cycle_scalar represents a member of the cycle curve SCALAR FIELD. This is NOT the native circuit field type. i.e. for a BN254 circuit, cycle_group will be Grumpkin and cycle_scalar will be Grumpkin::ScalarField (BN254 native field is BN254::ScalarField == Grumpkin::BaseField)
More...
#include <cycle_group.hpp>
|
|
| cycle_scalar (const field_t &_lo, const field_t &_hi, const size_t bits, const bool skip_primality_test, const bool use_bn254_scalar_field_for_primality_test) |
| |
|
| cycle_scalar (const ScalarField &_in=0) |
| |
|
| cycle_scalar (const field_t &_lo, const field_t &_hi) |
| |
|
| cycle_scalar (const field_t &_in) |
| |
|
bool | is_constant () const |
| |
|
ScalarField | get_value () const |
| |
|
Composer * | get_context () const |
| |
|
size_t | num_bits () const |
| |
|
bool | skip_primality_test () const |
| |
|
bool | use_bn254_scalar_field_for_primality_test () const |
| |
| void | validate_scalar_is_in_field () const |
| | Checks that a cycle_scalar value is smaller than a prime field modulus when evaluated over the INTEGERS N.B. The prime we check can be either the SNARK curve group order or the circuit's embedded curve group order (i.e. BN254 or Grumpkin) For a canonical scalar mul, we check against the embedded curve (i.e. the curve cycle_group implements). HOWEVER: for Pedersen hashes and Pedersen commitments, the hashed/committed data will be native circuit field elements i.e. for a BN254 snark, cycle_group = Grumpkin and we will be committing/hashing BN254::ScalarField values NOT Grumpkin::ScalarFIeld values. TLDR: whether the input scalar has to be < BN254::ScalarField or < Grumpkin::ScalarField is context-dependent.
|
| |
|
|
static cycle_scalar | from_witness (Composer *context, const ScalarField &value) |
| |
| static cycle_scalar | from_witness_bitstring (Composer *context, const uint256_t &bitstring, size_t num_bits) |
| | Use when we want to multiply a group element by a string of bits of known size. N.B. using this constructor method will make our scalar multiplication methods not perform primality tests.
|
| |
| static cycle_scalar | create_from_bn254_scalar (const field_t &_in, bool skip_primality_test=false) |
| | Use when we want to multiply a group element by a string of bits of known size. N.B. using this constructor method will make our scalar multiplication methods not perform primality tests.
|
| |
|
|
static constexpr size_t | LO_BITS = plookup::FixedBaseParams::BITS_PER_LO_SCALAR |
| |
|
static constexpr size_t | HI_BITS = NUM_BITS - LO_BITS |
| |
template<typename
Composer>
struct proof_system::plonk::stdlib::cycle_group< Composer >::cycle_scalar
cycle_scalar represents a member of the cycle curve SCALAR FIELD. This is NOT the native circuit field type. i.e. for a BN254 circuit, cycle_group will be Grumpkin and cycle_scalar will be Grumpkin::ScalarField (BN254 native field is BN254::ScalarField == Grumpkin::BaseField)
We convert scalar multiplication inputs into cycle_scalars to enable scalar multiplication to be complete i.e. Grumpkin points multiplied by BN254 scalars does not produce a cyclic group as BN254::ScalarField < Grumpkin::ScalarField This complexity should not leak outside the cycle_group / cycle_scalar implementations, as cycle_scalar performs all required conversions if the input scalars are stdlib::field_t elements
- Note
- We opted to create a new class to represent
cycle_scalar instead of using bigfield, as bigfield is inefficient in this context. All required range checks for cycle_scalar can be obtained for free from the batch_mul algorithm, making the range checks performed by bigfield largely redundant.
◆ create_from_bn254_scalar()
Use when we want to multiply a group element by a string of bits of known size. N.B. using this constructor method will make our scalar multiplication methods not perform primality tests.
- Template Parameters
-
- Parameters
-
- Returns
- cycle_group<Composer>::cycle_scalar
◆ from_witness_bitstring()
Use when we want to multiply a group element by a string of bits of known size. N.B. using this constructor method will make our scalar multiplication methods not perform primality tests.
- Template Parameters
-
- Parameters
-
- Returns
- cycle_group<Composer>::cycle_scalar
◆ validate_scalar_is_in_field()
Checks that a cycle_scalar value is smaller than a prime field modulus when evaluated over the INTEGERS N.B. The prime we check can be either the SNARK curve group order or the circuit's embedded curve group order (i.e. BN254 or Grumpkin) For a canonical scalar mul, we check against the embedded curve (i.e. the curve cycle_group implements). HOWEVER: for Pedersen hashes and Pedersen commitments, the hashed/committed data will be native circuit field elements i.e. for a BN254 snark, cycle_group = Grumpkin and we will be committing/hashing BN254::ScalarField values NOT Grumpkin::ScalarFIeld values. TLDR: whether the input scalar has to be < BN254::ScalarField or < Grumpkin::ScalarField is context-dependent.
- Template Parameters
-
The documentation for this struct was generated from the following files:
- src/barretenberg/stdlib/primitives/group/cycle_group.hpp
- src/barretenberg/stdlib/primitives/group/cycle_group.cpp
