bb::stdlib Namespace Reference

Namespaces
namespace	aes128
namespace	blake_util
namespace	element_default
namespace	element_goblin
namespace	field_conversion_tests
namespace	recursion
namespace	test_utils

Classes
class	bigfield
class	bigfield_test_access
class	Blake2s
class	Blake3s
struct	bn254
class	bool_t
	Implements boolean logic in-circuit. More...
class	byte_array
	Represents a dynamic array of bytes in-circuit. More...
class	cycle_group
	cycle_group represents a group Element of the proving system's embedded curve, i.e. a curve with a cofactor 1 defined over a field equal to the circuit's native field Builder::FF More...
class	cycle_scalar
	Represents a member of the Grumpkin curve scalar field (i.e. BN254 base field). More...
class	databus
class	DataBusDepot
	Class for managing propagation of databus return data commitments used in consistency checks. More...
class	DynamicArray
	A dynamic array of field elements. More...
struct	ecdsa_signature
class	field_t
class	FieldSponge
	Implements the circuit form of a cryptographic sponge over prime fields. More...
class	goblin_field
	goblin_field wraps x/y coordinates of bn254 group elements when using goblin More...
struct	grumpkin
	Curve grumpkin in circuit setting. More...
class	keccak
	KECCAAAAAAAAAAK. More...
class	logic
class	pedersen_commitment
	In-circuit Pedersen commitment implementation. More...
class	pedersen_hash
	stdlib class that evaluates in-circuit pedersen hashes, consistent with behavior in crypto::pedersen_hash More...
class	plookup_read
class	poseidon2
	stdlib class that evaluates in-circuit poseidon2 hashes, consistent with behavior in crypto::poseidon2 More...
class	Poseidon2Permutation
	Circuit form of Poseidon2 permutation from https://eprint.iacr.org/2023/323. More...
class	Proof
	A simple wrapper around a vector of stdlib field elements representing a proof. More...
class	public_witness_t
class	PublicInputComponent
	A wrapper class for serializing objects to and from the public inputs of a circuit. More...
class	ram_table
class	rom_table
class	safe_uint_t
struct	schnorr_signature_bits
struct	secp256k1
struct	secp256r1
class	SHA256
class	StdlibCodec
class	straus_lookup_table
	straus_lookup_table computes a lookup table of size 1 << table_bits More...
class	straus_scalar_slices
	straus_scalar_slices decomposes an input scalar into bit-slices of size table_bits. Used in batch_mul, which implements the Straus multiscalar multiplication algorithm. More...
class	twin_rom_table
class	witness_t
struct	WycherproofTest

Concepts
concept	IsBigGroup
concept	IsGoblinBigGroup
concept	IsSerializableToAndFromPublicInputs
	A concept defining requirements for types that are to be serialized to and from the public inputs of a circuit via the PublicInputComponent class.

Typedefs
using	WycherproofSecp256k1 = WycherproofTest< bb::curve::SECP256K1 >
using	WycherproofSecp256r1 = WycherproofTest< bb::curve::SECP256R1 >
template<typename C , typename Fq , typename Fr , typename G >
using	element = std::conditional_t< IsGoblinBigGroup< C, Fq, Fr, G >, element_goblin::goblin_element< C, goblin_field< C >, Fr, G >, element_default::element< C, Fq, Fr, G > >
	element wraps either element_default::element or element_goblin::goblin_element depending on parametrisation

Functions
template<typename Builder , typename Curve , typename Fq , typename Fr , typename G1 >
bool_t< Builder >	ecdsa_verify_signature (const stdlib::byte_array< Builder > &hashed_message, const G1 &public_key, const ecdsa_signature< Builder > &sig)
	Verify ECDSA signature. Returns bool_t(true/false) depending on whether the signature is valid or not.
template<typename Builder >
void	generate_ecdsa_verification_test_circuit (Builder &builder, size_t num_iterations)
	Generate a simple ecdsa verification circuit for testing purposes.
template<typename C >
schnorr_signature_bits< C >	schnorr_convert_signature (C *context, const crypto::schnorr_signature &signature)
	Instantiate a witness containing the signature (s, e) as a quadruple of field_t elements (s_lo, s_hi, e_lo, e_hi).
template<typename C >
std::array< field_t< C >, 2 >	schnorr_verify_signature_internal (const byte_array< C > &message, const cycle_group< C > &pub_key, const schnorr_signature_bits< C > &sig)
	Make the computations needed to verify a signature (s, e), i.e., compute e' = hash(([s]g + [e]pub).x | message) and return e'.
template<typename C >
void	schnorr_verify_signature (const byte_array< C > &message, const cycle_group< C > &pub_key, const schnorr_signature_bits< C > &sig)
	Verify that a signature (s, e) is valid, i.e., compute e' = hash(([s]g + [e]pub).x | message) and check that e' == e is true.
template<typename C >
bool_t< C >	schnorr_signature_verification_result (const byte_array< C > &message, const cycle_group< C > &pub_key, const schnorr_signature_bits< C > &sig)
	Attempt to verify a signature (s, e) and return the result, i.e., compute e' = hash(([s]g + [e]pub).x | message) and return the boolean witness e' == e.
	VERIFY_SIGNATURE_INTERNAL (bb::UltraCircuitBuilder)
	VERIFY_SIGNATURE_INTERNAL (bb::MegaCircuitBuilder)
	VERIFY_SIGNATURE (bb::UltraCircuitBuilder)
	VERIFY_SIGNATURE (bb::MegaCircuitBuilder)
	SIGNATURE_VERIFICATION_RESULT (bb::UltraCircuitBuilder)
	SIGNATURE_VERIFICATION_RESULT (bb::MegaCircuitBuilder)
	CONVERT_SIGNATURE (bb::UltraCircuitBuilder)
	CONVERT_SIGNATURE (bb::MegaCircuitBuilder)
template<typename Builder >
void	generate_keccak_test_circuit (Builder &builder, size_t num_iterations)
	Generate a simple keccak circuit for testing purposes.
template void	generate_keccak_test_circuit (bb::UltraCircuitBuilder &, size_t)
template void	generate_keccak_test_circuit (bb::MegaCircuitBuilder &, size_t)
constexpr size_t	get_num_blocks (const size_t num_bits)
template<typename C , typename T >
std::ostream &	operator<< (std::ostream &os, bigfield< T, C > const &v)
template<typename C >
std::ostream &	operator<< (std::ostream &os, goblin_field< C > const &v)
template<typename T >
std::ostream &	operator<< (std::ostream &os, bool_t< T > const &v)
template<typename Builder >
std::ostream &	operator<< (std::ostream &os, byte_array< Builder > const &arr)
template<typename Builder , size_t SIZE>
field_t< Builder >	array_length (std::array< field_t< Builder >, SIZE > const &arr)
template<typename Builder , size_t SIZE>
field_t< Builder >	array_pop (std::array< field_t< Builder >, SIZE > const &arr)
template<typename Builder , size_t SIZE>
void	array_push (std::array< field_t< Builder >, SIZE > &arr, field_t< Builder > const &value)
template<typename Builder , size_t SIZE>
size_t	array_push (std::array< std::optional< field_t< Builder > >, SIZE > &arr, field_t< Builder > const &value)
template<typename T , size_t SIZE>
size_t	array_push (std::array< std::shared_ptr< T >, SIZE > &arr, std::shared_ptr< T > const &value)
template<typename Builder , typename T , size_t SIZE>
void	array_push (std::array< T, SIZE > &arr, T const &value)
template<typename Builder , size_t SIZE>
stdlib::bool_t< Builder >	is_array_empty (std::array< field_t< Builder >, SIZE > const &arr)
template<typename Builder , size_t size_1, size_t size_2>
void	push_array_to_array (std::array< field_t< Builder >, size_1 > const &source, std::array< field_t< Builder >, size_2 > &target)
template<typename T >
T *	validate_context (T *ptr)
template<typename T , typename... Ts>
T *	validate_context (T *first, Ts *... rest)
template<typename T , typename Container >
T *	validate_context (const Container &elements)
template<typename Builder >
std::ostream &	operator<< (std::ostream &os, field_t< Builder > const &v)
template<typename Builder >
void	validate_split_in_field (const field_t< Builder > &lo, const field_t< Builder > &hi, const size_t lo_bits, const uint256_t &field_modulus)
	Validates that lo + hi * 2^lo_bits < field_modulus.
template<typename Builder >
std::pair< field_t< Builder >, field_t< Builder > >	split_unique (const field_t< Builder > &field, const size_t lo_bits, const bool skip_range_constraints=false)
	Split a bn254 scalar field element into unique lo and hi limbs.
template std::pair< field_t< bb::UltraCircuitBuilder >, field_t< bb::UltraCircuitBuilder > >	split_unique (const field_t< bb::UltraCircuitBuilder > &field, const size_t lo_bits, const bool skip_range_constraints)
template std::pair< field_t< bb::MegaCircuitBuilder >, field_t< bb::MegaCircuitBuilder > >	split_unique (const field_t< bb::MegaCircuitBuilder > &field, const size_t lo_bits, const bool skip_range_constraints)
template void	validate_split_in_field (const field_t< bb::UltraCircuitBuilder > &lo, const field_t< bb::UltraCircuitBuilder > &hi, const size_t lo_bits, const uint256_t &field_modulus)
template void	validate_split_in_field (const field_t< bb::MegaCircuitBuilder > &lo, const field_t< bb::MegaCircuitBuilder > &hi, const size_t lo_bits, const uint256_t &field_modulus)
template<typename Builder >
std::ostream &	operator<< (std::ostream &os, cycle_group< Builder > const &v)
template<typename Builder >
std::ostream &	operator<< (std::ostream &os, safe_uint_t< Builder > const &v)

Variables
const std::vector< WycherproofSecp256k1 >	secp256k1_tests
	Test for Secp256k1 ECDSA signatures taken from the Wycherproof project.
const std::vector< WycherproofSecp256r1 >	secp256r1_tests
	Test for Secp256r1 ECDSA signatures taken from the Wycherproof project.

Detailed Description

Optimizations:

1. use lookup tables for basic XOR operations
2. replace use of uint32 with basic field_t type

Typedef Documentation

element

template<typename C , typename Fq , typename Fr , typename G >

using bb::stdlib::element = typedef std::conditional_t<IsGoblinBigGroup<C, Fq, Fr, G>, element_goblin::goblin_element<C, goblin_field<C>, Fr, G>, element_default::element<C, Fq, Fr, G> >

element wraps either element_default::element or element_goblin::goblin_element depending on parametrisation

if C = MegaBuilder, G = bn254, Fq = bigfield<C, bb::Bn254FqParams>, Fr = field_t then we're cooking

Definition at line 1028 of file biggroup.hpp.

WycherproofSecp256k1

using bb::stdlib::WycherproofSecp256k1 = typedef WycherproofTest<bb::curve::SECP256K1>

Definition at line 35 of file ecdsa_tests_data.hpp.

WycherproofSecp256r1

using bb::stdlib::WycherproofSecp256r1 = typedef WycherproofTest<bb::curve::SECP256R1>

Definition at line 36 of file ecdsa_tests_data.hpp.

Function Documentation

array_length()

template<typename Builder , size_t SIZE>

field_t< Builder > bb::stdlib::array_length

(

std::array< field_t< Builder >, SIZE > const &

arr

)

Gets the number of contiguous nonzero values of an array from the start. Note: This assumes 0 always means 'not used', so be careful. As soon as we locate 0, we stop the counting. If you actually want 0 to be counted, you'll need something else.

Definition at line 19 of file array.hpp.

array_pop()

template<typename Builder , size_t SIZE>

field_t< Builder > bb::stdlib::array_pop

(

std::array< field_t< Builder >, SIZE > const &

arr

)

Note: doesn't remove the last element from the array; only returns it! Note: this assumes 0 always means 'not used', so be careful. If you actually want 0 to be counted, you'll need something else. If it returns 0, the array is considered 'empty'.

Definition at line 39 of file array.hpp.

array_push() [1/4]

template<typename Builder , size_t SIZE>

void bb::stdlib::array_push	(	std::array< field_t< Builder >, SIZE > &	arr,
		field_t< Builder > const &	value
	)

Note: this assumes 0 always means 'not used', so be careful. If you actually want 0 to be counted, you'll need something else.

Definition at line 60 of file array.hpp.

array_push() [2/4]

template<typename Builder , size_t SIZE>

size_t bb::stdlib::array_push ( std::array< std::optional< field_t< Builder > >, SIZE > &  arr, field_t< Builder > const &  value  )

inline

Note: this assumes 0 always means 'not used', so be careful. If you actually want 0 to be counted, you'll need something else.

Definition at line 77 of file array.hpp.

array_push() [3/4]

template<typename T , size_t SIZE>

size_t bb::stdlib::array_push ( std::array< std::shared_ptr< T >, SIZE > &  arr, std::shared_ptr< T > const &  value  )

inline

Note: this assumes 0 always means 'not used', so be careful. If you actually want 0 to be counted, you'll need something else.

Definition at line 93 of file array.hpp.

array_push() [4/4]

template<typename Builder , typename T , size_t SIZE>

void bb::stdlib::array_push ( std::array< T, SIZE > &  arr, T const &  value  )

inline

Note: this assumes 0 always means 'not used', so be careful. If you actually want 0 to be counted, you'll need something else.

Definition at line 108 of file array.hpp.

CONVERT_SIGNATURE() [1/2]

bb::stdlib::CONVERT_SIGNATURE

(

bb::MegaCircuitBuilder

)

CONVERT_SIGNATURE() [2/2]

bb::stdlib::CONVERT_SIGNATURE

(

bb::UltraCircuitBuilder

)

ecdsa_verify_signature()

template<typename Builder , typename Curve , typename Fq , typename Fr , typename G1 >

bool_t< Builder > bb::stdlib::ecdsa_verify_signature	(	const stdlib::byte_array< Builder > &	hashed_message,
		const G1 &	public_key,
		const ecdsa_signature< Builder > &	sig
	)

Verify ECDSA signature. Returns bool_t(true/false) depending on whether the signature is valid or not.

Fix the following notation:

1. \(E\) is an elliptic curve over the base field \(\mathbb{F}_q\).
2. \(G\) is a generator of the group of points of \(E\), the order of \(G\) is \(n\).
3. \(a \in \mathbb{F}_n^{\ast}\) is a private key, and \(P := aG\) is the associated public key
4. \(\mathbf{H}\) is a hash function

Given a message \(m\), a couple \((r,s)\) is a valid signature for the message \(m\) with respect to the public key \(P\) if:

1. \(P\) is a point on \(E\)
2. \(P\) is not the point at infinity
3. \(0 < r < n\)
4. \(0 < s < (n+1) / 2\)
5. Define \(e := \mathbf{H}(m) \mod n\) and \(Q := e s^{-1} G + r s^{-1} P \)
6. \(Q\) is not the point at infinity
7. \(Q_x = r \mod n\) (note that \(Q_x \in \mathbb{F}_q\))

Note

The requirement of step 4. is to avoid signature malleability: if \((r,s)\) is a valid signature for message \(m\) and public key \(P\), so is \((r,n-s)\). We protect against malleability by enforcing that \(s\) is always the lowest of the two possible values.

In Ethereum signatures contain also a recovery byte \(v\) which is used to recover the public key for which the signature is to be validated. As we receive the public key as part of the inputs to the verification function, we do not handle the recovery byte. The signature which is the input to the verification function is given by \((r,s)\). The users of the verification function should handle the recovery byte if that is in their interest.

This function verifies that sig is a valid signature for the public key public_key. The function returns an in-circuit boolean value which bears witness to whether the signature verification was successfull or not. The boolean is NOT constrained to be equal to bool_t(true).

The circuit introduces constraints for the following assertions:

1. \(P\) is on the curve
2. \(P\) is on the point at infinity
3. \(H(m) < n\)
4. \(0 < r < n\)
5. \(0 < s < (n+1)/2\)
6. \(Q := H(m) s^{-1} G + r s^{-1} P\) is not the point at infinity Therefore, if the witnesses passed to this function do not satisfy these constraints, the resulting circuit will be unsatisfied. If a user wants to use the verification inside a in-circuit branch, then they need to supply valid data for \(m, P, r, s\), even though \((r,s)\) doesn't need to be a valid signature.

Template Parameters

Builder
Curve
Fq
Fr
G1

Parameters

hashed_message
public_key
sig

Returns

bool_t<Builder>

Definition at line 74 of file ecdsa_impl.hpp.

generate_ecdsa_verification_test_circuit()

template<typename Builder >

void bb::stdlib::generate_ecdsa_verification_test_circuit	(	Builder &	builder,
		size_t	num_iterations
	)

Generate a simple ecdsa verification circuit for testing purposes.

Template Parameters

Builder

Parameters

builder
num_iterations	number of signature verifications to perform

Definition at line 169 of file ecdsa_impl.hpp.

generate_keccak_test_circuit() [1/3]

template void bb::stdlib::generate_keccak_test_circuit	(	bb::MegaCircuitBuilder &	,
		size_t
	)

generate_keccak_test_circuit() [2/3]

template void bb::stdlib::generate_keccak_test_circuit	(	bb::UltraCircuitBuilder &	,
		size_t
	)

generate_keccak_test_circuit() [3/3]

template<typename Builder >

void bb::stdlib::generate_keccak_test_circuit	(	Builder &	builder,
		size_t	num_iterations
	)

Generate a simple keccak circuit for testing purposes.

Template Parameters

Builder

Parameters

builder
num_iterations	number of hashes to perform

Definition at line 794 of file keccak.cpp.

get_num_blocks()

constexpr size_t bb::stdlib::get_num_blocks ( const size_t  num_bits )

constexpr

Definition at line 19 of file sha256.cpp.

is_array_empty()

template<typename Builder , size_t SIZE>

stdlib::bool_t< Builder > bb::stdlib::is_array_empty

(

std::array< field_t< Builder >, SIZE > const &

arr

)

Note: this assumes 0 always means 'not used', so be careful. If you actually want 0 to be counted, you'll need something else.

Definition at line 125 of file array.hpp.

operator<<() [1/7]

template<typename C , typename T >

std::ostream & bb::stdlib::operator<< ( std::ostream &  os, bigfield< T, C > const &  v  )

inline

Definition at line 1172 of file bigfield.hpp.

operator<<() [2/7]

template<typename T >

std::ostream & bb::stdlib::operator<< ( std::ostream &  os, bool_t< T > const &  v  )

inline

Definition at line 151 of file bool.hpp.

operator<<() [3/7]

template<typename Builder >

std::ostream & bb::stdlib::operator<< ( std::ostream &  os, byte_array< Builder > const &  arr  )

inline

Definition at line 122 of file byte_array.hpp.

operator<<() [4/7]

template<typename Builder >

std::ostream & bb::stdlib::operator<< ( std::ostream &  os, cycle_group< Builder > const &  v  )

inline

Definition at line 239 of file cycle_group.hpp.

operator<<() [5/7]

template<typename Builder >

std::ostream & bb::stdlib::operator<< ( std::ostream &  os, field_t< Builder > const &  v  )

inline

Definition at line 528 of file field.hpp.

operator<<() [6/7]

template<typename C >

std::ostream & bb::stdlib::operator<< ( std::ostream &  os, goblin_field< C > const &  v  )

inline

Definition at line 204 of file goblin_field.hpp.

operator<<() [7/7]

template<typename Builder >

std::ostream & bb::stdlib::operator<< ( std::ostream &  os, safe_uint_t< Builder > const &  v  )

inline

Definition at line 216 of file safe_uint.hpp.

push_array_to_array()

template<typename Builder , size_t size_1, size_t size_2>

void bb::stdlib::push_array_to_array	(	std::array< field_t< Builder >, size_1 > const &	source,
		std::array< field_t< Builder >, size_2 > &	target
	)

Inserts the source array at the first zero-valued index of the target array. Fails if the source array is too large vs the remaining capacity of the target array.

Definition at line 140 of file array.hpp.

schnorr_convert_signature()

template<typename C >

schnorr_signature_bits< C > bb::stdlib::schnorr_convert_signature	(	C *	context,
		const crypto::schnorr_signature &	signature
	)

Instantiate a witness containing the signature (s, e) as a quadruple of field_t elements (s_lo, s_hi, e_lo, e_hi).

Definition at line 22 of file schnorr.cpp.

schnorr_signature_verification_result()

template<typename C >

bool_t< C > bb::stdlib::schnorr_signature_verification_result	(	const byte_array< C > &	message,
		const cycle_group< C > &	pub_key,
		const schnorr_signature_bits< C > &	sig
	)

Attempt to verify a signature (s, e) and return the result, i.e., compute e' = hash(([s]g + [e]pub).x | message) and return the boolean witness e' == e.

Definition at line 90 of file schnorr.cpp.

schnorr_verify_signature()

template<typename C >

void bb::stdlib::schnorr_verify_signature	(	const byte_array< C > &	message,
		const cycle_group< C > &	pub_key,
		const schnorr_signature_bits< C > &	sig
	)

Verify that a signature (s, e) is valid, i.e., compute e' = hash(([s]g + [e]pub).x | message) and check that e' == e is true.

Definition at line 75 of file schnorr.cpp.

schnorr_verify_signature_internal()

template<typename C >

std::array< field_t< C >, 2 > bb::stdlib::schnorr_verify_signature_internal	(	const byte_array< C > &	message,
		const cycle_group< C > &	pub_key,
		const schnorr_signature_bits< C > &	sig
	)

Make the computations needed to verify a signature (s, e), i.e., compute e' = hash(([s]g + [e]pub).x | message) and return e'.

Ultra: ~5018 gates, excluding gates required to init the Ultra range check (~1,169k for fixed/variable_base_mul, ~4k for blake2s) for a string of length = 34.

Definition at line 46 of file schnorr.cpp.

SIGNATURE_VERIFICATION_RESULT() [1/2]

bb::stdlib::SIGNATURE_VERIFICATION_RESULT

(

bb::MegaCircuitBuilder

)

SIGNATURE_VERIFICATION_RESULT() [2/2]

bb::stdlib::SIGNATURE_VERIFICATION_RESULT

(

bb::UltraCircuitBuilder

)

split_unique() [1/3]

template std::pair< field_t< bb::MegaCircuitBuilder >, field_t< bb::MegaCircuitBuilder > > bb::stdlib::split_unique	(	const field_t< bb::MegaCircuitBuilder > &	field,
		const size_t	lo_bits,
		const bool	skip_range_constraints
	)

split_unique() [2/3]

template std::pair< field_t< bb::UltraCircuitBuilder >, field_t< bb::UltraCircuitBuilder > > bb::stdlib::split_unique	(	const field_t< bb::UltraCircuitBuilder > &	field,
		const size_t	lo_bits,
		const bool	skip_range_constraints
	)

split_unique() [3/3]

template<typename Builder >

std::pair< field_t< Builder >, field_t< Builder > > bb::stdlib::split_unique	(	const field_t< Builder > &	field,
		const size_t	lo_bits,
		const bool	skip_range_constraints = false
	)

Split a bn254 scalar field element into unique lo and hi limbs.

Splits field into a low and high limb at the given bit index with:

1. Reconstruction constraint: lo + hi * 2^lo_bits = field
2. Modulus check: lo + hi * 2^lo_bits < bn254::ScalarField::modulus
3. Range constraints: lo in [0, 2^lo_bits), hi in [0, 2^(254-lo_bits)) (unless skip_range_constraints = true)

Note

The combination of (2) and (3) establishes the uniqueness of the decomposition.

Parameters

field	The bn254 scalar field element to split
lo_bits	Number of bits for the low limb
skip_range_constraints	If true, skip range constraints (use when they're implicit, e.g., in lookups)

Returns

std::pair<field_t<Builder>, field_t<Builder>> The (lo, hi) pair

Definition at line 47 of file field_utils.cpp.

validate_context() [1/3]

template<typename T , typename Container >

T * bb::stdlib::validate_context

(

const Container &

elements

)

Definition at line 35 of file field.hpp.

validate_context() [2/3]

template<typename T , typename... Ts>

T * bb::stdlib::validate_context	(	T *	first,
		Ts *...	rest
	)

Definition at line 22 of file field.hpp.

validate_context() [3/3]

template<typename T >

T * bb::stdlib::validate_context

(

T *

ptr

)

Definition at line 16 of file field.hpp.

validate_split_in_field() [1/3]

template void bb::stdlib::validate_split_in_field	(	const field_t< bb::MegaCircuitBuilder > &	lo,
		const field_t< bb::MegaCircuitBuilder > &	hi,
		const size_t	lo_bits,
		const uint256_t &	field_modulus
	)

validate_split_in_field() [2/3]

template void bb::stdlib::validate_split_in_field	(	const field_t< bb::UltraCircuitBuilder > &	lo,
		const field_t< bb::UltraCircuitBuilder > &	hi,
		const size_t	lo_bits,
		const uint256_t &	field_modulus
	)

validate_split_in_field() [3/3]

template<typename Builder >

void bb::stdlib::validate_split_in_field	(	const field_t< Builder > &	lo,
		const field_t< Builder > &	hi,
		const size_t	lo_bits,
		const uint256_t &	field_modulus
	)

Validates that lo + hi * 2^lo_bits < field_modulus.

Can be used in conjunction with range constraints on lo and hi to establish a unique decomposition of a field element.

Parameters

lo	The low limb
hi	The high limb
lo_bits	The bit position at which the split occurred
field_modulus	The field modulus to validate against

Definition at line 14 of file field_utils.cpp.

VERIFY_SIGNATURE() [1/2]

bb::stdlib::VERIFY_SIGNATURE

(

bb::MegaCircuitBuilder

)

VERIFY_SIGNATURE() [2/2]

bb::stdlib::VERIFY_SIGNATURE

(

bb::UltraCircuitBuilder

)

VERIFY_SIGNATURE_INTERNAL() [1/2]

bb::stdlib::VERIFY_SIGNATURE_INTERNAL

(

bb::MegaCircuitBuilder

)

VERIFY_SIGNATURE_INTERNAL() [2/2]

bb::stdlib::VERIFY_SIGNATURE_INTERNAL

(

bb::UltraCircuitBuilder

)

Variable Documentation

secp256k1_tests

const std::vector<WycherproofSecp256k1> bb::stdlib::secp256k1_tests

Test for Secp256k1 ECDSA signatures taken from the Wycherproof project.

Definition at line 42 of file ecdsa_tests_data.hpp.

secp256r1_tests

const std::vector<WycherproofSecp256r1> bb::stdlib::secp256r1_tests

Test for Secp256r1 ECDSA signatures taken from the Wycherproof project.

Definition at line 97 of file ecdsa_tests_data.hpp.