Barretenberg: src/barretenberg/dsl/acir_format/multi_scalar_mul.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#include "multi_scalar_mul.hpp"

#include "barretenberg/dsl/acir_format/serde/acir.hpp"

#include "barretenberg/ecc/curves/bn254/fr.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/honk/execution_trace/gate_data.hpp"

#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"

#include "barretenberg/stdlib/primitives/group/cycle_group.hpp"


namespace acir_format {


using namespace bb;


template <typename Builder>


void create_multi_scalar_mul_constraint(Builder& builder,

                                        const MultiScalarMul& input,

                                        bool has_valid_witness_assignments)

{

    using cycle_group_ct = stdlib::cycle_group<Builder>;

    using cycle_scalar_ct = typename stdlib::cycle_group<Builder>::cycle_scalar;

    using field_ct = stdlib::field_t<Builder>;


    std::vector<cycle_group_ct> points;

    std::vector<cycle_scalar_ct> scalars;


    for (size_t i = 0; i < input.points.size(); i += 3) {

        // Instantiate the input point/variable base as `cycle_group_ct`

        cycle_group_ct input_point = to_grumpkin_point(input.points[i],

                                                       input.points[i + 1],

                                                       input.points[i + 2],

                                                       has_valid_witness_assignments,

                                                       input.predicate,

                                                       builder);

        //  Reconstruct the scalar from the low and high limbs

        field_ct scalar_low_as_field = to_field_ct(input.scalars[2 * (i / 3)], builder);

        field_ct scalar_high_as_field = to_field_ct(input.scalars[2 * (i / 3) + 1], builder);

        cycle_scalar_ct scalar(scalar_low_as_field, scalar_high_as_field);


        // Avoid mixing constant/witness coordinates because of issue

        // https://github.com/AztecProtocol/aztec-packages/issues/17514

        if (input_point.x.is_constant() != input_point.y.is_constant()) {

            if (input_point.x.is_constant()) {

                input_point.x.convert_constant_to_fixed_witness(&builder);

            } else if (input_point.y.is_constant()) {

                input_point.y.convert_constant_to_fixed_witness(&builder);

            }

        }

        // Add the point and scalar to the vectors

        points.push_back(input_point);

        scalars.push_back(scalar);

    }

    // Call batch_mul to multiply the points and scalars and sum the results

    auto output_point = cycle_group_ct::batch_mul(points, scalars).get_standard_form();


    // Add the constraints and handle constant values

    if (output_point.is_point_at_infinity().is_constant()) {

        builder.fix_witness(input.out_point_is_infinite, output_point.is_point_at_infinity().get_value());

    } else {

        builder.assert_equal(output_point.is_point_at_infinity().get_normalized_witness_index(),

                             input.out_point_is_infinite);

    }

    if (output_point.x.is_constant()) {

        builder.fix_witness(input.out_point_x, output_point.x.get_value());

    } else {

        builder.assert_equal(output_point.x.get_witness_index(), input.out_point_x);

    }

    if (output_point.y.is_constant()) {

        builder.fix_witness(input.out_point_y, output_point.y.get_value());

    } else {

        builder.assert_equal(output_point.y.get_witness_index(), input.out_point_y);

    }

}


template void create_multi_scalar_mul_constraint<UltraCircuitBuilder>(UltraCircuitBuilder& builder,

                                                                      const MultiScalarMul& input,

                                                                      bool has_valid_witness_assignments);

template void create_multi_scalar_mul_constraint<MegaCircuitBuilder>(MegaCircuitBuilder& builder,

                                                                     const MultiScalarMul& input,

                                                                     bool has_valid_witness_assignments);


} // namespace acir_format

acir.hpp

biggroup.hpp

bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19

bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:40

bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve, i.e....
Definition cycle_group.hpp:31

bb::stdlib::cycle_scalar
Represents a member of the Grumpkin curve scalar field (i.e. BN254 base field).
Definition cycle_scalar.hpp:30

bb::stdlib::field_t< Builder >

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

cycle_group.hpp

grumpkin.hpp

fr.hpp

gate_data.hpp

multi_scalar_mul.hpp

acir_format
Definition acir_format.cpp:35

acir_format::create_multi_scalar_mul_constraint< MegaCircuitBuilder >
template void create_multi_scalar_mul_constraint< MegaCircuitBuilder >(MegaCircuitBuilder &builder, const MultiScalarMul &input, bool has_valid_witness_assignments)

acir_format::create_multi_scalar_mul_constraint< UltraCircuitBuilder >
template void create_multi_scalar_mul_constraint< UltraCircuitBuilder >(UltraCircuitBuilder &builder, const MultiScalarMul &input, bool has_valid_witness_assignments)

acir_format::create_multi_scalar_mul_constraint
void create_multi_scalar_mul_constraint(Builder &builder, const MultiScalarMul &input, bool has_valid_witness_assignments)
Definition multi_scalar_mul.cpp:20

acir_format::to_field_ct
bb::stdlib::field_t< Builder > to_field_ct(const WitnessOrConstant< FF > &input, Builder &builder)
Definition witness_constant.hpp:40

acir_format::to_grumpkin_point
bb::stdlib::cycle_group< Builder > to_grumpkin_point(const WitnessOrConstant< FF > &input_x, const WitnessOrConstant< FF > &input_y, const WitnessOrConstant< FF > &input_infinite, bool has_valid_witness_assignments, const WitnessOrConstant< FF > &predicate, Builder &builder)
Convert inputs representing a Grumpkin point into a cycle_group element.
Definition witness_constant.cpp:33

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

acir_format::MultiScalarMul
Definition multi_scalar_mul.hpp:17

acir_format::MultiScalarMul::out_point_x
uint32_t out_point_x
Definition multi_scalar_mul.hpp:25

acir_format::MultiScalarMul::scalars
std::vector< WitnessOrConstant< bb::fr > > scalars
Definition multi_scalar_mul.hpp:19

acir_format::MultiScalarMul::predicate
WitnessOrConstant< bb::fr > predicate
Definition multi_scalar_mul.hpp:23

acir_format::MultiScalarMul::out_point_y
uint32_t out_point_y
Definition multi_scalar_mul.hpp:26

acir_format::MultiScalarMul::out_point_is_infinite
uint32_t out_point_is_infinite
Definition multi_scalar_mul.hpp:27

acir_format::MultiScalarMul::points
std::vector< WitnessOrConstant< bb::fr > > points
Definition multi_scalar_mul.hpp:18