General class for prime fields see Prime field documentation["field documentation"] for general implementation reference. More...

#include <field_declarations.hpp>

Classes
struct	wide_array

struct	wnaf_table

Public Types
using	View = field

using	CoefficientAccumulator = field

using	Params = Params_

using	in_buf = const uint8_t *

using	vec_in_buf = const uint8_t *

using	out_buf = uint8_t *

using	vec_out_buf = uint8_t **

Public Member Functions
	field ()=default

constexpr	field (const numeric::uint256_t &input) noexcept

constexpr	field (const uint128_t &input) noexcept

constexpr	field (const unsigned long input) noexcept

constexpr	field (const unsigned int input) noexcept

constexpr	field (const unsigned long long input) noexcept

constexpr	field (const int input) noexcept

constexpr	field (const uint64_t a, const uint64_t b, const uint64_t c, const uint64_t d) noexcept
	cast four uint64_t as a field

constexpr	field (const uint512_t &input) noexcept
	Convert a 512-bit big integer into a field element.

constexpr	field (std::string input) noexcept

constexpr	operator bool () const

constexpr	operator uint8_t () const

constexpr	operator uint16_t () const

constexpr	operator uint32_t () const

constexpr	operator uint64_t () const

constexpr	operator uint128_t () const

constexpr	operator uint256_t () const noexcept

constexpr uint256_t	uint256_t_no_montgomery_conversion () const noexcept

constexpr	field (const field &other) noexcept=default

constexpr	field (field &&other) noexcept=default

constexpr field &	operator= (const field &other) &noexcept=default

constexpr field &	operator= (field &&other) &noexcept=default

constexpr	~field () noexcept=default

BB_INLINE constexpr field	operator* (const field &other) const noexcept

BB_INLINE constexpr field	operator+ (const field &other) const noexcept

BB_INLINE constexpr field	operator- (const field &other) const noexcept

BB_INLINE constexpr field	operator- () const noexcept

constexpr field	operator/ (const field &other) const noexcept

BB_INLINE constexpr field	operator++ () noexcept

BB_INLINE constexpr field	operator++ (int) noexcept

BB_INLINE constexpr field &	operator*= (const field &other) &noexcept

BB_INLINE constexpr field &	operator+= (const field &other) &noexcept

BB_INLINE constexpr field &	operator-= (const field &other) &noexcept

constexpr field &	operator/= (const field &other) &noexcept

BB_INLINE constexpr bool	operator> (const field &other) const noexcept
	Greater-than operator.

BB_INLINE constexpr bool	operator< (const field &other) const noexcept
	Less-than operator.

BB_INLINE constexpr bool	operator== (const field &other) const noexcept

BB_INLINE constexpr bool	operator!= (const field &other) const noexcept

BB_INLINE constexpr field	to_montgomery_form () const noexcept

BB_INLINE constexpr field	from_montgomery_form () const noexcept

BB_INLINE constexpr field	to_montgomery_form_reduced () const noexcept

BB_INLINE constexpr field	from_montgomery_form_reduced () const noexcept

BB_INLINE constexpr field	sqr () const noexcept

BB_INLINE constexpr void	self_sqr () &noexcept

BB_INLINE constexpr field	pow (const uint256_t &exponent) const noexcept

BB_INLINE constexpr field	pow (uint64_t exponent) const noexcept

constexpr field	invert () const noexcept

constexpr std::pair< bool, field >	sqrt () const noexcept
	Compute square root of the field element.

constexpr std::pair< bool, field >	sqrt () const noexcept

BB_INLINE constexpr void	self_neg () &noexcept

BB_INLINE constexpr void	self_to_montgomery_form () &noexcept

BB_INLINE constexpr void	self_from_montgomery_form () &noexcept

BB_INLINE constexpr void	self_to_montgomery_form_reduced () &noexcept

BB_INLINE constexpr void	self_from_montgomery_form_reduced () &noexcept

BB_INLINE constexpr void	self_conditional_negate (uint64_t predicate) &noexcept

BB_INLINE constexpr field	reduce_once () const noexcept

BB_INLINE constexpr void	self_reduce_once () &noexcept

BB_INLINE constexpr void	self_set_msb () &noexcept

BB_INLINE constexpr bool	is_msb_set () const noexcept

BB_INLINE constexpr uint64_t	is_msb_set_word () const noexcept

BB_INLINE constexpr bool	is_zero () const noexcept

BB_INLINE std::vector< uint8_t >	to_buffer () const

BB_INLINE constexpr wide_array	mul_512 (const field &other) const noexcept

BB_INLINE constexpr wide_array	sqr_512 () const noexcept

BB_INLINE constexpr field	conditionally_subtract_from_double_modulus (const uint64_t predicate) const noexcept

void	msgpack_pack (auto &packer) const

void	msgpack_unpack (auto o)

void	msgpack_schema (auto &packer) const

BB_INLINE constexpr field	reduce () const noexcept
	reduce once, i.e., if the value is bigger than the modulus, subtract off the modulus once.

BB_INLINE constexpr field	add (const field &other) const noexcept

BB_INLINE constexpr field	subtract (const field &other) const noexcept

BB_INLINE constexpr field	montgomery_mul (const field &other) const noexcept

BB_INLINE constexpr field	montgomery_mul_big (const field &other) const noexcept
	Mongtomery multiplication for moduli > 2²⁵⁴

BB_INLINE constexpr field	montgomery_square () const noexcept
	Squaring via a variant of the Montgomery algorithm, where we roughly take advantage of the repeated terms in the expansion.

constexpr field	tonelli_shanks_sqrt () const noexcept
	Implements an optimized variant of Tonelli-Shanks via lookup tables. Algorithm taken from https://cr.yp.to/papers/sqroot-20011123-retypeset20220327.pdf "FASTER SQUARE ROOTS IN ANNOYING FINITE FIELDS" by D. Bernstein Page 5 "Accelerated Discrete Logarithm".

Static Public Member Functions
static constexpr field	cube_root_of_unity ()

static constexpr field	zero ()

static constexpr field	neg_one ()

static constexpr field	one ()

static constexpr field	coset_generator ()

template<typename C > requires requires(C& c) { { c.size() } -> std::convertible_to<size_t>; { c[0] }; }
static void	batch_invert (C &coeffs) noexcept
	Batch invert a collection of field elements using Montgomery's trick.

static void	batch_invert (field *coeffs, size_t n) noexcept

static void	batch_invert (std::span< field > coeffs) noexcept

static constexpr field	get_root_of_unity (size_t subgroup_size) noexcept

static void	serialize_to_buffer (const field &value, uint8_t *buffer)

static field	serialize_from_buffer (const uint8_t *buffer)

template<class V >
static field	reconstruct_from_public (const std::span< const field< V >, PUBLIC_INPUTS_SIZE > &limbs)

static field	compute_endomorphism_k2 (const field &k)
	Shared core of the endomorphism scalar decomposition.

static void	split_into_endomorphism_scalars (const field &k, field &k1, field &k2)
	Full-width endomorphism decomposition: k ≡ k1 - k2·λ (mod r). Modifies the field elements k1 and k2.

static std::pair< std::array< uint64_t, 2 >, std::array< uint64_t, 2 > >	split_into_endomorphism_scalars (const field &k)
	128-bit endomorphism decomposition: k ≡ k1 - k2·λ (mod r).

static BB_INLINE void	__copy (const field &a, field &r) noexcept

static BB_INLINE void	__swap (field &src, field &dest) noexcept

static field	random_element (numeric::RNG *engine=nullptr) noexcept

static BB_INLINE constexpr void	wasm_madd (uint64_t &left_limb, const std::array< uint64_t, WASM_NUM_LIMBS > &right_limbs, uint64_t &result_0, uint64_t &result_1, uint64_t &result_2, uint64_t &result_3, uint64_t &result_4, uint64_t &result_5, uint64_t &result_6, uint64_t &result_7, uint64_t &result_8)
	Multiply left limb by a sequence of 9 limbs and accumulate into result variables.

static BB_INLINE constexpr void	wasm_reduce (uint64_t &result_0, uint64_t &result_1, uint64_t &result_2, uint64_t &result_3, uint64_t &result_4, uint64_t &result_5, uint64_t &result_6, uint64_t &result_7, uint64_t &result_8)
	Perform 29-bit Montgomery reduction on 1 limb (result_0 should be zero modulo 2^29 after calling this method).

static BB_INLINE constexpr void	wasm_reduce_yuval (uint64_t &result_0, uint64_t &result_1, uint64_t &result_2, uint64_t &result_3, uint64_t &result_4, uint64_t &result_5, uint64_t &result_6, uint64_t &result_7, uint64_t &result_8, uint64_t &result_9)
	Perform 29-bit Montgomery reduction on 1 limb using Yuval's method.

static BB_INLINE constexpr std::array< uint64_t, WASM_NUM_LIMBS >	wasm_convert (const uint64_t *data)
	Convert 4 64-bit limbs into 9 29-bit limbs.

static BB_INLINE constexpr std::pair< uint64_t, uint64_t >	mul_wide (uint64_t a, uint64_t b) noexcept

static BB_INLINE constexpr uint64_t	mac (uint64_t a, uint64_t b, uint64_t c, uint64_t carry_in, uint64_t &carry_out) noexcept
	Compute uint128_t(a * b + c + carry_in), where the inputs are all `uint64_t`. Return the top 64 bits.

static BB_INLINE constexpr void	mac (uint64_t a, uint64_t b, uint64_t c, uint64_t carry_in, uint64_t &out, uint64_t &carry_out) noexcept
	Compute uint128_t(a * b + c + carry_in), where the inputs are all `uint64_t`. out is rewritten to the bottom 64 bits and carry_out is rewritten to the top 64 bits.

static BB_INLINE constexpr uint64_t	mac_mini (uint64_t a, uint64_t b, uint64_t c, uint64_t &out) noexcept

static BB_INLINE constexpr void	mac_mini (uint64_t a, uint64_t b, uint64_t c, uint64_t &out, uint64_t &carry_out) noexcept

static BB_INLINE constexpr uint64_t	mac_discard_lo (uint64_t a, uint64_t b, uint64_t c) noexcept

static BB_INLINE constexpr uint64_t	addc (uint64_t a, uint64_t b, uint64_t carry_in, uint64_t &carry_out) noexcept
	unsigned 64-bit add-with-carry that takes in a `carry_in` and a `carry_out` bit and rewrites the latter.

static BB_INLINE constexpr uint64_t	sbb (uint64_t a, uint64_t b, uint64_t borrow_in, uint64_t &borrow_out) noexcept
	unsigned 64-bit subtract-with-borrow that takes in borrow_in value in the size-2 set {0, 2^64 - 1}, which we interpret as {no borrow, yes borrow}, computes (a - b - (borrow_in != 0)). rewrites borrow_out.

static BB_INLINE constexpr uint64_t	square_accumulate (uint64_t a, uint64_t b, uint64_t c, uint64_t carry_in_lo, uint64_t carry_in_hi, uint64_t &carry_lo, uint64_t &carry_hi) noexcept
	Computes a + 2 * b * c + carry_in_lo + 2^64 * carry_in_hi, in the form of returning a uint64_t and modifying carry_lo and carry_hi. Here, carry_lo represents bits 64 - 127 of the result and carry_hi bits 128-191 of the result. carry_lo can be an arbitrary uint64_t.

static constexpr size_t	primitive_root_log_size () noexcept

Public Attributes
uint64_t	data [4]

Static Public Attributes
static constexpr size_t	PUBLIC_INPUTS_SIZE = Params::PUBLIC_INPUTS_SIZE

static constexpr uint256_t	modulus

static constexpr uint256_t	r_squared_uint

static constexpr std::array< uint64_t, 9 >	wasm_modulus

static constexpr std::array< uint64_t, 9 >	wasm_r_inv

static constexpr uint256_t	modulus_minus_two

static constexpr uint256_t	twice_modulus = modulus + modulus

static constexpr uint256_t	not_modulus = -modulus

static constexpr uint256_t	twice_not_modulus = -twice_modulus

Friends
std::ostream &	operator<< (std::ostream &os, const field &a)

Detailed Description

template<class Params_>
struct bb::field< Params_ >

General class for prime fields see Prime field documentation["field documentation"] for general implementation reference.

Template Parameters

Params_

Definition at line 60 of file field_declarations.hpp.

Member Typedef Documentation

◆ CoefficientAccumulator

template<class Params_ >

using bb::field< Params_ >::CoefficientAccumulator = field

Definition at line 63 of file field_declarations.hpp.

◆ in_buf

template<class Params_ >

using bb::field< Params_ >::in_buf = const uint8_t*

Definition at line 65 of file field_declarations.hpp.

◆ out_buf

template<class Params_ >

using bb::field< Params_ >::out_buf = uint8_t*

Definition at line 67 of file field_declarations.hpp.

◆ Params

template<class Params_ >

using bb::field< Params_ >::Params = Params_

Definition at line 64 of file field_declarations.hpp.

◆ vec_in_buf

template<class Params_ >

using bb::field< Params_ >::vec_in_buf = const uint8_t*

Definition at line 66 of file field_declarations.hpp.

◆ vec_out_buf

template<class Params_ >

using bb::field< Params_ >::vec_out_buf = uint8_t**

Definition at line 68 of file field_declarations.hpp.

◆ View

template<class Params_ >

using bb::field< Params_ >::View = field

Definition at line 62 of file field_declarations.hpp.

Constructor & Destructor Documentation

◆ field() [1/12]

template<class Params_ >

bb::field< Params_ >::field ( )

default

◆ field() [2/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( const numeric::uint256_t & input )

inlineconstexprnoexcept

Definition at line 89 of file field_declarations.hpp.

◆ field() [3/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( const uint128_t & input )

inlineconstexprnoexcept

Definition at line 95 of file field_declarations.hpp.

◆ field() [4/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( const unsigned long input )

inlineconstexprnoexcept

Definition at line 100 of file field_declarations.hpp.

◆ field() [5/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( const unsigned int input )

inlineconstexprnoexcept

Definition at line 106 of file field_declarations.hpp.

◆ field() [6/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( const unsigned long long input )

inlineconstexprnoexcept

Definition at line 113 of file field_declarations.hpp.

◆ field() [7/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( const int input )

inlineconstexprnoexcept

Definition at line 119 of file field_declarations.hpp.

◆ field() [8/12]

template<class Params_ >

constexpr bb::field< Params_ >::field	(	const uint64_t	a,
		const uint64_t	b,
		const uint64_t	c,
		const uint64_t	d
	)

inlineconstexprnoexcept

cast four uint64_t as a field

Warning: this DOES NOT convert to montgomery form, in particular it is assumed that the element "is already" in Montgomery form.

Definition at line 145 of file field_declarations.hpp.

◆ field() [9/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( const uint512_t & input )

inlineexplicitconstexprnoexcept

Convert a 512-bit big integer into a field element.

Used for deriving field elements from random values. 512-bits prevents biased output as 2^512>>modulus

Definition at line 154 of file field_declarations.hpp.

◆ field() [10/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( std::string input )

inlineexplicitconstexprnoexcept

Definition at line 164 of file field_declarations.hpp.

◆ field() [11/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( const field< Params_ > & other )

constexprdefaultnoexcept

◆ field() [12/12]

template<class Params_ >

constexpr bb::field< Params_ >::field ( field< Params_ > && other )

constexprdefaultnoexcept

◆ ~field()

template<class Params_ >

constexpr bb::field< Params_ >::~field ( )

constexprdefaultnoexcept

Member Function Documentation

◆ __copy()

template<class Params_ >

static BB_INLINE void bb::field< Params_ >::__copy	(	const field< Params_ > &	a,
		field< Params_ > &	r
	)

inlinestaticnoexcept

Definition at line 545 of file field_declarations.hpp.

◆ __swap()

template<class Params_ >

static BB_INLINE void bb::field< Params_ >::__swap	(	field< Params_ > &	src,
		field< Params_ > &	dest
	)

inlinestaticnoexcept

Definition at line 546 of file field_declarations.hpp.

◆ add()

template<class T >

constexpr field< T > bb::field< T >::add ( const field< Params_ > & other ) const

constexprnoexcept

Definition at line 260 of file field_impl_generic.hpp.

◆ addc()

template<class T >

constexpr uint64_t bb::field< T >::addc	(	uint64_t	a,
		uint64_t	b,
		uint64_t	carry_in,
		uint64_t &	carry_out
	)

staticconstexprnoexcept

unsigned 64-bit add-with-carry that takes in a carry_in and a carry_out bit and rewrites the latter.

Note: If carry_in starts out in {0, 1}, then after calling this function carry_out is in {0, 1}. In particular, to have the expected semantic meaning, this function tacitly assumes that carry_in is in {0, 1}.

Definition at line 125 of file field_impl_generic.hpp.

◆ batch_invert() [1/3]

template<class T >
requires requires(C& c) { { c.size() } -> std::convertible_to<size_t>; { c[0] }; }

template<typename C >
requires requires(C& c) { { c.size() } -> std::convertible_to<size_t>; { c[0] }; }

void bb::field< T >::batch_invert ( C & coeffs )

staticnoexcept

Batch invert a collection of field elements using Montgomery's trick.

This function is intentionally not parallelized. In scenarios involving large computations (e.g., grand_product_library), multithreading is handled at a higher level. For sparse vectors, other optimizations ensure we don't pay excessive costs.

Note: This function implicitly assumes that the vector is small. If the vector is big, multithread.

Definition at line 429 of file field_impl.hpp.

◆ batch_invert() [2/3]

template<class T >

void bb::field< T >::batch_invert	(	field< Params_ > *	coeffs,
		size_t	n
	)

staticnoexcept

Definition at line 405 of file field_impl.hpp.

◆ batch_invert() [3/3]

template<class T >

void bb::field< T >::batch_invert ( std::span< field< Params_ > > coeffs )

staticnoexcept

Definition at line 410 of file field_impl.hpp.

◆ compute_endomorphism_k2()

template<class Params_ >

static field bb::field< Params_ >::compute_endomorphism_k2 ( const field< Params_ > & k )

inlinestatic

Shared core of the endomorphism scalar decomposition.

For short Weierstrass curves y^2 = x^3 + b mod r, if there exists a cube root of unity mod r, we can take advantage of an enodmorphism to decompose a 254 bit scalar into 2 128 bit scalars. \beta = cube root of 1, mod q (q = order of fq) \lambda = cube root of 1, mod r (r = order of fr)

For a point P1 = (X, Y), where Y^2 = X^3 + b, we know that the point P2 = (X * \beta, Y) is also a point on the curve We can represent P2 as a scalar multiplication of P1, where P2 = \lambda * P1

For a generic multiplication of P1 by a 254 bit scalar k, we can decompose k into 2 127 bit scalars (k1, k2), such that k = k1 - (k2 * \lambda)

We can now represent (k * P1) as (k1 * P1) - (k2 * P2), where P2 = (X * \beta, Y). As k1, k2 have half the bit length of k, we have reduced the number of loop iterations of our scalar multiplication algorithm in half

To find k1, k2, We use the extended euclidean algorithm to find 4 short scalars [a1, a2], [b1, b2] such that modulus = (a1 * b2) - (b1 * a2) We then compute scalars c1 = round(b2 * k / r), c2 = round(b1 * k / r), where k1 = (c1 * a1) + (c2 * a2), k2 = -((c1 * b1) + (c2 * b2)) We pre-compute scalars g1 = (2^256 * b1) / n, g2 = (2^256 * b2) / n, to avoid having to perform long division on 512-bit scalars

Computes k2 = round(b2·k/r)·(-b1) + round((-b1)·k/r)·b2, using the 256-bit-shift approximation g = floor(b·2^256/r) for both BN254 and secp256k1. See endomorphism_scalars.py §0 for the proof that the approximation error is bounded to {0, -1} for any r < 2^256.

The result is a raw (non-Montgomery) field whose low 128-or-129 bits hold k2. This function will be called in either the BN254 base/scalar field or the generic, secp256k1 branch.

Definition at line 443 of file field_declarations.hpp.

◆ conditionally_subtract_from_double_modulus()

template<class Params_ >

BB_INLINE constexpr field bb::field< Params_ >::conditionally_subtract_from_double_modulus ( const uint64_t predicate ) const

inlineconstexprnoexcept

Definition at line 396 of file field_declarations.hpp.

◆ coset_generator()

template<class Params_ >

static constexpr field bb::field< Params_ >::coset_generator ( )

inlinestaticconstexpr

Definition at line 281 of file field_declarations.hpp.

◆ cube_root_of_unity()

template<class Params_ >

static constexpr field bb::field< Params_ >::cube_root_of_unity ( )

inlinestaticconstexpr

Definition at line 255 of file field_declarations.hpp.

◆ from_montgomery_form()

template<class T >

constexpr field< T > bb::field< T >::from_montgomery_form ( ) const

constexprnoexcept

Definition at line 303 of file field_impl.hpp.

◆ from_montgomery_form_reduced()

template<class T >

constexpr field< T > bb::field< T >::from_montgomery_form_reduced ( ) const

constexprnoexcept

Definition at line 328 of file field_impl.hpp.

◆ get_root_of_unity()

template<class T >

constexpr field< T > bb::field< T >::get_root_of_unity ( size_t subgroup_size )

staticconstexprnoexcept

Definition at line 770 of file field_impl.hpp.

◆ invert()

template<class T >

constexpr field< T > bb::field< T >::invert ( ) const

constexprnoexcept

Definition at line 397 of file field_impl.hpp.

◆ is_msb_set()

template<class T >

constexpr bool bb::field< T >::is_msb_set ( ) const

constexprnoexcept

Definition at line 754 of file field_impl.hpp.

◆ is_msb_set_word()

template<class T >

constexpr uint64_t bb::field< T >::is_msb_set_word ( ) const

constexprnoexcept

Definition at line 759 of file field_impl.hpp.

◆ is_zero()

template<class T >

constexpr bool bb::field< T >::is_zero ( ) const

constexprnoexcept

Definition at line 764 of file field_impl.hpp.

◆ mac() [1/2]

template<class T >

constexpr uint64_t bb::field< T >::mac	(	uint64_t	a,
		uint64_t	b,
		uint64_t	c,
		uint64_t	carry_in,
		uint64_t &	carry_out
	)

staticconstexprnoexcept

Compute uint128_t(a * b + c + carry_in), where the inputs are all uint64_t. Return the top 64 bits.

Definition at line 34 of file field_impl_generic.hpp.

◆ mac() [2/2]

template<class T >

constexpr void bb::field< T >::mac	(	uint64_t	a,
		uint64_t	b,
		uint64_t	c,
		uint64_t	carry_in,
		uint64_t &	out,
		uint64_t &	carry_out
	)

staticconstexprnoexcept

Compute uint128_t(a * b + c + carry_in), where the inputs are all uint64_t. out is rewritten to the bottom 64 bits and carry_out is rewritten to the top 64 bits.

Definition at line 56 of file field_impl_generic.hpp.

◆ mac_discard_lo()

template<class T >

constexpr uint64_t bb::field< T >::mac_discard_lo	(	uint64_t	a,
		uint64_t	b,
		uint64_t	c
	)

staticconstexprnoexcept

Definition at line 106 of file field_impl_generic.hpp.

◆ mac_mini() [1/2]

template<class T >

constexpr uint64_t bb::field< T >::mac_mini	(	uint64_t	a,
		uint64_t	b,
		uint64_t	c,
		uint64_t &	out
	)

staticconstexprnoexcept

Definition at line 74 of file field_impl_generic.hpp.

◆ mac_mini() [2/2]

template<class T >

constexpr void bb::field< T >::mac_mini	(	uint64_t	a,
		uint64_t	b,
		uint64_t	c,
		uint64_t &	out,
		uint64_t &	carry_out
	)

staticconstexprnoexcept

Definition at line 90 of file field_impl_generic.hpp.

◆ montgomery_mul()

template<class T >

constexpr field< T > bb::field< T >::montgomery_mul ( const field< Params_ > & other ) const

constexprnoexcept

Definition at line 702 of file field_impl_generic.hpp.

◆ montgomery_mul_big()

template<class T >

constexpr field< T > bb::field< T >::montgomery_mul_big ( const field< Params_ > & other ) const

constexprnoexcept

Mongtomery multiplication for moduli > 2²⁵⁴

Explanation of Montgomery form can be found in Introduction to Montgomery form and the difference between WASM and generic versions is explained in Architecture details

Note: Both non-WASM and WASM algorithms are constant-time.

Definition at line 370 of file field_impl_generic.hpp.

◆ montgomery_square()

template<class T >

constexpr field< T > bb::field< T >::montgomery_square ( ) const

constexprnoexcept

Squaring via a variant of the Montgomery algorithm, where we roughly take advantage of the repeated terms in the expansion.

Note: The correctness of both the x64 and the WASM branches is precisely analogus to what is argued in the montgomery_mul() method.

Definition at line 847 of file field_impl_generic.hpp.

◆ msgpack_pack()

template<class Params >

void bb::field< Params >::msgpack_pack ( auto & packer ) const

Definition at line 809 of file field_impl.hpp.

◆ msgpack_schema()

template<class Params_ >

void bb::field< Params_ >::msgpack_schema ( auto & packer ) const

inline

Definition at line 558 of file field_declarations.hpp.

◆ msgpack_unpack()

template<class Params >

void bb::field< Params >::msgpack_unpack ( auto o )

Definition at line 829 of file field_impl.hpp.

◆ mul_512()

template<class T >

constexpr struct field< T >::wide_array bb::field< T >::mul_512 ( const field< Params_ > & other ) const

constexprnoexcept

Definition at line 1051 of file field_impl_generic.hpp.

◆ mul_wide()

template<class T >

constexpr std::pair< uint64_t, uint64_t > bb::field< T >::mul_wide	(	uint64_t	a,
		uint64_t	b
	)

staticconstexprnoexcept

Definition at line 19 of file field_impl_generic.hpp.

◆ neg_one()

template<class Params_ >

static constexpr field bb::field< Params_ >::neg_one ( )

inlinestaticconstexpr

Definition at line 278 of file field_declarations.hpp.

◆ one()

template<class Params_ >

static constexpr field bb::field< Params_ >::one ( )

inlinestaticconstexpr

Definition at line 279 of file field_declarations.hpp.

◆ operator bool()

template<class Params_ >

constexpr bb::field< Params_ >::operator bool ( ) const

inlineexplicitconstexpr

Definition at line 175 of file field_declarations.hpp.

◆ operator uint128_t()

template<class Params_ >

constexpr bb::field< Params_ >::operator uint128_t ( ) const

inlineexplicitconstexpr

Definition at line 208 of file field_declarations.hpp.

◆ operator uint16_t()

template<class Params_ >

constexpr bb::field< Params_ >::operator uint16_t ( ) const

inlineexplicitconstexpr

Definition at line 190 of file field_declarations.hpp.

◆ operator uint256_t()

template<class Params_ >

constexpr bb::field< Params_ >::operator uint256_t ( ) const

inlineconstexprnoexcept

Definition at line 216 of file field_declarations.hpp.

◆ operator uint32_t()

template<class Params_ >

constexpr bb::field< Params_ >::operator uint32_t ( ) const

inlineexplicitconstexpr

Definition at line 196 of file field_declarations.hpp.

◆ operator uint64_t()

template<class Params_ >

constexpr bb::field< Params_ >::operator uint64_t ( ) const

inlineexplicitconstexpr

Definition at line 202 of file field_declarations.hpp.

◆ operator uint8_t()

template<class Params_ >

constexpr bb::field< Params_ >::operator uint8_t ( ) const

inlineexplicitconstexpr

Definition at line 184 of file field_declarations.hpp.

◆ operator!=()

template<class T >

constexpr bool bb::field< T >::operator!= ( const field< Params_ > & other ) const

constexprnoexcept

Definition at line 280 of file field_impl.hpp.

◆ operator*()

template<class T >

constexpr field< T > bb::field< T >::operator* ( const field< Params_ > & other ) const

constexprnoexcept

Mutiplication

Definition at line 34 of file field_impl.hpp.

◆ operator*=()

template<class T >

constexpr field< T > & bb::field< T >::operator*= ( const field< Params_ > & other ) &

constexprnoexcept

Definition at line 48 of file field_impl.hpp.

◆ operator+()

template<class T >

constexpr field< T > bb::field< T >::operator+ ( const field< Params_ > & other ) const

constexprnoexcept

Addition

Definition at line 101 of file field_impl.hpp.

◆ operator++() [1/2]

template<class T >

constexpr field< T > bb::field< T >::operator++ ( )

constexprnoexcept

Definition at line 129 of file field_impl.hpp.

◆ operator++() [2/2]

template<class T >

constexpr field< T > bb::field< T >::operator++ ( int )

constexprnoexcept

Definition at line 135 of file field_impl.hpp.

◆ operator+=()

template<class T >

constexpr field< T > & bb::field< T >::operator+= ( const field< Params_ > & other ) &

constexprnoexcept

Definition at line 114 of file field_impl.hpp.

◆ operator-() [1/2]

template<class T >

constexpr field< T > bb::field< T >::operator- ( ) const

constexprnoexcept

Definition at line 160 of file field_impl.hpp.

◆ operator-() [2/2]

template<class T >

constexpr field< T > bb::field< T >::operator- ( const field< Params_ > & other ) const

constexprnoexcept

Subtraction

Definition at line 147 of file field_impl.hpp.

◆ operator-=()

template<class T >

constexpr field< T > & bb::field< T >::operator-= ( const field< Params_ > & other ) &

constexprnoexcept

Definition at line 188 of file field_impl.hpp.

◆ operator/()

template<class T >

constexpr field< T > bb::field< T >::operator/ ( const field< Params_ > & other ) const

constexprnoexcept

Definition at line 738 of file field_impl.hpp.

◆ operator/=()

template<class T >

constexpr field< T > & bb::field< T >::operator/= ( const field< Params_ > & other ) &

constexprnoexcept

Definition at line 743 of file field_impl.hpp.

◆ operator<()

template<class T >

constexpr bool bb::field< T >::operator< ( const field< Params_ > & other ) const

constexprnoexcept

Less-than operator.

comparison operators exist so that field is comparible with stl methods that require them. (e.g. std::sort) Finite fields do not have an explicit ordering, these should NEVER be used in algebraic algorithms.

Template Parameters

T

Parameters

other

Returns: true; false

Definition at line 264 of file field_impl.hpp.

◆ operator=() [1/2]

template<class Params_ >

constexpr field & bb::field< Params_ >::operator= ( const field< Params_ > & other ) &

constexprdefaultnoexcept

◆ operator=() [2/2]

template<class Params_ >

constexpr field & bb::field< Params_ >::operator= ( field< Params_ > && other ) &

constexprdefaultnoexcept

◆ operator==()

template<class T >

constexpr bool bb::field< T >::operator== ( const field< Params_ > & other ) const

constexprnoexcept

Definition at line 269 of file field_impl.hpp.

◆ operator>()

template<class T >

constexpr bool bb::field< T >::operator> ( const field< Params_ > & other ) const

constexprnoexcept

Greater-than operator.

comparison operators exist so that field is comparible with stl methods that require them. (e.g. std::sort) Finite fields do not have an explicit ordering, these should NEVER be used in algebraic algorithms.

Template Parameters

T

Parameters

other

Returns: true; false

Definition at line 240 of file field_impl.hpp.

◆ pow() [1/2]

template<class T >

constexpr field< T > bb::field< T >::pow ( const uint256_t & exponent ) const

constexprnoexcept

Definition at line 372 of file field_impl.hpp.

◆ pow() [2/2]

template<class T >

constexpr field< T > bb::field< T >::pow ( uint64_t exponent ) const

constexprnoexcept

Definition at line 392 of file field_impl.hpp.

◆ primitive_root_log_size()

template<class T >

constexpr size_t bb::field< T >::primitive_root_log_size ( )

staticconstexprnoexcept

Definition at line 796 of file field_impl.hpp.

◆ random_element()

template<class T >

field< T > bb::field< T >::random_element ( numeric::RNG * engine = nullptr )

staticnoexcept

Definition at line 783 of file field_impl.hpp.

◆ reconstruct_from_public()

template<class Params_ >

template<class V >

static field bb::field< Params_ >::reconstruct_from_public ( const std::span< const field< V >, PUBLIC_INPUTS_SIZE > & limbs )

static

◆ reduce()

template<class T >

constexpr field< T > bb::field< T >::reduce ( ) const

constexprnoexcept

reduce once, i.e., if the value is bigger than the modulus, subtract off the modulus once.

Note

the output will be smaller than the modulus.

If we are in the 256-bit prime range, then this follows from the fact that 2p > 2^256.
If we are in the 254-bit prime range, this follows from the fact that we guarantee that the data is always in coarse representation, meaning that the underlying uint256_t derived from the limbs is in [0, 2p).

when the modulus is < 2^254 (e.g., for the BN-254 fields), the algorithm is constant-time: it has no branching.

Definition at line 223 of file field_impl_generic.hpp.

◆ reduce_once()

template<class T >

constexpr field< T > bb::field< T >::reduce_once ( ) const

constexprnoexcept

Definition at line 345 of file field_impl.hpp.

◆ sbb()

template<class T >

constexpr uint64_t bb::field< T >::sbb	(	uint64_t	a,
		uint64_t	b,
		uint64_t	borrow_in,
		uint64_t &	borrow_out
	)

staticconstexprnoexcept

unsigned 64-bit subtract-with-borrow that takes in borrow_in value in the size-2 set {0, 2^64 - 1}, which we interpret as {no borrow, yes borrow}, computes (a - b - (borrow_in != 0)). rewrites borrow_out.

Note: If borrow_in is in {0, 2^64 - 1}, then after calling this function, borrow_out is in {0, 2^64 - 1}. In particular, to have the expected semantic meaning, this function tacitly assumes that borrow_in takes on only these two values.

Definition at line 152 of file field_impl_generic.hpp.

◆ self_conditional_negate()

template<class T >

constexpr void bb::field< T >::self_conditional_negate ( uint64_t predicate ) &

constexprnoexcept

Definition at line 215 of file field_impl.hpp.

◆ self_from_montgomery_form()

template<class T >

constexpr void bb::field< T >::self_from_montgomery_form ( ) &

constexprnoexcept

Definition at line 316 of file field_impl.hpp.

◆ self_from_montgomery_form_reduced()

template<class T >

constexpr void bb::field< T >::self_from_montgomery_form_reduced ( ) &

constexprnoexcept

Definition at line 339 of file field_impl.hpp.

◆ self_neg()

template<class T >

constexpr void bb::field< T >::self_neg ( ) &

constexprnoexcept

Definition at line 203 of file field_impl.hpp.

◆ self_reduce_once()

template<class T >

constexpr void bb::field< T >::self_reduce_once ( ) &

constexprnoexcept

Definition at line 358 of file field_impl.hpp.

◆ self_set_msb()

template<class T >

constexpr void bb::field< T >::self_set_msb ( ) &

constexprnoexcept

Definition at line 749 of file field_impl.hpp.

◆ self_sqr()

template<class T >

constexpr void bb::field< T >::self_sqr ( ) &

constexprnoexcept

Definition at line 82 of file field_impl.hpp.

◆ self_to_montgomery_form()

template<class T >

constexpr void bb::field< T >::self_to_montgomery_form ( ) &

constexprnoexcept

Definition at line 309 of file field_impl.hpp.

◆ self_to_montgomery_form_reduced()

template<class T >

constexpr void bb::field< T >::self_to_montgomery_form_reduced ( ) &

constexprnoexcept

Definition at line 333 of file field_impl.hpp.

◆ serialize_from_buffer()

template<class Params_ >

static field bb::field< Params_ >::serialize_from_buffer ( const uint8_t * buffer )

inlinestatic

Definition at line 384 of file field_declarations.hpp.

◆ serialize_to_buffer()

template<class Params_ >

static void bb::field< Params_ >::serialize_to_buffer	(	const field< Params_ > &	value,
		uint8_t *	buffer
	)

inlinestatic

Definition at line 382 of file field_declarations.hpp.

◆ split_into_endomorphism_scalars() [1/2]

template<class Params_ >

static std::pair< std::array< uint64_t, 2 >, std::array< uint64_t, 2 > > bb::field< Params_ >::split_into_endomorphism_scalars ( const field< Params_ > & k )

inlinestatic

128-bit endomorphism decomposition: k ≡ k1 - k2·λ (mod r).

Returns { {k1_lo, k1_hi}, {k2_lo, k2_hi} } — each scalar as a pair of uint64_t representing its low 128 bits. Both k1 and k2 are guaranteed to fit in 128 bits (the negative-k2 fix ensures this for the ~2^{-64} of inputs where k2 would otherwise be slightly negative).

Only valid for fields such that the splitting_scalars algorithm produces 128 bit outputs. In Barretenberg, these are just the base and scalar fields of BN254. These are the only "small modulus" fields, so we use a static assert to force this.

Does NOT assume that the input is reduced

Definition at line 513 of file field_declarations.hpp.

◆ split_into_endomorphism_scalars() [2/2]

template<class Params_ >

static void bb::field< Params_ >::split_into_endomorphism_scalars	(	const field< Params_ > &	k,
		field< Params_ > &	k1,
		field< Params_ > &	k2
	)

inlinestatic

Full-width endomorphism decomposition: k ≡ k1 - k2·λ (mod r). Modifies the field elements k1 and k2.

For BN254 base/scalar fields, delegates to the 128-bit pair overload, which applies the negative-k2 fix. Returns k1, k2 in the low 2 limbs (upper limbs zeroed). Both fit in 128 bits.

For generic 256-bit fields: returns k1, k2 as full field elements elements (non-Montgomery). k1 fits in ~128 bits; k2 fits in ~129 bits. No negative-k2 fix — the caller (biggroup_nafs.hpp) handles signs by inspecting the MSB of k2.

Definition at line 484 of file field_declarations.hpp.

◆ sqr()

template<class T >

constexpr field< T > bb::field< T >::sqr ( ) const

constexprnoexcept

Squaring

Definition at line 69 of file field_impl.hpp.

◆ sqr_512()

template<class Params_ >

BB_INLINE constexpr wide_array bb::field< Params_ >::sqr_512 ( ) const

constexprnoexcept

◆ sqrt() [1/2]

template<class T >
requires ((Params_::modulus_0 & 0x3UL) == 0x3UL)

constexpr std::pair< bool, field< T > > bb::field< T >::sqrt ( ) const

constexprnoexcept

Compute square root of the field element.

Returns: <true, root> if the element is a quadratic remainder, <false, 0> if it's not

Definition at line 716 of file field_impl.hpp.

◆ sqrt() [2/2]

template<class Params_ >

constexpr std::pair< bool, field > bb::field< Params_ >::sqrt ( ) const

constexprnoexcept

◆ square_accumulate()

template<class T >

constexpr uint64_t bb::field< T >::square_accumulate	(	uint64_t	a,
		uint64_t	b,
		uint64_t	c,
		uint64_t	carry_in_lo,
		uint64_t	carry_in_hi,
		uint64_t &	carry_lo,
		uint64_t &	carry_hi
	)

staticconstexprnoexcept

Computes a + 2 * b * c + carry_in_lo + 2^64 * carry_in_hi, in the form of returning a uint64_t and modifying carry_lo and carry_hi. Here, carry_lo represents bits 64 - 127 of the result and carry_hi bits 128-191 of the result. carry_lo can be an arbitrary uint64_t.

Note: the maximal value of this function is 2^129 + 2^128 - 2^66 + 2^64 < 2^129 + 2^128. Therefore, carry_hi is always in {0, 1, 2}.

Definition at line 182 of file field_impl_generic.hpp.

◆ subtract()

template<class T >

constexpr field< T > bb::field< T >::subtract ( const field< Params_ > & other ) const

constexprnoexcept

Definition at line 318 of file field_impl_generic.hpp.

◆ to_buffer()

template<class Params_ >

BB_INLINE std::vector< uint8_t > bb::field< Params_ >::to_buffer ( ) const

inline

Definition at line 388 of file field_declarations.hpp.

◆ to_montgomery_form()

template<class T >

constexpr field< T > bb::field< T >::to_montgomery_form ( ) const

constexprnoexcept

Definition at line 296 of file field_impl.hpp.

◆ to_montgomery_form_reduced()

template<class T >

constexpr field< T > bb::field< T >::to_montgomery_form_reduced ( ) const

constexprnoexcept

Definition at line 323 of file field_impl.hpp.

◆ tonelli_shanks_sqrt()

template<class T >

constexpr field< T > bb::field< T >::tonelli_shanks_sqrt ( ) const

constexprnoexcept

Implements an optimized variant of Tonelli-Shanks via lookup tables. Algorithm taken from https://cr.yp.to/papers/sqroot-20011123-retypeset20220327.pdf "FASTER SQUARE ROOTS IN ANNOYING FINITE FIELDS" by D. Bernstein Page 5 "Accelerated Discrete Logarithm".

Template Parameters

T

Returns: constexpr field<T>

Note: This is a helper method, run only on fields whose cardinality is 1 mod 4.

Warning: The code will have to be slightly modified if the 2-adic valuation of the q-1 is divisible by 6 (table_bits in the code). CAUTION IF ADDING A NEW FIELD.

Definition at line 471 of file field_impl.hpp.

◆ uint256_t_no_montgomery_conversion()

template<class Params_ >

constexpr uint256_t bb::field< Params_ >::uint256_t_no_montgomery_conversion ( ) const

inlineconstexprnoexcept

Definition at line 222 of file field_declarations.hpp.

◆ wasm_convert()

template<class T >

constexpr std::array< uint64_t, WASM_NUM_LIMBS > bb::field< T >::wasm_convert ( const uint64_t * data )

staticconstexpr

Convert 4 64-bit limbs into 9 29-bit limbs.

Definition at line 689 of file field_impl_generic.hpp.

◆ wasm_madd()

template<class T >

constexpr void bb::field< T >::wasm_madd	(	uint64_t &	left_limb,
		const std::array< uint64_t, WASM_NUM_LIMBS > &	right_limbs,
		uint64_t &	result_0,
		uint64_t &	result_1,
		uint64_t &	result_2,
		uint64_t &	result_3,
		uint64_t &	result_4,
		uint64_t &	result_5,
		uint64_t &	result_6,
		uint64_t &	result_7,
		uint64_t &	result_8
	)

staticconstexpr

Multiply left limb by a sequence of 9 limbs and accumulate into result variables.

Note: There is no carrying in this method.

Definition at line 573 of file field_impl_generic.hpp.

◆ wasm_reduce()

template<class T >

constexpr void bb::field< T >::wasm_reduce	(	uint64_t &	result_0,
		uint64_t &	result_1,
		uint64_t &	result_2,
		uint64_t &	result_3,
		uint64_t &	result_4,
		uint64_t &	result_5,
		uint64_t &	result_6,
		uint64_t &	result_7,
		uint64_t &	result_8
	)

staticconstexpr

Perform 29-bit Montgomery reduction on 1 limb (result_0 should be zero modulo 2^29 after calling this method).

Inputs are 9 uint64_t limbs (result_0, ..., result_8), with the assumption that adding a 58-bit number (from a 29-bit × 29-bit multiplication) does NOT cause 64-bit overflow. Let x = \sum_{i=0}^{8} result_i * 2^{29*i} be the value represented before calling this method. After calling this method, the value \sum_{i=1}^{8} result_i * 2^{29*i} is congruent to x / 2^29 modulo p. Moreover, the low 29 bits of result_0 are zero and result_0 can be discarded. The carry information from result_0 is propagated to result_1 via the term (result_0 >> 29). No other carries are propagated, hence the limbs remain in "relaxed form".

Note: In particular, the limbs are in "relaxed form", i.e., they are not strictly constrained to be 29 bits.; This function is called 9 times during Montgomery multiplication (once per limb), where the initial inputs are 58 bits, and the alternation between wasm_madd and wasm_reduce keeps the accumulated values safely within 64 bits.; We only propagate the carry from result_0 to result_1 because result_0 is effectively discarded after this operation (it's not used in subsequent iterations), while result_1 through result_8 continue accumulating. The methods calling this method will be responsible for strictifying the result again.; For our application, we require bounds on the output limbs (especially result_8). For information on how we deduce these, please see where this method is called.

Definition at line 617 of file field_impl_generic.hpp.

◆ wasm_reduce_yuval()

template<class T >

constexpr void bb::field< T >::wasm_reduce_yuval	(	uint64_t &	result_0,
		uint64_t &	result_1,
		uint64_t &	result_2,
		uint64_t &	result_3,
		uint64_t &	result_4,
		uint64_t &	result_5,
		uint64_t &	result_6,
		uint64_t &	result_7,
		uint64_t &	result_8,
		uint64_t &	result_9
	)

staticconstexpr

Perform 29-bit Montgomery reduction on 1 limb using Yuval's method.

Given a value x = \sum_{i=0}^{9} result_i * 2^{29i}, we want to compute x / 2^{29} mod p.

Standard Montgomery reduction achieves this by finding k = result_0 * (-p^{-1}) mod 2^{29}, adding k*p to zero out the lowest limb, then shifting. Yuval's method instead directly computes x / 2^{29} mod p by observing:

x / 2^{29} = (x - result_0) / 2^{29} + result_0 * 2^{-29} (mod p)

The first term is just the higher limbs (an integer shift since result_0 contains all low bits). The second term is result_0 * r_inv, where r_inv = 2^{-29} mod p is precomputed as wasm_r_inv.

After calling this method, result_0 is discarded and result_1..result_9 hold x / 2^{29} mod p.

Note: The term (result_0 >> 29) propagates any overflow bits beyond the lowest 29 bits of result_0 to result_1, since the limbs are in "relaxed form" and may exceed 29 bits.; For a reference, please see: https://hackmd.io/@Ingonyama/Barret-Montgomery

Definition at line 662 of file field_impl_generic.hpp.

◆ zero()

template<class Params_ >

static constexpr field bb::field< Params_ >::zero ( )

inlinestaticconstexpr

Definition at line 277 of file field_declarations.hpp.

Friends And Related Symbol Documentation

◆ operator<<

template<class Params_ >

std::ostream & operator<<	(	std::ostream &	os,
		const field< Params_ > &	a
	)

friend

Definition at line 535 of file field_declarations.hpp.

Member Data Documentation

◆ data

template<class Params_ >

uint64_t bb::field< Params_ >::data[4]

Definition at line 232 of file field_declarations.hpp.

◆ modulus

template<class Params_ >

constexpr uint256_t bb::field< Params_ >::modulus

staticconstexpr

Initial value:

=

uint256_t{ Params::modulus_0, Params::modulus_1, Params::modulus_2, Params::modulus_3 }

Definition at line 234 of file field_declarations.hpp.

◆ modulus_minus_two

template<class Params_ >

constexpr uint256_t bb::field< Params_ >::modulus_minus_two

staticconstexpr

Initial value:

=

uint256_t(Params::modulus_0 - 2ULL, Params::modulus_1, Params::modulus_2, Params::modulus_3)

Definition at line 340 of file field_declarations.hpp.

◆ not_modulus

template<class Params_ >

constexpr uint256_t bb::field< Params_ >::not_modulus = -modulus

staticconstexpr

Definition at line 561 of file field_declarations.hpp.

◆ PUBLIC_INPUTS_SIZE

template<class Params_ >

constexpr size_t bb::field< Params_ >::PUBLIC_INPUTS_SIZE = Params::PUBLIC_INPUTS_SIZE

staticconstexpr

Definition at line 71 of file field_declarations.hpp.

◆ r_squared_uint

template<class Params_ >

constexpr uint256_t bb::field< Params_ >::r_squared_uint

staticconstexpr

Initial value:

{
        Params_::r_squared_wasm_0, Params_::r_squared_wasm_1, Params_::r_squared_wasm_2, Params_::r_squared_wasm_3
    }

Definition at line 241 of file field_declarations.hpp.

◆ twice_modulus

template<class Params_ >

constexpr uint256_t bb::field< Params_ >::twice_modulus = modulus + modulus

staticconstexpr

Definition at line 560 of file field_declarations.hpp.

◆ twice_not_modulus

template<class Params_ >

constexpr uint256_t bb::field< Params_ >::twice_not_modulus = -twice_modulus

staticconstexpr

Definition at line 562 of file field_declarations.hpp.

◆ wasm_modulus

template<class Params_ >

constexpr std::array<uint64_t, 9> bb::field< Params_ >::wasm_modulus

staticconstexpr

Initial value:

= { Params::modulus_wasm_0, Params::modulus_wasm_1,
                                                              Params::modulus_wasm_2, Params::modulus_wasm_3,
                                                              Params::modulus_wasm_4, Params::modulus_wasm_5,
                                                              Params::modulus_wasm_6, Params::modulus_wasm_7,
                                                              Params::modulus_wasm_8 }

Definition at line 244 of file field_declarations.hpp.

◆ wasm_r_inv

template<class Params_ >

constexpr std::array<uint64_t, 9> bb::field< Params_ >::wasm_r_inv

staticconstexpr

Initial value:

= {
        Params::r_inv_wasm_0, Params::r_inv_wasm_1, Params::r_inv_wasm_2, Params::r_inv_wasm_3, Params::r_inv_wasm_4,
        Params::r_inv_wasm_5, Params::r_inv_wasm_6, Params::r_inv_wasm_7, Params::r_inv_wasm_8
    }

Definition at line 249 of file field_declarations.hpp.

The documentation for this struct was generated from the following files:

src/barretenberg/ecc/fields/field_declarations.hpp
src/barretenberg/ecc/fields/field_impl.hpp
src/barretenberg/ecc/fields/field_impl_generic.hpp

Classes

Public Types

Public Member Functions

Static Public Member Functions

Public Attributes

Static Public Attributes

Friends

Detailed Description

Member Typedef Documentation

◆ CoefficientAccumulator

◆ in_buf

◆ out_buf

◆ Params

◆ vec_in_buf

◆ vec_out_buf

◆ View

Constructor & Destructor Documentation

◆ field() [1/12]

◆ field() [2/12]

◆ field() [3/12]

◆ field() [4/12]

◆ field() [5/12]

◆ field() [6/12]

◆ field() [7/12]

◆ field() [8/12]

◆ field() [9/12]

◆ field() [10/12]

◆ field() [11/12]

◆ field() [12/12]

◆ ~field()

Member Function Documentation

◆ __copy()

◆ __swap()

◆ add()

◆ addc()

◆ batch_invert() [1/3]

◆ batch_invert() [2/3]

◆ batch_invert() [3/3]

◆ compute_endomorphism_k2()

◆ conditionally_subtract_from_double_modulus()

◆ coset_generator()

◆ cube_root_of_unity()

◆ from_montgomery_form()

◆ from_montgomery_form_reduced()

◆ get_root_of_unity()

◆ invert()

◆ is_msb_set()

◆ is_msb_set_word()

◆ is_zero()

◆ mac() [1/2]

◆ mac() [2/2]

◆ mac_discard_lo()

◆ mac_mini() [1/2]

◆ mac_mini() [2/2]

◆ montgomery_mul()

◆ montgomery_mul_big()

◆ montgomery_square()

◆ msgpack_pack()

◆ msgpack_schema()

◆ msgpack_unpack()

◆ mul_512()

◆ mul_wide()

◆ neg_one()

◆ one()

◆ operator bool()

◆ operator uint128_t()

◆ operator uint16_t()

◆ operator uint256_t()

◆ operator uint32_t()

◆ operator uint64_t()

◆ operator uint8_t()

◆ operator!=()

◆ operator*()

◆ operator*=()

◆ operator+()

◆ operator++() [1/2]

◆ operator++() [2/2]

◆ operator+=()

◆ operator-() [1/2]

◆ operator-() [2/2]