Barretenberg: src/barretenberg/stdlib/primitives/field/field_conversion.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include "barretenberg/common/assert.hpp"

#include "barretenberg/polynomials/univariate.hpp"

#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"

#include "barretenberg/stdlib/primitives/bigfield/goblin_field.hpp"

#include "barretenberg/stdlib/primitives/curves/bn254.hpp"

#include "barretenberg/stdlib/primitives/field/field.hpp"

#include "barretenberg/stdlib/primitives/field/field_utils.hpp"

#include "barretenberg/stdlib/primitives/group/cycle_group.hpp"


namespace bb::stdlib {


template <typename Field> class StdlibCodec {

  public:

    using DataType = Field;

    using Builder = typename Field::Builder;

    using fr = field_t<Builder>;

    using fq = bigfield<Builder, bb::Bn254FqParams>;

    using bn254_element = element<Builder, fq, fr, curve::BN254::Group>;

    using grumpkin_element = cycle_group<Builder>;


    template <typename T> static bool_t<Builder> check_point_at_infinity(std::span<const fr> fr_vec)

    {

        if constexpr (IsAnyOf<T, bn254_element>) {

            // Sum the limbs and check whether the sum is 0

            return (fr::accumulate(std::vector<fr>(fr_vec.begin(), fr_vec.end())).is_zero());

        } else {

            // Efficiently compute ((x^2 + 5 y^2) == 0)

            const fr x_sqr = fr_vec[0].sqr();

            const fr y = fr_vec[1];

            const fr five_y = y * bb::fr(5);

            return (y.madd(five_y, x_sqr).is_zero());

        }

    }


    template <typename T> static T convert_challenge(const fr& challenge)

    {

        if constexpr (std::is_same_v<T, fr>) {

            return challenge;

        } else if constexpr (std::is_same_v<T, fq>) {

            // Sanity check that the input challenge fits into the first 2 bigfield limbs.

            BB_ASSERT_LT(static_cast<uint256_t>(challenge.get_value()).get_msb(),

                         T::NUM_LIMB_BITS * 2,

                         "field_conversion: convert_challenge");

            Builder* builder = challenge.get_context();

            // All challenges must be circuit witnesses.

            ASSERT(builder);

            ASSERT(!challenge.is_constant());

            return T(challenge, fr::from_witness_index(builder, builder->zero_idx()));

        }

    }


    static std::vector<fr> convert_goblin_fr_to_bn254_frs(const goblin_field<Builder>& input)

    {

        return { input.limbs[0], input.limbs[1] };

    }


    static std::vector<fr> convert_grumpkin_fr_to_bn254_frs(const fq& input)

    {

        static constexpr uint64_t NUM_LIMB_BITS = fq::NUM_LIMB_BITS;


        static constexpr bb::fr shift(static_cast<uint256_t>(1) << NUM_LIMB_BITS);

        std::vector<fr> result(2);

        result[0] = input.binary_basis_limbs[0].element + (input.binary_basis_limbs[1].element * shift);

        result[1] = input.binary_basis_limbs[2].element + (input.binary_basis_limbs[3].element * shift);

        return result;

    }


    template <typename T> static constexpr size_t calc_num_fields()

    {

        if constexpr (IsAnyOf<T, fr>) {

            return Bn254FrParams::NUM_BN254_SCALARS;

        } else if constexpr (IsAnyOf<T, fq, goblin_field<Builder>>) {

            return Bn254FqParams::NUM_BN254_SCALARS;

        } else if constexpr (IsAnyOf<T, bn254_element, grumpkin_element>) {

            return 2 * calc_num_fields<typename T::BaseField>();

        } else {

            // Array or Univariate

            return calc_num_fields<typename T::value_type>() * (std::tuple_size<T>::value);

        }

    }


    template <typename T> static T deserialize_from_fields(std::span<const fr> fr_vec)

    {

        using field_ct = fr;

        using bigfield_ct = fq;


        constexpr size_t expected_size = calc_num_fields<T>();

        BB_ASSERT_EQ(fr_vec.size(), expected_size);


        ASSERT(validate_context<Builder>(fr_vec));


        if constexpr (IsAnyOf<T, field_ct>) {

            // Case 1: input type matches the output type

            return fr_vec[0];

        } else if constexpr (IsAnyOf<T, bigfield_ct, goblin_field<Builder>>) {

            // Cases 2 and 3: a bigfield/goblin_field element is reconstructed from low and high limbs.

            return T(fr_vec[0], fr_vec[1]);

        } else if constexpr (IsAnyOf<T, bn254_element, grumpkin_element>) {

            // Case 4 and 5: Convert a vector of frs to a group element

            using Basefield = typename T::BaseField;


            constexpr size_t base_field_frs = expected_size / 2;


            Basefield x = deserialize_from_fields<Basefield>(fr_vec.subspan(0, base_field_frs));

            Basefield y = deserialize_from_fields<Basefield>(fr_vec.subspan(base_field_frs, base_field_frs));


            T out(x, y, check_point_at_infinity<T>(fr_vec));

            // Note that in the case of bn254 with Mega arithmetization, the check is delegated to ECCVM, see

            // `on_curve_check` in `ECCVMTranscriptRelationImpl`.

            out.validate_on_curve();

            return out;

        } else {

            // Case 6: Array or Univariate

            T val;

            using element_type = typename T::value_type;

            const size_t scalar_frs = calc_num_fields<element_type>();


            size_t i = 0;

            for (auto& x : val) {

                x = deserialize_from_fields<element_type>(fr_vec.subspan(scalar_frs * i, scalar_frs));

                ++i;

            }

            return val;

        }

    }


    template <typename T> static std::vector<fr> serialize_to_fields(const T& val)

    {

        using field_ct = fr;

        using bigfield_ct = fq;


        if constexpr (IsAnyOf<T, field_ct>) {

            return std::vector<T>{ val };

        } else if constexpr (IsAnyOf<T, bigfield_ct>) {

            return convert_grumpkin_fr_to_bn254_frs(val);

        } else if constexpr (IsAnyOf<T, goblin_field<Builder>>) {

            return convert_goblin_fr_to_bn254_frs(val);

        } else if constexpr (IsAnyOf<T, bn254_element, grumpkin_element>) {

            using BaseField = typename T::BaseField;


            std::vector<field_ct> fr_vec_x = serialize_to_fields<BaseField>(val.x);

            std::vector<field_ct> fr_vec_y = serialize_to_fields<BaseField>(val.y);

            std::vector<field_ct> fr_vec(fr_vec_x.begin(), fr_vec_x.end());

            fr_vec.insert(fr_vec.end(), fr_vec_y.begin(), fr_vec_y.end());

            return fr_vec;

        } else {

            // Array or Univariate

            std::vector<field_ct> fr_vec;

            for (auto& x : val) {

                auto tmp_vec = serialize_to_fields<typename T::value_type>(x);

                fr_vec.insert(fr_vec.end(), tmp_vec.begin(), tmp_vec.end());

            }

            return fr_vec;

        }

    }


    static std::array<fr, 2> split_challenge(const fr& challenge)

    {

        const size_t lo_bits = fr::native::Params::MAX_BITS_PER_ENDOMORPHISM_SCALAR;

        // Constuct a unique lo/hi decomposition of the challenge (hi_bits will be 254 - 128 = 126)

        const auto [lo, hi] = split_unique(challenge, lo_bits);

        return std::array<fr, 2>{ lo, hi };

    }


    template <typename TargetType> static TargetType deserialize_from_frs(std::span<fr> elements, size_t& num_frs_read)

    {

        constexpr size_t num_frs = calc_num_fields<TargetType>();

        BB_ASSERT_GTE(elements.size(), num_frs_read + num_frs);

        TargetType result = deserialize_from_fields<TargetType>(elements.subspan(num_frs_read, num_frs));

        num_frs_read += num_frs;

        return result;

    }


};


} // namespace bb::stdlib

assert.hpp

BB_ASSERT_GTE
#define BB_ASSERT_GTE(left, right,...)
Definition assert.hpp:133

BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:88

BB_ASSERT_LT
#define BB_ASSERT_LT(left, right,...)
Definition assert.hpp:148

ASSERT
#define ASSERT(expression,...)
Definition assert.hpp:77

bigfield.hpp

bb::Bn254FqParams::NUM_BN254_SCALARS
static constexpr size_t NUM_BN254_SCALARS
Definition fq.hpp:162

bb::Bn254FrParams::NUM_BN254_SCALARS
static constexpr size_t NUM_BN254_SCALARS
Definition fr.hpp:167

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::numeric::uint256_t::get_msb
constexpr uint64_t get_msb() const
Definition uint256_impl.hpp:330

bb::stdlib::StdlibCodec
Definition field_conversion.hpp:20

bb::stdlib::StdlibCodec::calc_num_fields
static constexpr size_t calc_num_fields()
Calculates the size of a type (in its native form) in terms of frs.
Definition field_conversion.hpp:97

bb::stdlib::StdlibCodec::fq
bigfield< Builder, bb::Bn254FqParams > fq
Definition field_conversion.hpp:25

bb::stdlib::StdlibCodec::Builder
typename Field::Builder Builder
Definition field_conversion.hpp:23

bb::stdlib::StdlibCodec::convert_goblin_fr_to_bn254_frs
static std::vector< fr > convert_goblin_fr_to_bn254_frs(const goblin_field< Builder > &input)
Definition field_conversion.hpp:78

bb::stdlib::StdlibCodec::convert_grumpkin_fr_to_bn254_frs
static std::vector< fr > convert_grumpkin_fr_to_bn254_frs(const fq &input)
Definition field_conversion.hpp:83

bb::stdlib::StdlibCodec::check_point_at_infinity
static bool_t< Builder > check_point_at_infinity(std::span< const fr > fr_vec)
Check whether a point corresponds to (0, 0), the conventional representation of the point infinity.
Definition field_conversion.hpp:39

bb::stdlib::StdlibCodec::convert_challenge
static T convert_challenge(const fr &challenge)
A stdlib Transcript method needed to convert an fr challenge to a bigfield one. Assumes that challeng...
Definition field_conversion.hpp:61

bb::stdlib::StdlibCodec::split_challenge
static std::array< fr, 2 > split_challenge(const fr &challenge)
Split a challenge field element into two half-width challenges.
Definition field_conversion.hpp:277

bb::stdlib::StdlibCodec::deserialize_from_fields
static T deserialize_from_fields(std::span< const fr > fr_vec)
Core stdlib Transcript deserialization method.
Definition field_conversion.hpp:145

bb::stdlib::StdlibCodec::DataType
Field DataType
Definition field_conversion.hpp:22

bb::stdlib::StdlibCodec::deserialize_from_frs
static TargetType deserialize_from_frs(std::span< fr > elements, size_t &num_frs_read)
A stdlib VerificationKey-specific method.
Definition field_conversion.hpp:295

bb::stdlib::StdlibCodec::serialize_to_fields
static std::vector< fr > serialize_to_fields(const T &val)
Core stdlib Transcript serialization method.
Definition field_conversion.hpp:240

bb::stdlib::StdlibCodec::bn254_element
element< Builder, fq, fr, curve::BN254::Group > bn254_element
Definition field_conversion.hpp:26

bb::stdlib::StdlibCodec::fr
field_t< Builder > fr
Definition field_conversion.hpp:24

bb::stdlib::bigfield< Builder, bb::Bn254FqParams >

bb::stdlib::bigfield< Builder, bb::Bn254FqParams >::NUM_LIMB_BITS
static constexpr uint64_t NUM_LIMB_BITS
Definition bigfield.hpp:312

bb::stdlib::bigfield::binary_basis_limbs
std::array< Limb, NUM_LIMBS > binary_basis_limbs
Represents a bigfield element in the binary basis. A bigfield element is represented as a combination...
Definition bigfield.hpp:80

bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:59

bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve, i.e....
Definition cycle_group.hpp:31

bb::stdlib::field_t< Builder >

bb::stdlib::field_t::madd
field_t madd(const field_t &to_mul, const field_t &to_add) const
Definition field.cpp:509

bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:61

bb::stdlib::field_t< Builder >::accumulate
static field_t accumulate(const std::vector< field_t > &input)
Efficiently compute the sum of vector entries. Using big_add_gate we reduce the number of gates neede...
Definition field.cpp:1157

bb::stdlib::field_t::get_context
Builder * get_context() const
Definition field.hpp:397

bb::stdlib::field_t::sqr
field_t sqr() const
Definition field.hpp:258

bb::stdlib::field_t::get_value
bb::fr get_value() const
Given a := *this, compute its value given by a.v * a.mul + a.add.
Definition field.cpp:829

bb::stdlib::field_t::is_zero
bool_t< Builder > is_zero() const
Validate whether a field_t element is zero.
Definition field.cpp:776

bb::stdlib::field_t::is_constant
bool is_constant() const
Definition field.hpp:407

bb::stdlib::goblin_field
goblin_field wraps x/y coordinates of bn254 group elements when using goblin
Definition goblin_field.hpp:28

bb::stdlib::goblin_field::limbs
std::array< field_ct, 2 > limbs
Definition goblin_field.hpp:39

bb::IsAnyOf
Definition circuit_type.hpp:15

builder
AluTraceBuilder builder
Definition alu.test.cpp:123

cycle_group.hpp

field_utils.hpp

goblin_field.hpp

bb::stdlib
Definition graph_description_goblin.test.cpp:13

bb::stdlib::split_unique
std::pair< field_t< Builder >, field_t< Builder > > split_unique(const field_t< Builder > &field, const size_t lo_bits, const bool skip_range_constraints)
Split a bn254 scalar field element into unique lo and hi limbs.
Definition field_utils.cpp:47

bb::stdlib::element
std::conditional_t< IsGoblinBigGroup< C, Fq, Fr, G >, element_goblin::goblin_element< C, goblin_field< C >, Fr, G >, element_default::element< C, Fq, Fr, G > > element
element wraps either element_default::element or element_goblin::goblin_element depending on parametr...
Definition biggroup.hpp:1030

bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:174

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

bn254.hpp

field.hpp

bb::field< Bn254FrParams >

univariate.hpp