- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
Manages ECC operations for the Goblin proving system. More...
#include <ecc_op_queue.hpp>
Public Member Functions | |
| ECCOpQueue () | |
| Instantiate an initial ECC op subtable. | |
| void | initialize_new_subtable () |
| Initialize a new subtable for eccvm and ultra ops with the given merge settings. | |
| size_t | get_current_subtable_size () const |
| void | merge (MergeSettings settings=MergeSettings::PREPEND, std::optional< size_t > ultra_fixed_offset=std::nullopt) |
| std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > | construct_ultra_ops_table_columns () const |
| std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > | construct_previous_ultra_ops_table_columns () const |
| std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > | construct_current_ultra_ops_subtable_columns () const |
| void | construct_full_eccvm_ops_table () |
| void | construct_full_ultra_ops_table () |
| size_t | get_ultra_ops_table_num_rows () const |
| size_t | get_ultra_ops_count () const |
| size_t | get_current_ultra_ops_subtable_num_rows () const |
| size_t | get_previous_ultra_ops_table_num_rows () const |
| std::vector< ECCVMOperation > & | get_eccvm_ops () |
| std::vector< UltraOp > & | get_ultra_ops () |
| size_t | get_num_msm_rows () const |
| Get the number of rows in the 'msm' column section, for all msms in the circuit. | |
| size_t | get_num_rows () const |
| Get the number of rows for the current ECCVM circuit. | |
| uint32_t | get_number_of_muls () const |
| Get number of muls for the current ECCVM circuit. | |
| void | set_eccvm_ops_for_fuzzing (std::vector< ECCVMOperation > &eccvm_ops_in) |
| A fuzzing only method for setting eccvm ops directly. | |
| void | add_erroneous_equality_op_for_testing () |
| A testing only method that adds an erroneous equality op to the eccvm ops. | |
| void | empty_row_for_testing () |
| Write empty row to queue. | |
| Point | get_accumulator () |
| UltraOp | add_accumulate (const Point &to_add) |
| Write point addition op to queue and natively perform addition. | |
| UltraOp | mul_accumulate (const Point &to_mul, const Fr &scalar) |
| Write multiply and add op to queue and natively perform operation. | |
| UltraOp | no_op_ultra_only () |
| Writes a no op (i.e. two zero rows) to the ultra ops table but adds no eccvm operations. | |
| UltraOp | random_op_ultra_only () |
| Writes randomness to the ultra ops table but adds no eccvm operations. | |
| UltraOp | eq_and_reset () |
| Write equality op using internal accumulator point. | |
| UltraOp | append_hiding_op (const Fq &Px, const Fq &Py) |
| Add a hiding op with random Px, Py values to both ECCVM and Ultra ops tables. | |
Static Public Attributes | |
| static const size_t | OP_QUEUE_SIZE = 1 << CONST_OP_QUEUE_LOG_SIZE |
Private Types | |
| using | Curve = curve::BN254 |
| using | Point = Curve::AffineElement |
| using | Fr = Curve::ScalarField |
| using | Fq = Curve::BaseField |
Private Member Functions | |
| void | append_eccvm_op (const ECCVMOperation &op) |
| Append an eccvm operation to the eccvm ops table; update the eccvm row tracker. | |
| UltraOp | construct_and_populate_ultra_ops (EccOpCode op_code, const Point &point, const Fr &scalar=Fr::zero()) |
| Given an ecc operation and its inputs, decompose into ultra format and populate ultra_ops. | |
Private Attributes | |
| Point | point_at_infinity = Curve::Group::affine_point_at_infinity |
| Point | accumulator = point_at_infinity |
| EccvmOpsTable | eccvm_ops_table |
| UltraEccOpsTable | ultra_ops_table |
| std::vector< ECCVMOperation > | eccvm_ops_reconstructed |
| std::vector< UltraOp > | ultra_ops_reconstructed |
| EccvmRowTracker | eccvm_row_tracker |
| ECCVMOperation | hiding_op_for_eccvm |
| bool | has_hiding_op = false |
Static Private Attributes | |
| static constexpr size_t | ULTRA_TABLE_WIDTH = UltraEccOpsTable::TABLE_WIDTH |
Manages ECC operations for the Goblin proving system.
This class maintains two parallel representations of ECC operations:
Operations are added via add_accumulate(), mul_accumulate(), and eq_and_reset(). Each operation:
Tables grow via prepending subtables (one per circuit in an IVC). The deque-based storage avoids expensive memory reallocation. See ecc_ops_table.hpp for details.
TODO(https://github.com/AztecProtocol/barretenberg/issues/1267): consider possible efficiency improvements
Definition at line 38 of file ecc_op_queue.hpp.
|
private |
Definition at line 39 of file ecc_op_queue.hpp.
|
private |
Definition at line 42 of file ecc_op_queue.hpp.
|
private |
Definition at line 41 of file ecc_op_queue.hpp.
|
private |
Definition at line 40 of file ecc_op_queue.hpp.
|
inline |
Instantiate an initial ECC op subtable.
Definition at line 68 of file ecc_op_queue.hpp.
Write point addition op to queue and natively perform addition.
| to_add |
Definition at line 198 of file ecc_op_queue.hpp.
|
inline |
A testing only method that adds an erroneous equality op to the eccvm ops.
May be used to ensure that ECCVM responds as expected when encountering a bad op
Definition at line 174 of file ecc_op_queue.hpp.
|
inlineprivate |
Append an eccvm operation to the eccvm ops table; update the eccvm row tracker.
Definition at line 370 of file ecc_op_queue.hpp.
Add a hiding op with random Px, Py values to both ECCVM and Ultra ops tables.
The hiding op contributes random Px, Py field elements to both ECCVM transcript polynomials and Translator's accumulated_result, providing statistical hiding.
In ECCVM: stored separately and prepended to eccvm_ops_reconstructed at index 0 during get_eccvm_ops(). This places it at row 1 in the ECCVM transcript table (row 0 is the zero row for shifts), where lagrange_second = 1. The eq and on-curve constraints are gated by (1 - lagrange_second) so they don't apply to this row. The transcript relation enforces q_eq = 1 and q_reset = 1 at this row, ensuring the accumulator is reset so that is_accumulator_empty = 1 at row 2 (the first real op row).
In Ultra/Translator: appended to current subtable through normal flow, landing in the accumulation range.
The hiding op uses opcode q_eq = 1, q_reset = 1 (value = 3) to preserve the Px, Py values in the transcript. The eq constraint is gated by (1 - lagrange_second) so it doesn't actually check equality. The on-curve check is similarly gated. q_reset = 1 is required for Translator compatibility (only opcodes {0,3,4,8} are allowed).
This method should be called ONCE per IVC in the tail kernel, after the random non-ops.
| Px | Random field element (not necessarily a valid x-coordinate on BN254) |
| Py | Random field element (not necessarily a valid y-coordinate on BN254) |
Definition at line 314 of file ecc_op_queue.hpp.
|
inlineprivate |
Given an ecc operation and its inputs, decompose into ultra format and populate ultra_ops.
| op_code | |
| point | |
| scalar |
Definition at line 383 of file ecc_op_queue.hpp.
|
inline |
Definition at line 102 of file ecc_op_queue.hpp.
|
inline |
Definition at line 108 of file ecc_op_queue.hpp.
|
inline |
Definition at line 111 of file ecc_op_queue.hpp.
|
inline |
Definition at line 96 of file ecc_op_queue.hpp.
|
inline |
Definition at line 89 of file ecc_op_queue.hpp.
|
inline |
Write empty row to queue.
Definition at line 185 of file ecc_op_queue.hpp.
|
inline |
Write equality op using internal accumulator point.
Definition at line 277 of file ecc_op_queue.hpp.
|
inline |
Definition at line 191 of file ecc_op_queue.hpp.
|
inline |
Definition at line 80 of file ecc_op_queue.hpp.
|
inline |
Definition at line 115 of file ecc_op_queue.hpp.
|
inline |
Definition at line 123 of file ecc_op_queue.hpp.
|
inline |
Get the number of rows in the 'msm' column section, for all msms in the circuit.
Definition at line 147 of file ecc_op_queue.hpp.
|
inline |
Get the number of rows for the current ECCVM circuit.
Definition at line 153 of file ecc_op_queue.hpp.
|
inline |
Get number of muls for the current ECCVM circuit.
Definition at line 158 of file ecc_op_queue.hpp.
|
inline |
Definition at line 116 of file ecc_op_queue.hpp.
|
inline |
Definition at line 136 of file ecc_op_queue.hpp.
|
inline |
Definition at line 114 of file ecc_op_queue.hpp.
|
inline |
Definition at line 113 of file ecc_op_queue.hpp.
|
inline |
Initialize a new subtable for eccvm and ultra ops with the given merge settings.
Definition at line 74 of file ecc_op_queue.hpp.
|
inline |
Definition at line 82 of file ecc_op_queue.hpp.
Write multiply and add op to queue and natively perform operation.
| to_add |
Definition at line 215 of file ecc_op_queue.hpp.
|
inline |
Writes a no op (i.e. two zero rows) to the ultra ops table but adds no eccvm operations.
We want to be able to add zero rows to the ultra ops table without affecting the operations in the ECCVM.
Definition at line 242 of file ecc_op_queue.hpp.
|
inline |
Writes randomness to the ultra ops table but adds no eccvm operations.
This method is used to add randomness to the ultra ops table with the aim of randomising the commitment and evaluations of its corresponding columns
Definition at line 256 of file ecc_op_queue.hpp.
|
inline |
A fuzzing only method for setting eccvm ops directly.
Definition at line 164 of file ecc_op_queue.hpp.
|
private |
Definition at line 47 of file ecc_op_queue.hpp.
|
private |
Definition at line 54 of file ecc_op_queue.hpp.
|
private |
Definition at line 49 of file ecc_op_queue.hpp.
|
private |
Definition at line 61 of file ecc_op_queue.hpp.
|
private |
Definition at line 364 of file ecc_op_queue.hpp.
|
private |
Definition at line 363 of file ecc_op_queue.hpp.
|
static |
Definition at line 64 of file ecc_op_queue.hpp.
|
private |
Definition at line 44 of file ecc_op_queue.hpp.
|
private |
Definition at line 58 of file ecc_op_queue.hpp.
|
private |
Definition at line 50 of file ecc_op_queue.hpp.
|
staticconstexprprivate |
Definition at line 43 of file ecc_op_queue.hpp.
1.9.8