|
barretenberg
|
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l More...
#include <element.hpp>
Public Member Functions | |
| constexpr | element (const Fq &a, const Fq &b, const Fq &c) noexcept |
| constexpr | element (const element &other) noexcept |
| constexpr | element (element &&other) noexcept |
| constexpr | element (const affine_element< Fq, Fr, Params > &other) noexcept |
| constexpr element & | operator= (const element &other) noexcept |
| constexpr element & | operator= (element &&other) noexcept |
| constexpr | operator affine_element< Fq, Fr, Params > () const noexcept |
| constexpr element | dbl () const noexcept |
| constexpr void | self_dbl () noexcept |
| constexpr void | self_mixed_add_or_sub (const affine_element< Fq, Fr, Params > &other, uint64_t predicate) noexcept |
| constexpr element | operator+ (const element &other) const noexcept |
| constexpr element | operator+ (const affine_element< Fq, Fr, Params > &other) const noexcept |
| constexpr element | operator+= (const element &other) noexcept |
| constexpr element | operator+= (const affine_element< Fq, Fr, Params > &other) noexcept |
| constexpr element | operator- (const element &other) const noexcept |
| constexpr element | operator- (const affine_element< Fq, Fr, Params > &other) const noexcept |
| constexpr element | operator- () const noexcept |
| constexpr element | operator-= (const element &other) noexcept |
| constexpr element | operator-= (const affine_element< Fq, Fr, Params > &other) noexcept |
| element | operator* (const Fr &exponent) const noexcept |
| element | operator*= (const Fr &exponent) noexcept |
| constexpr element | normalize () const noexcept |
| BBERG_INLINE constexpr element | set_infinity () const noexcept |
| BBERG_INLINE constexpr void | self_set_infinity () noexcept |
| BBERG_INLINE constexpr bool | is_point_at_infinity () const noexcept |
| BBERG_INLINE constexpr bool | on_curve () const noexcept |
| BBERG_INLINE constexpr bool | operator== (const element &other) const noexcept |
| template<typename > | |
| element< Fq, Fr, T > | random_coordinates_on_curve (numeric::random::Engine *engine) noexcept |
Static Public Member Functions | |
| static constexpr element | one () noexcept |
| static constexpr element | zero () noexcept |
| static element | random_element (numeric::random::Engine *engine=nullptr) noexcept |
| static element | infinity () |
| static void | batch_normalize (element *elements, size_t num_elements) noexcept |
| static std::vector< affine_element< Fq, Fr, Params > > | batch_mul_with_endomorphism (const std::vector< affine_element< Fq, Fr, Params > > &points, const Fr &exponent) noexcept |
Public Attributes | |
| Fq | x |
| Fq | y |
| Fq | z |
Static Public Attributes | |
| static constexpr Fq | curve_b = Params::b |
Friends | |
| constexpr element | operator+ (const affine_element< Fq, Fr, Params > &left, const element &right) noexcept |
| constexpr element | operator- (const affine_element< Fq, Fr, Params > &left, const element &right) noexcept |
| std::ostream & | operator<< (std::ostream &os, const element &a) |
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
Note: Currently subgroup checks are NOT IMPLEMENTED Our current Plonk implementation uses G1 points that have a cofactor of 1. All G2 points are precomputed (generator [1]_2 and trusted setup point [x]_2). Explicitly assume precomputed points are valid members of the prime-order subgroup for G2.
| Fq | prime field the curve is defined over |
| Fr | prime field whose characteristic equals the size of the prime-order elliptic curve subgroup |
| Params | curve parameters |
|
staticnoexcept |
We now proceed to iterate back down the array of points. At each iteration we update the accumulator to contain the z-coordinate of the currently worked-upon z-coordinate. We can then multiply this accumulator with temporaries, to get a scalar that is equal to the inverse of the z-coordinate of the point at the next iteration cycle e.g. Imagine we have 4 points, such that:
accumulator = 1 / z.data[0]*z.data[1]*z.data[2]*z.data[3] temporaries[3] = z.data[0]*z.data[1]*z.data[2] temporaries[2] = z.data[0]*z.data[1] temporaries[1] = z.data[0] temporaries[0] = 1
At the first iteration, accumulator * temporaries[3] = z.data[0]*z.data[1]*z.data[2] / z.data[0]*z.data[1]*z.data[2]*z.data[3] = (1 / z.data[3]) We then update accumulator, such that:
accumulator = accumulator * z.data[3] = 1 / z.data[0]*z.data[1]*z.data[2]
At the second iteration, accumulator * temporaries[2] = z.data[0]*z.data[1] / z.data[0]*z.data[1]*z.data[2] = (1 z.data[2]) And so on, until we have computed every z-inverse!
We can then convert out of Jacobian form (x = X / Z^2, y = Y / Z^3) with 4 muls and 1 square.
1.9.6