|
barretenberg
|
Circuit Logic generation for Goblin Plonk translator (checks equivalence of Queues/Transcripts for ECCVM and Recursive Circuits) More...
#include "goblin_translator_circuit_builder.hpp"#include "barretenberg/ecc/curves/bn254/fr.hpp"#include "barretenberg/numeric/uint256/uint256.hpp"#include "barretenberg/plonk/proof_system/constants.hpp"#include "barretenberg/proof_system/op_queue/ecc_op_queue.hpp"#include <cstddef>Typedefs | |
| using | proof_system::ECCVMOperation = ECCOpQueue::ECCVMOperation |
Functions | |
| template<typename Fq , typename Fr > | |
| GoblinTranslatorCircuitBuilder::AccumulationInput | proof_system::generate_witness_values (Fr op_code, Fr p_x_lo, Fr p_x_hi, Fr p_y_lo, Fr p_y_hi, Fr z1, Fr z2, Fq previous_accumulator, Fq batching_challenge_v, Fq evaluation_input_x) |
| Given the transcript values from the EccOpQueue, the values of the previous accumulator, batching challenge and input x, compute witness for one step of accumulation. | |
| template<typename Fq > | |
| GoblinTranslatorCircuitBuilder::AccumulationInput | proof_system::compute_witness_values_for_one_ecc_op (const ECCVMOperation &ecc_op, Fq previous_accumulator, Fq batching_challenge_v, Fq evaluation_input_x) |
| Given an ECCVM operation, previous accumulator and necessary challenges, compute witnesses for one accumulation. | |
| template GoblinTranslatorCircuitBuilder::AccumulationInput | proof_system::generate_witness_values (barretenberg::fr, barretenberg::fr, barretenberg::fr, barretenberg::fr, barretenberg::fr, barretenberg::fr, barretenberg::fr, barretenberg::fq, barretenberg::fq, barretenberg::fq) |
Circuit Logic generation for Goblin Plonk translator (checks equivalence of Queues/Transcripts for ECCVM and Recursive Circuits)
| GoblinTranslatorCircuitBuilder::AccumulationInput proof_system::compute_witness_values_for_one_ecc_op | ( | const ECCVMOperation & | ecc_op, |
| Fq | previous_accumulator, | ||
| Fq | batching_challenge_v, | ||
| Fq | evaluation_input_x | ||
| ) |
Given an ECCVM operation, previous accumulator and necessary challenges, compute witnesses for one accumulation.
| Fq |
| template GoblinTranslatorCircuitBuilder::AccumulationInput proof_system::generate_witness_values | ( | Fr | op_code, |
| Fr | p_x_lo, | ||
| Fr | p_x_hi, | ||
| Fr | p_y_lo, | ||
| Fr | p_y_hi, | ||
| Fr | z1, | ||
| Fr | z2, | ||
| Fq | previous_accumulator, | ||
| Fq | batching_challenge_v, | ||
| Fq | evaluation_input_x | ||
| ) |
Given the transcript values from the EccOpQueue, the values of the previous accumulator, batching challenge and input x, compute witness for one step of accumulation.
| Fq | |
| Fr |
| op_code | Opcode value |
| p_x_lo | Low 136 bits of P.x |
| p_x_hi | High 118 bits of P.x |
| p_y_lo | Low 136 bits of P.y |
| p_y_hi | High 118 bits of P.y |
| z1 | z1 scalar |
| z2 | z2 scalar |
| previous_accumulator | The value of the previous accumulator (we assume standard decomposition into limbs) |
| batching_challenge_v | The value of the challenge for batching polynomial evaluations |
| evaluation_input_x | The value at which we evaluate the polynomials |
A small function to transform a native element Fq into its bigfield representation in Fr scalars
We transform Fq into an integer and then split it into 68-bit limbs, then convert them to Fr.
A small function to transform a uint512_t element into its 4 68-bit limbs in Fr scalars
Split and integer stored in uint512_T into 4 68-bit chunks (we assume that it is lower than 2²⁷²), convert to Fr
A method for splitting wide limbs (P_x_lo, P_y_hi, etc) into two limbs
A method to split a full 68-bit limb into 5 14-bit limb and 1 shifted limb for a more secure constraint
A method to split the top 50-bit limb into 4 14-bit limbs and 1 shifted limb for a more secure constraint (plus there is 1 extra space for other constraints)
A method for splitting the top 60-bit z limb into microlimbs (differs from the 68-bit limb by the shift in the last limb)
Split a 72-bit relation limb into 6 14-bit limbs (we can allow the slack here, since we only need to ensure non-overflow of the modulus)
1.9.6