Barretenberg: src/barretenberg/dsl/acir_format/multi_scalar_mul.cpp Source File

// === AUDIT STATUS ===

// internal:    { status: Complete, auditors: [Luke], commit: a48c205d6dcd4338f5b83b4fda18bff6015be07b}

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#include "multi_scalar_mul.hpp"

#include "barretenberg/dsl/acir_format/serde/acir.hpp"

#include "barretenberg/ecc/curves/bn254/fr.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/honk/execution_trace/gate_data.hpp"

#include "barretenberg/stdlib/primitives/biggroup/biggroup.hpp"

#include "barretenberg/stdlib/primitives/group/cycle_group.hpp"


namespace acir_format {


using namespace bb;


template <typename Builder> struct MsmInputs {

    bb::stdlib::bool_t<Builder> predicate;

    bb::stdlib::cycle_group<Builder> result;

    std::vector<bb::stdlib::cycle_group<Builder>> points;

    std::vector<typename bb::stdlib::cycle_group<Builder>::cycle_scalar> scalars;

};


template <typename Builder>


void create_multi_scalar_mul_constraint(Builder& builder, const MultiScalarMul& constraint_input)

{

    using cycle_group_ct = stdlib::cycle_group<Builder>;


    // Step 1: Reconstruct inputs (points, scalars, expected result)

    MsmInputs input = reconstruct_msm_inputs(builder, constraint_input);


    // Step 2: Compute result and connect it to the expected result reconstructed from inputs

    auto result = cycle_group_ct::batch_mul(input.points, input.scalars);

    cycle_group_ct to_be_asserted_equal = cycle_group_ct::conditional_assign(input.predicate, input.result, result);

    result.assert_equal(to_be_asserted_equal);

}


template <typename Builder>

static MsmInputs<Builder> reconstruct_msm_inputs(Builder& builder, const MultiScalarMul& input)

{

    using cycle_group_ct = stdlib::cycle_group<Builder>;

    using cycle_scalar_ct = typename cycle_group_ct::cycle_scalar;

    using field_ct = stdlib::field_t<Builder>;

    using bool_ct = stdlib::bool_t<Builder>;


    bool_ct predicate = bool_ct(to_field_ct(input.predicate, builder));


    // Reconstruct expected result

    field_ct input_result_x = field_ct::from_witness_index(&builder, input.out_point_x);

    field_ct input_result_y = field_ct::from_witness_index(&builder, input.out_point_y);


    // If no valid witness assignments, set result to generator point to avoid errors during circuit construction

    if (builder.is_write_vk_mode()) {

        builder.set_variable(input_result_x.get_witness_index(), bb::grumpkin::g1::affine_one.x);

        builder.set_variable(input_result_y.get_witness_index(), bb::grumpkin::g1::affine_one.y);

    }


    // Use public constructor which auto-detects infinity from (0,0) coordinates.

    // Note that input_result is computed by Noir and passed to bb via ACIR. Hence, it is always a valid point on

    // Grumpkin, so we don't need to assert on curve.

    cycle_group_ct input_result(input_result_x, input_result_y, /*assert_on_curve=*/false);


    // Reconstruct points and scalars

    std::vector<cycle_group_ct> points;

    std::vector<cycle_scalar_ct> scalars;


    // Ensure that the number of points and scalars are consistent (3 field elements per point, 2 per scalar)

    BB_ASSERT(input.points.size() * 2 == input.scalars.size() * 3, "MultiScalarMul input size mismatch");


    for (size_t i = 0; i < input.points.size(); i += 3) {

        cycle_group_ct input_point =

            to_grumpkin_point(input.points[i], input.points[i + 1], input.points[i + 2], predicate, builder);


        cycle_scalar_ct scalar =

            to_grumpkin_scalar(input.scalars[2 * (i / 3)], input.scalars[2 * (i / 3) + 1], predicate, builder);


        points.push_back(input_point);

        scalars.push_back(scalar);

    }


    return { predicate, input_result, points, scalars };

}


template void create_multi_scalar_mul_constraint<UltraCircuitBuilder>(UltraCircuitBuilder& builder,

                                                                      const MultiScalarMul& input);

template void create_multi_scalar_mul_constraint<MegaCircuitBuilder>(MegaCircuitBuilder& builder,

                                                                     const MultiScalarMul& input);


} // namespace acir_format

acir.hpp

BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:70

biggroup.hpp

bb::ECCVMCircuitBuilder
Definition eccvm_circuit_builder.hpp:24

bb::MegaCircuitBuilder_
Definition mega_circuit_builder.hpp:19

bb::UltraCircuitBuilder_
Definition ultra_circuit_builder.hpp:40

bb::group_elements::affine_element::x
Fq x
Definition affine_element.hpp:203

bb::group_elements::affine_element::y
Fq y
Definition affine_element.hpp:204

bb::group::affine_one
static constexpr affine_element affine_one
Definition group.hpp:48

bb::stdlib::bool_t
Implements boolean logic in-circuit.
Definition bool.hpp:60

bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve, i.e....
Definition cycle_group.hpp:39

bb::stdlib::field_t< Builder >

bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:67

bb::stdlib::field_t::get_witness_index
uint32_t get_witness_index() const
Get the witness index of the current field element.
Definition field.hpp:518

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

cycle_group.hpp

grumpkin.hpp

fr.hpp

gate_data.hpp

multi_scalar_mul.hpp

acir_format
Definition acir_format.cpp:30

acir_format::create_multi_scalar_mul_constraint< UltraCircuitBuilder >
template void create_multi_scalar_mul_constraint< UltraCircuitBuilder >(UltraCircuitBuilder &builder, const MultiScalarMul &input)

acir_format::to_grumpkin_point
bb::stdlib::cycle_group< Builder > to_grumpkin_point(const WitnessOrConstant< typename Builder::FF > &input_x, const WitnessOrConstant< typename Builder::FF > &input_y, const WitnessOrConstant< typename Builder::FF > &input_infinite, const bb::stdlib::bool_t< Builder > &predicate, Builder &builder)
Convert inputs representing a Grumpkin point into a cycle_group element.
Definition witness_constant.cpp:38

acir_format::to_grumpkin_scalar
bb::stdlib::cycle_group< Builder >::cycle_scalar to_grumpkin_scalar(const WitnessOrConstant< typename Builder::FF > &scalar_lo, const WitnessOrConstant< typename Builder::FF > &scalar_hi, const bb::stdlib::bool_t< Builder > &predicate, Builder &builder)
Convert inputs representing a Grumpkin scalar into a cycle_scalar element.
Definition witness_constant.cpp:108

acir_format::create_multi_scalar_mul_constraint< MegaCircuitBuilder >
template void create_multi_scalar_mul_constraint< MegaCircuitBuilder >(MegaCircuitBuilder &builder, const MultiScalarMul &input)

acir_format::create_multi_scalar_mul_constraint
void create_multi_scalar_mul_constraint(Builder &builder, const MultiScalarMul &constraint_input)
Create constraints for multi-scalar multiplication on the Grumpkin curve.
Definition multi_scalar_mul.cpp:49

acir_format::to_field_ct
bb::stdlib::field_t< Builder > to_field_ct(const WitnessOrConstant< typename Builder::FF > &input, Builder &builder)
Definition witness_constant.hpp:39

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

acir_format::MsmInputs
Definition multi_scalar_mul.cpp:19

acir_format::MsmInputs::predicate
bb::stdlib::bool_t< Builder > predicate
Definition multi_scalar_mul.cpp:20

acir_format::MsmInputs::points
std::vector< bb::stdlib::cycle_group< Builder > > points
Definition multi_scalar_mul.cpp:22

acir_format::MsmInputs::result
bb::stdlib::cycle_group< Builder > result
Definition multi_scalar_mul.cpp:21

acir_format::MsmInputs::scalars
std::vector< typename bb::stdlib::cycle_group< Builder >::cycle_scalar > scalars
Definition multi_scalar_mul.cpp:23

acir_format::MultiScalarMul
Definition multi_scalar_mul.hpp:16