|
|
using | CycleGroup = typename Flavor::CycleGroup |
| |
|
using | FF = typename Flavor::FF |
| |
|
using | Polynomial = typename Flavor::Polynomial |
| |
|
using | CycleScalar = typename CycleGroup::subgroup_field |
| |
|
using | Element = typename CycleGroup::element |
| |
|
using | AffineElement = typename CycleGroup::affine_element |
| |
|
using | MSM = proof_system_eccvm::MSM< CycleGroup > |
| |
|
using | VMOperation = proof_system_eccvm::VMOperation< CycleGroup > |
| |
|
using | ScalarMul = proof_system_eccvm::ScalarMul< CycleGroup > |
| |
|
using | ProverPolynomials = typename Flavor::ProverPolynomials |
| |
|
|
| ECCVMCircuitBuilder (std::shared_ptr< ECCOpQueue > &op_queue) |
| |
|
uint32_t | get_number_of_muls () const |
| |
| std::vector< MSM > | get_msms () const |
| |
|
void | add_accumulate (const AffineElement &to_add) |
| |
|
void | mul_accumulate (const AffineElement &to_mul, const CycleScalar &scalar) |
| |
|
void | eq_and_reset (const AffineElement &expected) |
| |
|
void | empty_row () |
| |
| ProverPolynomials | compute_polynomials () |
| | Compute the ECCVM flavor polynomial data required to generate an ECCVM Proof.
|
| |
|
bool | check_circuit () |
| |
|
size_t | get_num_gates () const |
| |
|
size_t | get_circuit_subgroup_size (const size_t num_rows) const |
| |
|
|
static std::vector< ScalarMul > | get_flattened_scalar_muls (const std::vector< MSM > &msms) |
| |
|
|
static constexpr size_t | NUM_SCALAR_BITS = proof_system_eccvm::NUM_SCALAR_BITS |
| |
|
static constexpr size_t | WNAF_SLICE_BITS = proof_system_eccvm::WNAF_SLICE_BITS |
| |
|
static constexpr size_t | NUM_WNAF_SLICES = proof_system_eccvm::NUM_WNAF_SLICES |
| |
|
static constexpr uint64_t | WNAF_MASK = proof_system_eccvm::WNAF_MASK |
| |
|
static constexpr size_t | POINT_TABLE_SIZE = proof_system_eccvm::POINT_TABLE_SIZE |
| |
|
static constexpr size_t | WNAF_SLICES_PER_ROW = proof_system_eccvm::WNAF_SLICES_PER_ROW |
| |
|
static constexpr size_t | ADDITIONS_PER_ROW = proof_system_eccvm::ADDITIONS_PER_ROW |
| |
|
static constexpr size_t | NUM_POLYNOMIALS = Flavor::NUM_ALL_ENTITIES |
| |
|
static constexpr size_t | NUM_WIRES = Flavor::NUM_WIRES |
| |
◆ compute_polynomials()
Compute the ECCVM flavor polynomial data required to generate an ECCVM Proof.
RawPolynomial member polynomials that this fn must populate described below For full details see flavor/ecc_vm.hpp
lagrange_first: lagrange_first[0] = 1, 0 elsewhere lagrange_second: lagrange_second[1] = 1, 0 elsewhere lagrange_last: lagrange_last[lagrange_last.size() - 1] = 1, 0 elsewhere transcript_add/mul/eq/reset_accumulator: boolean selectors that toggle add/mul/eq/reset opcodes transcript_collision_check: used to ensure any point being added into eccvm accumulator does not trigger incomplete addition rules transcript_msm_transition: is current transcript row the final mul opcode of a multiscalar multiplication? transcript_pc: point counter for transcript columns transcript_msm_count: counts number of muls processed in an ongoing multiscalar multiplication transcript_Px: input transcript point, x-coordinate transcript_Py: input transcriot point, y-coordinate transcript_op: input transcript opcode value transcript_z1: input transcript scalar multiplier (low component, 128 bits max) transcript_z2: input transcript scalar multipplier (high component, 128 bits max) N.B. scalar multiplier = transcript_z1 + \lambda * transcript_z2. \lambda = cube root of unity in scalar field transcript_z1zero: if 1, transcript_z1 must equal 0 transcript_z2zero: if 1, transcript_z2 must equal 0 transcript_accumulator_x: x-coordinate of eccvm accumulator register transcript_accumulator_y: y-coordinate of eccvm accumulator register transcript_msm_x: x-coordinate of MSM output transcript_msm_y: y-coordinate of MSM output transcript_accumulator_empty: if 1, transcript_accumulator = point at infinity precompute_pc: point counter for Straus precomputation columns precompute_select: if 1, evaluate Straus precomputation algorithm at current row precompute_point_transition: 1 if current row operating on a different point to previous row precompute_round: round counter for Straus precomputation algorithm precompute_scalar_sum: accumulating sum of Straus scalar slices precompute_s1hi/lo: 2-bit hi/lo components of a Straus 4-bit scalar slice precompute_s2hilo/precompute_s3hi/loprecompute_s4hi/lo: same as above but for a total of 4 Straus 4-bit scalar slices precompute_skew: Straus WNAF skew parameter for a single scalar multiplier precompute_tx: x-coordinate of point accumulator used to generate Straus lookup table for an input point (from transcript) precompute_tx: x-coordinate of point accumulator used to generate Straus lookup table for an input point (from transcript) precompute_dx: x-coordinate of D = 2 * input point we are evaluating Straus over precompute_dy: y-coordinate of D msm_pc: point counter for Straus MSM columns msm_transition: 1 if current row evaluates different MSM to previous row msm_add: 1 if we are adding points in Straus MSM algorithm at current row msm_double: 1 if we are doubling accumulator in Straus MSM algorithm at current row msm_skew: 1 if we are adding skew points in Straus MSM algorithm at current row msm_size_of_msm: size of multiscalar multiplication current row is a part of msm_round: describes which round of the Straus MSM algorithm the current row represents msm_count: number of points processed for the round indicated by msm_round msm_x1: x-coordinate of potential point in Straus MSM round msm_y1: y-coordinate of potential point in Straus MSM round msm_x2: x-coordinate of potential point in Straus MSM round msm_y2: y-coordinate of potential point in Straus MSM round msm_x3: x-coordinate of potential point in Straus MSM round msm_y3: y-coordinate of potential point in Straus MSM round msm_x4: x-coordinate of potential point in Straus MSM round msm_y4: y-coordinate of potential point in Straus MSM round msm_add1: are we adding msm_x1/msm_y1 into accumulator at current round? msm_add2: are we adding msm_x2/msm_y2 into accumulator at current round? msm_add3: are we adding msm_x3/msm_y3 into accumulator at current round? msm_add4: are we adding msm_x4/msm_y4 into accumulator at current round? msm_lambda1: temp variable used for ecc point addition algorithm if msm_add1 = 1 msm_lambda2: temp variable used for ecc point addition algorithm if msm_add2 = 1 msm_lambda3: temp variable used for ecc point addition algorithm if msm_add3 = 1 msm_lambda4: temp variable used for ecc point addition algorithm if msm_add4 = 1 msm_collision_x1: used to ensure incomplete ecc addition exceptions not triggered if msm_add1 = 1 msm_collision_x2: used to ensure incomplete ecc addition exceptions not triggered if msm_add2 = 1 msm_collision_x3: used to ensure incomplete ecc addition exceptions not triggered if msm_add3 = 1 msm_collision_x4: used to ensure incomplete ecc addition exceptions not triggered if msm_add4 = 1 lookup_read_counts_0: stores number of times a point has been read from a Straus precomputation table (reads come from msm_x/y1, msm_x/y2) lookup_read_counts_1: stores number of times a point has been read from a Straus precomputation table (reads come from msm_x/y3, msm_x/y4)
- Returns
- ProverPolynomials
◆ get_msms()
For input point [P], return { -15[P], -13[P], ..., -[P], [P], ..., 13[P], 15[P] }
The documentation for this class was generated from the following file:
