barretenberg::group_elements::affine_element< Fq, Fr, Params > Class Template Reference

Public Types
using	in_buf = const uint8_t *
using	vec_in_buf = const uint8_t *
using	out_buf = uint8_t *
using	vec_out_buf = uint8_t **

Public Member Functions
constexpr	affine_element (const Fq &a, const Fq &b) noexcept
constexpr	affine_element (const affine_element &other) noexcept=default
constexpr	affine_element (affine_element &&other) noexcept=default
constexpr affine_element &	operator= (const affine_element &other) noexcept=default
constexpr affine_element &	operator= (affine_element &&other) noexcept=default
constexpr affine_element	operator+ (const affine_element &other) const noexcept
template<typename BaseField = Fq, typename CompileTimeEnabled = std::enable_if_t<(BaseField::modulus >> 255) == uint256_t(0), void>>
constexpr uint256_t	compress () const noexcept
constexpr affine_element	set_infinity () const noexcept
constexpr void	self_set_infinity () noexcept
constexpr bool	is_point_at_infinity () const noexcept
constexpr bool	on_curve () const noexcept
constexpr bool	operator== (const affine_element &other) const noexcept
constexpr affine_element	operator- () const noexcept
constexpr bool	operator> (const affine_element &other) const noexcept
constexpr bool	operator< (const affine_element &other) const noexcept
std::vector< uint8_t >	to_buffer () const
	Serialize the point to a byte vector.
	MSGPACK_FIELDS (x, y)
template<typename BaseField , typename CompileTimeEnabled >
constexpr affine_element< Fq, Fr, T >	from_compressed (const uint256_t &compressed) noexcept
template<typename BaseField , typename CompileTimeEnabled >
constexpr std::array< affine_element< Fq, Fr, T >, 2 >	from_compressed_unsafe (const uint256_t &compressed) noexcept

Static Public Member Functions
static constexpr affine_element	one () noexcept
template<typename BaseField = Fq, typename CompileTimeEnabled = std::enable_if_t<(BaseField::modulus >> 255) == uint256_t(0), void>>
static constexpr affine_element	from_compressed (const uint256_t &compressed) noexcept
	Reconstruct a point in affine coordinates from compressed form.
template<typename BaseField = Fq, typename CompileTimeEnabled = std::enable_if_t<(BaseField::modulus >> 255) == uint256_t(1), void>>
static constexpr std::array< affine_element, 2 >	from_compressed_unsafe (const uint256_t &compressed) noexcept
	Reconstruct a point in affine coordinates from compressed form.
static affine_element	infinity ()
static constexpr std::optional< affine_element >	derive_from_x_coordinate (const Fq &x, bool sign_bit) noexcept
static affine_element	random_element (numeric::random::Engine *engine=nullptr) noexcept
	Samples a random point on the curve.
static constexpr affine_element	hash_to_curve (const std::vector< uint8_t > &seed, uint8_t attempt_count=0) noexcept
	Hash a seed buffer into a point.
static void	serialize_to_buffer (const affine_element &value, uint8_t *buffer)
	Serialize the point to the given buffer.
static affine_element	serialize_from_buffer (uint8_t *buffer)
	Restore point from a buffer.

Public Attributes
Fq	x
Fq	y

Friends
std::ostream &	operator<< (std::ostream &os, const affine_element &a)

Member Function Documentation

from_compressed()

template<typename Fq , typename Fr , typename Params >

template<typename BaseField = Fq, typename CompileTimeEnabled = std::enable_if_t<(BaseField::modulus >> 255) == uint256_t(0), void>>

static constexpr affine_element barretenberg::group_elements::affine_element< Fq, Fr, Params >::from_compressed ( const uint256_t &  compressed )

staticconstexprnoexcept

Reconstruct a point in affine coordinates from compressed form.

#LARGE_MODULUS_AFFINE_POINT_COMPRESSION Point compression is only implemented for curves of a prime field F_p with p using < 256 bits. One possiblity for extending to a 256-bit prime field: https://patents.google.com/patent/US6252960B1/en.

Parameters

compressed

compressed point

Returns

constexpr affine_element

from_compressed_unsafe()

template<typename Fq , typename Fr , typename Params >

template<typename BaseField = Fq, typename CompileTimeEnabled = std::enable_if_t<(BaseField::modulus >> 255) == uint256_t(1), void>>

static constexpr std::array< affine_element, 2 > barretenberg::group_elements::affine_element< Fq, Fr, Params >::from_compressed_unsafe ( const uint256_t &  compressed )

staticconstexprnoexcept

Reconstruct a point in affine coordinates from compressed form.

#LARGE_MODULUS_AFFINE_POINT_COMPRESSION Point compression is implemented for curves of a prime field F_p with p being 256 bits. TODO(Suyash): Check with kesha if this is correct.

Parameters

compressed

compressed point

Returns

constexpr affine_element

hash_to_curve()

template<class Fq , class Fr , class T >
requires SupportsHashToCurve<Params>

constexpr affine_element< Fq, Fr, T > barretenberg::group_elements::affine_element< Fq, Fr, T >::hash_to_curve ( const std::vector< uint8_t > &  seed, uint8_t  attempt_count = 0  )

staticconstexprnoexcept

Hash a seed buffer into a point.

ALGORITHM DESCRIPTION:

1. Initialize unsigned integer attempt_count = 0
2. Copy seed into a buffer whose size is 2 bytes greater than seed (initialized to 0)
3. Interpret attempt_count as a byte and write into buffer at [buffer.size() - 2]
4. Compute Blake3s hash of buffer
5. Set the end byte of the buffer to 1
6. Compute Blake3s hash of buffer
7. Interpret the two hash outputs as the high / low 256 bits of a 512-bit integer (big-endian)
8. Derive x-coordinate of point by reducing the 512-bit integer modulo the curve's field modulus (Fq)
9. Compute y^2 from the curve formula y^2 = x^3 + ax + b (a, b are curve params. for BN254, a = 0, b = 3)
10. IF y^2 IS NOT A QUADRATIC RESIDUE 10a. increment attempt_count by 1 and go to step 2
11. IF y^2 IS A QUADRATIC RESIDUE 11a. derive y coordinate via y = sqrt(y) 11b. Interpret most significant bit of 512-bit integer as a 'parity' bit 11c. If parity bit is set AND y's most significant bit is not set, invert y 11d. If parity bit is not set AND y's most significant bit is set, invert y N.B. last 2 steps are because the sqrt() algorithm can return 2 values, we need to a way to canonically distinguish between these 2 values and select a "preferred" one 11e. return (x, y)

Note

This algorihm is constexpr: we can hash-to-curve (and derive generators) at compile-time!

Template Parameters

Fq
Fr
T

Parameters

seed	Bytes that uniquely define the point being generated
attempt_count

Returns

constexpr affine_element<Fq, Fr, T>

operator>()

template<class Fq , class Fr , class T >

constexpr bool barretenberg::group_elements::affine_element< Fq, Fr, T >::operator> ( const affine_element< Fq, Fr, Params > &  other ) const

constexprnoexcept

Comparison operators (for std::sort)

CAUTION!! Don't use this operator. It has no meaning other than for use by std::sort.

random_element()

template<typename Fq , typename Fr , typename T >

affine_element< Fq, Fr, T > barretenberg::group_elements::affine_element< Fq, Fr, T >::random_element ( numeric::random::Engine *  engine = nullptr )

staticnoexcept

Samples a random point on the curve.

Returns

A randomly chosen point on the curve

serialize_from_buffer()

template<typename Fq , typename Fr , typename Params >

static affine_element barretenberg::group_elements::affine_element< Fq, Fr, Params >::serialize_from_buffer ( uint8_t *  buffer )

inlinestatic

Restore point from a buffer.

Parameters

buffer

Buffer from which we deserialize the point

Returns

Deserialized point

We support serializing the point at infinity for curves defined over a barretenberg::field (i.e., a native field of prime order) and for points of barretenberg::g2.

Warning

This will need to be updated if we serialize points over composite-order fields other than fq2!

serialize_to_buffer()

template<typename Fq , typename Fr , typename Params >

static void barretenberg::group_elements::affine_element< Fq, Fr, Params >::serialize_to_buffer ( const affine_element< Fq, Fr, Params > &  value, uint8_t *  buffer  )

inlinestatic

Serialize the point to the given buffer.

We support serializing the point at infinity for curves defined over a barretenberg::field (i.e., a native field of prime order) and for points of barretenberg::g2.

Warning

This will need to be updated if we serialize points over composite-order fields other than fq2!

to_buffer()

template<typename Fq , typename Fr , typename Params >

std::vector< uint8_t > barretenberg::group_elements::affine_element< Fq, Fr, Params >::to_buffer ( ) const

inline

Serialize the point to a byte vector.

Returns

Vector with serialized representation of the point

---

The documentation for this class was generated from the following files:

• src/barretenberg/ecc/groups/affine_element.hpp
• src/barretenberg/ecc/groups/affine_element_impl.hpp