Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
fixed_base.cpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: not started, auditors: [], date: YYYY-MM-DD }
3// external_1: { status: not started, auditors: [], date: YYYY-MM-DD }
4// external_2: { status: not started, auditors: [], date: YYYY-MM-DD }
5// =====================
6
7#include "./fixed_base.hpp"
8
9#include "barretenberg/common/assert.hpp"
10#include "barretenberg/common/constexpr_utils.hpp"
11#include "barretenberg/common/throw_or_abort.hpp"
12#include "barretenberg/crypto/pedersen_hash/pedersen.hpp"
13#include "barretenberg/numeric/bitop/pow.hpp"
14namespace bb::plookup::fixed_base {
15
24table::single_lookup_table table::generate_single_lookup_table(const affine_element& base_point,
25 const affine_element& offset_generator)
26{
27
28 // Construct the table in projective coordinates, then batch normalize
29 std::vector<element> table_raw(MAX_TABLE_SIZE);
30 element accumulator = offset_generator;
31 for (element& raw_entry : table_raw) {
32 raw_entry = accumulator;
33 accumulator += base_point;
34 }
35 element::batch_normalize(&table_raw[0], MAX_TABLE_SIZE);
36
37 // Construct the final table in affine coordinates
38 single_lookup_table table;
39 table.reserve(MAX_TABLE_SIZE);
40 for (const element& raw_entry : table_raw) {
41 table.emplace_back(raw_entry.x, raw_entry.y);
42 }
43 return table;
44}
45
55template <size_t num_bits> table::fixed_base_scalar_mul_tables table::generate_tables(const affine_element& input)
56{
57 constexpr size_t NUM_TABLES = numeric::ceil_div(num_bits, BITS_PER_TABLE);
58
59 fixed_base_scalar_mul_tables tables;
60 tables.reserve(NUM_TABLES);
61
62 std::vector<uint8_t> input_buf;
63 write(input_buf, input);
64 const auto offset_generators = grumpkin::g1::derive_generators(input_buf, NUM_TABLES);
65
66 grumpkin::g1::element accumulator = input;
67 for (size_t i = 0; i < NUM_TABLES; ++i) {
68 tables.push_back(generate_single_lookup_table(accumulator, offset_generators[i]));
69 for (size_t j = 0; j < BITS_PER_TABLE; ++j) {
70 accumulator = accumulator.dbl();
71 }
72 }
73 return tables;
74}
75
91template <size_t num_table_bits>
92grumpkin::g1::affine_element table::compute_generator_offset(const grumpkin::g1::affine_element& input)
93{
94 constexpr size_t NUM_TABLES = numeric::ceil_div(num_table_bits, BITS_PER_TABLE);
95
96 // Serialize the base point to use as domain separator for generator derivation
97 std::vector<uint8_t> input_buf;
98 write(input_buf, input);
99
100 // Derive NUM_TABLES unique offset generators deterministically from the base point
101 const auto offset_generators = grumpkin::g1::derive_generators(input_buf, NUM_TABLES);
102
103 // Sum all offset generators
104 grumpkin::g1::element total_offset = grumpkin::g1::point_at_infinity;
105 for (const auto& generator : offset_generators) {
106 total_offset += generator;
107 }
108
109 return total_offset;
110}
111
119bool table::lookup_table_exists_for_point(const affine_element& input)
120{
121 return (input == lhs_generator_point() || input == rhs_generator_point());
122}
123
131std::array<MultiTableId, 2> table::get_lookup_table_ids_for_point(const grumpkin::g1::affine_element& input)
132{
133 BB_ASSERT_EQ(lookup_table_exists_for_point(input), true, "No fixed-base table exists for input point");
134 if (input == lhs_generator_point()) {
135 return { { FIXED_BASE_LEFT_LO, FIXED_BASE_LEFT_HI } };
136 }
137 if (input == rhs_generator_point()) {
138 return { { FIXED_BASE_RIGHT_LO, FIXED_BASE_RIGHT_HI } };
139 }
140 return {};
141}
142
149grumpkin::g1::affine_element table::get_generator_offset_for_table_id(const MultiTableId table_id)
150{
151 BB_ASSERT_EQ(table_id == FIXED_BASE_LEFT_LO || table_id == FIXED_BASE_LEFT_HI || table_id == FIXED_BASE_RIGHT_LO ||
152 table_id == FIXED_BASE_RIGHT_HI,
153 true);
154 if (table_id == FIXED_BASE_LEFT_LO) {
155 return fixed_base_table_offset_generators()[0];
156 }
157 if (table_id == FIXED_BASE_LEFT_HI) {
158 return fixed_base_table_offset_generators()[1];
159 }
160 if (table_id == FIXED_BASE_RIGHT_LO) {
161 return fixed_base_table_offset_generators()[2];
162 }
163 if (table_id == FIXED_BASE_RIGHT_HI) {
164 return fixed_base_table_offset_generators()[3];
165 }
166 return {};
167}
168
169using function_ptr = std::array<bb::fr, 2> (*)(const std::array<uint64_t, 2>);
170using function_ptr_table =
171 std::array<std::array<function_ptr, table::MAX_NUM_TABLES_IN_MULTITABLE>, table::NUM_FIXED_BASE_MULTI_TABLES>;
179constexpr function_ptr_table make_function_pointer_table()
180{
181 function_ptr_table table;
182 bb::constexpr_for<0, table::NUM_FIXED_BASE_MULTI_TABLES, 1>([&]<size_t i>() {
183 bb::constexpr_for<0, table::MAX_NUM_TABLES_IN_MULTITABLE, 1>(
184 [&]<size_t j>() { table[i][j] = &table::get_basic_fixed_base_table_values<i, j>; });
185 });
186 return table;
187};
188
201template <size_t multitable_index>
202BasicTable table::generate_basic_fixed_base_table(BasicTableId id, size_t basic_table_index, size_t table_index)
203{
204 static_assert(multitable_index < NUM_FIXED_BASE_MULTI_TABLES);
205 BB_ASSERT_LT(table_index, MAX_NUM_TABLES_IN_MULTITABLE);
206
207 const size_t multitable_bits = get_num_bits_of_multi_table<multitable_index>();
208 const size_t bits_covered_by_previous_tables_in_multitable = BITS_PER_TABLE * table_index;
209 const bool is_small_table = (multitable_bits - bits_covered_by_previous_tables_in_multitable) < BITS_PER_TABLE;
210 const size_t table_bits =
211 is_small_table ? multitable_bits - bits_covered_by_previous_tables_in_multitable : BITS_PER_TABLE;
212 const auto table_size = static_cast<size_t>(1ULL << table_bits);
213
214 BasicTable table{ .id = id, .table_index = basic_table_index, .use_twin_keys = false };
215
216 const auto& basic_table = fixed_base_tables()[multitable_index][table_index];
217
218 for (size_t i = 0; i < table_size; ++i) {
219 table.column_1.emplace_back(i);
220 table.column_2.emplace_back(basic_table[i].x);
221 table.column_3.emplace_back(basic_table[i].y);
222 }
223
224 constexpr function_ptr_table get_values_from_key_table = make_function_pointer_table();
225 table.get_values_from_key = get_values_from_key_table[multitable_index][table_index];
226 ASSERT(table.get_values_from_key != nullptr);
227
228 table.column_1_step_size = table_size;
229 table.column_2_step_size = COLUMN_2_STEP_SIZE;
230 table.column_3_step_size = COLUMN_3_STEP_SIZE;
231
232 return table;
233}
234
246template <size_t multitable_index, size_t num_bits> MultiTable table::get_fixed_base_table(const MultiTableId id)
247{
248 static_assert(num_bits == BITS_PER_LO_SCALAR || num_bits == BITS_PER_HI_SCALAR);
249 constexpr size_t NUM_TABLES = numeric::ceil_div(num_bits, BITS_PER_TABLE);
250 constexpr std::array<BasicTableId, NUM_FIXED_BASE_MULTI_TABLES> basic_table_ids{
251 FIXED_BASE_0_0,
252 FIXED_BASE_1_0,
253 FIXED_BASE_2_0,
254 FIXED_BASE_3_0,
255 };
256 constexpr function_ptr_table get_values_from_key_table = make_function_pointer_table();
257
258 // For fixed base scalar mul lookup tables, the special "accumulator" structure of our lookup tables (see add ref
259 // bb::plookup::get_lookup_accumulators()) is used for the scalar (first column), but not for the (x,y) coordinates
260 // (columns 2 & 3). Each table entry contains a distinct point, not an accumulated point. This is so that we can use
261 // custom ECC addition gates to perform the accumulation efficiently, e.g. in
262 // cycle_group::_fixed_base_batch_mul_internal.
263 //
264 // To achieve this, we set the step sizes of each column as follows:
265 // - Column 1 coefficient: MAX_TABLE_SIZE (512) - creates accumulator structure for scalar slices
266 // - Column 2 coefficient: 0 - results in NO accumulation for x-coordinates
267 // - Column 3 coefficient: 0 - results in NO accumulation for y-coordinates
268 MultiTable table(MAX_TABLE_SIZE, COLUMN_2_STEP_SIZE, COLUMN_3_STEP_SIZE, NUM_TABLES);
269 table.id = id;
270 table.get_table_values.resize(NUM_TABLES);
271 table.basic_table_ids.resize(NUM_TABLES);
272 for (size_t i = 0; i < NUM_TABLES; ++i) {
273 table.slice_sizes.emplace_back(MAX_TABLE_SIZE);
274 table.get_table_values[i] = get_values_from_key_table[multitable_index][i];
275 static_assert(multitable_index < NUM_FIXED_BASE_MULTI_TABLES);
276 size_t idx = i + static_cast<size_t>(basic_table_ids[multitable_index]);
277 table.basic_table_ids[i] = static_cast<plookup::BasicTableId>(idx);
278 }
279 return table;
280}
281
282template grumpkin::g1::affine_element table::compute_generator_offset<table::BITS_PER_LO_SCALAR>(
283 const grumpkin::g1::affine_element& input);
284template grumpkin::g1::affine_element table::compute_generator_offset<table::BITS_PER_HI_SCALAR>(
285 const grumpkin::g1::affine_element& input);
286template table::fixed_base_scalar_mul_tables table::generate_tables<table::BITS_PER_LO_SCALAR>(
287 const table::affine_element& input);
288template table::fixed_base_scalar_mul_tables table::generate_tables<table::BITS_PER_HI_SCALAR>(
289 const table::affine_element& input);
290
291template BasicTable table::generate_basic_fixed_base_table<0>(BasicTableId, size_t, size_t);
292template BasicTable table::generate_basic_fixed_base_table<1>(BasicTableId, size_t, size_t);
293template BasicTable table::generate_basic_fixed_base_table<2>(BasicTableId, size_t, size_t);
294template BasicTable table::generate_basic_fixed_base_table<3>(BasicTableId, size_t, size_t);
295template MultiTable table::get_fixed_base_table<0, table::BITS_PER_LO_SCALAR>(MultiTableId);
296template MultiTable table::get_fixed_base_table<1, table::BITS_PER_HI_SCALAR>(MultiTableId);
297template MultiTable table::get_fixed_base_table<2, table::BITS_PER_LO_SCALAR>(MultiTableId);
298template MultiTable table::get_fixed_base_table<3, table::BITS_PER_HI_SCALAR>(MultiTableId);
299
305const table::all_multi_tables& table::fixed_base_tables()
306{
307 static const table::all_multi_tables tables = {
308 table::generate_tables<BITS_PER_LO_SCALAR>(lhs_base_point_lo()),
309 table::generate_tables<BITS_PER_HI_SCALAR>(lhs_base_point_hi()),
310 table::generate_tables<BITS_PER_LO_SCALAR>(rhs_base_point_lo()),
311 table::generate_tables<BITS_PER_HI_SCALAR>(rhs_base_point_hi()),
312 };
313 return tables;
314}
315
321const std::array<table::affine_element, table::NUM_FIXED_BASE_MULTI_TABLES>& table::fixed_base_table_offset_generators()
322{
323 static const std::array<table::affine_element, table::NUM_FIXED_BASE_MULTI_TABLES> tables = {
324 table::compute_generator_offset<BITS_PER_LO_SCALAR>(lhs_base_point_lo()),
325 table::compute_generator_offset<BITS_PER_HI_SCALAR>(lhs_base_point_hi()),
326 table::compute_generator_offset<BITS_PER_LO_SCALAR>(rhs_base_point_lo()),
327 table::compute_generator_offset<BITS_PER_HI_SCALAR>(rhs_base_point_hi()),
328 };
329 return tables;
330}
331
332} // namespace bb::plookup::fixed_base
BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:88
BB_ASSERT_LT
#define BB_ASSERT_LT(left, right,...)
Definition assert.hpp:148
ASSERT
#define ASSERT(expression,...)
Definition assert.hpp:77
bb::group_elements::affine_element
Definition affine_element.hpp:21
bb::group_elements::element
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic....
Definition element.hpp:33
bb::group_elements::element::dbl
constexpr element dbl() const noexcept
Definition element_impl.hpp:151
bb::group_elements::element::batch_normalize
static void batch_normalize(element *elements, size_t num_elements) noexcept
Definition element_impl.hpp:1013
bb::group::point_at_infinity
static constexpr element point_at_infinity
Definition group.hpp:47
bb::group::derive_generators
static std::vector< affine_element > derive_generators(const std::vector< uint8_t > &domain_separator_bytes, const size_t num_generators, const size_t starting_index=0)
Derives generator points via hash-to-curve.
Definition group.hpp:87
bb::plookup::fixed_base::table
Generates plookup tables required to perform fixed-base scalar multiplication over a fixed number of ...
Definition fixed_base.hpp:22
bb::plookup::fixed_base::table::single_lookup_table
std::vector< affine_element > single_lookup_table
Definition fixed_base.hpp:26
bb::plookup::fixed_base::table::get_fixed_base_table
static MultiTable get_fixed_base_table(MultiTableId id)
Generate a multi-table that describes the lookups required to cover a fixed-base-scalar-mul of num_bi...
Definition fixed_base.cpp:246
bb::plookup::fixed_base::table::get_generator_offset_for_table_id
static affine_element get_generator_offset_for_table_id(MultiTableId table_id)
Given a table id, return the offset generator term that will be present in the final scalar mul outpu...
Definition fixed_base.cpp:149
bb::plookup::fixed_base::table::all_multi_tables
std::array< fixed_base_scalar_mul_tables, NUM_FIXED_BASE_MULTI_TABLES > all_multi_tables
Definition fixed_base.hpp:28
bb::plookup::fixed_base::table::lookup_table_exists_for_point
static bool lookup_table_exists_for_point(const affine_element &input)
Returns true iff provided point is one of the two for which we have a precomputed lookup table.
Definition fixed_base.cpp:119
bb::plookup::fixed_base::table::rhs_generator_point
static constexpr affine_element rhs_generator_point()
Definition fixed_base.hpp:34
bb::plookup::fixed_base::table::generate_single_lookup_table
static single_lookup_table generate_single_lookup_table(const affine_element &base_point, const affine_element &offset_generator)
Given a base_point [P] and an offset_generator [G], compute a lookup table of MAX_TABLE_SIZE that con...
Definition fixed_base.cpp:24
bb::plookup::fixed_base::table::generate_tables
static fixed_base_scalar_mul_tables generate_tables(const affine_element &input)
For a given base point [P], compute the set of basic tables required to traverse a num_bits sized loo...
Definition fixed_base.cpp:55
bb::plookup::fixed_base::table::fixed_base_tables
static const all_multi_tables & fixed_base_tables()
Definition fixed_base.cpp:305
bb::plookup::fixed_base::table::lhs_base_point_lo
static affine_element lhs_base_point_lo()
Definition fixed_base.hpp:51
bb::plookup::fixed_base::table::rhs_base_point_lo
static affine_element rhs_base_point_lo()
Definition fixed_base.hpp:57
bb::plookup::fixed_base::table::fixed_base_table_offset_generators
static const std::array< affine_element, table::NUM_FIXED_BASE_MULTI_TABLES > & fixed_base_table_offset_generators()
offset generators!
Definition fixed_base.cpp:321
bb::plookup::fixed_base::table::lhs_base_point_hi
static affine_element lhs_base_point_hi()
Definition fixed_base.hpp:52
bb::plookup::fixed_base::table::compute_generator_offset
static affine_element compute_generator_offset(const affine_element &input)
bb::plookup::fixed_base::table::get_lookup_table_ids_for_point
static std::array< MultiTableId, 2 > get_lookup_table_ids_for_point(const affine_element &input)
Given a point that is one of the two for which we have a precomputed lookup table,...
Definition fixed_base.cpp:131
bb::plookup::fixed_base::table::generate_basic_fixed_base_table
static BasicTable generate_basic_fixed_base_table(BasicTableId id, size_t basic_table_index, size_t table_index)
Generate a single fixed-base-scalar-mul plookup table.
Definition fixed_base.cpp:202
bb::plookup::fixed_base::table::lhs_generator_point
static constexpr affine_element lhs_generator_point()
Definition fixed_base.hpp:30
bb::plookup::fixed_base::table::fixed_base_scalar_mul_tables
std::vector< single_lookup_table > fixed_base_scalar_mul_tables
Definition fixed_base.hpp:27
bb::plookup::fixed_base::table::rhs_base_point_hi
static affine_element rhs_base_point_hi()
Definition fixed_base.hpp:58
constexpr_utils.hpp
pedersen.hpp
fixed_base.hpp
bb::numeric::ceil_div
constexpr T ceil_div(const T &numerator, const T &denominator)
Computes the ceiling of the division of two integral types.
Definition general.hpp:23
bb::plookup::fixed_base
Definition fixed_base.cpp:14
bb::plookup::fixed_base::function_ptr
std::array< bb::fr, 2 >(*)(const std::array< uint64_t, 2 >) function_ptr
Definition fixed_base.cpp:169
bb::plookup::fixed_base::function_ptr_table
std::array< std::array< function_ptr, table::MAX_NUM_TABLES_IN_MULTITABLE >, table::NUM_FIXED_BASE_MULTI_TABLES > function_ptr_table
Definition fixed_base.cpp:171
bb::plookup::fixed_base::make_function_pointer_table
constexpr function_ptr_table make_function_pointer_table()
create a compile-time static 2D array of all our required get_basic_fixed_base_table_values function ...
Definition fixed_base.cpp:179
bb::plookup::FIXED_BASE_3_0
@ FIXED_BASE_3_0
Definition types.hpp:71
bb::plookup::FIXED_BASE_0_0
@ FIXED_BASE_0_0
Definition types.hpp:68
bb::plookup::FIXED_BASE_2_0
@ FIXED_BASE_2_0
Definition types.hpp:70
bb::plookup::FIXED_BASE_1_0
@ FIXED_BASE_1_0
Definition types.hpp:69
bb::plookup::FIXED_BASE_RIGHT_HI
@ FIXED_BASE_RIGHT_HI
Definition types.hpp:103
bb::plookup::FIXED_BASE_LEFT_LO
@ FIXED_BASE_LEFT_LO
Definition types.hpp:100
bb::plookup::FIXED_BASE_LEFT_HI
@ FIXED_BASE_LEFT_HI
Definition types.hpp:101
bb::plookup::FIXED_BASE_RIGHT_LO
@ FIXED_BASE_RIGHT_LO
Definition types.hpp:102
bb::write
void write(std::vector< uint8_t > &buf, ClientIVC::VerificationKey const &vk)
Definition client_ivc.hpp:390
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::plookup::BasicTable
A basic table from which we can perform lookups (for example, an xor table)
Definition types.hpp:287
bb::plookup::FixedBaseParams::NUM_FIXED_BASE_MULTI_TABLES
static constexpr size_t NUM_FIXED_BASE_MULTI_TABLES
Definition fixed_base_params.hpp:36
bb::plookup::FixedBaseParams::COLUMN_3_STEP_SIZE
static const bb::fr COLUMN_3_STEP_SIZE
Definition fixed_base_params.hpp:46
bb::plookup::FixedBaseParams::COLUMN_2_STEP_SIZE
static const bb::fr COLUMN_2_STEP_SIZE
Definition fixed_base_params.hpp:45
bb::plookup::FixedBaseParams::MAX_TABLE_SIZE
static constexpr size_t MAX_TABLE_SIZE
Definition fixed_base_params.hpp:34
bb::plookup::FixedBaseParams::BITS_PER_TABLE
static constexpr size_t BITS_PER_TABLE
Definition fixed_base_params.hpp:27
bb::plookup::FixedBaseParams::BITS_PER_HI_SCALAR
static constexpr size_t BITS_PER_HI_SCALAR
Definition fixed_base_params.hpp:31
bb::plookup::FixedBaseParams::MAX_NUM_TABLES_IN_MULTITABLE
static constexpr size_t MAX_NUM_TABLES_IN_MULTITABLE
Definition fixed_base_params.hpp:39
bb::plookup::FixedBaseParams::BITS_PER_LO_SCALAR
static constexpr size_t BITS_PER_LO_SCALAR
Definition fixed_base_params.hpp:30
bb::plookup::MultiTable
Container for managing multiple BasicTables plus the data needed to combine basic table outputs (e....
Definition types.hpp:154
throw_or_abort.hpp