From ea36bf9bbd5e22ba4c566b08a4c8410e46175c70 Mon Sep 17 00:00:00 2001 From: maramihali Date: Tue, 21 May 2024 18:00:23 +0100 Subject: [PATCH] chore: parameterise cycle_group by `Builder` rather than `Composer` (#6565) Remaining cleanup from the time when the entire `stdlib` was still parameterised by Composer since they were together. --- .../stdlib/primitives/group/cycle_group.cpp | 307 +++++++++--------- .../stdlib/primitives/group/cycle_group.hpp | 65 ++-- 2 files changed, 186 insertions(+), 186 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.cpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.cpp index 51cc5554ebc..d3b7143af1c 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.cpp @@ -7,8 +7,8 @@ #include "barretenberg/stdlib_circuit_builders/plookup_tables/types.hpp" namespace bb::stdlib { -template -cycle_group::cycle_group(Composer* _context) +template +cycle_group::cycle_group(Builder* _context) : x(0) , y(0) , _is_infinity(true) @@ -17,14 +17,14 @@ cycle_group::cycle_group(Composer* _context) {} /** - * @brief Construct a new cycle group::cycle group object + * @brief Construct a new cycle group::cycle group object * * @param _x * @param _y * @param is_infinity */ -template -cycle_group::cycle_group(field_t _x, field_t _y, bool_t is_infinity) +template +cycle_group::cycle_group(field_t _x, field_t _y, bool_t is_infinity) : x(_x.normalize()) , y(_y.normalize()) , _is_infinity(is_infinity) @@ -40,20 +40,20 @@ cycle_group::cycle_group(field_t _x, field_t _y, bool_t is_infinity) } /** - * @brief Construct a new cycle group::cycle group object + * @brief Construct a new cycle group::cycle group object * * @details is_infinity is a circuit constant. We EXPLICITLY require that whether this point is infinity/not infinity is * known at circuit-construction time *and* we know this point is on the curve. These checks are not constrained. * Use from_witness if these conditions are not met. * Examples of when conditions are met: point is a derived from a point that is on the curve + not at infinity. * e.g. output of a doubling operation - * @tparam Composer + * @tparam Builder * @param _x * @param _y * @param is_infinity */ -template -cycle_group::cycle_group(const FF& _x, const FF& _y, bool is_infinity) +template +cycle_group::cycle_group(const FF& _x, const FF& _y, bool is_infinity) : x(_x) , y(_y) , _is_infinity(is_infinity) @@ -69,11 +69,11 @@ cycle_group::cycle_group(const FF& _x, const FF& _y, bool is_infinity) * @note This produces a circuit-constant object i.e. known at compile-time, no constraints. * If `_in` is not fixed for a given circuit, use `from_witness` instead * - * @tparam Composer + * @tparam Builder * @param _in */ -template -cycle_group::cycle_group(const AffineElement& _in) +template +cycle_group::cycle_group(const AffineElement& _in) : x(_in.x) , y(_in.y) , _is_infinity(_in.is_point_at_infinity()) @@ -88,13 +88,13 @@ cycle_group::cycle_group(const AffineElement& _in) * If an element is being converted where it is known the element is on the curve and/or cannot be point at * infinity, it is best to use other methods (e.g. direct conversion of field_t coordinates) * - * @tparam Composer + * @tparam Builder * @param _context * @param _in - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::from_witness(Composer* _context, const AffineElement& _in) +template +cycle_group cycle_group::from_witness(Builder* _context, const AffineElement& _in) { cycle_group result(_context); result.x = field_t(witness_t(_context, _in.x)); @@ -112,13 +112,13 @@ cycle_group cycle_group::from_witness(Composer* _context, co * it can be more efficient to convert the constant element into a witness. This is because we have custom gates * that evaluate additions in one constraint, but only if both operands are witnesses. * - * @tparam Composer + * @tparam Builder * @param _context * @param _in - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::from_constant_witness(Composer* _context, const AffineElement& _in) +template +cycle_group cycle_group::from_constant_witness(Builder* _context, const AffineElement& _in) { cycle_group result(_context); result.x = field_t(witness_t(_context, _in.x)); @@ -131,7 +131,7 @@ cycle_group cycle_group::from_constant_witness(Composer* _co return result; } -template Composer* cycle_group::get_context(const cycle_group& other) const +template Builder* cycle_group::get_context(const cycle_group& other) const { if (get_context() != nullptr) { return get_context(); @@ -139,7 +139,7 @@ template Composer* cycle_group::get_context(const return other.get_context(); } -template typename cycle_group::AffineElement cycle_group::get_value() const +template typename cycle_group::AffineElement cycle_group::get_value() const { AffineElement result(x.get_value(), y.get_value()); if (is_point_at_infinity().get_value()) { @@ -151,9 +151,9 @@ template typename cycle_group::AffineElement cycle /** * @brief On-curve check. * - * @tparam Composer + * @tparam Builder */ -template void cycle_group::validate_is_on_curve() const +template void cycle_group::validate_is_on_curve() const { // This class is for short Weierstrass curves only! static_assert(Group::curve_a == 0); @@ -169,12 +169,12 @@ template void cycle_group::validate_is_on_curve() /** * @brief Evaluates a doubling. Does not use Ultra double gate * - * @tparam Composer - * @return cycle_group + * @tparam Builder + * @return cycle_group */ -template -cycle_group cycle_group::dbl() const - requires IsNotUltraArithmetic +template +cycle_group cycle_group::dbl() const + requires IsNotUltraArithmetic { auto modified_y = field_t::conditional_assign(is_point_at_infinity(), 1, y); auto lambda = (x * x * 3) / (modified_y + modified_y); @@ -186,12 +186,12 @@ cycle_group cycle_group::dbl() const /** * @brief Evaluates a doubling. Uses Ultra double gate * - * @tparam Composer - * @return cycle_group + * @tparam Builder + * @return cycle_group */ -template -cycle_group cycle_group::dbl() const - requires IsUltraArithmetic +template +cycle_group cycle_group::dbl() const + requires IsUltraArithmetic { // ensure we use a value of y that is not zero. (only happens if point at infinity) // this costs 0 gates if `is_infinity` is a circuit constant @@ -228,13 +228,13 @@ cycle_group cycle_group::dbl() const * Only use this method if you know the x-coordinates of the operands cannot collide * Standard version that does not use ecc group gate * - * @tparam Composer + * @tparam Builder * @param other - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::unconditional_add(const cycle_group& other) const - requires IsNotUltraArithmetic +template +cycle_group cycle_group::unconditional_add(const cycle_group& other) const + requires IsNotUltraArithmetic { auto x_diff = other.x - x; auto y_diff = other.y - y; @@ -253,13 +253,13 @@ cycle_group cycle_group::unconditional_add(const cycle_group * Only use this method if you know the x-coordinates of the operands cannot collide * Ultra version that uses ecc group gate * - * @tparam Composer + * @tparam Builder * @param other - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::unconditional_add(const cycle_group& other) const - requires IsUltraArithmetic +template +cycle_group cycle_group::unconditional_add(const cycle_group& other) const + requires IsUltraArithmetic { auto context = get_context(other); @@ -303,12 +303,12 @@ cycle_group cycle_group::unconditional_add(const cycle_group * Incomplete addition formula edge cases are *NOT* checked! * Only use this method if you know the x-coordinates of the operands cannot collide * - * @tparam Composer + * @tparam Builder * @param other - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::unconditional_subtract(const cycle_group& other) const +template +cycle_group cycle_group::unconditional_subtract(const cycle_group& other) const { if constexpr (!IS_ULTRA) { return unconditional_add(-other); @@ -319,11 +319,11 @@ cycle_group cycle_group::unconditional_subtract(const cycle_ const bool rhs_constant = other.is_constant(); if (lhs_constant && !rhs_constant) { - auto lhs = cycle_group::from_constant_witness(context, get_value()); + auto lhs = cycle_group::from_constant_witness(context, get_value()); return lhs.unconditional_subtract(other); } if (!lhs_constant && rhs_constant) { - auto rhs = cycle_group::from_constant_witness(context, other.get_value()); + auto rhs = cycle_group::from_constant_witness(context, other.get_value()); return unconditional_subtract(rhs); } auto p1 = get_value(); @@ -359,12 +359,12 @@ cycle_group cycle_group::unconditional_subtract(const cycle_ * Useful when an honest prover will not produce a point collision with overwhelming probability, * but a cheating prover will be able to. * - * @tparam Composer + * @tparam Builder * @param other - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::checked_unconditional_add(const cycle_group& other) const +template +cycle_group cycle_group::checked_unconditional_add(const cycle_group& other) const { field_t x_delta = x - other.x; x_delta.assert_is_not_zero("cycle_group::checked_unconditional_add, x-coordinate collision"); @@ -379,12 +379,12 @@ cycle_group cycle_group::checked_unconditional_add(const cyc * Useful when an honest prover will not produce a point collision with overwhelming probability, * but a cheating prover will be able to. * - * @tparam Composer + * @tparam Builder * @param other - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::checked_unconditional_subtract(const cycle_group& other) const +template +cycle_group cycle_group::checked_unconditional_subtract(const cycle_group& other) const { field_t x_delta = x - other.x; x_delta.assert_is_not_zero("cycle_group::checked_unconditional_subtract, x-coordinate collision"); @@ -397,13 +397,14 @@ cycle_group cycle_group::checked_unconditional_subtract(cons * Method is expensive due to needing to evaluate both an addition, a doubling, * plus conditional logic to handle points at infinity. * - * @tparam Composer + * @tparam Builder * @param other - * @return cycle_group + * @return cycle_group */ -template cycle_group cycle_group::operator+(const cycle_group& other) const +template cycle_group cycle_group::operator+(const cycle_group& other) const { - Composer* context = get_context(other); + + Builder* context = get_context(other); const bool_t x_coordinates_match = (x == other.x); const bool_t y_coordinates_match = (y == other.y); const bool_t double_predicate = (x_coordinates_match && y_coordinates_match); @@ -455,13 +456,13 @@ template cycle_group cycle_group::operat * Method is expensive due to needing to evaluate both an addition, a doubling, * plus conditional logic to handle points at infinity. * - * @tparam Composer + * @tparam Builder * @param other - * @return cycle_group + * @return cycle_group */ -template cycle_group cycle_group::operator-(const cycle_group& other) const +template cycle_group cycle_group::operator-(const cycle_group& other) const { - Composer* context = get_context(other); + Builder* context = get_context(other); const bool_t x_coordinates_match = (x == other.x); const bool_t y_coordinates_match = (y == other.y); const bool_t double_predicate = (x_coordinates_match && !y_coordinates_match).normalize(); @@ -509,36 +510,36 @@ template cycle_group cycle_group::operat /** * @brief Negates a point * - * @tparam Composer + * @tparam Builder * @param other - * @return cycle_group + * @return cycle_group */ -template cycle_group cycle_group::operator-() const +template cycle_group cycle_group::operator-() const { cycle_group result(*this); result.y = -y; return result; } -template cycle_group& cycle_group::operator+=(const cycle_group& other) +template cycle_group& cycle_group::operator+=(const cycle_group& other) { *this = *this + other; return *this; } -template cycle_group& cycle_group::operator-=(const cycle_group& other) +template cycle_group& cycle_group::operator-=(const cycle_group& other) { *this = *this - other; return *this; } -template -cycle_group::cycle_scalar::cycle_scalar(const field_t& _lo, const field_t& _hi) +template +cycle_group::cycle_scalar::cycle_scalar(const field_t& _lo, const field_t& _hi) : lo(_lo) , hi(_hi) {} -template cycle_group::cycle_scalar::cycle_scalar(const field_t& _in) +template cycle_group::cycle_scalar::cycle_scalar(const field_t& _in) { const uint256_t value(_in.get_value()); const uint256_t lo_v = value.slice(0, LO_BITS); @@ -554,7 +555,7 @@ template cycle_group::cycle_scalar::cycle_scalar(c } } -template cycle_group::cycle_scalar::cycle_scalar(const ScalarField& _in) +template cycle_group::cycle_scalar::cycle_scalar(const ScalarField& _in) { const uint256_t value(_in); const uint256_t lo_v = value.slice(0, LO_BITS); @@ -563,9 +564,9 @@ template cycle_group::cycle_scalar::cycle_scalar(c hi = hi_v; } -template -typename cycle_group::cycle_scalar cycle_group::cycle_scalar::from_witness(Composer* context, - const ScalarField& value) +template +typename cycle_group::cycle_scalar cycle_group::cycle_scalar::from_witness(Builder* context, + const ScalarField& value) { const uint256_t value_u256(value); const uint256_t lo_v = value_u256.slice(0, LO_BITS); @@ -579,15 +580,15 @@ typename cycle_group::cycle_scalar cycle_group::cycle_scalar * @brief Use when we want to multiply a group element by a string of bits of known size. * N.B. using this constructor method will make our scalar multiplication methods not perform primality tests. * - * @tparam Composer + * @tparam Builder * @param context * @param value * @param num_bits - * @return cycle_group::cycle_scalar + * @return cycle_group::cycle_scalar */ -template -typename cycle_group::cycle_scalar cycle_group::cycle_scalar::from_witness_bitstring( - Composer* context, const uint256_t& bitstring, const size_t num_bits) +template +typename cycle_group::cycle_scalar cycle_group::cycle_scalar::from_witness_bitstring( + Builder* context, const uint256_t& bitstring, const size_t num_bits) { ASSERT(bitstring.get_msb() < num_bits); const uint256_t lo_v = bitstring.slice(0, LO_BITS); @@ -602,14 +603,14 @@ typename cycle_group::cycle_scalar cycle_group::cycle_scalar * @brief Use when we want to multiply a group element by a string of bits of known size. * N.B. using this constructor method will make our scalar multiplication methods not perform primality tests. * - * @tparam Composer + * @tparam Builder * @param context * @param value * @param num_bits - * @return cycle_group::cycle_scalar + * @return cycle_group::cycle_scalar */ -template -typename cycle_group::cycle_scalar cycle_group::cycle_scalar::create_from_bn254_scalar( +template +typename cycle_group::cycle_scalar cycle_group::cycle_scalar::create_from_bn254_scalar( const field_t& in, const bool skip_primality_test) { const uint256_t value_u256(in.get_value()); @@ -626,7 +627,7 @@ typename cycle_group::cycle_scalar cycle_group::cycle_scalar return result; } -template bool cycle_group::cycle_scalar::is_constant() const +template bool cycle_group::cycle_scalar::is_constant() const { return (lo.is_constant() && hi.is_constant()); } @@ -642,9 +643,9 @@ template bool cycle_group::cycle_scalar::is_consta * BN254::ScalarField values *NOT* Grumpkin::ScalarFIeld values. * TLDR: whether the input scalar has to be < BN254::ScalarField or < Grumpkin::ScalarField is context-dependent. * - * @tparam Composer + * @tparam Builder */ -template void cycle_group::cycle_scalar::validate_scalar_is_in_field() const +template void cycle_group::cycle_scalar::validate_scalar_is_in_field() const { if (!is_constant() && !skip_primality_test()) { // Check that scalar.hi * 2^LO_BITS + scalar.lo < cycle_group_modulus when evaluated over the integers @@ -674,8 +675,8 @@ template void cycle_group::cycle_scalar::validate_ } } -template -typename cycle_group::ScalarField cycle_group::cycle_scalar::get_value() const +template +typename cycle_group::ScalarField cycle_group::cycle_scalar::get_value() const { uint256_t lo_v(lo.get_value()); uint256_t hi_v(hi.get_value()); @@ -683,22 +684,22 @@ typename cycle_group::ScalarField cycle_group::cycle_scalar: } /** - * @brief Construct a new cycle group::straus scalar slice::straus scalar slice object + * @brief Construct a new cycle group::straus scalar slice::straus scalar slice object * * @details As part of slicing algoirthm, we also perform a primality test on the inut scalar. * * TODO(@zac-williamson) make the primality test configurable. * We may want to validate the input < BN254::Fr OR input < Grumpkin::Fr depending on context! * - * @tparam Composer + * @tparam Builder * @param context * @param scalar * @param table_bits */ -template -cycle_group::straus_scalar_slice::straus_scalar_slice(Composer* context, - const cycle_scalar& scalar, - const size_t table_bits) +template +cycle_group::straus_scalar_slice::straus_scalar_slice(Builder* context, + const cycle_scalar& scalar, + const size_t table_bits) : _table_bits(table_bits) { // convert an input cycle_scalar object into a vector of slices, each containing `table_bits` bits. @@ -767,12 +768,12 @@ cycle_group::straus_scalar_slice::straus_scalar_slice(Composer* contex * * @details In Straus algorithm, `index` is a known parameter, so no need for expensive lookup tables * - * @tparam Composer + * @tparam Builder * @param index - * @return field_t + * @return field_t */ -template -std::optional> cycle_group::straus_scalar_slice::read(size_t index) +template +std::optional> cycle_group::straus_scalar_slice::read(size_t index) { if (index >= slices.size()) { return std::nullopt; @@ -781,24 +782,24 @@ std::optional> cycle_group::straus_scalar_slice::rea } /** - * @brief Construct a new cycle group::straus lookup table::straus lookup table object + * @brief Construct a new cycle group::straus lookup table::straus lookup table object * * @details Constructs a `table_bits` lookup table. * - * If Composer is not ULTRA, `table_bits = 1` - * If Composer is ULTRA, ROM table is used as lookup table + * If Builder is not ULTRA, `table_bits = 1` + * If Builder is ULTRA, ROM table is used as lookup table * - * @tparam Composer + * @tparam Builder * @param context * @param base_point * @param offset_generator * @param table_bits */ -template -cycle_group::straus_lookup_table::straus_lookup_table(Composer* context, - const cycle_group& base_point, - const cycle_group& offset_generator, - size_t table_bits) +template +cycle_group::straus_lookup_table::straus_lookup_table(Builder* context, + const cycle_group& base_point, + const cycle_group& offset_generator, + size_t table_bits) : _table_bits(table_bits) , _context(context) { @@ -846,12 +847,11 @@ cycle_group::straus_lookup_table::straus_lookup_table(Composer* contex /** * @brief Given an `_index` witness, return `straus_lookup_table[index]` * - * @tparam Composer + * @tparam Builder * @param _index - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::straus_lookup_table::read(const field_t& _index) +template cycle_group cycle_group::straus_lookup_table::read(const field_t& _index) { if constexpr (IS_ULTRA) { field_t index(_index); @@ -877,33 +877,34 @@ cycle_group cycle_group::straus_lookup_table::read(const fie * * @details batch mul performed via the Straus multiscalar multiplication algorithm * (optimal for MSMs where num points <128-ish). - * If Composer is not ULTRA, number of bits per Straus round = 1, + * If Builder is not ULTRA, number of bits per Straus round = 1, * which reduces to the basic double-and-add algorithm * * @details If `unconditional_add = true`, we use `::unconditional_add` instead of `::checked_unconditional_add`. * Use with caution! Only should be `true` if we're doing an ULTRA fixed-base MSM so we know the points cannot * collide with the offset generators. * - * @note ULTRA Composer will call `_variable_base_batch_mul_internal` to evaluate fixed-base MSMs over points that do + * @note ULTRA Builder will call `_variable_base_batch_mul_internal` to evaluate fixed-base MSMs over points that do * not exist in our precomputed plookup tables. This is a comprimise between maximising circuit efficiency and * minimizing the blowup size of our precomputed table polynomials. variable-base mul uses small ROM lookup tables * which are witness-defined and not part of the plookup protocol. - * @tparam Composer + * @tparam Builder * @param scalars * @param base_points * @param offset_generators * @param unconditional_add - * @return cycle_group::batch_mul_internal_output + * @return cycle_group::batch_mul_internal_output */ -template -typename cycle_group::batch_mul_internal_output cycle_group::_variable_base_batch_mul_internal( +template +typename cycle_group::batch_mul_internal_output cycle_group::_variable_base_batch_mul_internal( const std::span scalars, const std::span base_points, const std::span offset_generators, const bool unconditional_add) { ASSERT(scalars.size() == base_points.size()); - Composer* context = nullptr; + + Builder* context = nullptr; for (auto& scalar : scalars) { if (scalar.lo.get_context() != nullptr) { context = scalar.get_context(); @@ -990,23 +991,23 @@ typename cycle_group::batch_mul_internal_output cycle_group: } /** - * @brief Internal algorithm to perform a fixed-base batch mul for ULTRA Composer + * @brief Internal algorithm to perform a fixed-base batch mul for ULTRA Builder * * @details Uses plookup tables which contain lookups for precomputed multiples of the input base points. * Means we can avoid all point doublings and reduce one scalar mul to ~29 lookups + 29 ecc addition gates * - * @tparam Composer + * @tparam Builder * @param scalars * @param base_points * @param - * @return cycle_group::batch_mul_internal_output + * @return cycle_group::batch_mul_internal_output */ -template -typename cycle_group::batch_mul_internal_output cycle_group::_fixed_base_batch_mul_internal( +template +typename cycle_group::batch_mul_internal_output cycle_group::_fixed_base_batch_mul_internal( const std::span scalars, const std::span base_points, const std::span /*unused*/) - requires IsUltraArithmetic + requires IsUltraArithmetic { ASSERT(scalars.size() == base_points.size()); @@ -1034,7 +1035,7 @@ typename cycle_group::batch_mul_internal_output cycle_group: Element offset_generator_accumulator = Group::point_at_infinity; for (size_t i = 0; i < plookup_scalars.size(); ++i) { plookup::ReadData lookup_data = - plookup_read::get_lookup_accumulators(plookup_table_ids[i], plookup_scalars[i]); + plookup_read::get_lookup_accumulators(plookup_table_ids[i], plookup_scalars[i]); for (size_t j = 0; j < lookup_data[ColumnIdx::C2].size(); ++j) { const auto x = lookup_data[ColumnIdx::C2][j]; const auto y = lookup_data[ColumnIdx::C3][j]; @@ -1063,29 +1064,29 @@ typename cycle_group::batch_mul_internal_output cycle_group: } /** - * @brief Internal algorithm to perform a fixed-base batch mul for Non-ULTRA Composers + * @brief Internal algorithm to perform a fixed-base batch mul for Non-ULTRA Builders * * @details Multiples of the base point are precomputed, which avoids us having to add ecc doubling gates. * More efficient than variable-base version. * - * @tparam Composer + * @tparam Builder * @param scalars * @param base_points * @param off - * @return cycle_group::batch_mul_internal_output + * @return cycle_group::batch_mul_internal_output */ -template -typename cycle_group::batch_mul_internal_output cycle_group::_fixed_base_batch_mul_internal( +template +typename cycle_group::batch_mul_internal_output cycle_group::_fixed_base_batch_mul_internal( const std::span scalars, const std::span base_points, const std::span offset_generators) - requires IsNotUltraArithmetic + requires IsNotUltraArithmetic { ASSERT(scalars.size() == base_points.size()); static_assert(TABLE_BITS == 1); - Composer* context = nullptr; + Builder* context = nullptr; for (auto& scalar : scalars) { if (scalar.get_context() != nullptr) { context = scalar.get_context(); @@ -1177,16 +1178,16 @@ typename cycle_group::batch_mul_internal_output cycle_group: * depends on if one or both of _fixed_base_batch_mul_internal, _variable_base_batch_mul_internal are called) * If you're calling this function repeatedly and you KNOW you need >32 offset generators, * it's faster to create a `generator_data` object with the required size and pass it in as a parameter. - * @tparam Composer + * @tparam Builder * @param scalars * @param base_points * @param offset_generator_data - * @return cycle_group + * @return cycle_group */ -template -cycle_group cycle_group::batch_mul(const std::vector& scalars, - const std::vector& base_points, - const GeneratorContext context) +template +cycle_group cycle_group::batch_mul(const std::vector& scalars, + const std::vector& base_points, + const GeneratorContext context) { ASSERT(scalars.size() == base_points.size()); @@ -1210,7 +1211,7 @@ cycle_group cycle_group::batch_mul(const std::vector cycle_group::batch_mul(const std::vector cycle_group cycle_group::operator*(const cycle_scalar& scalar) const +template cycle_group cycle_group::operator*(const cycle_scalar& scalar) const { return batch_mul({ scalar }, { *this }); } -template cycle_group& cycle_group::operator*=(const cycle_scalar& scalar) +template cycle_group& cycle_group::operator*=(const cycle_scalar& scalar) { *this = operator*(scalar); return *this; } -template bool_t cycle_group::operator==(const cycle_group& other) const +template bool_t cycle_group::operator==(const cycle_group& other) const { const auto equal_and_not_infinity = (x == other.x) && (y == other.y) && !is_point_at_infinity() && !other.is_point_at_infinity(); @@ -1338,23 +1339,23 @@ template bool_t cycle_group::operator==( return equal_and_not_infinity || both_infinity; } -template -void cycle_group::assert_equal(const cycle_group& other, std::string const& msg) const +template +void cycle_group::assert_equal(const cycle_group& other, std::string const& msg) const { x.assert_equal(other.x, msg); y.assert_equal(other.y, msg); } -template -cycle_group cycle_group::conditional_assign(const bool_t& predicate, - const cycle_group& lhs, - const cycle_group& rhs) +template +cycle_group cycle_group::conditional_assign(const bool_t& predicate, + const cycle_group& lhs, + const cycle_group& rhs) { return { field_t::conditional_assign(predicate, lhs.x, rhs.x), field_t::conditional_assign(predicate, lhs.y, rhs.y), bool_t::conditional_assign(predicate, lhs.is_point_at_infinity(), rhs.is_point_at_infinity()) }; }; -template cycle_group cycle_group::operator/(const cycle_group& /*unused*/) const +template cycle_group cycle_group::operator/(const cycle_group& /*unused*/) const { // TODO(@kevaundray solve the discrete logarithm problem) throw_or_abort("Implementation under construction..."); diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.hpp index f8baf4af0bd..70de06b7372 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.hpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/primitives/group/cycle_group.hpp @@ -10,27 +10,27 @@ namespace bb::stdlib { -template -concept IsUltraArithmetic = (Composer::CIRCUIT_TYPE == CircuitType::ULTRA); -template -concept IsNotUltraArithmetic = (Composer::CIRCUIT_TYPE != CircuitType::ULTRA); +template +concept IsUltraArithmetic = (Builder::CIRCUIT_TYPE == CircuitType::ULTRA); +template +concept IsNotUltraArithmetic = (Builder::CIRCUIT_TYPE != CircuitType::ULTRA); /** * @brief cycle_group represents a group Element of the proving system's embedded curve - * i.e. a curve with a cofactor 1 defined over a field equal to the circuit's native field Composer::FF + * i.e. a curve with a cofactor 1 defined over a field equal to the circuit's native field Builder::FF * * (todo @zac-williamson) once the pedersen refactor project is finished, this class will supercede * `stdlib::group` * - * @tparam Composer + * @tparam Builder */ -template class cycle_group { +template class cycle_group { public: - using field_t = stdlib::field_t; - using bool_t = stdlib::bool_t; - using witness_t = stdlib::witness_t; - using FF = typename Composer::FF; - using Curve = typename Composer::EmbeddedCurve; + using field_t = stdlib::field_t; + using bool_t = stdlib::bool_t; + using witness_t = stdlib::witness_t; + using FF = typename Builder::FF; + using Curve = typename Builder::EmbeddedCurve; using Group = typename Curve::Group; using Element = typename Curve::Element; using AffineElement = typename Curve::AffineElement; @@ -39,7 +39,7 @@ template class cycle_group { static constexpr size_t STANDARD_NUM_TABLE_BITS = 1; static constexpr size_t ULTRA_NUM_TABLE_BITS = 4; - static constexpr bool IS_ULTRA = Composer::CIRCUIT_TYPE == CircuitType::ULTRA; + static constexpr bool IS_ULTRA = Builder::CIRCUIT_TYPE == CircuitType::ULTRA; static constexpr size_t TABLE_BITS = IS_ULTRA ? ULTRA_NUM_TABLE_BITS : STANDARD_NUM_TABLE_BITS; static constexpr size_t NUM_BITS = ScalarField::modulus.get_msb() + 1; static constexpr size_t NUM_ROUNDS = (NUM_BITS + TABLE_BITS - 1) / TABLE_BITS; @@ -90,12 +90,12 @@ template class cycle_group { cycle_scalar(const ScalarField& _in = 0); cycle_scalar(const field_t& _lo, const field_t& _hi); cycle_scalar(const field_t& _in); - static cycle_scalar from_witness(Composer* context, const ScalarField& value); - static cycle_scalar from_witness_bitstring(Composer* context, const uint256_t& bitstring, size_t num_bits); + static cycle_scalar from_witness(Builder* context, const ScalarField& value); + static cycle_scalar from_witness_bitstring(Builder* context, const uint256_t& bitstring, size_t num_bits); static cycle_scalar create_from_bn254_scalar(const field_t& _in, bool skip_primality_test = false); [[nodiscard]] bool is_constant() const; ScalarField get_value() const; - Composer* get_context() const { return lo.get_context() != nullptr ? lo.get_context() : hi.get_context(); } + Builder* get_context() const { return lo.get_context() != nullptr ? lo.get_context() : hi.get_context(); } [[nodiscard]] size_t num_bits() const { return _num_bits; } [[nodiscard]] bool skip_primality_test() const { return _skip_primality_test; } [[nodiscard]] bool use_bn254_scalar_field_for_primality_test() const @@ -111,7 +111,7 @@ template class cycle_group { * */ struct straus_scalar_slice { - straus_scalar_slice(Composer* context, const cycle_scalar& scalars, size_t table_bits); + straus_scalar_slice(Builder* context, const cycle_scalar& scalars, size_t table_bits); std::optional read(size_t index); size_t _table_bits; std::vector slices; @@ -145,13 +145,13 @@ template class cycle_group { struct straus_lookup_table { public: straus_lookup_table() = default; - straus_lookup_table(Composer* context, + straus_lookup_table(Builder* context, const cycle_group& base_point, const cycle_group& offset_generator, size_t table_bits); cycle_group read(const field_t& index); size_t _table_bits; - Composer* _context; + Builder* _context; std::vector point_table; size_t rom_id = 0; }; @@ -167,27 +167,27 @@ template class cycle_group { }; public: - cycle_group(Composer* _context = nullptr); + cycle_group(Builder* _context = nullptr); cycle_group(field_t _x, field_t _y, bool_t _is_infinity); cycle_group(const FF& _x, const FF& _y, bool _is_infinity); cycle_group(const AffineElement& _in); - static cycle_group from_witness(Composer* _context, const AffineElement& _in); - static cycle_group from_constant_witness(Composer* _context, const AffineElement& _in); - Composer* get_context(const cycle_group& other) const; - Composer* get_context() const { return context; } + static cycle_group from_witness(Builder* _context, const AffineElement& _in); + static cycle_group from_constant_witness(Builder* _context, const AffineElement& _in); + Builder* get_context(const cycle_group& other) const; + Builder* get_context() const { return context; } AffineElement get_value() const; [[nodiscard]] bool is_constant() const { return _is_constant; } bool_t is_point_at_infinity() const { return _is_infinity; } void set_point_at_infinity(const bool_t& is_infinity) { _is_infinity = is_infinity; } void validate_is_on_curve() const; cycle_group dbl() const - requires IsUltraArithmetic; + requires IsUltraArithmetic; cycle_group dbl() const - requires IsNotUltraArithmetic; + requires IsNotUltraArithmetic; cycle_group unconditional_add(const cycle_group& other) const - requires IsUltraArithmetic; + requires IsUltraArithmetic; cycle_group unconditional_add(const cycle_group& other) const - requires IsNotUltraArithmetic; + requires IsNotUltraArithmetic; cycle_group unconditional_subtract(const cycle_group& other) const; cycle_group checked_unconditional_add(const cycle_group& other) const; cycle_group checked_unconditional_subtract(const cycle_group& other) const; @@ -211,7 +211,7 @@ template class cycle_group { private: bool_t _is_infinity; bool _is_constant; - Composer* context; + Builder* context; static batch_mul_internal_output _variable_base_batch_mul_internal(std::span scalars, std::span base_points, @@ -221,15 +221,14 @@ template class cycle_group { static batch_mul_internal_output _fixed_base_batch_mul_internal(std::span scalars, std::span base_points, std::span offset_generators) - requires IsUltraArithmetic; + requires IsUltraArithmetic; static batch_mul_internal_output _fixed_base_batch_mul_internal(std::span scalars, std::span base_points, std::span offset_generators) - requires IsNotUltraArithmetic; + requires IsNotUltraArithmetic; }; -template -inline std::ostream& operator<<(std::ostream& os, cycle_group const& v) +template inline std::ostream& operator<<(std::ostream& os, cycle_group const& v) { return os << v.get_value(); }