Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
secp256k1.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Completed, auditors: [Federico], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8
9#include "../../fields/field.hpp"
10#include "../../groups/group.hpp"
11#include "../types.hpp"
12
13// NOLINTBEGIN(cppcoreguidelines-avoid-c-arrays)
14
15namespace bb::secp256k1 {
16
26struct FqParams {
27 // There is a helper script in ecc/fields/parameter_helper.py that can be used to extract these parameters from the
28 // source code
29
30 // A little-endian representation of the modulus split into 4 64-bit words
31 static constexpr uint64_t modulus_0 = 0xFFFFFFFEFFFFFC2FULL;
32 static constexpr uint64_t modulus_1 = 0xFFFFFFFFFFFFFFFFULL;
33 static constexpr uint64_t modulus_2 = 0xFFFFFFFFFFFFFFFFULL;
34 static constexpr uint64_t modulus_3 = 0xFFFFFFFFFFFFFFFFULL;
35
36 // A little-endian representation of R^2 modulo the modulus (R=2^256 mod modulus) split into 4 64-bit words
37 static constexpr uint64_t r_squared_0 = 8392367050913ULL;
38 static constexpr uint64_t r_squared_1 = 1;
39 static constexpr uint64_t r_squared_2 = 0;
40 static constexpr uint64_t r_squared_3 = 0;
41
42 // -(Modulus^-1) mod 2^64
43 // This constant is used during multiplication: given an 8-limb representation of the multiplication of two field
44 // elements, for each of the lowest four limbs we compute: k_i = r_inv * limb_i and we add 2^{64 * i} * k_i * p to
45 // the result of the multiplication. In this way we zero out the lowest four limbs of the multiplication and we can
46 // divide by 2^256 by taking the highest four limbs. See field_docs.hpp for more details.
47 static constexpr uint64_t r_inv = 15580212934572586289ULL;
48
49 // 2^(-64) mod Modulus
50 // Used in the reduction mechanism, see field_docs.md
51 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
52 // This saves us from having to compute k
53 static constexpr uint64_t r_inv_0 = 0xffffffff27c7f3a9UL;
54 static constexpr uint64_t r_inv_1 = 0xffffffffffffffffUL;
55 static constexpr uint64_t r_inv_2 = 0xffffffffffffffffUL;
56 static constexpr uint64_t r_inv_3 = 0xd838091dd2253530UL;
57
58 // A little-endian representation of the cubic root of 1 in Fq in Montgomery form split into 4 64-bit words
59 static constexpr uint64_t cube_root_0 = 0x58a4361c8e81894eULL;
60 static constexpr uint64_t cube_root_1 = 0x03fde1631c4b80afULL;
61 static constexpr uint64_t cube_root_2 = 0xf8e98978d02e3905ULL;
62 static constexpr uint64_t cube_root_3 = 0x7a4a36aebcbb3d53ULL;
63
64 // Not used for secp256k1
65 static constexpr uint64_t primitive_root_0 = 0UL;
66 static constexpr uint64_t primitive_root_1 = 0UL;
67 static constexpr uint64_t primitive_root_2 = 0UL;
68 static constexpr uint64_t primitive_root_3 = 0UL;
69
70 // Coset generators in Montgomery form for R=2^256 mod Modulus. Used in FFT-based proving systems
71 static constexpr uint64_t coset_generator_0 = 0x300000b73ULL;
72 static constexpr uint64_t coset_generator_1 = 0;
73 static constexpr uint64_t coset_generator_2 = 0;
74 static constexpr uint64_t coset_generator_3 = 0;
75
76 // A little-endian representation of the modulus split into 9 29-bit limbs
77 // This is used in wasm because we can only do multiplication with 64-bit result instead of 128-bit like in x86_64
78 static constexpr uint64_t modulus_wasm_0 = 0x1ffffc2f;
79 static constexpr uint64_t modulus_wasm_1 = 0x1ffffff7;
80 static constexpr uint64_t modulus_wasm_2 = 0x1fffffff;
81 static constexpr uint64_t modulus_wasm_3 = 0x1fffffff;
82 static constexpr uint64_t modulus_wasm_4 = 0x1fffffff;
83 static constexpr uint64_t modulus_wasm_5 = 0x1fffffff;
84 static constexpr uint64_t modulus_wasm_6 = 0x1fffffff;
85 static constexpr uint64_t modulus_wasm_7 = 0x1fffffff;
86 static constexpr uint64_t modulus_wasm_8 = 0xffffff;
87
88 // A little-endian representation of R^2 modulo the modulus (R=2^261 mod modulus) split into 4 64-bit words
89 // We use 2^261 in wasm, because 261=29*9, the 9 29-bit limbs used for arithmetic in
90 static constexpr uint64_t r_squared_wasm_0 = 0x001e88003a428400UL;
91 static constexpr uint64_t r_squared_wasm_1 = 0x0000000000000400UL;
92 static constexpr uint64_t r_squared_wasm_2 = 0x0000000000000000UL;
93 static constexpr uint64_t r_squared_wasm_3 = 0x0000000000000000UL;
94
95 // 2^(-29) mod Modulus
96 // Used in the reduction mechanism, see field_docs.md
97 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 10 limbs.
98 // This saves us from having to compute k
99 static constexpr uint64_t r_inv_wasm_0 = 0xed6544e;
100 static constexpr uint64_t r_inv_wasm_1 = 0x1ffffffb;
101 static constexpr uint64_t r_inv_wasm_2 = 0x1fffffff;
102 static constexpr uint64_t r_inv_wasm_3 = 0x1fffffff;
103 static constexpr uint64_t r_inv_wasm_4 = 0x1fffffff;
104 static constexpr uint64_t r_inv_wasm_5 = 0x1fffffff;
105 static constexpr uint64_t r_inv_wasm_6 = 0x1fffffff;
106 static constexpr uint64_t r_inv_wasm_7 = 0x10ffffff;
107 static constexpr uint64_t r_inv_wasm_8 = 0x9129a9;
108
109 // A little-endian representation of the cube root of 1 in Fq in Montgomery form for wasm (R=2^261 mod modulus)
110 // split into 4 64-bit words
111 static constexpr uint64_t cube_root_wasm_0 = 0x1486c3a0d03162ffUL;
112 static constexpr uint64_t cube_root_wasm_1 = 0x7fbc2c63897015ebUL;
113 static constexpr uint64_t cube_root_wasm_2 = 0x1d312f1a05c720a0UL;
114 static constexpr uint64_t cube_root_wasm_3 = 0x4946d5d79767aa7fUL;
115
116 // Not used in secp256k1, since this is not for proving systems
117 static constexpr uint64_t primitive_root_wasm_0 = 0x0000000000000000UL;
118 static constexpr uint64_t primitive_root_wasm_1 = 0x0000000000000000UL;
119 static constexpr uint64_t primitive_root_wasm_2 = 0x0000000000000000UL;
120 static constexpr uint64_t primitive_root_wasm_3 = 0x0000000000000000UL;
121
122 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
123 // them here
124 static constexpr uint64_t coset_generator_wasm_0 = 0x0000006000016e60ULL;
125 static constexpr uint64_t coset_generator_wasm_1 = 0;
126 static constexpr uint64_t coset_generator_wasm_2 = 0;
127 static constexpr uint64_t coset_generator_wasm_3 = 0;
128
129 // For consistency with bb::fq, if we ever represent an element of bb::secp256k1::fq in the public inputs, we do so
130 // as a bigfield element, so with 4 public inputs
131 static constexpr size_t PUBLIC_INPUTS_SIZE = BIGFIELD_PUBLIC_INPUTS_SIZE;
132
133 static constexpr char schema_name[] = "secp256k1_fq";
134};
135using fq = field<FqParams>;
136
146struct FrParams {
147
148 // A little-endian representation of the modulus split into 4 64-bit words
149 static constexpr uint64_t modulus_0 = 0xBFD25E8CD0364141ULL;
150 static constexpr uint64_t modulus_1 = 0xBAAEDCE6AF48A03BULL;
151 static constexpr uint64_t modulus_2 = 0xFFFFFFFFFFFFFFFEULL;
152 static constexpr uint64_t modulus_3 = 0xFFFFFFFFFFFFFFFFULL;
153
154 // A little-endian representation of R^2 modulo the modulus (R=2^256 mod modulus) split into 4 64-bit words
155 static constexpr uint64_t r_squared_0 = 9902555850136342848ULL;
156 static constexpr uint64_t r_squared_1 = 8364476168144746616ULL;
157 static constexpr uint64_t r_squared_2 = 16616019711348246470ULL;
158 static constexpr uint64_t r_squared_3 = 11342065889886772165ULL;
159
160 // -(Modulus^-1) mod 2^64
161 // This is used to compute k = r_inv * lower_limb(scalar), such that scalar + k*modulus in integers would have 0 in
162 // the lowest limb By performing this sequentially for 4 limbs, we get an 8-limb representation of the scalar, where
163 // the lowest 4 limbs are zeros. Then we can immediately divide by 2^256 by simply getting rid of the lowest 4 limbs
164 static constexpr uint64_t r_inv = 5408259542528602431ULL;
165
166 // 2^(-64) mod Modulus
167 // Used in the reduction mechanism, see field_docs.md
168 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 5 limbs.
169 // This saves us from having to compute k
170 static constexpr uint64_t r_inv_0 = 0x9d4ad302583de6dcUL;
171 static constexpr uint64_t r_inv_1 = 0xa09f710af0155525UL;
172 static constexpr uint64_t r_inv_2 = 0xffffffffffffffffUL;
173 static constexpr uint64_t r_inv_3 = 0x4b0dff665588b13eUL;
174
175 // A little-endian representation of the cubic root of 1 in Fr in Montgomery form split into 4 64-bit words
176 static constexpr uint64_t cube_root_0 = 0xf07deb3dc9926c9eULL;
177 static constexpr uint64_t cube_root_1 = 0x2c93e7ad83c6944cULL;
178 static constexpr uint64_t cube_root_2 = 0x73a9660652697d91ULL;
179 static constexpr uint64_t cube_root_3 = 0x532840178558d639ULL;
180
181 // Not used in secp256k1
182 static constexpr uint64_t primitive_root_0 = 0UL;
183 static constexpr uint64_t primitive_root_1 = 0UL;
184 static constexpr uint64_t primitive_root_2 = 0UL;
185 static constexpr uint64_t primitive_root_3 = 0UL;
186
187 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
188 // them here
189 static constexpr uint64_t coset_generator_0 = 0x40e4273feef0b9bbULL;
190 static constexpr uint64_t coset_generator_1 = 0x5a95af7e9394ded5ULL;
191 static constexpr uint64_t coset_generator_2 = 0x6ULL;
192 static constexpr uint64_t coset_generator_3 = 0x0ULL;
193
194 // A little-endian representation of the modulus split into 9 29-bit limbs
195 // This is used in wasm because we can only do multiplication with 64-bit result instead of 128-bit like in x86_64
196 static constexpr uint64_t modulus_wasm_0 = 0x10364141;
197 static constexpr uint64_t modulus_wasm_1 = 0x1e92f466;
198 static constexpr uint64_t modulus_wasm_2 = 0x12280eef;
199 static constexpr uint64_t modulus_wasm_3 = 0x1db9cd5e;
200 static constexpr uint64_t modulus_wasm_4 = 0x1fffebaa;
201 static constexpr uint64_t modulus_wasm_5 = 0x1fffffff;
202 static constexpr uint64_t modulus_wasm_6 = 0x1fffffff;
203 static constexpr uint64_t modulus_wasm_7 = 0x1fffffff;
204 static constexpr uint64_t modulus_wasm_8 = 0xffffff;
205
206 // A little-endian representation of R^2 modulo the modulus (R=2^261 mod modulus) split into 4 64-bit words
207 // We use 2^261 in wasm, because 261=29*9, the 9 29-bit limbs used for arithmetic in
208 static constexpr uint64_t r_squared_wasm_0 = 0x63e601a3c9f6ab4bUL;
209 static constexpr uint64_t r_squared_wasm_1 = 0xa2b6456d46702f57UL;
210 static constexpr uint64_t r_squared_wasm_2 = 0x5fd7916f341f1cefUL;
211 static constexpr uint64_t r_squared_wasm_3 = 0x9c7356071a6f179aUL;
212
213 // 2^(-29) mod Modulus
214 // Used in the reduction mechanism, see field_docs.md
215 // Instead of computing k, we multiply the lowest limb by this value and then add to the following 10 limbs.
216 // This saves us from having to compute k
217 static constexpr uint64_t r_inv_wasm_0 = 0x3d864e;
218 static constexpr uint64_t r_inv_wasm_1 = 0x8b9f61c;
219 static constexpr uint64_t r_inv_wasm_2 = 0x3df60c0;
220 static constexpr uint64_t r_inv_wasm_3 = 0xa3c71eb;
221 static constexpr uint64_t r_inv_wasm_4 = 0x1ffff251;
222 static constexpr uint64_t r_inv_wasm_5 = 0x1fffffff;
223 static constexpr uint64_t r_inv_wasm_6 = 0x1fffffff;
224 static constexpr uint64_t r_inv_wasm_7 = 0x1effffff;
225 static constexpr uint64_t r_inv_wasm_8 = 0xac4589;
226
227 // A little-endian representation of the cube root of 1 in Fr in Montgomery form for wasm (R=2^261 mod modulus)
228 // split into 4 64-bit words
229 static constexpr uint64_t cube_root_wasm_0 = 0x9185b639102f0736UL;
230 static constexpr uint64_t cube_root_wasm_1 = 0x47a854ad9ffc4748UL;
231 static constexpr uint64_t cube_root_wasm_2 = 0x752cc0ca4d2fb232UL;
232 static constexpr uint64_t cube_root_wasm_3 = 0x650802f0ab1ac72eUL;
233
234 // Not used in secp256k1
235 static constexpr uint64_t primitive_root_wasm_0 = 0x0000000000000000UL;
236 static constexpr uint64_t primitive_root_wasm_1 = 0x0000000000000000UL;
237 static constexpr uint64_t primitive_root_wasm_2 = 0x0000000000000000UL;
238 static constexpr uint64_t primitive_root_wasm_3 = 0x0000000000000000UL;
239
240 // Not needed, since there is no endomorphism for secp256k1
241 static constexpr uint64_t endo_minus_b1_lo = 0x6F547FA90ABFE4C3ULL;
242 static constexpr uint64_t endo_minus_b1_mid = 0xE4437ED6010E8828ULL;
243
244 static constexpr uint64_t endo_b2_lo = 0xe86c90e49284eb15ULL;
245 static constexpr uint64_t endo_b2_mid = 0x3086d221a7d46bcdULL;
246
247 // 256-bit-shift constants: g1 = floor((-b1) * 2^256 / r), g2 = floor(b2 * 2^256 / r)
248 // See endomorphism_scalars.py compute_splitting_constants() for derivation.
249 static constexpr uint64_t endo_g1_lo = 0x6F547FA90ABFE4C4ULL;
250 static constexpr uint64_t endo_g1_mid = 0xE4437ED6010E8828ULL;
251 static constexpr uint64_t endo_g1_hi = 0x0ULL;
252
253 static constexpr uint64_t endo_g2_lo = 0xE86C90E49284EB15ULL;
254 static constexpr uint64_t endo_g2_mid = 0x3086D221A7D46BCDULL;
255
256 // Coset generators in Montgomery form for R=2^261 mod Modulus. Used in FFT-based proving systems, don't really need
257 // them here
258 static constexpr uint64_t coset_generator_wasm_0 = 0x1c84e7fdde173760ULL;
259 static constexpr uint64_t coset_generator_wasm_1 = 0x52b5efd2729bdaa8ULL;
260 static constexpr uint64_t coset_generator_wasm_2 = 0x00000000000000cbULL;
261 static constexpr uint64_t coset_generator_wasm_3 = 0x0000000000000000ULL;
262
263 // For consistency with bb::fq, if we ever represent an element of bb::secp256k1::fr in the public inputs, we do so
264 // as a bigfield element, so with 4 public inputs
265 static constexpr size_t PUBLIC_INPUTS_SIZE = BIGFIELD_PUBLIC_INPUTS_SIZE;
266
267 static constexpr char schema_name[] = "secp256k1_fr";
268};
269using fr = field<FrParams>;
270
271struct G1Params {
272 static constexpr bool USE_ENDOMORPHISM = false;
273 static constexpr bool can_hash_to_curve = true;
274 static constexpr bool small_elements = true;
275 static constexpr bool has_a = false;
276
277 static constexpr fq b = fq(7);
278 static constexpr fq a = fq(0);
279
280 static constexpr fq one_x =
281 fq(0x59F2815B16F81798UL, 0x029BFCDB2DCE28D9UL, 0x55A06295CE870B07UL, 0x79BE667EF9DCBBACUL).to_montgomery_form();
282 static constexpr fq one_y =
283 fq(0x9C47D08FFB10D4B8UL, 0xFD17B448A6855419UL, 0x5DA4FBFC0E1108A8UL, 0x483ADA7726A3C465UL).to_montgomery_form();
284};
285using g1 = group<fq, fr, G1Params>;
286
287// specialize the name in msgpack schema generation
288// consumed by the typescript schema compiler, helps disambiguate templates
289inline std::string msgpack_schema_name(g1::affine_element const& /*unused*/)
290{
291 return "Secp256k1Point";
292}
293
294} // namespace bb::secp256k1
295
296namespace bb::curve {
305} // namespace bb::curve
306
307// NOLINTEND(cppcoreguidelines-avoid-c-arrays)
bb::curve::SECP256K1::Element
typename Group::element Element
Definition secp256k1.hpp:302
bb::curve::SECP256K1::AffineElement
typename Group::affine_element AffineElement
Definition secp256k1.hpp:303
bb::group_elements::affine_element
Definition affine_element.hpp:27
bb::group
group class. Represents an elliptic curve group element. Group is parametrised by Fq and Fr
Definition group.hpp:36
bb::group::affine_element
group_elements::affine_element< Fq, Fr, Params > affine_element
Definition group.hpp:42
bb::group::element
group_elements::element< Fq, Fr, Params > element
Definition group.hpp:41
bb::secp256k1::fr
field< FrParams > fr
Definition secp256k1.hpp:269
bb::secp256k1::msgpack_schema_name
std::string msgpack_schema_name(g1::affine_element const &)
Definition secp256k1.hpp:289
bb::secp256k1::g1
group< fq, fr, G1Params > g1
Definition secp256k1.hpp:285
bb::secp256k1::fq
field< FqParams > fq
Definition secp256k1.hpp:135
bb::field
General class for prime fields see Prime field documentation["field documentation"] for general imple...
Definition field_declarations.hpp:60
bb::field::to_montgomery_form
BB_INLINE constexpr field to_montgomery_form() const noexcept
Definition field_impl.hpp:296
bb::secp256k1::FqParams
Parameters defining the base field of the secp256k1 curve.
Definition secp256k1.hpp:26
bb::secp256k1::FqParams::primitive_root_wasm_0
static constexpr uint64_t primitive_root_wasm_0
Definition secp256k1.hpp:117
bb::secp256k1::FqParams::primitive_root_2
static constexpr uint64_t primitive_root_2
Definition secp256k1.hpp:67
bb::secp256k1::FqParams::modulus_wasm_4
static constexpr uint64_t modulus_wasm_4
Definition secp256k1.hpp:82
bb::secp256k1::FqParams::r_inv_3
static constexpr uint64_t r_inv_3
Definition secp256k1.hpp:56
bb::secp256k1::FqParams::primitive_root_3
static constexpr uint64_t primitive_root_3
Definition secp256k1.hpp:68
bb::secp256k1::FqParams::modulus_wasm_8
static constexpr uint64_t modulus_wasm_8
Definition secp256k1.hpp:86
bb::secp256k1::FqParams::r_inv_0
static constexpr uint64_t r_inv_0
Definition secp256k1.hpp:53
bb::secp256k1::FqParams::modulus_wasm_0
static constexpr uint64_t modulus_wasm_0
Definition secp256k1.hpp:78
bb::secp256k1::FqParams::r_squared_2
static constexpr uint64_t r_squared_2
Definition secp256k1.hpp:39
bb::secp256k1::FqParams::r_inv
static constexpr uint64_t r_inv
Definition secp256k1.hpp:47
bb::secp256k1::FqParams::coset_generator_0
static constexpr uint64_t coset_generator_0
Definition secp256k1.hpp:71
bb::secp256k1::FqParams::coset_generator_wasm_3
static constexpr uint64_t coset_generator_wasm_3
Definition secp256k1.hpp:127
bb::secp256k1::FqParams::modulus_wasm_7
static constexpr uint64_t modulus_wasm_7
Definition secp256k1.hpp:85
bb::secp256k1::FqParams::modulus_wasm_2
static constexpr uint64_t modulus_wasm_2
Definition secp256k1.hpp:80
bb::secp256k1::FqParams::r_inv_wasm_4
static constexpr uint64_t r_inv_wasm_4
Definition secp256k1.hpp:103
bb::secp256k1::FqParams::r_squared_wasm_1
static constexpr uint64_t r_squared_wasm_1
Definition secp256k1.hpp:91
bb::secp256k1::FqParams::r_inv_wasm_1
static constexpr uint64_t r_inv_wasm_1
Definition secp256k1.hpp:100
bb::secp256k1::FqParams::cube_root_wasm_0
static constexpr uint64_t cube_root_wasm_0
Definition secp256k1.hpp:111
bb::secp256k1::FqParams::r_squared_wasm_0
static constexpr uint64_t r_squared_wasm_0
Definition secp256k1.hpp:90
bb::secp256k1::FqParams::r_squared_3
static constexpr uint64_t r_squared_3
Definition secp256k1.hpp:40
bb::secp256k1::FqParams::coset_generator_2
static constexpr uint64_t coset_generator_2
Definition secp256k1.hpp:73
bb::secp256k1::FqParams::primitive_root_wasm_1
static constexpr uint64_t primitive_root_wasm_1
Definition secp256k1.hpp:118
bb::secp256k1::FqParams::modulus_0
static constexpr uint64_t modulus_0
Definition secp256k1.hpp:31
bb::secp256k1::FqParams::modulus_wasm_5
static constexpr uint64_t modulus_wasm_5
Definition secp256k1.hpp:83
bb::secp256k1::FqParams::coset_generator_wasm_0
static constexpr uint64_t coset_generator_wasm_0
Definition secp256k1.hpp:124
bb::secp256k1::FqParams::cube_root_0
static constexpr uint64_t cube_root_0
Definition secp256k1.hpp:59
bb::secp256k1::FqParams::modulus_1
static constexpr uint64_t modulus_1
Definition secp256k1.hpp:32
bb::secp256k1::FqParams::r_inv_wasm_5
static constexpr uint64_t r_inv_wasm_5
Definition secp256k1.hpp:104
bb::secp256k1::FqParams::cube_root_wasm_3
static constexpr uint64_t cube_root_wasm_3
Definition secp256k1.hpp:114
bb::secp256k1::FqParams::r_inv_wasm_8
static constexpr uint64_t r_inv_wasm_8
Definition secp256k1.hpp:107
bb::secp256k1::FqParams::r_squared_1
static constexpr uint64_t r_squared_1
Definition secp256k1.hpp:38
bb::secp256k1::FqParams::primitive_root_wasm_3
static constexpr uint64_t primitive_root_wasm_3
Definition secp256k1.hpp:120
bb::secp256k1::FqParams::r_squared_wasm_2
static constexpr uint64_t r_squared_wasm_2
Definition secp256k1.hpp:92
bb::secp256k1::FqParams::primitive_root_1
static constexpr uint64_t primitive_root_1
Definition secp256k1.hpp:66
bb::secp256k1::FqParams::coset_generator_1
static constexpr uint64_t coset_generator_1
Definition secp256k1.hpp:72
bb::secp256k1::FqParams::r_squared_wasm_3
static constexpr uint64_t r_squared_wasm_3
Definition secp256k1.hpp:93
bb::secp256k1::FqParams::coset_generator_wasm_2
static constexpr uint64_t coset_generator_wasm_2
Definition secp256k1.hpp:126
bb::secp256k1::FqParams::modulus_2
static constexpr uint64_t modulus_2
Definition secp256k1.hpp:33
bb::secp256k1::FqParams::r_inv_1
static constexpr uint64_t r_inv_1
Definition secp256k1.hpp:54
bb::secp256k1::FqParams::r_inv_wasm_7
static constexpr uint64_t r_inv_wasm_7
Definition secp256k1.hpp:106
bb::secp256k1::FqParams::r_squared_0
static constexpr uint64_t r_squared_0
Definition secp256k1.hpp:37
bb::secp256k1::FqParams::coset_generator_3
static constexpr uint64_t coset_generator_3
Definition secp256k1.hpp:74
bb::secp256k1::FqParams::r_inv_wasm_3
static constexpr uint64_t r_inv_wasm_3
Definition secp256k1.hpp:102
bb::secp256k1::FqParams::primitive_root_wasm_2
static constexpr uint64_t primitive_root_wasm_2
Definition secp256k1.hpp:119
bb::secp256k1::FqParams::primitive_root_0
static constexpr uint64_t primitive_root_0
Definition secp256k1.hpp:65
bb::secp256k1::FqParams::modulus_wasm_1
static constexpr uint64_t modulus_wasm_1
Definition secp256k1.hpp:79
bb::secp256k1::FqParams::r_inv_wasm_0
static constexpr uint64_t r_inv_wasm_0
Definition secp256k1.hpp:99
bb::secp256k1::FqParams::cube_root_2
static constexpr uint64_t cube_root_2
Definition secp256k1.hpp:61
bb::secp256k1::FqParams::cube_root_wasm_1
static constexpr uint64_t cube_root_wasm_1
Definition secp256k1.hpp:112
bb::secp256k1::FqParams::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition secp256k1.hpp:131
bb::secp256k1::FqParams::schema_name
static constexpr char schema_name[]
Definition secp256k1.hpp:133
bb::secp256k1::FqParams::cube_root_wasm_2
static constexpr uint64_t cube_root_wasm_2
Definition secp256k1.hpp:113
bb::secp256k1::FqParams::modulus_wasm_6
static constexpr uint64_t modulus_wasm_6
Definition secp256k1.hpp:84
bb::secp256k1::FqParams::cube_root_1
static constexpr uint64_t cube_root_1
Definition secp256k1.hpp:60
bb::secp256k1::FqParams::modulus_wasm_3
static constexpr uint64_t modulus_wasm_3
Definition secp256k1.hpp:81
bb::secp256k1::FqParams::coset_generator_wasm_1
static constexpr uint64_t coset_generator_wasm_1
Definition secp256k1.hpp:125
bb::secp256k1::FqParams::r_inv_wasm_2
static constexpr uint64_t r_inv_wasm_2
Definition secp256k1.hpp:101
bb::secp256k1::FqParams::r_inv_wasm_6
static constexpr uint64_t r_inv_wasm_6
Definition secp256k1.hpp:105
bb::secp256k1::FqParams::r_inv_2
static constexpr uint64_t r_inv_2
Definition secp256k1.hpp:55
bb::secp256k1::FqParams::cube_root_3
static constexpr uint64_t cube_root_3
Definition secp256k1.hpp:62
bb::secp256k1::FqParams::modulus_3
static constexpr uint64_t modulus_3
Definition secp256k1.hpp:34
bb::secp256k1::FrParams
Parameters defining the scalar field of the secp256k1 curve.
Definition secp256k1.hpp:146
bb::secp256k1::FrParams::r_squared_3
static constexpr uint64_t r_squared_3
Definition secp256k1.hpp:158
bb::secp256k1::FrParams::coset_generator_wasm_1
static constexpr uint64_t coset_generator_wasm_1
Definition secp256k1.hpp:259
bb::secp256k1::FrParams::r_inv_wasm_5
static constexpr uint64_t r_inv_wasm_5
Definition secp256k1.hpp:222
bb::secp256k1::FrParams::cube_root_wasm_0
static constexpr uint64_t cube_root_wasm_0
Definition secp256k1.hpp:229
bb::secp256k1::FrParams::modulus_wasm_5
static constexpr uint64_t modulus_wasm_5
Definition secp256k1.hpp:201
bb::secp256k1::FrParams::endo_g1_hi
static constexpr uint64_t endo_g1_hi
Definition secp256k1.hpp:251
bb::secp256k1::FrParams::coset_generator_wasm_0
static constexpr uint64_t coset_generator_wasm_0
Definition secp256k1.hpp:258
bb::secp256k1::FrParams::modulus_wasm_7
static constexpr uint64_t modulus_wasm_7
Definition secp256k1.hpp:203
bb::secp256k1::FrParams::coset_generator_2
static constexpr uint64_t coset_generator_2
Definition secp256k1.hpp:191
bb::secp256k1::FrParams::r_inv
static constexpr uint64_t r_inv
Definition secp256k1.hpp:164
bb::secp256k1::FrParams::modulus_wasm_6
static constexpr uint64_t modulus_wasm_6
Definition secp256k1.hpp:202
bb::secp256k1::FrParams::coset_generator_1
static constexpr uint64_t coset_generator_1
Definition secp256k1.hpp:190
bb::secp256k1::FrParams::modulus_wasm_1
static constexpr uint64_t modulus_wasm_1
Definition secp256k1.hpp:197
bb::secp256k1::FrParams::modulus_0
static constexpr uint64_t modulus_0
Definition secp256k1.hpp:149
bb::secp256k1::FrParams::r_squared_wasm_3
static constexpr uint64_t r_squared_wasm_3
Definition secp256k1.hpp:211
bb::secp256k1::FrParams::endo_g1_mid
static constexpr uint64_t endo_g1_mid
Definition secp256k1.hpp:250
bb::secp256k1::FrParams::primitive_root_wasm_3
static constexpr uint64_t primitive_root_wasm_3
Definition secp256k1.hpp:238
bb::secp256k1::FrParams::coset_generator_wasm_3
static constexpr uint64_t coset_generator_wasm_3
Definition secp256k1.hpp:261
bb::secp256k1::FrParams::primitive_root_2
static constexpr uint64_t primitive_root_2
Definition secp256k1.hpp:184
bb::secp256k1::FrParams::endo_minus_b1_lo
static constexpr uint64_t endo_minus_b1_lo
Definition secp256k1.hpp:241
bb::secp256k1::FrParams::r_inv_1
static constexpr uint64_t r_inv_1
Definition secp256k1.hpp:171
bb::secp256k1::FrParams::endo_g1_lo
static constexpr uint64_t endo_g1_lo
Definition secp256k1.hpp:249
bb::secp256k1::FrParams::cube_root_wasm_1
static constexpr uint64_t cube_root_wasm_1
Definition secp256k1.hpp:230
bb::secp256k1::FrParams::cube_root_wasm_3
static constexpr uint64_t cube_root_wasm_3
Definition secp256k1.hpp:232
bb::secp256k1::FrParams::modulus_wasm_8
static constexpr uint64_t modulus_wasm_8
Definition secp256k1.hpp:204
bb::secp256k1::FrParams::schema_name
static constexpr char schema_name[]
Definition secp256k1.hpp:267
bb::secp256k1::FrParams::r_inv_wasm_6
static constexpr uint64_t r_inv_wasm_6
Definition secp256k1.hpp:223
bb::secp256k1::FrParams::r_inv_0
static constexpr uint64_t r_inv_0
Definition secp256k1.hpp:170
bb::secp256k1::FrParams::modulus_3
static constexpr uint64_t modulus_3
Definition secp256k1.hpp:152
bb::secp256k1::FrParams::r_inv_wasm_2
static constexpr uint64_t r_inv_wasm_2
Definition secp256k1.hpp:219
bb::secp256k1::FrParams::modulus_1
static constexpr uint64_t modulus_1
Definition secp256k1.hpp:150
bb::secp256k1::FrParams::modulus_wasm_2
static constexpr uint64_t modulus_wasm_2
Definition secp256k1.hpp:198
bb::secp256k1::FrParams::r_inv_wasm_8
static constexpr uint64_t r_inv_wasm_8
Definition secp256k1.hpp:225
bb::secp256k1::FrParams::endo_minus_b1_mid
static constexpr uint64_t endo_minus_b1_mid
Definition secp256k1.hpp:242
bb::secp256k1::FrParams::r_inv_wasm_0
static constexpr uint64_t r_inv_wasm_0
Definition secp256k1.hpp:217
bb::secp256k1::FrParams::endo_b2_mid
static constexpr uint64_t endo_b2_mid
Definition secp256k1.hpp:245
bb::secp256k1::FrParams::modulus_wasm_3
static constexpr uint64_t modulus_wasm_3
Definition secp256k1.hpp:199
bb::secp256k1::FrParams::r_inv_wasm_1
static constexpr uint64_t r_inv_wasm_1
Definition secp256k1.hpp:218
bb::secp256k1::FrParams::r_inv_2
static constexpr uint64_t r_inv_2
Definition secp256k1.hpp:172
bb::secp256k1::FrParams::PUBLIC_INPUTS_SIZE
static constexpr size_t PUBLIC_INPUTS_SIZE
Definition secp256k1.hpp:265
bb::secp256k1::FrParams::primitive_root_wasm_2
static constexpr uint64_t primitive_root_wasm_2
Definition secp256k1.hpp:237
bb::secp256k1::FrParams::primitive_root_0
static constexpr uint64_t primitive_root_0
Definition secp256k1.hpp:182
bb::secp256k1::FrParams::cube_root_wasm_2
static constexpr uint64_t cube_root_wasm_2
Definition secp256k1.hpp:231
bb::secp256k1::FrParams::endo_b2_lo
static constexpr uint64_t endo_b2_lo
Definition secp256k1.hpp:244
bb::secp256k1::FrParams::r_squared_2
static constexpr uint64_t r_squared_2
Definition secp256k1.hpp:157
bb::secp256k1::FrParams::cube_root_3
static constexpr uint64_t cube_root_3
Definition secp256k1.hpp:179
bb::secp256k1::FrParams::r_inv_wasm_7
static constexpr uint64_t r_inv_wasm_7
Definition secp256k1.hpp:224
bb::secp256k1::FrParams::primitive_root_1
static constexpr uint64_t primitive_root_1
Definition secp256k1.hpp:183
bb::secp256k1::FrParams::primitive_root_wasm_0
static constexpr uint64_t primitive_root_wasm_0
Definition secp256k1.hpp:235
bb::secp256k1::FrParams::coset_generator_wasm_2
static constexpr uint64_t coset_generator_wasm_2
Definition secp256k1.hpp:260
bb::secp256k1::FrParams::coset_generator_3
static constexpr uint64_t coset_generator_3
Definition secp256k1.hpp:192
bb::secp256k1::FrParams::r_squared_0
static constexpr uint64_t r_squared_0
Definition secp256k1.hpp:155
bb::secp256k1::FrParams::r_squared_wasm_2
static constexpr uint64_t r_squared_wasm_2
Definition secp256k1.hpp:210
bb::secp256k1::FrParams::modulus_2
static constexpr uint64_t modulus_2
Definition secp256k1.hpp:151
bb::secp256k1::FrParams::r_squared_wasm_1
static constexpr uint64_t r_squared_wasm_1
Definition secp256k1.hpp:209
bb::secp256k1::FrParams::modulus_wasm_4
static constexpr uint64_t modulus_wasm_4
Definition secp256k1.hpp:200
bb::secp256k1::FrParams::r_inv_wasm_4
static constexpr uint64_t r_inv_wasm_4
Definition secp256k1.hpp:221
bb::secp256k1::FrParams::cube_root_2
static constexpr uint64_t cube_root_2
Definition secp256k1.hpp:178
bb::secp256k1::FrParams::endo_g2_lo
static constexpr uint64_t endo_g2_lo
Definition secp256k1.hpp:253
bb::secp256k1::FrParams::r_squared_wasm_0
static constexpr uint64_t r_squared_wasm_0
Definition secp256k1.hpp:208
bb::secp256k1::FrParams::endo_g2_mid
static constexpr uint64_t endo_g2_mid
Definition secp256k1.hpp:254
bb::secp256k1::FrParams::r_squared_1
static constexpr uint64_t r_squared_1
Definition secp256k1.hpp:156
bb::secp256k1::FrParams::coset_generator_0
static constexpr uint64_t coset_generator_0
Definition secp256k1.hpp:189
bb::secp256k1::FrParams::primitive_root_3
static constexpr uint64_t primitive_root_3
Definition secp256k1.hpp:185
bb::secp256k1::FrParams::cube_root_0
static constexpr uint64_t cube_root_0
Definition secp256k1.hpp:176
bb::secp256k1::FrParams::r_inv_3
static constexpr uint64_t r_inv_3
Definition secp256k1.hpp:173
bb::secp256k1::FrParams::primitive_root_wasm_1
static constexpr uint64_t primitive_root_wasm_1
Definition secp256k1.hpp:236
bb::secp256k1::FrParams::modulus_wasm_0
static constexpr uint64_t modulus_wasm_0
Definition secp256k1.hpp:196
bb::secp256k1::FrParams::cube_root_1
static constexpr uint64_t cube_root_1
Definition secp256k1.hpp:177
bb::secp256k1::FrParams::r_inv_wasm_3
static constexpr uint64_t r_inv_wasm_3
Definition secp256k1.hpp:220
bb::secp256k1::G1Params::small_elements
static constexpr bool small_elements
Definition secp256k1.hpp:274
bb::secp256k1::G1Params::b
static constexpr fq b
Definition secp256k1.hpp:277
bb::secp256k1::G1Params::can_hash_to_curve
static constexpr bool can_hash_to_curve
Definition secp256k1.hpp:273
bb::secp256k1::G1Params::one_x
static constexpr fq one_x
Definition secp256k1.hpp:280
bb::secp256k1::G1Params::one_y
static constexpr fq one_y
Definition secp256k1.hpp:282
bb::secp256k1::G1Params::has_a
static constexpr bool has_a
Definition secp256k1.hpp:275
bb::secp256k1::G1Params::USE_ENDOMORPHISM
static constexpr bool USE_ENDOMORPHISM
Definition secp256k1.hpp:272
bb::secp256k1::G1Params::a
static constexpr fq a
Definition secp256k1.hpp:278