Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
bn254.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Completed, auditors: [Federico], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8#include "../bn254/fq.hpp"
9#include "../bn254/fq12.hpp"
10#include "../bn254/fq2.hpp"
11#include "../bn254/fr.hpp"
12#include "../bn254/g1.hpp"
13#include "../bn254/g2.hpp"
14
15namespace bb::curve {
16class BN254 {
17 public:
18 using ScalarField = bb::fr;
19 using BaseField = bb::fq;
20 using Group = typename bb::g1;
21 using Element = typename Group::element;
22 using AffineElement = typename Group::affine_element;
23 using G2AffineElement = typename bb::g2::affine_element;
24 using G2BaseField = typename bb::fq2;
25 using TargetField = bb::fq12;
26
27 static constexpr const char* name = "BN254";
28 static constexpr bool is_stdlib_type = false;
29
30 // Required by SmallSubgroupIPA argument. This constant needs to divide the size of the multiplicative subgroup of
31 // the ScalarField and satisfy SUBGROUP_SIZE > CONST_PROOF_SIZE_LOG_N * Flavor::BATCHED_RELATION_PARTIAL_LENGTH, for
32 // each BN254-Flavor, since in every round of Sumcheck, the prover sends Flavor::BATCHED_RELATION_PARTIAL_LENGTH
33 // elements to the verifier.
34 static constexpr size_t SUBGROUP_SIZE = 256;
35 // BN254's scalar field has a multiplicative subgroup of order 2^28. It is generated by 5^{(r-1) / 2^28}. The
36 // generator below is 5^{(r-1) / 2^8} (so it has order 8). To avoid inversion in the recursive verifier, we also
37 // store the inverse of the chosen generator.
38 static constexpr ScalarField subgroup_generator =
39 ScalarField(uint256_t("0x07b0c561a6148404f086204a9f36ffb0617942546750f230c893619174a57a76"));
40 static constexpr ScalarField subgroup_generator_inverse =
41 ScalarField(uint256_t("0x204bd3277422fad364751ad938e2b5e6a54cf8c68712848a692c553d0329f5d6"));
42 // The length of the polynomials used to mask the Sumcheck Round Univariates. Computed as
43 // max(BATCHED_PARTIAL_RELATION_LENGTH) for BN254 Flavors with ZK
44 static constexpr uint32_t LIBRA_UNIVARIATES_LENGTH = 9;
45};
46} // namespace bb::curve
bb::curve::BN254::subgroup_generator
static constexpr ScalarField subgroup_generator
Definition bn254.hpp:38
bb::curve::BN254::Element
typename Group::element Element
Definition bn254.hpp:21
bb::curve::BN254::is_stdlib_type
static constexpr bool is_stdlib_type
Definition bn254.hpp:28
bb::curve::BN254::G2BaseField
typename bb::fq2 G2BaseField
Definition bn254.hpp:24
bb::curve::BN254::name
static constexpr const char * name
Definition bn254.hpp:27
bb::curve::BN254::Group
typename bb::g1 Group
Definition bn254.hpp:20
bb::curve::BN254::SUBGROUP_SIZE
static constexpr size_t SUBGROUP_SIZE
Definition bn254.hpp:34
bb::curve::BN254::AffineElement
typename Group::affine_element AffineElement
Definition bn254.hpp:22
bb::curve::BN254::LIBRA_UNIVARIATES_LENGTH
static constexpr uint32_t LIBRA_UNIVARIATES_LENGTH
Definition bn254.hpp:44
bb::curve::BN254::G2AffineElement
typename bb::g2::affine_element G2AffineElement
Definition bn254.hpp:23
bb::curve::BN254::subgroup_generator_inverse
static constexpr ScalarField subgroup_generator_inverse
Definition bn254.hpp:40
bb::curve::BN254::ScalarField
bb::fr ScalarField
Definition bn254.hpp:18
bb::group::affine_element
group_elements::affine_element< Fq, Fr, Params > affine_element
Definition group.hpp:42
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::fq12
field12< fq2, fq6, Bn254Fq12Params > fq12
Definition fq12.hpp:71
bb::g1
group< fq, fr, Bn254G1Params > g1
Definition g1.hpp:35
bb::fq
field< Bn254FqParams > fq
Definition fq.hpp:153
bb::fr
field< Bn254FrParams > fr
Definition fr.hpp:155
bb::fq2
field2< fq, Bn254Fq2Params > fq2
Definition fq2.hpp:71