barretenberg
Loading...
Searching...
No Matches
bigfield.hpp
1#pragma once
2
3#include "barretenberg/ecc/curves/bn254/fq.hpp"
4#include "barretenberg/ecc/curves/bn254/fr.hpp"
5#include "barretenberg/numeric/uint256/uint256.hpp"
6#include "barretenberg/numeric/uintx/uintx.hpp"
7#include "barretenberg/plonk/proof_system/constants.hpp"
8
9#include "../byte_array/byte_array.hpp"
10#include "../field/field.hpp"
11
12#include "../circuit_builders/circuit_builders_fwd.hpp"
13
14namespace proof_system::plonk {
15namespace stdlib {
16
17template <typename Builder, typename T> class bigfield {
18
19 public:
20 typedef T TParams;
21 typedef barretenberg::field<T> native;
22
23 struct Basis {
24 uint512_t modulus;
25 size_t num_bits;
26 };
27
28 struct Limb {
29 Limb() {}
30 Limb(const field_t<Builder>& input, const uint256_t max = uint256_t(0))
31 : element(input)
32 {
33 if (input.witness_index == IS_CONSTANT) {
34 maximum_value = uint256_t(input.additive_constant) + 1;
35 } else if (max != uint256_t(0)) {
36 maximum_value = max;
37 } else {
38 maximum_value = DEFAULT_MAXIMUM_LIMB;
39 }
40 }
41 friend std::ostream& operator<<(std::ostream& os, const Limb& a)
42 {
43 os << "{ " << a.element << " < " << a.maximum_value << " }";
44 return os;
45 }
46 Limb(const Limb& other) = default;
47 Limb(Limb&& other) = default;
48 Limb& operator=(const Limb& other) = default;
49 Limb& operator=(Limb&& other) = default;
50
51 field_t<Builder> element;
52 uint256_t maximum_value;
53 };
54
55 bigfield(const field_t<Builder>& low_bits,
56 const field_t<Builder>& high_bits,
57 const bool can_overflow = false,
58 const size_t maximum_bitlength = 0);
59 bigfield(Builder* parent_context = nullptr);
60 bigfield(Builder* parent_context, const uint256_t& value);
61
62 // we assume the limbs have already been normalized!
63 bigfield(const field_t<Builder>& a,
64 const field_t<Builder>& b,
65 const field_t<Builder>& c,
66 const field_t<Builder>& d,
67 const bool can_overflow = false)
68 {
69 context = a.context;
70 binary_basis_limbs[0] = Limb(field_t(a));
71 binary_basis_limbs[1] = Limb(field_t(b));
72 binary_basis_limbs[2] = Limb(field_t(c));
73 binary_basis_limbs[3] =
74 Limb(field_t(d), can_overflow ? DEFAULT_MAXIMUM_LIMB : DEFAULT_MAXIMUM_MOST_SIGNIFICANT_LIMB);
75 prime_basis_limb =
76 (binary_basis_limbs[3].element * shift_3)
77 .add_two(binary_basis_limbs[2].element * shift_2, binary_basis_limbs[1].element * shift_1);
78 prime_basis_limb += (binary_basis_limbs[0].element);
79 };
80
81 // we assume the limbs have already been normalized!
82 bigfield(const field_t<Builder>& a,
83 const field_t<Builder>& b,
84 const field_t<Builder>& c,
85 const field_t<Builder>& d,
86 const field_t<Builder>& prime_limb,
87 const bool can_overflow = false)
88 {
89 context = a.context;
90 binary_basis_limbs[0] = Limb(field_t(a));
91 binary_basis_limbs[1] = Limb(field_t(b));
92 binary_basis_limbs[2] = Limb(field_t(c));
93 binary_basis_limbs[3] =
94 Limb(field_t(d), can_overflow ? DEFAULT_MAXIMUM_LIMB : DEFAULT_MAXIMUM_MOST_SIGNIFICANT_LIMB);
95 prime_basis_limb = prime_limb;
96 };
97
98 bigfield(const byte_array<Builder>& bytes);
99 bigfield(const bigfield& other);
100 bigfield(bigfield&& other);
101
102 static bigfield create_from_u512_as_witness(Builder* ctx,
103 const uint512_t& value,
104 const bool can_overflow = false,
105 const size_t maximum_bitlength = 0);
106
107 static bigfield from_witness(Builder* ctx, const barretenberg::field<T>& input)
108 {
109 uint256_t input_u256(input);
110 field_t<Builder> low(witness_t<Builder>(ctx, barretenberg::fr(input_u256.slice(0, NUM_LIMB_BITS * 2))));
111 field_t<Builder> hi(
112 witness_t<Builder>(ctx, barretenberg::fr(input_u256.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 4))));
113 return bigfield(low, hi);
114 }
115
116 bigfield& operator=(const bigfield& other);
117 bigfield& operator=(bigfield&& other);
118 // code assumes modulus is at most 256 bits so good to define it via a uint256_t
119 static constexpr uint256_t modulus = (uint256_t(T::modulus_0, T::modulus_1, T::modulus_2, T::modulus_3));
120 static constexpr uint512_t modulus_u512 = uint512_t(modulus);
121 static constexpr uint64_t NUM_LIMB_BITS = NUM_LIMB_BITS_IN_FIELD_SIMULATION;
122 static constexpr uint64_t NUM_LAST_LIMB_BITS = modulus_u512.get_msb() + 1 - (NUM_LIMB_BITS * 3);
123 static constexpr uint1024_t DEFAULT_MAXIMUM_REMAINDER =
124 (uint1024_t(1) << (NUM_LIMB_BITS * 3 + NUM_LAST_LIMB_BITS)) - uint1024_t(1);
125 static constexpr uint256_t DEFAULT_MAXIMUM_LIMB = (uint256_t(1) << NUM_LIMB_BITS) - uint256_t(1);
126 static constexpr uint256_t DEFAULT_MAXIMUM_MOST_SIGNIFICANT_LIMB =
127 (uint256_t(1) << NUM_LAST_LIMB_BITS) - uint256_t(1);
128 static constexpr uint64_t LOG2_BINARY_MODULUS = NUM_LIMB_BITS * 4;
129 static constexpr bool is_composite = true; // false only when fr is native
130
131 static constexpr uint256_t prime_basis_maximum_limb =
132 uint256_t(modulus_u512.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4));
133 static constexpr Basis prime_basis{ uint512_t(barretenberg::fr::modulus), barretenberg::fr::modulus.get_msb() + 1 };
134 static constexpr Basis binary_basis{ uint512_t(1) << LOG2_BINARY_MODULUS, LOG2_BINARY_MODULUS };
135 static constexpr Basis target_basis{ modulus_u512, modulus_u512.get_msb() + 1 };
136 static constexpr barretenberg::fr shift_1 = barretenberg::fr(uint256_t(1) << NUM_LIMB_BITS);
137 static constexpr barretenberg::fr shift_2 = barretenberg::fr(uint256_t(1) << (NUM_LIMB_BITS * 2));
138 static constexpr barretenberg::fr shift_3 = barretenberg::fr(uint256_t(1) << (NUM_LIMB_BITS * 3));
139 static constexpr barretenberg::fr shift_right_1 = barretenberg::fr(1) / shift_1;
140 static constexpr barretenberg::fr shift_right_2 = barretenberg::fr(1) / shift_2;
141 static constexpr barretenberg::fr negative_prime_modulus_mod_binary_basis =
142 -barretenberg::fr(uint256_t(modulus_u512));
143 static constexpr uint512_t negative_prime_modulus = binary_basis.modulus - target_basis.modulus;
144 static constexpr uint256_t neg_modulus_limbs_u256[4]{
145 uint256_t(negative_prime_modulus.slice(0, NUM_LIMB_BITS).lo),
146 uint256_t(negative_prime_modulus.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2).lo),
147 uint256_t(negative_prime_modulus.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3).lo),
148 uint256_t(negative_prime_modulus.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4).lo),
149 };
150 static constexpr barretenberg::fr neg_modulus_limbs[4]{
151 barretenberg::fr(negative_prime_modulus.slice(0, NUM_LIMB_BITS).lo),
152 barretenberg::fr(negative_prime_modulus.slice(NUM_LIMB_BITS, NUM_LIMB_BITS * 2).lo),
153 barretenberg::fr(negative_prime_modulus.slice(NUM_LIMB_BITS * 2, NUM_LIMB_BITS * 3).lo),
154 barretenberg::fr(negative_prime_modulus.slice(NUM_LIMB_BITS * 3, NUM_LIMB_BITS * 4).lo),
155 };
156
157 byte_array<Builder> to_byte_array() const
158 {
159 byte_array<Builder> result(get_context());
160 field_t<Builder> lo = binary_basis_limbs[0].element + (binary_basis_limbs[1].element * shift_1);
161 field_t<Builder> hi = binary_basis_limbs[2].element + (binary_basis_limbs[3].element * shift_1);
162 // n.b. this only works if NUM_LIMB_BITS * 2 is divisible by 8
163 //
164 // We are packing two bigfield limbs each into the field elements `lo` and `hi`.
165 // Thus, each of `lo` and `hi` will contain (NUM_LIMB_BITS * 2) bits. We then convert
166 // `lo` and `hi` to `byte_array` each containing ((NUM_LIMB_BITS * 2) / 8) bytes.
167 // Therefore, it is necessary for (NUM_LIMB_BITS * 2) to be divisible by 8 for correctly
168 // converting `lo` and `hi` to `byte_array`s.
169 ASSERT((NUM_LIMB_BITS * 2 / 8) * 8 == NUM_LIMB_BITS * 2);
170 result.write(byte_array<Builder>(hi, 32 - (NUM_LIMB_BITS / 4)));
171 result.write(byte_array<Builder>(lo, (NUM_LIMB_BITS / 4)));
172 return result;
173 }
174
175 uint512_t get_value() const;
176 uint512_t get_maximum_value() const;
177
178 bigfield add_to_lower_limb(const field_t<Builder>& other, uint256_t other_maximum_value) const;
179 bigfield operator+(const bigfield& other) const;
180 bigfield operator-(const bigfield& other) const;
181 bigfield operator*(const bigfield& other) const;
182
186 bigfield bad_mul(const bigfield& other) const;
187
188 bigfield operator/(const bigfield& other) const;
189 bigfield operator-() const { return bigfield(get_context(), uint256_t(0)) - *this; }
190
191 bigfield operator+=(const bigfield& other)
192 {
193 *this = operator+(other);
194 return *this;
195 }
196 bigfield operator-=(const bigfield& other)
197 {
198 *this = operator-(other);
199 return *this;
200 }
201 bigfield operator*=(const bigfield& other)
202 {
203 *this = operator*(other);
204 return *this;
205 }
206 bigfield operator/=(const bigfield& other)
207 {
208 *this = operator/(other);
209 return *this;
210 }
211
212 bigfield sqr() const;
213 bigfield sqradd(const std::vector<bigfield>& to_add) const;
214 bigfield madd(const bigfield& to_mul, const std::vector<bigfield>& to_add) const;
215
216 static void perform_reductions_for_mult_madd(std::vector<bigfield>& mul_left,
217 std::vector<bigfield>& mul_right,
218 const std::vector<bigfield>& to_add);
219
220 static bigfield mult_madd(const std::vector<bigfield>& mul_left,
221 const std::vector<bigfield>& mul_right,
222 const std::vector<bigfield>& to_add,
223 bool fix_remainder_to_zero = false);
224
225 static bigfield dual_madd(const bigfield& left_a,
226 const bigfield& right_a,
227 const bigfield& left_b,
228 const bigfield& right_b,
229 const std::vector<bigfield>& to_add);
230
231 // compute -(mul_left * mul_right + ...to_sub) / (divisor)
232 // We can evaluate this relationship with only one set of quotient/remainder range checks
233 static bigfield msub_div(const std::vector<bigfield>& mul_left,
234 const std::vector<bigfield>& mul_right,
235 const bigfield& divisor,
236 const std::vector<bigfield>& to_sub,
237 bool enable_divisor_nz_check = false);
238
239 static bigfield sum(const std::vector<bigfield>& terms);
240 static bigfield internal_div(const std::vector<bigfield>& numerators,
241 const bigfield& denominator,
242 bool check_for_zero);
243
244 static bigfield div_without_denominator_check(const std::vector<bigfield>& numerators, const bigfield& denominator);
245 static bigfield div_check_denominator_nonzero(const std::vector<bigfield>& numerators, const bigfield& denominator);
246
247 bigfield conditional_negate(const bool_t<Builder>& predicate) const;
248 bigfield conditional_select(const bigfield& other, const bool_t<Builder>& predicate) const;
249
250 void assert_is_in_field() const;
251 void assert_less_than(const uint256_t upper_limit) const;
252 void assert_equal(const bigfield& other) const;
253 void assert_is_not_equal(const bigfield& other) const;
254
255 void self_reduce() const;
256
257 bool is_constant() const { return prime_basis_limb.witness_index == IS_CONSTANT; }
258
262 static bigfield one()
263 {
264 bigfield result(nullptr, uint256_t(1));
265 return result;
266 }
267
271 static bigfield zero()
272 {
273 bigfield result(nullptr, uint256_t(0));
274 return result;
275 }
276
283 static constexpr bigfield unreduced_zero()
284 {
285 uint512_t multiple_of_modulus = ((get_maximum_unreduced_value() / modulus_u512) + 1) * modulus_u512;
286 auto msb = multiple_of_modulus.get_msb();
287
288 bigfield result(nullptr, uint256_t(0));
289 result.binary_basis_limbs[0] = Limb(barretenberg::fr(multiple_of_modulus.slice(0, NUM_LIMB_BITS).lo));
290 result.binary_basis_limbs[1] =
291 Limb(barretenberg::fr(multiple_of_modulus.slice(NUM_LIMB_BITS, 2 * NUM_LIMB_BITS).lo));
292 result.binary_basis_limbs[2] =
293 Limb(barretenberg::fr(multiple_of_modulus.slice(2 * NUM_LIMB_BITS, 3 * NUM_LIMB_BITS).lo));
294 result.binary_basis_limbs[3] = Limb(barretenberg::fr(multiple_of_modulus.slice(3 * NUM_LIMB_BITS, msb + 1).lo));
295 result.prime_basis_limb = field_t<Builder>((multiple_of_modulus % uint512_t(field_t<Builder>::modulus)).lo);
296 return result;
297 }
298
302 void convert_constant_to_fixed_witness(Builder* builder)
303 {
304 context = builder;
305 for (auto& limb : binary_basis_limbs) {
306 limb.element.convert_constant_to_fixed_witness(context);
307 }
308 prime_basis_limb.convert_constant_to_fixed_witness(context);
309 }
310
314 void fix_witness()
315 {
316 for (auto& limb : binary_basis_limbs) {
317 limb.element.fix_witness();
318 }
319 prime_basis_limb.fix_witness();
320 }
321
322 Builder* get_context() const { return context; }
323
324 static constexpr uint512_t get_maximum_unreduced_value(const size_t num_products = 1)
325 {
326 // return (uint512_t(1) << 256);
327 uint1024_t maximum_product = uint1024_t(binary_basis.modulus) * uint1024_t(prime_basis.modulus) /
328 uint1024_t(static_cast<uint64_t>(num_products));
329 // TODO: compute square root (the following is a lower bound, so good for the CRT use)
330 uint64_t maximum_product_bits = maximum_product.get_msb() - 1;
331 return (uint512_t(1) << (maximum_product_bits >> 1)) - uint512_t(1);
332 }
333
334 static constexpr uint1024_t get_maximum_crt_product()
335 {
336 uint1024_t maximum_product = uint1024_t(binary_basis.modulus) * uint1024_t(prime_basis.modulus);
337 return maximum_product;
338 }
339
346 static size_t get_quotient_max_bits(const std::vector<uint1024_t>& remainders_max)
347 {
348 // find q_max * p + ...remainders_max < nT
349 uint1024_t base = get_maximum_crt_product();
350 for (const auto& r : remainders_max) {
351 base -= r;
352 }
353 base /= modulus_u512;
354 return static_cast<size_t>(base.get_msb() - 1);
355 }
356
366 static bool mul_product_overflows_crt_modulus(const uint1024_t& a_max,
367 const uint1024_t& b_max,
368 const std::vector<bigfield>& to_add)
369 {
370 uint1024_t product = a_max * b_max;
371 uint1024_t add_term;
372 for (const auto& add : to_add) {
373 add_term += add.get_maximum_value();
374 }
375 constexpr uint1024_t maximum_default_bigint = uint1024_t(1) << (NUM_LIMB_BITS * 6 + NUM_LAST_LIMB_BITS * 2);
376
377 // check that the add terms alone cannot overflow the crt modulus. v. unlikely so just forbid circuits that
378 // trigger this case
379 ASSERT(add_term + maximum_default_bigint < get_maximum_crt_product());
380 return ((product + add_term) >= get_maximum_crt_product());
381 }
382
392 static bool mul_product_overflows_crt_modulus(const std::vector<uint512_t>& as_max,
393 const std::vector<uint512_t>& bs_max,
394 const std::vector<bigfield>& to_add)
395 {
396 std::vector<uint1024_t> products;
397 ASSERT(as_max.size() == bs_max.size());
398 // Computing individual products
399 uint1024_t product_sum;
400 uint1024_t add_term;
401 for (size_t i = 0; i < as_max.size(); i++) {
402 product_sum += uint1024_t(as_max[i]) * uint1024_t(bs_max[i]);
403 }
404 for (const auto& add : to_add) {
405 add_term += add.get_maximum_value();
406 }
407 constexpr uint1024_t maximum_default_bigint = uint1024_t(1) << (NUM_LIMB_BITS * 6 + NUM_LAST_LIMB_BITS * 2);
408
409 // check that the add terms alone cannot overflow the crt modulus. v. unlikely so just forbid circuits that
410 // trigger this case
411 ASSERT(add_term + maximum_default_bigint < get_maximum_crt_product());
412 return ((product_sum + add_term) >= get_maximum_crt_product());
413 }
414 // static bool mul_quotient_crt_check(const uint1024_t& q, const std::vector<uint1024_t>& remainders)
415 // {
416 // uint1024_t product = (q * modulus_u512);
417 // for (const auto& add : remainders) {
418 // product += add;
419 // }
420 // std::cout << "product = " << product << std::endl;
421 // std::cout << "crt product = " << get_maximum_crt_product() << std::endl;
422
423 // if (product >= get_maximum_crt_product()) {
424 // count++;
425 // std::cout << "count = " << count << std::endl;
426 // }
427 // return (product >= get_maximum_crt_product());
428 // }
429 // a (currently generous) upper bound on the log of number of fr additions in any of the class operations
430 static constexpr uint64_t MAX_ADDITION_LOG = 10;
431 // the rationale of the expression is we should not overflow Fr when applying any bigfield operation (e.g. *) and
432 // starting with this max limb size
433 static constexpr uint64_t MAX_UNREDUCED_LIMB_SIZE =
434 (barretenberg::fr::modulus.get_msb() + 1) / 2 - MAX_ADDITION_LOG;
435
436 static constexpr uint256_t get_maximum_unreduced_limb_value() { return uint256_t(1) << MAX_UNREDUCED_LIMB_SIZE; }
437
438 static_assert(MAX_UNREDUCED_LIMB_SIZE < (NUM_LIMB_BITS * 2));
439 Builder* context;
440 mutable Limb binary_basis_limbs[4];
441 mutable field_t<Builder> prime_basis_limb;
442
443 private:
444 static std::pair<uint512_t, uint512_t> compute_quotient_remainder_values(const bigfield& a,
445 const bigfield& b,
446 const std::vector<bigfield>& to_add);
455 static uint512_t compute_maximum_quotient_value(const std::vector<uint512_t>& as,
456 const std::vector<uint512_t>& bs,
457 const std::vector<uint512_t>& to_add);
458
469 static std::pair<bool, size_t> get_quotient_reduction_info(const std::vector<uint512_t>& as_max,
470 const std::vector<uint512_t>& bs_max,
471 const std::vector<bigfield>& to_add,
472 const std::vector<uint1024_t>& remainders_max = {
473 DEFAULT_MAXIMUM_REMAINDER });
474
475 static void unsafe_evaluate_multiply_add(const bigfield& left,
476 const bigfield& right_mul,
477 const std::vector<bigfield>& to_add,
478 const bigfield& quotient,
479 const std::vector<bigfield>& remainders);
480
481 static void unsafe_evaluate_multiple_multiply_add(const std::vector<bigfield>& input_left,
482 const std::vector<bigfield>& input_right,
483 const std::vector<bigfield>& to_add,
484 const bigfield& input_quotient,
485 const std::vector<bigfield>& input_remainders);
486
487 static void unsafe_evaluate_square_add(const bigfield& left,
488 const std::vector<bigfield>& to_add,
489 const bigfield& quotient,
490 const bigfield& remainder);
491
492 static void evaluate_product(const bigfield& left,
493 const bigfield& right,
494 const bigfield& quotient,
495 const bigfield& remainder);
496 void reduction_check(const size_t num_products = 1) const;
497
498}; // namespace stdlib
499
500template <typename C, typename T> inline std::ostream& operator<<(std::ostream& os, bigfield<T, C> const& v)
501{
502 return os << v.get_value();
503}
504
505} // namespace stdlib
506} // namespace proof_system::plonk
507
508#include "bigfield_impl.hpp"
numeric::uint256_t
Definition: uint256.hpp:25
proof_system::StandardCircuitBuilder_
Definition: standard_circuit_builder.hpp:12
proof_system::plonk::stdlib::bigfield
Definition: bigfield.hpp:17
proof_system::plonk::stdlib::bigfield::madd
bigfield madd(const bigfield &to_mul, const std::vector< bigfield > &to_add) const
Definition: bigfield_impl.hpp:972
proof_system::plonk::stdlib::bigfield::dual_madd
static bigfield dual_madd(const bigfield &left_a, const bigfield &right_a, const bigfield &left_b, const bigfield &right_b, const std::vector< bigfield > &to_add)
Definition: bigfield_impl.hpp:1337
proof_system::plonk::stdlib::bigfield::bad_mul
bigfield bad_mul(const bigfield &other) const
proof_system::plonk::stdlib::bigfield::operator/
bigfield operator/(const bigfield &other) const
Definition: bigfield_impl.hpp:727
proof_system::plonk::stdlib::bigfield::mul_product_overflows_crt_modulus
static bool mul_product_overflows_crt_modulus(const std::vector< uint512_t > &as_max, const std::vector< uint512_t > &bs_max, const std::vector< bigfield > &to_add)
Definition: bigfield.hpp:392
proof_system::plonk::stdlib::bigfield::operator*
bigfield operator*(const bigfield &other) const
Definition: bigfield_impl.hpp:681
proof_system::plonk::stdlib::bigfield::unreduced_zero
static constexpr bigfield unreduced_zero()
Create an unreduced 0 ~ p*k, where p*k is the minimal multiple of modulus that should be reduced.
Definition: bigfield.hpp:283
proof_system::plonk::stdlib::bigfield::operator-
bigfield operator-(const bigfield &other) const
Definition: bigfield_impl.hpp:477
proof_system::plonk::stdlib::bigfield::sqradd
bigfield sqradd(const std::vector< bigfield > &to_add) const
Definition: bigfield_impl.hpp:904
proof_system::plonk::stdlib::bigfield::mult_madd
static bigfield mult_madd(const std::vector< bigfield > &mul_left, const std::vector< bigfield > &mul_right, const std::vector< bigfield > &to_add, bool fix_remainder_to_zero=false)
Definition: bigfield_impl.hpp:1167
proof_system::plonk::stdlib::bigfield::perform_reductions_for_mult_madd
static void perform_reductions_for_mult_madd(std::vector< bigfield > &mul_left, std::vector< bigfield > &mul_right, const std::vector< bigfield > &to_add)
Performs individual reductions on the supplied elements as well as more complex reductions to prevent...
Definition: bigfield_impl.hpp:1035
proof_system::plonk::stdlib::bigfield::create_from_u512_as_witness
static bigfield create_from_u512_as_witness(Builder *ctx, const uint512_t &value, const bool can_overflow=false, const size_t maximum_bitlength=0)
Creates a bigfield element from a uint512_t. Bigfield element is constructed as a witness and not a c...
Definition: bigfield_impl.hpp:176
proof_system::plonk::stdlib::bigfield::get_quotient_max_bits
static size_t get_quotient_max_bits(const std::vector< uint1024_t > &remainders_max)
Compute the maximum number of bits for quotient range proof to protect against CRT underflow.
Definition: bigfield.hpp:346
proof_system::plonk::stdlib::bigfield::div_without_denominator_check
static bigfield div_without_denominator_check(const std::vector< bigfield > &numerators, const bigfield &denominator)
Definition: bigfield_impl.hpp:842
proof_system::plonk::stdlib::bigfield::sum
static bigfield sum(const std::vector< bigfield > &terms)
Create constraints for summing these terms.
Definition: bigfield_impl.hpp:741
proof_system::plonk::stdlib::bigfield::sqr
bigfield sqr() const
Definition: bigfield_impl.hpp:866
proof_system::plonk::stdlib::bigfield::mul_product_overflows_crt_modulus
static bool mul_product_overflows_crt_modulus(const uint1024_t &a_max, const uint1024_t &b_max, const std::vector< bigfield > &to_add)
Definition: bigfield.hpp:366
proof_system::plonk::stdlib::bigfield::msub_div
static bigfield msub_div(const std::vector< bigfield > &mul_left, const std::vector< bigfield > &mul_right, const bigfield &divisor, const std::vector< bigfield > &to_sub, bool enable_divisor_nz_check=false)
Definition: bigfield_impl.hpp:1373
proof_system::plonk::stdlib::bigfield::conditional_select
bigfield conditional_select(const bigfield &other, const bool_t< Builder > &predicate) const
Create an element which is equal to either this or other based on the predicate.
Definition: bigfield_impl.hpp:1530
proof_system::plonk::stdlib::bigfield::convert_constant_to_fixed_witness
void convert_constant_to_fixed_witness(Builder *builder)
Definition: bigfield.hpp:302
proof_system::plonk::stdlib::bigfield::fix_witness
void fix_witness()
Definition: bigfield.hpp:314
proof_system::plonk::stdlib::bigfield::div_check_denominator_nonzero
static bigfield div_check_denominator_nonzero(const std::vector< bigfield > &numerators, const bigfield &denominator)
Definition: bigfield_impl.hpp:856
proof_system::plonk::stdlib::bigfield::zero
static bigfield zero()
Definition: bigfield.hpp:271
proof_system::plonk::stdlib::bigfield::add_to_lower_limb
bigfield add_to_lower_limb(const field_t< Builder > &other, uint256_t other_maximum_value) const
Add a field element to the lower limb. CAUTION (the element has to be constrained before using this f...
Definition: bigfield_impl.hpp:349
proof_system::plonk::stdlib::bigfield::internal_div
static bigfield internal_div(const std::vector< bigfield > &numerators, const bigfield &denominator, bool check_for_zero)
Definition: bigfield_impl.hpp:768
proof_system::plonk::stdlib::bigfield::one
static bigfield one()
Definition: bigfield.hpp:262
proof_system::plonk::stdlib::element
Definition: biggroup.hpp:22
proof_system::plonk::stdlib::field_t
Definition: field.hpp:10
proof_system::plonk::stdlib::field_t::additive_constant
barretenberg::fr additive_constant
Definition: field.hpp:379
proof_system::plonk::stdlib::field_t::witness_index
uint32_t witness_index
Definition: field.hpp:423
proof_system::plonk::stdlib::witness_t
Definition: witness.hpp:10
proof_system::plonk
Definition: widget.bench.cpp:13
barretenberg::field
Definition: field_declarations.hpp:24
proof_system::plonk::stdlib::bigfield::Basis
Definition: bigfield.hpp:23
proof_system::plonk::stdlib::bigfield::Limb
Definition: bigfield.hpp:28
Generated by doxygen 1.9.6