poseidon2_internal_relation.hpp

Go to the documentation of this file.

// === AUDIT STATUS ===
// internal:    { status: Complete, auditors: [Luke, Raju], commit: }
// external_1:  { status: not started, auditors: [], commit: }
// external_2:  { status: not started, auditors: [], commit: }
// =====================
 
#pragma once
#include "barretenberg/crypto/poseidon2/poseidon2_params.hpp"
#include "relation_types.hpp"
 
namespace bb {
 
template <typename FF_> class Poseidon2InternalRelationImpl {
  public:
    using FF = FF_;
 
    static constexpr std::array<size_t, 4> SUBRELATION_PARTIAL_LENGTHS{
        7, // internal poseidon2 round sub-relation for first value
        7, // internal poseidon2 round sub-relation for second value
        7, // internal poseidon2 round sub-relation for third value
        7, // internal poseidon2 round sub-relation for fourth value
    };
 
    // Internal matrix diagonal values minus one: these are D_i - 1 where D_i are the actual diagonal entries of M_I.
    // The internal round computes: v[i] = (D_i - 1) * u[i] + sum = D_i * u[i] + (sum of other elements)
    static constexpr fr D1_minus_1 = crypto::Poseidon2Bn254ScalarFieldParams::internal_matrix_diagonal_minus_one[0];
    static constexpr fr D2_minus_1 = crypto::Poseidon2Bn254ScalarFieldParams::internal_matrix_diagonal_minus_one[1];
    static constexpr fr D3_minus_1 = crypto::Poseidon2Bn254ScalarFieldParams::internal_matrix_diagonal_minus_one[2];
    static constexpr fr D4_minus_1 = crypto::Poseidon2Bn254ScalarFieldParams::internal_matrix_diagonal_minus_one[3];
    static constexpr fr D1 = fr{ 1 } + D1_minus_1;
    template <typename AllEntities> inline static bool skip(const AllEntities& in)
    {
        return (in.q_poseidon2_internal.is_zero());
    }
 
    template <typename ContainerOverSubrelations, typename AllEntities, typename Parameters>
    void static accumulate(ContainerOverSubrelations& evals,
                           const AllEntities& in,
                           const Parameters&,
                           const FF& scaling_factor)
    {
        // Univariates of degree 6 represented in Lagrange basis
        using Accumulator = std::tuple_element_t<0, ContainerOverSubrelations>;
        // Low-degree univariates represented in monomial basis
        using CoefficientAccumulator = typename Accumulator::CoefficientAccumulator;
 
        // Current state
        const auto w_1 = CoefficientAccumulator(in.w_l);
        const auto w_2 = CoefficientAccumulator(in.w_r);
        const auto w_3 = CoefficientAccumulator(in.w_o);
        const auto w_4 = CoefficientAccumulator(in.w_4);
        // Expected state, contained in the next row
        const auto w_1_shift = CoefficientAccumulator(in.w_l_shift);
        const auto w_2_shift = CoefficientAccumulator(in.w_r_shift);
        const auto w_3_shift = CoefficientAccumulator(in.w_o_shift);
        const auto w_4_shift = CoefficientAccumulator(in.w_4_shift);
        // Poseidon2 internal relation selector
        const auto q_poseidon2_internal_m = CoefficientAccumulator(in.q_poseidon2_internal);
        // ĉ₀⁽ⁱ⁾ - the round constant in `i`-th  internal round
        const auto c_0_int = CoefficientAccumulator(in.q_l);
 
        Accumulator barycentric_term;
 
        // Add ĉ₀⁽ⁱ⁾ stored in the selector and convert to Lagrange basis
        auto s1 = Accumulator(w_1 + c_0_int);
 
        // Apply S-box. Note that the multiplication is performed point-wise
        auto u1 = s1.sqr();
        u1 = u1.sqr();
        u1 *= s1;
 
        const auto q_pos_by_scaling_m = (q_poseidon2_internal_m * scaling_factor);
        const auto q_pos_by_scaling = Accumulator(q_pos_by_scaling_m);
        // Common terms
        const auto partial_sum = w_2 + w_3 + w_4;
        const auto scaled_u1 = u1 * q_pos_by_scaling;
 
        // Row 1: v_1 = D_1 * u_1 + u_2 + u_3 + u_4
        barycentric_term = scaled_u1 * D1;
        auto monomial_term = partial_sum - w_1_shift;
        barycentric_term += Accumulator(monomial_term * q_pos_by_scaling_m);
        std::get<0>(evals) += barycentric_term;
 
        // Row 2: v_2 = u_1 + D_2 * u_2 + u_3 + u_4 = u_1 + (D_2 - 1) * u_2 + u_2 + u_3 + u_4
        auto v2_m = w_2 * D2_minus_1 + partial_sum - w_2_shift;
        barycentric_term = Accumulator(v2_m * q_pos_by_scaling_m);
        barycentric_term += scaled_u1;
        std::get<1>(evals) += barycentric_term;
 
        // Row 3: v_3 = u_1 + u_2 + D_3 * u_3 + u_4 = u_1 + u_2 + (D_3 - 1) * u_3 + u_3 + u_4
        auto v3_m = w_3 * D3_minus_1 + partial_sum - w_3_shift;
        barycentric_term = Accumulator(v3_m * q_pos_by_scaling_m);
        barycentric_term += scaled_u1;
        std::get<2>(evals) += barycentric_term;
 
        // Row 4: v_4 = u_1 + u_2 + u_3 + D_4 * u_4 = u_1 + u_2 + u_3 + (D_4 - 1) * u_4 + u_4
        auto v4_m = w_4 * D4_minus_1 + partial_sum - w_4_shift;
        barycentric_term = Accumulator(v4_m * q_pos_by_scaling_m);
        barycentric_term += scaled_u1;
        std::get<3>(evals) += barycentric_term;
    };
}; // namespace bb
 
template <typename FF> using Poseidon2InternalRelation = Relation<Poseidon2InternalRelationImpl<FF>>;
} // namespace bb