barretenberg
Loading...
Searching...
No Matches
ecc_op_queue.hpp
1#pragma once
2
3#include "barretenberg/ecc/curves/bn254/bn254.hpp"
4#include "barretenberg/proof_system/circuit_builder/eccvm/eccvm_builder_types.hpp"
5
6namespace proof_system {
7
8enum EccOpCode { NULL_OP, ADD_ACCUM, MUL_ACCUM, EQUALITY };
9
18class ECCOpQueue {
19 using Curve = curve::BN254;
20 using Point = Curve::AffineElement;
21 using Fr = Curve::ScalarField;
22 using Fq = Curve::BaseField; // Grumpkin's scalar field
23 Point point_at_infinity = Curve::Group::affine_point_at_infinity;
24
25 // The operations written to the queue are also performed natively; the result is stored in accumulator
26 Point accumulator = point_at_infinity;
27
28 public:
29 using ECCVMOperation = proof_system_eccvm::VMOperation<Curve::Group>;
30 std::vector<ECCVMOperation> raw_ops;
31 std::array<std::vector<Fr>, 4> ultra_ops; // ops encoded in the width-4 Ultra format
32
33 size_t current_ultra_ops_size = 0; // M_i
34 size_t previous_ultra_ops_size = 0; // M_{i-1}
35
36 std::array<Point, 4> ultra_ops_commitments;
37 std::array<Point, 4> previous_ultra_ops_commitments;
38
39 Point get_accumulator() { return accumulator; }
40
47 void set_size_data()
48 {
49 previous_ultra_ops_size = current_ultra_ops_size;
50 current_ultra_ops_size = ultra_ops[0].size();
51 }
52
53 [[nodiscard]] size_t get_previous_size() const { return previous_ultra_ops_size; }
54 [[nodiscard]] size_t get_current_size() const { return current_ultra_ops_size; }
55
56 void set_commitment_data(std::array<Point, 4>& commitments)
57 {
58 previous_ultra_ops_commitments = ultra_ops_commitments;
59 ultra_ops_commitments = commitments;
60 }
61
67 std::vector<std::span<Fr>> get_aggregate_transcript()
68 {
69 std::vector<std::span<Fr>> result;
70 result.reserve(ultra_ops.size());
71 for (auto& entry : ultra_ops) {
72 result.emplace_back(entry);
73 }
74 return result;
75 }
76
82 std::vector<std::span<Fr>> get_previous_aggregate_transcript()
83 {
84 std::vector<std::span<Fr>> result;
85 result.reserve(ultra_ops.size());
86 // Construct T_{i-1} as a view of size M_{i-1} into T_i
87 for (auto& entry : ultra_ops) {
88 result.emplace_back(entry.begin(), previous_ultra_ops_size);
89 }
90 return result;
91 }
92
102 void populate_with_mock_initital_data()
103 {
104 // Add a single row of data to the op queue and commit to each column as [1] * FF(data)
105 std::array<Point, 4> mock_op_queue_commitments;
106 for (size_t idx = 0; idx < 4; idx++) {
107 auto mock_data = Fr::random_element();
108 this->ultra_ops[idx].emplace_back(mock_data);
109 mock_op_queue_commitments[idx] = Point::one() * mock_data;
110 }
111 // Set some internal data based on the size of the op queue data
112 this->set_size_data();
113 // Add the commitments to the op queue data for use by the next circuit
114 this->set_commitment_data(mock_op_queue_commitments);
115 }
116
122 void add_accumulate(const Point& to_add)
123 {
124 // Update the accumulator natively
125 accumulator = accumulator + to_add;
126
127 // Store the operation
128 raw_ops.emplace_back(ECCVMOperation{
129 .add = true,
130 .mul = false,
131 .eq = false,
132 .reset = false,
133 .base_point = to_add,
134 .z1 = 0,
135 .z2 = 0,
136 .mul_scalar_full = 0,
137 });
138 }
139
145 void mul_accumulate(const Point& to_mul, const Fr& scalar)
146 {
147 // Update the accumulator natively
148 accumulator = accumulator + to_mul * scalar;
149
150 // Store the operation
151 Fr z1 = 0;
152 Fr z2 = 0;
153 auto converted = scalar.from_montgomery_form();
154 Fr::split_into_endomorphism_scalars(converted, z1, z2);
155 z1 = z1.to_montgomery_form();
156 z2 = z2.to_montgomery_form();
157 raw_ops.emplace_back(ECCVMOperation{
158 .add = false,
159 .mul = true,
160 .eq = false,
161 .reset = false,
162 .base_point = to_mul,
163 .z1 = z1,
164 .z2 = z2,
165 .mul_scalar_full = scalar,
166 });
167 }
168
174 Point eq()
175 {
176 auto expected = accumulator;
177 accumulator.self_set_infinity(); // TODO(luke): is this always desired?
178
179 raw_ops.emplace_back(ECCVMOperation{
180 .add = false,
181 .mul = false,
182 .eq = true,
183 .reset = true,
184 .base_point = expected,
185 .z1 = 0,
186 .z2 = 0,
187 .mul_scalar_full = 0,
188 });
189
190 return expected;
191 }
192
197 void empty_row()
198 {
199 raw_ops.emplace_back(ECCVMOperation{
200 .add = false,
201 .mul = false,
202 .eq = false,
203 .reset = false,
204 .base_point = point_at_infinity,
205 .z1 = 0,
206 .z2 = 0,
207 .mul_scalar_full = 0,
208 });
209 }
210};
211
212} // namespace proof_system
curve::BN254
Definition: bn254.hpp:10
proof_system::ECCOpQueue
Used to construct execution trace representations of elliptic curve operations.
Definition: ecc_op_queue.hpp:18
proof_system::ECCOpQueue::get_previous_aggregate_transcript
std::vector< std::span< Fr > > get_previous_aggregate_transcript()
Get a 'view' of the previous ultra ops object.
Definition: ecc_op_queue.hpp:82
proof_system::ECCOpQueue::empty_row
void empty_row()
Write empty row to queue.
Definition: ecc_op_queue.hpp:197
proof_system::ECCOpQueue::add_accumulate
void add_accumulate(const Point &to_add)
Write point addition op to queue and natively perform addition.
Definition: ecc_op_queue.hpp:122
proof_system::ECCOpQueue::set_size_data
void set_size_data()
Set the current and previous size of the ultra_ops transcript.
Definition: ecc_op_queue.hpp:47
proof_system::ECCOpQueue::populate_with_mock_initital_data
void populate_with_mock_initital_data()
TESTING PURPOSES ONLY: Populate ECC op queue with mock data as stand in for "previous circuit" in tes...
Definition: ecc_op_queue.hpp:102
proof_system::ECCOpQueue::get_aggregate_transcript
std::vector< std::span< Fr > > get_aggregate_transcript()
Get a 'view' of the current ultra ops object.
Definition: ecc_op_queue.hpp:67
proof_system::ECCOpQueue::eq
Point eq()
Write equality op using internal accumulator point.
Definition: ecc_op_queue.hpp:174
proof_system::ECCOpQueue::mul_accumulate
void mul_accumulate(const Point &to_mul, const Fr &scalar)
Write multiply and add op to queue and natively perform operation.
Definition: ecc_op_queue.hpp:145
barretenberg::field< Bn254FrParams >::split_into_endomorphism_scalars
static void split_into_endomorphism_scalars(const field &k, field &k1, field &k2)
Definition: field_declarations.hpp:320
proof_system_eccvm::VMOperation
Definition: eccvm_builder_types.hpp:15
Generated by doxygen 1.9.6