Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
scalar_multiplication.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Planned, auditors: [Sergei], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8#include "barretenberg/ecc/groups/precomputed_generators_bn254_impl.hpp"
9#include "barretenberg/ecc/groups/precomputed_generators_grumpkin_impl.hpp"
10
11#include "barretenberg/ecc/curves/bn254/bn254.hpp"
12#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"
13#include "barretenberg/polynomials/polynomial.hpp"
14
15#include "./process_buckets.hpp"
16#include "./scalar_multiplication.hpp"
17
18#include "./bitvector.hpp"
19namespace bb::scalar_multiplication {
20
21template <typename Curve> class MSM {
22 public:
23 using Element = typename Curve::Element;
24 using ScalarField = typename Curve::ScalarField;
25 using BaseField = typename Curve::BaseField;
26 using AffineElement = typename Curve::AffineElement;
27
28 using G1 = AffineElement;
29 static constexpr size_t NUM_BITS_IN_FIELD = ScalarField::modulus.get_msb() + 1;
30
38 struct MSMWorkUnit {
39 size_t batch_msm_index = 0;
40 size_t start_index = 0;
41 size_t size = 0;
42 };
43 using ThreadWorkUnits = std::vector<MSMWorkUnit>;
44
45 struct MSMData {
46 std::span<const ScalarField> scalars;
47 std::span<const AffineElement> points;
48 std::span<const uint32_t> scalar_indices;
49 std::span<uint64_t> point_schedule;
50 };
51
55 struct BucketAccumulators {
56 std::vector<AffineElement> buckets;
57 BitVector bucket_exists;
58
59 BucketAccumulators(size_t num_buckets) noexcept
60 : buckets(num_buckets)
61 , bucket_exists(num_buckets)
62 {}
63 };
64
65 struct JacobianBucketAccumulators {
66 std::vector<Element> buckets;
67 BitVector bucket_exists;
68
69 JacobianBucketAccumulators(size_t num_buckets) noexcept
70 : buckets(num_buckets)
71 , bucket_exists(num_buckets)
72 {}
73 };
77 struct AffineAdditionData {
78 static constexpr size_t BATCH_SIZE = 2048;
79 // when adding affine points, we have an edge case where the number of points in the batch can overflow by 2
80 static constexpr size_t BATCH_OVERFLOW_SIZE = 2;
81 std::vector<AffineElement> points_to_add;
82 std::vector<BaseField> scalar_scratch_space;
83 std::vector<uint64_t> addition_result_bucket_destinations;
84
90 };
91 static size_t get_num_rounds(size_t num_points) noexcept
92 {
93 const size_t bits_per_slice = get_optimal_log_num_buckets(num_points);
94 const size_t num_rounds = (NUM_BITS_IN_FIELD + (bits_per_slice - 1)) / bits_per_slice;
95 return num_rounds;
96 }
97 static void add_affine_points(AffineElement* points,
98 const size_t num_points,
99 typename Curve::BaseField* scratch_space) noexcept;
100 static void transform_scalar_and_get_nonzero_scalar_indices(std::span<typename Curve::ScalarField> scalars,
101 std::vector<uint32_t>& consolidated_indices) noexcept;
102
103 static std::vector<ThreadWorkUnits> get_work_units(std::span<std::span<ScalarField>> scalars,
104 std::vector<std::vector<uint32_t>>& msm_scalar_indices) noexcept;
105 static uint32_t get_scalar_slice(const ScalarField& scalar, size_t round, size_t normal_slice_size) noexcept;
106 static size_t get_optimal_log_num_buckets(const size_t num_points) noexcept;
107 static bool use_affine_trick(const size_t num_points, const size_t num_buckets) noexcept;
108
109 static Element small_pippenger_low_memory_with_transformed_scalars(MSMData& msm_data) noexcept;
110 static Element pippenger_low_memory_with_transformed_scalars(MSMData& msm_data) noexcept;
111 static Element evaluate_small_pippenger_round(MSMData& msm_data,
112 const size_t round_index,
113 JacobianBucketAccumulators& bucket_data,
114 Element previous_round_output,
115 const size_t bits_per_slice) noexcept;
116
117 static Element evaluate_pippenger_round(MSMData& msm_data,
118 const size_t round_index,
119 AffineAdditionData& affine_data,
120 BucketAccumulators& bucket_data,
121 Element previous_round_output,
122 const size_t bits_per_slice) noexcept;
123
124 static void consume_point_schedule(std::span<const uint64_t> point_schedule,
125 std::span<const AffineElement> points,
126 AffineAdditionData& affine_data,
127 BucketAccumulators& bucket_data,
128 size_t num_input_points_processed,
129 size_t num_queued_affine_points) noexcept;
130
131 static std::vector<AffineElement> batch_multi_scalar_mul(std::span<std::span<const AffineElement>> points,
132 std::span<std::span<ScalarField>> scalars,
133 bool handle_edge_cases = true) noexcept;
134 static AffineElement msm(std::span<const AffineElement> points,
135 PolynomialSpan<const ScalarField> _scalars,
136 bool handle_edge_cases = false) noexcept;
137
138 template <typename BucketType> static Element accumulate_buckets(BucketType& bucket_accumulators) noexcept
139 {
140 auto& buckets = bucket_accumulators.buckets;
141 BB_ASSERT_DEBUG(buckets.size() > static_cast<size_t>(0));
142 int starting_index = static_cast<int>(buckets.size() - 1);
143 Element prefix_sum;
144 bool found_start = false;
145 while (!found_start && starting_index > 0) {
146 const size_t idx = static_cast<size_t>(starting_index);
147 if (bucket_accumulators.bucket_exists.get(idx)) {
148
149 prefix_sum = buckets[idx];
150 found_start = true;
151 } else {
152 starting_index -= 1;
153 }
154 }
155 if (!found_start) {
156 return Curve::Group::point_at_infinity;
157 }
158 BB_ASSERT_DEBUG(starting_index > 0);
159 AffineElement offset_generator = Curve::Group::affine_point_at_infinity;
160 if constexpr (std::same_as<typename Curve::Group, bb::g1>) {
161 constexpr auto gen = get_precomputed_generators<typename Curve::Group, "ECCVM_OFFSET_GENERATOR", 1>()[0];
162 offset_generator = gen;
163 } else {
164 constexpr auto gen = get_precomputed_generators<typename Curve::Group, "DEFAULT_DOMAIN_SEPARATOR", 8>()[0];
165 offset_generator = gen;
166 }
167 Element sum = prefix_sum + offset_generator;
168 for (int i = static_cast<int>(starting_index - 1); i > 0; --i) {
169 size_t idx = static_cast<size_t>(i);
170 BB_ASSERT_DEBUG(idx < bucket_accumulators.bucket_exists.size());
171 if (bucket_accumulators.bucket_exists.get(idx)) {
172
173 prefix_sum += buckets[idx];
174 }
175 sum += prefix_sum;
176 }
177 return sum - offset_generator;
178 }
179};
180
181template <typename Curve>
182typename Curve::Element pippenger(PolynomialSpan<const typename Curve::ScalarField> scalars,
183 std::span<const typename Curve::AffineElement> points,
184 bool handle_edge_cases = true) noexcept;
185template <typename Curve>
186typename Curve::Element pippenger_unsafe(PolynomialSpan<const typename Curve::ScalarField> scalars,
187 std::span<const typename Curve::AffineElement> points) noexcept;
188
189extern template class MSM<curve::Grumpkin>;
190extern template class MSM<curve::BN254>;
191
192// NEXT STEP ACCUMULATE BUVKETS
193} // namespace bb::scalar_multiplication
BB_ASSERT_DEBUG
#define BB_ASSERT_DEBUG(expression,...)
Definition assert.hpp:55
BitVector
Custom class to handle packed vectors of bits.
Definition bitvector.hpp:21
bb::curve::Grumpkin::Element
typename Group::element Element
Definition grumpkin.hpp:62
bb::curve::Grumpkin::Group
typename grumpkin::g1 Group
Definition grumpkin.hpp:61
bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:63
bb::scalar_multiplication::MSM
Definition scalar_multiplication.hpp:21
bb::scalar_multiplication::MSM::BaseField
typename Curve::BaseField BaseField
Definition scalar_multiplication.hpp:25
bb::scalar_multiplication::MSM::evaluate_small_pippenger_round
static Element evaluate_small_pippenger_round(MSMData &msm_data, const size_t round_index, JacobianBucketAccumulators &bucket_data, Element previous_round_output, const size_t bits_per_slice) noexcept
Evaluate a single Pippenger round when we do not use the Affine trick.
Definition scalar_multiplication.cpp:437
bb::scalar_multiplication::MSM::small_pippenger_low_memory_with_transformed_scalars
static Element small_pippenger_low_memory_with_transformed_scalars(MSMData &msm_data) noexcept
Top-level Pippenger algorithm where number of points is small and we are not using the Affine trick.
Definition scalar_multiplication.cpp:376
bb::scalar_multiplication::MSM::pippenger_low_memory_with_transformed_scalars
static Element pippenger_low_memory_with_transformed_scalars(MSMData &msm_data) noexcept
Top-level Pippenger algorithm.
Definition scalar_multiplication.cpp:401
bb::scalar_multiplication::MSM::accumulate_buckets
static Element accumulate_buckets(BucketType &bucket_accumulators) noexcept
Definition scalar_multiplication.hpp:138
bb::scalar_multiplication::MSM::G1
AffineElement G1
Definition scalar_multiplication.hpp:28
bb::scalar_multiplication::MSM::get_num_rounds
static size_t get_num_rounds(size_t num_points) noexcept
Definition scalar_multiplication.hpp:91
bb::scalar_multiplication::MSM::get_scalar_slice
static uint32_t get_scalar_slice(const ScalarField &scalar, size_t round, size_t normal_slice_size) noexcept
Given a scalar that is NOT in Montgomery form, extract a slice_size-bit chunk.
Definition scalar_multiplication.cpp:197
bb::scalar_multiplication::MSM::use_affine_trick
static bool use_affine_trick(const size_t num_points, const size_t num_buckets) noexcept
Given a number of points and an optimal bucket size, should we use the affine trick?
Definition scalar_multiplication.cpp:257
bb::scalar_multiplication::MSM::add_affine_points
static void add_affine_points(AffineElement *points, const size_t num_points, typename Curve::BaseField *scratch_space) noexcept
Definition scalar_multiplication.cpp:324
bb::scalar_multiplication::MSM::get_optimal_log_num_buckets
static size_t get_optimal_log_num_buckets(const size_t num_points) noexcept
For a given number of points, compute the optimal Pippenger bucket size.
Definition scalar_multiplication.cpp:228
bb::scalar_multiplication::MSM::ThreadWorkUnits
std::vector< MSMWorkUnit > ThreadWorkUnits
Definition scalar_multiplication.hpp:43
bb::scalar_multiplication::MSM::get_work_units
static std::vector< ThreadWorkUnits > get_work_units(std::span< std::span< ScalarField > > scalars, std::vector< std::vector< uint32_t > > &msm_scalar_indices) noexcept
Split a multiple multi-scalar-multiplication into equal units of work that can be processed by thread...
Definition scalar_multiplication.cpp:113
bb::scalar_multiplication::MSM::Element
typename Curve::Element Element
Definition scalar_multiplication.hpp:23
bb::scalar_multiplication::MSM::NUM_BITS_IN_FIELD
static constexpr size_t NUM_BITS_IN_FIELD
Definition scalar_multiplication.hpp:29
bb::scalar_multiplication::MSM::consume_point_schedule
static void consume_point_schedule(std::span< const uint64_t > point_schedule, std::span< const AffineElement > points, AffineAdditionData &affine_data, BucketAccumulators &bucket_data, size_t num_input_points_processed, size_t num_queued_affine_points) noexcept
Given a list of points and target buckets to add into, perform required group operations.
Definition scalar_multiplication.cpp:557
bb::scalar_multiplication::MSM::batch_multi_scalar_mul
static std::vector< AffineElement > batch_multi_scalar_mul(std::span< std::span< const AffineElement > > points, std::span< std::span< ScalarField > > scalars, bool handle_edge_cases=true) noexcept
Compute multiple multi-scalar multiplications.
Definition scalar_multiplication.cpp:761
bb::scalar_multiplication::MSM::evaluate_pippenger_round
static Element evaluate_pippenger_round(MSMData &msm_data, const size_t round_index, AffineAdditionData &affine_data, BucketAccumulators &bucket_data, Element previous_round_output, const size_t bits_per_slice) noexcept
Evaluate a single Pippenger round where we use the affine trick.
Definition scalar_multiplication.cpp:493
bb::scalar_multiplication::MSM::transform_scalar_and_get_nonzero_scalar_indices
static void transform_scalar_and_get_nonzero_scalar_indices(std::span< typename Curve::ScalarField > scalars, std::vector< uint32_t > &consolidated_indices) noexcept
Convert scalar out of Montgomery form. Populate consolidated_indices with nonzero scalar indices.
Definition scalar_multiplication.cpp:55
bb::scalar_multiplication::MSM::ScalarField
typename Curve::ScalarField ScalarField
Definition scalar_multiplication.hpp:24
bb::scalar_multiplication::MSM::msm
static AffineElement msm(std::span< const AffineElement > points, PolynomialSpan< const ScalarField > _scalars, bool handle_edge_cases=false) noexcept
Helper method to evaluate a single MSM. Internally calls batch_multi_scalar_mul
Definition scalar_multiplication.cpp:844
bb::scalar_multiplication::MSM::AffineElement
typename Curve::AffineElement AffineElement
Definition scalar_multiplication.hpp:26
bb::scalar_multiplication
Definition process_buckets.cpp:11
bb::scalar_multiplication::pippenger
Curve::Element pippenger(PolynomialSpan< const typename Curve::ScalarField > scalars, std::span< const typename Curve::AffineElement > points, bool handle_edge_cases) noexcept
Definition scalar_multiplication.cpp:866
bb::scalar_multiplication::pippenger_unsafe
Curve::Element pippenger_unsafe(PolynomialSpan< const typename Curve::ScalarField > scalars, std::span< const typename Curve::AffineElement > points) noexcept
Definition scalar_multiplication.cpp:874
bb::sum
Inner sum(Cont< Inner, Args... > const &in)
Definition container.hpp:70
bb::get_precomputed_generators
constexpr std::span< const typename Group::affine_element > get_precomputed_generators()
Definition precomputed_generators.hpp:51
bb::BN254
@ BN254
Definition types.hpp:10
std
STL namespace.
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
Element
Curve::Element Element
Definition pippenger.bench.cpp:30
precomputed_generators_bn254_impl.hpp
precomputed_generators_grumpkin_impl.hpp
process_buckets.hpp
scalar_multiplication.hpp
bb::scalar_multiplication::MSM::AffineAdditionData
Temp data structure, one created per thread!
Definition scalar_multiplication.hpp:77
bb::scalar_multiplication::MSM::AffineAdditionData::addition_result_bucket_destinations
std::vector< uint64_t > addition_result_bucket_destinations
Definition scalar_multiplication.hpp:83
bb::scalar_multiplication::MSM::AffineAdditionData::points_to_add
std::vector< AffineElement > points_to_add
Definition scalar_multiplication.hpp:81
bb::scalar_multiplication::MSM::AffineAdditionData::scalar_scratch_space
std::vector< BaseField > scalar_scratch_space
Definition scalar_multiplication.hpp:82
bb::scalar_multiplication::MSM::AffineAdditionData::AffineAdditionData
AffineAdditionData() noexcept
Definition scalar_multiplication.hpp:85
bb::scalar_multiplication::MSM::AffineAdditionData::BATCH_OVERFLOW_SIZE
static constexpr size_t BATCH_OVERFLOW_SIZE
Definition scalar_multiplication.hpp:80
bb::scalar_multiplication::MSM::AffineAdditionData::BATCH_SIZE
static constexpr size_t BATCH_SIZE
Definition scalar_multiplication.hpp:78
bb::scalar_multiplication::MSM::BucketAccumulators
Temp data structure, one created per thread!
Definition scalar_multiplication.hpp:55
bb::scalar_multiplication::MSM::BucketAccumulators::BucketAccumulators
BucketAccumulators(size_t num_buckets) noexcept
Definition scalar_multiplication.hpp:59
bb::scalar_multiplication::MSM::BucketAccumulators::buckets
std::vector< AffineElement > buckets
Definition scalar_multiplication.hpp:56
bb::scalar_multiplication::MSM::BucketAccumulators::bucket_exists
BitVector bucket_exists
Definition scalar_multiplication.hpp:57
bb::scalar_multiplication::MSM::JacobianBucketAccumulators
Definition scalar_multiplication.hpp:65
bb::scalar_multiplication::MSM::JacobianBucketAccumulators::bucket_exists
BitVector bucket_exists
Definition scalar_multiplication.hpp:67
bb::scalar_multiplication::MSM::JacobianBucketAccumulators::buckets
std::vector< Element > buckets
Definition scalar_multiplication.hpp:66
bb::scalar_multiplication::MSM::JacobianBucketAccumulators::JacobianBucketAccumulators
JacobianBucketAccumulators(size_t num_buckets) noexcept
Definition scalar_multiplication.hpp:69
bb::scalar_multiplication::MSM::MSMData
Definition scalar_multiplication.hpp:45
bb::scalar_multiplication::MSM::MSMData::point_schedule
std::span< uint64_t > point_schedule
Definition scalar_multiplication.hpp:49
bb::scalar_multiplication::MSM::MSMData::scalars
std::span< const ScalarField > scalars
Definition scalar_multiplication.hpp:46
bb::scalar_multiplication::MSM::MSMData::points
std::span< const AffineElement > points
Definition scalar_multiplication.hpp:47
bb::scalar_multiplication::MSM::MSMData::scalar_indices
std::span< const uint32_t > scalar_indices
Definition scalar_multiplication.hpp:48
bb::scalar_multiplication::MSM::MSMWorkUnit
MSMWorkUnit describes an MSM that may be part of a larger MSM.
Definition scalar_multiplication.hpp:38
bb::scalar_multiplication::MSM::MSMWorkUnit::batch_msm_index
size_t batch_msm_index
Definition scalar_multiplication.hpp:39
bb::scalar_multiplication::MSM::MSMWorkUnit::start_index
size_t start_index
Definition scalar_multiplication.hpp:40
bb::scalar_multiplication::MSM::MSMWorkUnit::size
size_t size
Definition scalar_multiplication.hpp:41