Barretenberg: src/barretenberg/stdlib/primitives/field/field_utils.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#include "./field_utils.hpp"

#include "./field.hpp"

#include "barretenberg/stdlib/primitives/circuit_builders/circuit_builders.hpp"


namespace bb::stdlib {


template <typename Builder>


void validate_split_in_field(const field_t<Builder>& lo,

                             const field_t<Builder>& hi,

                             const size_t lo_bits,

                             const uint256_t& field_modulus)

{

    const size_t hi_bits = static_cast<size_t>(field_modulus.get_msb()) + 1 - lo_bits;


    // Split the field modulus at the same position

    const uint256_t r_lo = field_modulus.slice(0, lo_bits);

    const uint256_t r_hi = field_modulus.slice(lo_bits, field_modulus.get_msb() + 1);


    // Check if we need to borrow

    bool need_borrow = uint256_t(lo.get_value()) > r_lo;

    field_t<Builder> borrow =

        lo.is_constant() ? need_borrow : field_t<Builder>::from_witness(lo.get_context(), need_borrow);


    // directly call `create_new_range_constraint` to avoid creating an arithmetic gate

    if (!lo.is_constant()) {

        // We need to manually propagate the origin tag

        borrow.set_origin_tag(lo.get_origin_tag());

        lo.get_context()->create_new_range_constraint(borrow.get_witness_index(), 1, "borrow");

    }


    // Hi range check = r_hi - hi - borrow

    // Lo range check = r_lo - lo + borrow * 2^lo_bits

    field_t<Builder> hi_diff = (-hi + r_hi) - borrow;

    field_t<Builder> lo_diff = (-lo + r_lo) + (borrow * (uint256_t(1) << lo_bits));


    hi_diff.create_range_constraint(hi_bits);

    lo_diff.create_range_constraint(lo_bits);

}


template <typename Builder>


std::pair<field_t<Builder>, field_t<Builder>> split_unique(const field_t<Builder>& field,

                                                           const size_t lo_bits,

                                                           const bool skip_range_constraints)

{

    using native = typename field_t<Builder>::native;

    static constexpr size_t max_bits = native::modulus.get_msb() + 1;

    ASSERT(lo_bits < max_bits);


    const uint256_t value(field.get_value());

    const uint256_t lo_val = value.slice(0, lo_bits);

    const uint256_t hi_val = value.slice(lo_bits, max_bits);


    Builder* ctx = field.get_context();


    // If `field` is constant, return constants based on the native hi/lo values

    if (field.is_constant()) {

        return { field_t<Builder>(lo_val), field_t<Builder>(hi_val) };

    }


    // Create hi/lo witnesses

    auto lo = field_t<Builder>::from_witness(ctx, lo_val);

    auto hi = field_t<Builder>::from_witness(ctx, hi_val);


    // Component 1: Reconstruction constraint lo + hi * 2^lo_bits - field == 0

    const uint256_t shift = uint256_t(1) << lo_bits;

    auto zero = field_t<Builder>::from_witness_index(ctx, ctx->zero_idx());

    field_t<Builder>::evaluate_linear_identity(lo, hi * shift, -field, zero);


    // Set the origin tag for the limbs

    lo.set_origin_tag(field.get_origin_tag());

    hi.set_origin_tag(field.get_origin_tag());


    // Component 2: Field validation against bn254 scalar field modulus

    validate_split_in_field(lo, hi, lo_bits, native::modulus);


    // Component 3: Range constraints (unless skipped)

    if (!skip_range_constraints) {

        lo.create_range_constraint(lo_bits);

        // For bn254 scalar field, hi_bits = 254 - lo_bits

        const size_t hi_bits = 254 - lo_bits;

        hi.create_range_constraint(hi_bits);

    }


    return { lo, hi };

}


// Explicit instantiations for split_unique

template std::pair<field_t<bb::UltraCircuitBuilder>, field_t<bb::UltraCircuitBuilder>> split_unique(

    const field_t<bb::UltraCircuitBuilder>& field, const size_t lo_bits, const bool skip_range_constraints);

template std::pair<field_t<bb::MegaCircuitBuilder>, field_t<bb::MegaCircuitBuilder>> split_unique(

    const field_t<bb::MegaCircuitBuilder>& field, const size_t lo_bits, const bool skip_range_constraints);


// Explicit instantiations for validate_split_in_field

template void validate_split_in_field(const field_t<bb::UltraCircuitBuilder>& lo,

                                      const field_t<bb::UltraCircuitBuilder>& hi,

                                      const size_t lo_bits,

                                      const uint256_t& field_modulus);

template void validate_split_in_field(const field_t<bb::MegaCircuitBuilder>& lo,

                                      const field_t<bb::MegaCircuitBuilder>& hi,

                                      const size_t lo_bits,

                                      const uint256_t& field_modulus);


} // namespace bb::stdlib

ASSERT
#define ASSERT(expression,...)
Definition assert.hpp:77

circuit_builders.hpp

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::numeric::uint256_t::slice
constexpr uint256_t slice(uint64_t start, uint64_t end) const
Definition uint256_impl.hpp:291

bb::numeric::uint256_t::get_msb
constexpr uint64_t get_msb() const
Definition uint256_impl.hpp:330

bb::stdlib::field_t
Definition field.hpp:45

bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:61

bb::stdlib::field_t::create_range_constraint
void create_range_constraint(size_t num_bits, std::string const &msg="field_t::range_constraint") const
Let x = *this.normalize(), constrain x.v < 2^{num_bits}.
Definition field.cpp:910

bb::stdlib::field_t::get_context
Builder * get_context() const
Definition field.hpp:397

bb::stdlib::field_t::get_origin_tag
OriginTag get_origin_tag() const
Definition field.hpp:333

bb::stdlib::field_t::get_value
bb::fr get_value() const
Given a := *this, compute its value given by a.v * a.mul + a.add.
Definition field.cpp:829

bb::stdlib::field_t< Builder >::from_witness
static field_t from_witness(Builder *ctx, const bb::fr &input)
Definition field.hpp:432

bb::stdlib::field_t< Builder >::evaluate_linear_identity
static void evaluate_linear_identity(const field_t &a, const field_t &b, const field_t &c, const field_t &d, const std::string &msg="field_t::evaluate_linear_identity")
Constrain a + b + c + d to be equal to 0.
Definition field.cpp:1078

bb::stdlib::field_t::is_constant
bool is_constant() const
Definition field.hpp:407

bb::stdlib::field_t::set_origin_tag
void set_origin_tag(const OriginTag &new_tag) const
Definition field.hpp:332

bb::stdlib::field_t::get_witness_index
uint32_t get_witness_index() const
Get the witness index of the current field element.
Definition field.hpp:469

field_utils.hpp

bb::stdlib
Definition graph_description_goblin.test.cpp:13

bb::stdlib::split_unique
std::pair< field_t< Builder >, field_t< Builder > > split_unique(const field_t< Builder > &field, const size_t lo_bits, const bool skip_range_constraints)
Split a bn254 scalar field element into unique lo and hi limbs.
Definition field_utils.cpp:47

bb::stdlib::validate_split_in_field
void validate_split_in_field(const field_t< Builder > &lo, const field_t< Builder > &hi, const size_t lo_bits, const uint256_t &field_modulus)
Validates that lo + hi * 2^lo_bits < field_modulus.
Definition field_utils.cpp:14

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

value
FF value
Definition public_data_tree.test.cpp:97

bb::field
General class for prime fields see Prime field documentation["field documentation"] for general imple...
Definition field_declarations.hpp:36

field.hpp