Barretenberg: src/barretenberg/stdlib/primitives/field/field_conversion.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Complete, auditors: [Sergei], commit: 777717f6af324188ecd6bb68c3c86ee7befef94d}

// external_1:  { status: Complete, auditors: [@ed25519 (Spearbit)], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once


#include "barretenberg/common/assert.hpp"

#include "barretenberg/polynomials/univariate.hpp"

#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"

#include "barretenberg/stdlib/primitives/bigfield/goblin_field.hpp"

#include "barretenberg/stdlib/primitives/curves/bn254.hpp"

#include "barretenberg/stdlib/primitives/field/field.hpp"

#include "barretenberg/stdlib/primitives/field/field_utils.hpp"

#include "barretenberg/stdlib/primitives/group/cycle_group.hpp"


namespace bb::stdlib {


template <typename Field> class StdlibCodec {

  public:

    using DataType = Field;

    using Builder = typename Field::Builder;

    using fr = field_t<Builder>;

    using fq = bigfield<Builder, bb::Bn254FqParams>;

    using bn254_commitment = element<Builder, fq, fr, curve::BN254::Group>;

    using grumpkin_commitment = cycle_group<Builder>;


    template <typename T> static T convert_challenge(const fr& challenge)

    {

        if constexpr (std::is_same_v<T, fr>) {

            return challenge;

        } else if constexpr (std::is_same_v<T, fq>) {

            // Sanity check that the input challenge fits into the first 2 bigfield limbs.

            BB_ASSERT_LT(static_cast<uint256_t>(challenge.get_value()).get_msb(),

                         T::NUM_LIMB_BITS * 2,

                         "field_conversion: convert_challenge");

            Builder* builder = challenge.get_context();

            // All challenges must be circuit witnesses.

            BB_ASSERT(builder);

            BB_ASSERT(!challenge.is_constant());

            return T(challenge, fr::from_witness_index(builder, builder->zero_idx()));

        }

    }


    static std::vector<fr> convert_goblin_fr_to_bn254_frs(const goblin_field<Builder>& input)

    {

        return { input.limbs[0], input.limbs[1] };

    }


    static std::vector<fr> convert_grumpkin_fr_to_bn254_frs(const fq& input)

    {

        static constexpr uint64_t NUM_LIMB_BITS = fq::NUM_LIMB_BITS;


        static constexpr bb::fr shift(static_cast<uint256_t>(1) << NUM_LIMB_BITS);

        std::vector<fr> result(2);

        result[0] = input.binary_basis_limbs[0].element + (input.binary_basis_limbs[1].element * shift);

        result[1] = input.binary_basis_limbs[2].element + (input.binary_basis_limbs[3].element * shift);

        return result;

    }


    template <typename T> static constexpr size_t calc_num_fields()

    {

        if constexpr (IsAnyOf<T, fr>) {

            return Bn254FrParams::NUM_BN254_SCALARS;

        } else if constexpr (IsAnyOf<T, fq, goblin_field<Builder>>) {

            return Bn254FqParams::NUM_BN254_SCALARS;

        } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {

            return 2 * calc_num_fields<typename T::BaseField>();

        } else {

            // Array or Univariate

            return calc_num_fields<typename T::value_type>() * (std::tuple_size<T>::value);

        }

    }


    template <typename T> static T deserialize_from_fields(std::span<const fr> fr_vec)

    {

        using field_ct = fr;

        using bigfield_ct = fq;


        constexpr size_t expected_size = calc_num_fields<T>();

        BB_ASSERT_EQ(fr_vec.size(), expected_size);


        BB_ASSERT(validate_context<Builder>(fr_vec));


        if constexpr (IsAnyOf<T, field_ct>) {

            // Case 1: input type matches the output type

            return fr_vec[0];

        } else if constexpr (IsAnyOf<T, bigfield_ct>) {

            // Case 2: bigfield is reconstructed from low and high limbs with in-field validation.

            // This ensures aliased values (>= Fq::modulus) are rejected.

            T result(fr_vec[0], fr_vec[1]);

            result.assert_is_in_field();

            return result;

        } else if constexpr (IsAnyOf<T, goblin_field<Builder>>) {

            // Case 3: goblin_field stores limbs as-is; range validation is deferred to Translator circuit.

            return T(fr_vec[0], fr_vec[1]);

        } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {

            // Case 4 and 5: Convert a vector of frs to a group element

            using Basefield = typename T::BaseField;


            constexpr size_t base_field_frs = expected_size / 2;


            Basefield x = deserialize_from_fields<Basefield>(fr_vec.subspan(0, base_field_frs));

            Basefield y = deserialize_from_fields<Basefield>(fr_vec.subspan(base_field_frs, base_field_frs));


            // Construct the group element (validates the point is on curve).

            // The 2-arg constructor auto-detects infinity from (x == 0 && y == 0).

            // For goblin_element (bn254 with Mega arithmetization), the on-curve check is delegated to ECCVM, see

            // `on_curve_check` in `ECCVMTranscriptRelationImpl`.

            return T(x, y, /*assert_on_curve=*/true);

        } else {

            // Case 6: Array or Univariate

            T val;

            using element_type = typename T::value_type;

            const size_t scalar_frs = calc_num_fields<element_type>();


            size_t i = 0;

            for (auto& x : val) {

                x = deserialize_from_fields<element_type>(fr_vec.subspan(scalar_frs * i, scalar_frs));

                ++i;

            }

            return val;

        }

    }


    template <typename T> static std::vector<fr> serialize_to_fields(const T& val)

    {

        using field_ct = fr;

        using bigfield_ct = fq;


        if constexpr (IsAnyOf<T, field_ct>) {

            return std::vector<T>{ val };

        } else if constexpr (IsAnyOf<T, bigfield_ct>) {

            return convert_grumpkin_fr_to_bn254_frs(val);

        } else if constexpr (IsAnyOf<T, goblin_field<Builder>>) {

            return convert_goblin_fr_to_bn254_frs(val);

        } else if constexpr (IsAnyOf<T, grumpkin_commitment>) {

            // Canonicalize: output (0,0) for infinity points, critical for the IPA accumulation flow.

            auto is_inf = val.is_point_at_infinity();

            fr canon_x = fr::conditional_assign(is_inf, fr(0), val.x());

            fr canon_y = fr::conditional_assign(is_inf, fr(0), val.y());

            return { canon_x, canon_y };

        } else if constexpr (IsAnyOf<T, bn254_commitment>) {

            // bn254_commitment serialization does not standardize infinity (unlike grumpkin_commitment above).

            // All existing code paths produce canonical (0,0) infinity, so just assert that invariant.

            if (val.get_value().is_point_at_infinity()) {

                BB_ASSERT(val.x().get_value() == 0 && val.y().get_value() == 0,

                          "serialize_to_fields: bn254_commitment point at infinity must be canonical (0,0)");

            }

            using BaseField = typename T::BaseField;


            std::vector<field_ct> fr_vec_x = serialize_to_fields<BaseField>(val.x());

            std::vector<field_ct> fr_vec_y = serialize_to_fields<BaseField>(val.y());

            std::vector<field_ct> fr_vec(fr_vec_x.begin(), fr_vec_x.end());

            fr_vec.insert(fr_vec.end(), fr_vec_y.begin(), fr_vec_y.end());

            return fr_vec;

        } else {

            // Array or Univariate

            std::vector<field_ct> fr_vec;

            for (auto& x : val) {

                auto tmp_vec = serialize_to_fields<typename T::value_type>(x);

                fr_vec.insert(fr_vec.end(), tmp_vec.begin(), tmp_vec.end());

            }

            return fr_vec;

        }

    }


    static std::array<fr, 2> split_challenge(const fr& challenge)

    {

        constexpr size_t TOTAL_BITS = fr::native::modulus.get_msb() + 1; // 254

        constexpr size_t lo_bits = TOTAL_BITS / 2;                       // 127

        // Construct a unique lo/hi decomposition of the challenge (hi_bits will be 127)

        const auto [lo, hi] = split_unique(challenge, lo_bits);

        return std::array<fr, 2>{ lo, hi };

    }


    template <typename TargetType> static TargetType deserialize_from_frs(std::span<fr> elements, size_t& num_frs_read)

    {

        constexpr size_t num_frs = calc_num_fields<TargetType>();

        BB_ASSERT_GTE(elements.size(), num_frs_read + num_frs);

        TargetType result = deserialize_from_fields<TargetType>(elements.subspan(num_frs_read, num_frs));

        num_frs_read += num_frs;

        return result;

    }


};


} // namespace bb::stdlib

assert.hpp

BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:70

BB_ASSERT_GTE
#define BB_ASSERT_GTE(left, right,...)
Definition assert.hpp:128

BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:83

BB_ASSERT_LT
#define BB_ASSERT_LT(left, right,...)
Definition assert.hpp:143

bigfield.hpp

bb::Bn254FqParams::NUM_BN254_SCALARS
static constexpr size_t NUM_BN254_SCALARS
Definition fq.hpp:146

bb::Bn254FrParams::NUM_BN254_SCALARS
static constexpr size_t NUM_BN254_SCALARS
Definition fr.hpp:148

bb::numeric::uint256_t
Definition uint256.hpp:32

bb::numeric::uint256_t::get_msb
constexpr uint64_t get_msb() const
Definition uint256_impl.hpp:368

bb::stdlib::StdlibCodec
Definition field_conversion.hpp:27

bb::stdlib::StdlibCodec::calc_num_fields
static constexpr size_t calc_num_fields()
Calculates the size of a type (in its native form) in terms of frs.
Definition field_conversion.hpp:80

bb::stdlib::StdlibCodec::fq
bigfield< Builder, bb::Bn254FqParams > fq
Definition field_conversion.hpp:32

bb::stdlib::StdlibCodec::Builder
typename Field::Builder Builder
Definition field_conversion.hpp:30

bb::stdlib::StdlibCodec::convert_goblin_fr_to_bn254_frs
static std::vector< fr > convert_goblin_fr_to_bn254_frs(const goblin_field< Builder > &input)
Definition field_conversion.hpp:61

bb::stdlib::StdlibCodec::convert_grumpkin_fr_to_bn254_frs
static std::vector< fr > convert_grumpkin_fr_to_bn254_frs(const fq &input)
Definition field_conversion.hpp:66

bb::stdlib::StdlibCodec::bn254_commitment
element< Builder, fq, fr, curve::BN254::Group > bn254_commitment
Definition field_conversion.hpp:33

bb::stdlib::StdlibCodec::convert_challenge
static T convert_challenge(const fr &challenge)
A stdlib Transcript method needed to convert an fr challenge to a bigfield one. Assumes that challeng...
Definition field_conversion.hpp:44

bb::stdlib::StdlibCodec::split_challenge
static std::array< fr, 2 > split_challenge(const fr &challenge)
Split a challenge field element into two equal-width challenges.
Definition field_conversion.hpp:280

bb::stdlib::StdlibCodec::deserialize_from_fields
static T deserialize_from_fields(std::span< const fr > fr_vec)
Core stdlib Transcript deserialization method.
Definition field_conversion.hpp:130

bb::stdlib::StdlibCodec::DataType
Field DataType
Definition field_conversion.hpp:29

bb::stdlib::StdlibCodec::deserialize_from_frs
static TargetType deserialize_from_frs(std::span< fr > elements, size_t &num_frs_read)
A stdlib VerificationKey-specific method.
Definition field_conversion.hpp:299

bb::stdlib::StdlibCodec::serialize_to_fields
static std::vector< fr > serialize_to_fields(const T &val)
Core stdlib Transcript serialization method.
Definition field_conversion.hpp:231

bb::stdlib::StdlibCodec::fr
field_t< Builder > fr
Definition field_conversion.hpp:31

bb::stdlib::bigfield< Builder, bb::Bn254FqParams >

bb::stdlib::bigfield< Builder, bb::Bn254FqParams >::NUM_LIMB_BITS
static constexpr uint64_t NUM_LIMB_BITS
Definition bigfield.hpp:317

bb::stdlib::bigfield::binary_basis_limbs
std::array< Limb, NUM_LIMBS > binary_basis_limbs
Represents a bigfield element in the binary basis. A bigfield element is represented as a combination...
Definition bigfield.hpp:81

bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve, i.e....
Definition cycle_group.hpp:39

bb::stdlib::field_t< Builder >

bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:67

bb::stdlib::field_t::get_context
Builder * get_context() const
Definition field.hpp:431

bb::stdlib::field_t::get_value
bb::fr get_value() const
Given a := *this, compute its value given by a.v * a.mul + a.add.
Definition field.cpp:836

bb::stdlib::field_t< Builder >::modulus
static constexpr uint256_t modulus
Definition field.hpp:237

bb::stdlib::field_t::is_constant
bool is_constant() const
Definition field.hpp:441

bb::stdlib::field_t< Builder >::conditional_assign
static field_t conditional_assign(const bool_t< Builder > &predicate, const field_t &lhs, const field_t &rhs)
Definition field.hpp:384

bb::stdlib::goblin_field
goblin_field wraps x/y coordinates of bn254 group elements when using goblin
Definition goblin_field.hpp:29

bb::stdlib::goblin_field::limbs
std::array< field_ct, 2 > limbs
Definition goblin_field.hpp:40

bb::IsAnyOf
Definition type_traits.hpp:7

builder
AluTraceBuilder builder
Definition alu.test.cpp:124

cycle_group.hpp

field_utils.hpp

goblin_field.hpp

bb::stdlib
Definition graph_description_goblin.test.cpp:13

bb::stdlib::split_unique
std::pair< field_t< Builder >, field_t< Builder > > split_unique(const field_t< Builder > &field, const size_t lo_bits, const bool skip_range_constraints)
Split a bn254 scalar field element into unique lo and hi limbs.
Definition field_utils.cpp:60

bb::stdlib::element
std::conditional_t< IsGoblinBigGroup< C, Fq, Fr, G >, element_goblin::goblin_element< C, goblin_field< C >, Fr, G >, element_default::element< C, Fq, Fr, G > > element
element wraps either element_default::element or element_goblin::goblin_element depending on parametr...
Definition biggroup.hpp:1023

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

bn254.hpp

field.hpp

bb::field< Bn254FrParams >

univariate.hpp