_use_bn254_scalar_field_for_primality_test
bool _use_bn254_scalar_field_for_primality_test
Definition cycle_scalar.hpp:49

bb::stdlib::cycle_scalar::cycle_scalar
cycle_scalar(const field_t &_lo, const field_t &_hi, const size_t bits, const bool skip_primality_test, const bool use_bn254_scalar_field_for_primality_test)
Definition cycle_scalar.hpp:62

bb::stdlib::cycle_scalar::decompose_into_lo_hi_u256
static std::pair< uint256_t, uint256_t > decompose_into_lo_hi_u256(const uint256_t &value)
Decompose a uint256_t value into lo and hi parts for cycle_scalar representation.
Definition cycle_scalar.hpp:57

bb::stdlib::cycle_scalar::from_witness
static cycle_scalar from_witness(Builder *context, const ScalarField &value)
Construct a cycle scalar from a witness value in the Grumpkin scalar field.
Definition cycle_scalar.cpp:45

bb::stdlib::cycle_scalar::LO_BITS
static constexpr size_t LO_BITS
Definition cycle_scalar.hpp:38

bb::stdlib::cycle_scalar::validate_scalar_is_in_field
void validate_scalar_is_in_field() const
Validates that the scalar (lo + hi * 2^LO_BITS) is less than the appropriate field modulus.
Definition cycle_scalar.cpp:219

bb::stdlib::cycle_scalar::_skip_primality_test
bool _skip_primality_test
Definition cycle_scalar.hpp:46

bb::stdlib::cycle_scalar::unset_free_witness_tag
void unset_free_witness_tag()
Unset the free witness flag for the cycle scalar's tags.
Definition cycle_scalar.hpp:127

bb::stdlib::cycle_scalar::get_context
Builder * get_context() const
Definition cycle_scalar.hpp:86

bb::stdlib::cycle_scalar::set_free_witness_tag
void set_free_witness_tag()
Set the free witness flag for the cycle scalar's tags.
Definition cycle_scalar.hpp:119

bb::stdlib::cycle_scalar::set_origin_tag
void set_origin_tag(const OriginTag &tag) const
Set the origin tag of lo and hi members of cycle scalar.
Definition cycle_scalar.hpp:111

bb::stdlib::cycle_scalar::HI_BITS
static constexpr size_t HI_BITS
Definition cycle_scalar.hpp:39

bb::stdlib::cycle_scalar::get_origin_tag
OriginTag get_origin_tag() const
Get the origin tag of the cycle_scalar (a merge of the lo and hi tags)
Definition cycle_scalar.hpp:105

bb::stdlib::cycle_scalar::is_constant
bool is_constant() const
Definition cycle_scalar.cpp:205

bb::stdlib::cycle_scalar::num_bits
size_t num_bits() const
Definition cycle_scalar.hpp:87

bb::stdlib::cycle_scalar::create_from_bn254_scalar
static cycle_scalar create_from_bn254_scalar(const field_t &_in)
Construct a cycle scalar (grumpkin scalar field element) from a bn254 scalar field element.
Definition cycle_scalar.cpp:89

bb::stdlib::field_t< Builder >

bb::stdlib::field_t::unset_free_witness_tag
void unset_free_witness_tag() const
Unset the free witness flag for the field element's tag.
Definition field.hpp:343

bb::stdlib::field_t::get_context
Builder * get_context() const
Definition field.hpp:397

bb::stdlib::field_t::get_origin_tag
OriginTag get_origin_tag() const
Definition field.hpp:333

bb::stdlib::field_t::set_free_witness_tag
void set_free_witness_tag()
Set the free witness flag for the field element's tag.
Definition field.hpp:338

bb::stdlib::field_t::set_origin_tag
void set_origin_tag(const OriginTag &new_tag) const
Definition field.hpp:332

context
StrictMock< MockContext > context
Definition data_copy.test.cpp:58

bb::stdlib
Definition graph_description_goblin.test.cpp:13

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

origin_tag.hpp
This file contains part of the logic for the Origin Tag mechanism that tracks the use of in-circuit p...

value
FF value
Definition public_data_tree.test.cpp:97

field.hpp

bb::OriginTag
Definition origin_tag.hpp:58