Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Public Member Functions | Static Public Attributes | Private Types | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
bb::ECCOpQueue Class Reference

Manages ECC operations for the Goblin proving system. More...

#include <ecc_op_queue.hpp>

Public Member Functions

 ECCOpQueue ()
 Instantiate an initial ECC op subtable.
 
void initialize_new_subtable ()
 Initialize a new subtable for eccvm and ultra ops with the given merge settings.
 
size_t num_subtables () const
 
size_t get_current_subtable_size () const
 
size_t get_append_offset () const
 Compute the fixed append offset for the final APPEND merge.
 
void merge ()
 
void merge_fixed_append (size_t ultra_fixed_offset)
 
std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTHconstruct_zk_columns ()
 
std::vector< std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > > construct_subtable_columns () const
 
std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTHconstruct_ultra_ops_table_columns (const bool include_zk_ops=true) const
 
std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTHconstruct_table_columns_up_to_tail () const
 
std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTHconstruct_current_ultra_ops_subtable_columns () const
 
void construct_full_eccvm_ops_table ()
 
void construct_zk_reconstructed_ultra_ops_table ()
 
void construct_no_zk_reconstructed_ultra_ops_table ()
 
size_t get_ultra_ops_table_num_rows () const
 
size_t get_ultra_ops_count () const
 
size_t get_ultra_ops_table_num_rows_up_to_tail () const
 
std::vector< ECCVMOperation > & get_eccvm_ops ()
 
std::vector< UltraOp > & get_no_zk_reconstructed_ultra_ops ()
 
std::vector< UltraOp > & get_zk_reconstructed_ultra_ops ()
 
size_t get_num_msm_rows () const
 Get the number of rows in the 'msm' column section, for all msms in the circuit.
 
size_t get_num_rows () const
 Get the number of rows for the current ECCVM circuit.
 
uint32_t get_number_of_muls () const
 Get number of muls for the current ECCVM circuit.
 
void set_eccvm_ops_for_fuzzing (std::vector< ECCVMOperation > &eccvm_ops_in)
 A fuzzing only method for setting eccvm ops directly.
 
void add_erroneous_equality_op_for_testing ()
 A testing only method that adds an erroneous equality op to the eccvm ops.
 
void empty_row_for_testing ()
 Write empty row to queue.
 
Point get_accumulator ()
 
UltraOp add_accumulate (const Point &to_add)
 Write point addition op to queue and natively perform addition.
 
UltraOp mul_accumulate (const Point &to_mul, const Fr &scalar)
 Write multiply and add op to queue and natively perform operation.
 
UltraOp no_op_ultra_only ()
 Writes a no-op to the ultra ops table but adds no eccvm operations.
 
UltraOp random_op_ultra_only ()
 Writes randomness to the ultra ops table but adds no eccvm operations.
 
UltraOp eq_and_reset ()
 Write equality op using internal accumulator point.
 
UltraOp append_hiding_op (const Fq &Px, const Fq &Py)
 Add a hiding op with random Px, Py values to both ECCVM and Ultra ops tables.
 

Static Public Attributes

static const size_t OP_QUEUE_SIZE = 1 << CONST_OP_QUEUE_LOG_SIZE
 

Private Types

using Curve = curve::BN254
 
using Point = Curve::AffineElement
 
using Fr = Curve::ScalarField
 
using Fq = Curve::BaseField
 

Private Member Functions

void append_eccvm_op (const ECCVMOperation &op)
 Append an eccvm operation to the eccvm ops table; update the eccvm row tracker.
 
UltraOp construct_and_populate_ultra_ops (EccOpCode op_code, const Point &point, const Fr &scalar=Fr::zero())
 Given an ecc operation and its inputs, decompose into ultra format and populate ultra_ops.
 

Private Attributes

Point point_at_infinity = Curve::Group::affine_point_at_infinity
 
Point accumulator = point_at_infinity
 
EccvmOpsTable eccvm_ops_table
 
UltraEccOpsTable ultra_ops_table
 
std::vector< ECCVMOperationeccvm_ops_reconstructed
 
std::vector< UltraOpultra_ops_zk_reconstructed
 
std::vector< UltraOpultra_ops_no_zk_reconstructed
 
EccvmRowTracker eccvm_row_tracker
 
ECCVMOperation hiding_op_for_eccvm
 
bool has_hiding_op = false
 

Static Private Attributes

static constexpr size_t ULTRA_TABLE_WIDTH = UltraEccOpsTable::TABLE_WIDTH
 

Detailed Description

Manages ECC operations for the Goblin proving system.

This class maintains two parallel representations of ECC operations:

  1. ECCVM format (eccvm_ops_table): Native operations for the ECCVM circuit. Each op is one row: {opcode, base_point, z1, z2, mul_scalar_full}
  2. Ultra format (ultra_ops_table): Width-4 representation for Mega circuits and Translator. Each op spans 2 rows: Row 0: OP | X_lo | X_hi | Y_lo Row 1: 0 | Y_hi | z1 | z2

Operations are added via add_accumulate(), mul_accumulate(), and eq_and_reset(). Each operation:

  • Updates the native accumulator (shadow computation for verification)
  • Appends to both ECCVM and Ultra tables

Tables grow by appending subtables (one per circuit in an IVC). See ecc_ops_table.hpp for details.

TODO(https://github.com/AztecProtocol/barretenberg/issues/1267): consider possible efficiency improvements

Definition at line 38 of file ecc_op_queue.hpp.

Member Typedef Documentation

◆ Curve

using bb::ECCOpQueue::Curve = curve::BN254
private

Definition at line 39 of file ecc_op_queue.hpp.

◆ Fq

using bb::ECCOpQueue::Fq = Curve::BaseField
private

Definition at line 42 of file ecc_op_queue.hpp.

◆ Fr

using bb::ECCOpQueue::Fr = Curve::ScalarField
private

Definition at line 41 of file ecc_op_queue.hpp.

◆ Point

using bb::ECCOpQueue::Point = Curve::AffineElement
private

Definition at line 40 of file ecc_op_queue.hpp.

Constructor & Destructor Documentation

◆ ECCOpQueue()

bb::ECCOpQueue::ECCOpQueue ( )
inline

Instantiate an initial ECC op subtable.

Definition at line 69 of file ecc_op_queue.hpp.

Member Function Documentation

◆ add_accumulate()

UltraOp bb::ECCOpQueue::add_accumulate ( const Point to_add)
inline

Write point addition op to queue and natively perform addition.

Parameters
to_add

Definition at line 249 of file ecc_op_queue.hpp.

◆ add_erroneous_equality_op_for_testing()

void bb::ECCOpQueue::add_erroneous_equality_op_for_testing ( )
inline

A testing only method that adds an erroneous equality op to the eccvm ops.

May be used to ensure that ECCVM responds as expected when encountering a bad op

Definition at line 225 of file ecc_op_queue.hpp.

◆ append_eccvm_op()

void bb::ECCOpQueue::append_eccvm_op ( const ECCVMOperation op)
inlineprivate

Append an eccvm operation to the eccvm ops table; update the eccvm row tracker.

Definition at line 397 of file ecc_op_queue.hpp.

◆ append_hiding_op()

UltraOp bb::ECCOpQueue::append_hiding_op ( const Fq Px,
const Fq Py 
)
inline

Add a hiding op with random Px, Py values to both ECCVM and Ultra ops tables.

The hiding op contributes random Px, Py field elements to both ECCVM transcript polynomials and Translator's accumulated_result, providing statistical hiding.

In ECCVM: stored separately and prepended to eccvm_ops_reconstructed at index 0 during get_eccvm_ops(). This places it at row 1 in the ECCVM transcript table (row 0 is the zero row for shifts), where lagrange_second = 1. The eq and on-curve constraints are gated by (1 - lagrange_second) so they don't apply to this row. The transcript relation enforces q_eq = 1 and q_reset = 1 at this row, ensuring the accumulator is reset so that is_accumulator_empty = 1 at row 2 (the first real op row).

In Ultra/Translator: appended to current subtable through normal flow, landing in the accumulation range.

The hiding op uses opcode q_eq = 1, q_reset = 1 (value = 3) to preserve the Px, Py values in the transcript. The eq constraint is gated by (1 - lagrange_second) so it doesn't actually check equality. The on-curve check is similarly gated. q_reset = 1 is required for Translator compatibility (only opcodes {0,3,4,8} are allowed).

This method writes the same hiding op to both the ECCVM and Ultra tables in one step, ensuring the two representations agree (required for the translation check).

Parameters
PxRandom field element (not necessarily a valid x-coordinate on BN254)
PyRandom field element (not necessarily a valid y-coordinate on BN254)
Returns
The UltraOp that was pushed to the table (for use by circuit builder to add gates)

Definition at line 367 of file ecc_op_queue.hpp.

◆ construct_and_populate_ultra_ops()

UltraOp bb::ECCOpQueue::construct_and_populate_ultra_ops ( EccOpCode  op_code,
const Point point,
const Fr scalar = Fr::zero() 
)
inlineprivate

Given an ecc operation and its inputs, decompose into ultra format and populate ultra_ops.

Parameters
op_code
point
scalar
Returns
UltraOp

Definition at line 410 of file ecc_op_queue.hpp.

◆ construct_current_ultra_ops_subtable_columns()

std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > bb::ECCOpQueue::construct_current_ultra_ops_subtable_columns ( ) const
inline

Definition at line 138 of file ecc_op_queue.hpp.

◆ construct_full_eccvm_ops_table()

void bb::ECCOpQueue::construct_full_eccvm_ops_table ( )
inline

Definition at line 144 of file ecc_op_queue.hpp.

◆ construct_no_zk_reconstructed_ultra_ops_table()

void bb::ECCOpQueue::construct_no_zk_reconstructed_ultra_ops_table ( )
inline

Definition at line 153 of file ecc_op_queue.hpp.

◆ construct_subtable_columns()

std::vector< std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > > bb::ECCOpQueue::construct_subtable_columns ( ) const
inline

Definition at line 119 of file ecc_op_queue.hpp.

◆ construct_table_columns_up_to_tail()

std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > bb::ECCOpQueue::construct_table_columns_up_to_tail ( ) const
inline

Definition at line 132 of file ecc_op_queue.hpp.

◆ construct_ultra_ops_table_columns()

std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > bb::ECCOpQueue::construct_ultra_ops_table_columns ( const bool  include_zk_ops = true) const
inline

Definition at line 125 of file ecc_op_queue.hpp.

◆ construct_zk_columns()

std::array< Polynomial< Fr >, ULTRA_TABLE_WIDTH > bb::ECCOpQueue::construct_zk_columns ( )
inline

Definition at line 110 of file ecc_op_queue.hpp.

◆ construct_zk_reconstructed_ultra_ops_table()

void bb::ECCOpQueue::construct_zk_reconstructed_ultra_ops_table ( )
inline

Definition at line 147 of file ecc_op_queue.hpp.

◆ empty_row_for_testing()

void bb::ECCOpQueue::empty_row_for_testing ( )
inline

Write empty row to queue.

Warning
This is for testing purposes only. Currently no valid use case.

Definition at line 236 of file ecc_op_queue.hpp.

◆ eq_and_reset()

UltraOp bb::ECCOpQueue::eq_and_reset ( )
inline

Write equality op using internal accumulator point.

Returns
current internal accumulator point (prior to reset to 0)

Definition at line 329 of file ecc_op_queue.hpp.

◆ get_accumulator()

Point bb::ECCOpQueue::get_accumulator ( )
inline

Definition at line 242 of file ecc_op_queue.hpp.

◆ get_append_offset()

size_t bb::ECCOpQueue::get_append_offset ( ) const
inline

Compute the fixed append offset for the final APPEND merge.

Places the appended subtable so the merged polynomial fits exactly in MINI_CIRCUIT_SIZE rows. The appended subtable carries UltraEccOpsTable::APPEND_TRACE_OFFSET leading zero rows internally, matching the appender flavor's ecc_op_wire layout.

Definition at line 91 of file ecc_op_queue.hpp.

◆ get_current_subtable_size()

size_t bb::ECCOpQueue::get_current_subtable_size ( ) const
inline

Definition at line 83 of file ecc_op_queue.hpp.

◆ get_eccvm_ops()

std::vector< ECCVMOperation > & bb::ECCOpQueue::get_eccvm_ops ( )
inline

Definition at line 166 of file ecc_op_queue.hpp.

◆ get_no_zk_reconstructed_ultra_ops()

std::vector< UltraOp > & bb::ECCOpQueue::get_no_zk_reconstructed_ultra_ops ( )
inline

Definition at line 179 of file ecc_op_queue.hpp.

◆ get_num_msm_rows()

size_t bb::ECCOpQueue::get_num_msm_rows ( ) const
inline

Get the number of rows in the 'msm' column section, for all msms in the circuit.

Definition at line 198 of file ecc_op_queue.hpp.

◆ get_num_rows()

size_t bb::ECCOpQueue::get_num_rows ( ) const
inline

Get the number of rows for the current ECCVM circuit.

Note
This count does not include the hiding op.

Definition at line 204 of file ecc_op_queue.hpp.

◆ get_number_of_muls()

uint32_t bb::ECCOpQueue::get_number_of_muls ( ) const
inline

Get number of muls for the current ECCVM circuit.

Definition at line 209 of file ecc_op_queue.hpp.

◆ get_ultra_ops_count()

size_t bb::ECCOpQueue::get_ultra_ops_count ( ) const
inline

Definition at line 160 of file ecc_op_queue.hpp.

◆ get_ultra_ops_table_num_rows()

size_t bb::ECCOpQueue::get_ultra_ops_table_num_rows ( ) const
inline

Definition at line 159 of file ecc_op_queue.hpp.

◆ get_ultra_ops_table_num_rows_up_to_tail()

size_t bb::ECCOpQueue::get_ultra_ops_table_num_rows_up_to_tail ( ) const
inline

Definition at line 162 of file ecc_op_queue.hpp.

◆ get_zk_reconstructed_ultra_ops()

std::vector< UltraOp > & bb::ECCOpQueue::get_zk_reconstructed_ultra_ops ( )
inline

Definition at line 187 of file ecc_op_queue.hpp.

◆ initialize_new_subtable()

void bb::ECCOpQueue::initialize_new_subtable ( )
inline

Initialize a new subtable for eccvm and ultra ops with the given merge settings.

Definition at line 75 of file ecc_op_queue.hpp.

◆ merge()

void bb::ECCOpQueue::merge ( )
inline

Definition at line 98 of file ecc_op_queue.hpp.

◆ merge_fixed_append()

void bb::ECCOpQueue::merge_fixed_append ( size_t  ultra_fixed_offset)
inline

Definition at line 104 of file ecc_op_queue.hpp.

◆ mul_accumulate()

UltraOp bb::ECCOpQueue::mul_accumulate ( const Point to_mul,
const Fr scalar 
)
inline

Write multiply and add op to queue and natively perform operation.

Parameters
to_add

Definition at line 266 of file ecc_op_queue.hpp.

◆ no_op_ultra_only()

UltraOp bb::ECCOpQueue::no_op_ultra_only ( )
inline

Writes a no-op to the ultra ops table but adds no eccvm operations.

Adds two zero rows (one no-op = NUM_ROWS_PER_OP rows) to the ultra ops table. Translator needs two leading zero rows for polynomial shiftability.

Definition at line 294 of file ecc_op_queue.hpp.

◆ num_subtables()

size_t bb::ECCOpQueue::num_subtables ( ) const
inline

Definition at line 81 of file ecc_op_queue.hpp.

◆ random_op_ultra_only()

UltraOp bb::ECCOpQueue::random_op_ultra_only ( )
inline

Writes randomness to the ultra ops table but adds no eccvm operations.

This method is used to add randomness to the ultra ops table with the aim of randomising the commitment and evaluations of its corresponding columns

Returns
UltraOp

Definition at line 308 of file ecc_op_queue.hpp.

◆ set_eccvm_ops_for_fuzzing()

void bb::ECCOpQueue::set_eccvm_ops_for_fuzzing ( std::vector< ECCVMOperation > &  eccvm_ops_in)
inline

A fuzzing only method for setting eccvm ops directly.

Definition at line 215 of file ecc_op_queue.hpp.

Member Data Documentation

◆ accumulator

Point bb::ECCOpQueue::accumulator = point_at_infinity
private

Definition at line 47 of file ecc_op_queue.hpp.

◆ eccvm_ops_reconstructed

std::vector<ECCVMOperation> bb::ECCOpQueue::eccvm_ops_reconstructed
private

Definition at line 54 of file ecc_op_queue.hpp.

◆ eccvm_ops_table

EccvmOpsTable bb::ECCOpQueue::eccvm_ops_table
private

Definition at line 49 of file ecc_op_queue.hpp.

◆ eccvm_row_tracker

EccvmRowTracker bb::ECCOpQueue::eccvm_row_tracker
private

Definition at line 62 of file ecc_op_queue.hpp.

◆ has_hiding_op

bool bb::ECCOpQueue::has_hiding_op = false
private

Definition at line 391 of file ecc_op_queue.hpp.

◆ hiding_op_for_eccvm

ECCVMOperation bb::ECCOpQueue::hiding_op_for_eccvm
private

Definition at line 390 of file ecc_op_queue.hpp.

◆ OP_QUEUE_SIZE

const size_t bb::ECCOpQueue::OP_QUEUE_SIZE = 1 << CONST_OP_QUEUE_LOG_SIZE
static

Definition at line 65 of file ecc_op_queue.hpp.

◆ point_at_infinity

Point bb::ECCOpQueue::point_at_infinity = Curve::Group::affine_point_at_infinity
private

Definition at line 44 of file ecc_op_queue.hpp.

◆ ultra_ops_no_zk_reconstructed

std::vector<UltraOp> bb::ECCOpQueue::ultra_ops_no_zk_reconstructed
private

Definition at line 59 of file ecc_op_queue.hpp.

◆ ultra_ops_table

UltraEccOpsTable bb::ECCOpQueue::ultra_ops_table
private

Definition at line 50 of file ecc_op_queue.hpp.

◆ ultra_ops_zk_reconstructed

std::vector<UltraOp> bb::ECCOpQueue::ultra_ops_zk_reconstructed
private

Definition at line 58 of file ecc_op_queue.hpp.

◆ ULTRA_TABLE_WIDTH

constexpr size_t bb::ECCOpQueue::ULTRA_TABLE_WIDTH = UltraEccOpsTable::TABLE_WIDTH
staticconstexprprivate

Definition at line 43 of file ecc_op_queue.hpp.

The documentation for this class was generated from the following file: