Barretenberg: src/barretenberg/polynomials/gate_separator.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: Complete, auditors: [Khashayar], commit: }

// external_1:  { status: not started, auditors: [], commit: }

// external_2:  { status: not started, auditors: [], commit: }

// =====================


#pragma once

#include "barretenberg/common/bb_bench.hpp"

#include "barretenberg/common/compiler_hints.hpp"

#include "barretenberg/common/thread.hpp"

#include "barretenberg/numeric/bitop/get_msb.hpp"

#include "barretenberg/stdlib/primitives/bool/bool.hpp"


#include <cstddef>

#include <vector>

namespace bb {


template <typename FF> struct GateSeparatorPolynomial {

    std::vector<FF> betas;


    Polynomial<FF> beta_products;

    size_t current_element_idx = 0;

    size_t periodicity = 2;

    FF partial_evaluation_result = FF(1);


    GateSeparatorPolynomial(const std::vector<FF>& betas, const size_t log_num_monomials)

        : betas(betas)

        , beta_products(compute_beta_products(betas, log_num_monomials))

    {}


    GateSeparatorPolynomial(const std::vector<FF>& betas)

        : betas(betas)

    {}


    GateSeparatorPolynomial(const std::vector<FF>& betas, const std::vector<FF>& challenge)

        : betas(betas)

    {

        if (!betas.empty()) {

            for (const auto& u_k : challenge) {

                partially_evaluate(u_k);

            }

        }

    }


    FF const& operator[](size_t idx) const

    {

        // At round i, we only iterate over beta_products of indices that are multiples of 2^i,

        // Hence for the idx-th element we need to get the (idx * 2^i)-th element in #beta_products.

        return beta_products.at((idx >> 1) * periodicity);

    }


    FF current_element() const

    {

        if (betas.empty()) {

            return FF(1);

        };

        return betas[current_element_idx];

    }


    FF univariate_eval(FF challenge) const { return (FF(1) + (challenge * (betas[current_element_idx] - FF(1)))); };


    void partially_evaluate(FF challenge)

    {

        if (!betas.empty()) {

            FF current_univariate_eval = univariate_eval(challenge);

            partial_evaluation_result *= current_univariate_eval;

            current_element_idx++;

            periodicity *= 2;

        }

    }


    BB_PROFILE static Polynomial<FF> compute_beta_products(const std::vector<FF>& betas,

                                                           const size_t log_num_monomials,

                                                           const FF& scaling_factor = FF(1))

    {

        if (betas.empty()) {

            Polynomial<FF> out(1);

            return out;

        }


        BB_BENCH_NAME("GateSeparatorPolynomial::compute_beta_products");

        size_t pow_size = static_cast<size_t>(1) << log_num_monomials;

        Polynomial<FF> beta_products(pow_size, Polynomial<FF>::DontZeroMemory::FLAG);


        // Explanations of the algorithm:

        // The product of the betas at index i (beta_products[i]) contains the multiplicative factor betas[j] if and

        // only if the jth bit of i is 1 (j starting with 0 for the least significant bit). For instance, i = 13 = 1101

        // in binary, so the product is betas[0] * betas[2] * betas[3].

        //

        // Key insight: beta_products[i] = beta_products[predecessor] * betas[lsb_position], where predecessor is i

        // with the least significant bit cleared. For example:

        //   - i = 6 (binary 110): LSB is at position 1, predecessor = 4 (binary 100)

        //     beta_products[6] = beta_products[4] * betas[1]

        //   - i = 12 (binary 1100): LSB is at position 2, predecessor = 8 (binary 1000)

        //     beta_products[12] = beta_products[8] * betas[2]

        //

        // For each index i, if the predecessor falls within our thread's range [start, start + chunk_size), we use

        // this O(1) recurrence. Otherwise, we compute directly by iterating over all set bits in i, which requires

        // O(popcount(i)) multiplications. This direct computation handles boundary cases between thread chunks.

        //

        // This algorithm works with any number of threads (not just powers of 2), unlike the previous prefix/suffix

        // approach which required power-of-2 thread counts to ensure even work distribution.


        // Cost per iteration: typically 1 multiplication (when predecessor is in range),

        // occasionally O(popcount) multiplications at chunk boundaries

        constexpr size_t iteration_cost = thread_heuristics::FF_MULTIPLICATION_COST;

        parallel_for_heuristic(

            pow_size,

            [&](size_t start, size_t end, BB_UNUSED size_t chunk_index) {

                BB_BENCH_TRACY_NAME("GateSeparator::beta_products/chunk");

                for (size_t i = start; i < end; i++) {

                    if (i == 0) {

                        beta_products.at(0) = scaling_factor;

                        continue;

                    }


                    // Find the lowest set bit position and the predecessor index

                    size_t lsb_pos = numeric::get_lsb(i);

                    size_t predecessor = i ^ (static_cast<size_t>(1) << lsb_pos); // clear the lowest set bit


                    if (predecessor >= start) {

                        // Predecessor is in our range, O(1) computation

                        beta_products.at(i) = beta_products.at(predecessor) * betas[lsb_pos];

                    } else {

                        // Predecessor is not in our range, compute directly from set bits only

                        FF result = scaling_factor;

                        size_t remaining = i;

                        while (remaining != 0) {

                            size_t bit = numeric::get_lsb(remaining);

                            result *= betas[bit];

                            remaining ^= static_cast<size_t>(1) << bit; // clear this bit

                        }

                        beta_products.at(i) = result;

                    }

                }

            },

            iteration_cost);


        return beta_products;

    }


};


} // namespace bb

FF
bb::field< bb::Bn254FrParams > FF
Definition field.cpp:24

bb_bench.hpp

BB_BENCH_NAME
#define BB_BENCH_NAME(name)
Definition bb_bench.hpp:264

BB_BENCH_TRACY_NAME
#define BB_BENCH_TRACY_NAME(name)
Definition bb_bench.hpp:256

bb::Polynomial
Structured polynomial class that represents the coefficients 'a' of a_0 + a_1 x .....
Definition polynomial.hpp:75

bb::Polynomial::at
Fr & at(size_t index)
Our mutable accessor, unlike operator[]. We abuse precedent a bit to differentiate at() and operator[...
Definition polynomial.hpp:305

compiler_hints.hpp

BB_PROFILE
#define BB_PROFILE
Definition compiler_hints.hpp:14

BB_UNUSED
#define BB_UNUSED
Definition compiler_hints.hpp:30

get_msb.hpp

bb::numeric::get_lsb
constexpr T get_lsb(const T in)
Definition get_msb.hpp:71

bb::thread_heuristics::FF_MULTIPLICATION_COST
constexpr size_t FF_MULTIPLICATION_COST
Definition thread.hpp:134

bb
Entry point for Barretenberg command-line interface.
Definition api.hpp:5

bb::parallel_for_heuristic
void parallel_for_heuristic(size_t num_points, const std::function< void(size_t, size_t, size_t)> &func, size_t heuristic_cost)
Split a loop into several loops running in parallel based on operations in 1 iteration.
Definition thread.cpp:171

bool.hpp

bb::GateSeparatorPolynomial
Implementation of the methods for the -polynomials used in in Sumcheck.
Definition gate_separator.hpp:18

bb::GateSeparatorPolynomial::GateSeparatorPolynomial
GateSeparatorPolynomial(const std::vector< FF > &betas)
Construct a new GateSeparatorPolynomial object without expanding to a vector of monomials.
Definition gate_separator.hpp:68

bb::GateSeparatorPolynomial::periodicity
size_t periodicity
In Round  of Sumcheck, the periodicity equals to  and represents the fixed interval at which elements...
Definition gate_separator.hpp:41

bb::GateSeparatorPolynomial::GateSeparatorPolynomial
GateSeparatorPolynomial(const std::vector< FF > &betas, const size_t log_num_monomials)
Construct a new GateSeparatorPolynomial.
Definition gate_separator.hpp:57

bb::GateSeparatorPolynomial::betas
std::vector< FF > betas
The challenges .
Definition gate_separator.hpp:23

bb::GateSeparatorPolynomial::current_element
FF current_element() const
Computes the component at index current_element_idx in betas.
Definition gate_separator.hpp:104

bb::GateSeparatorPolynomial::operator[]
FF const & operator[](size_t idx) const
Retruns the element in beta_products at place #idx.
Definition gate_separator.hpp:93

bb::GateSeparatorPolynomial::partially_evaluate
void partially_evaluate(FF challenge)
Partially evaluate the -polynomial at the new challenge and update .
Definition gate_separator.hpp:123

bb::GateSeparatorPolynomial::univariate_eval
FF univariate_eval(FF challenge) const
Evaluate  at the challenge point .
Definition gate_separator.hpp:115

bb::GateSeparatorPolynomial::GateSeparatorPolynomial
GateSeparatorPolynomial(const std::vector< FF > &betas, const std::vector< FF > &challenge)
Constructs a virtual GateSeparator used by the prover in rounds k > d - 1, and computes its partial e...
Definition gate_separator.hpp:77

bb::GateSeparatorPolynomial::partial_evaluation_result
FF partial_evaluation_result
The value  obtained by partially evaluating one variable in the power polynomial at each round....
Definition gate_separator.hpp:49

bb::GateSeparatorPolynomial::current_element_idx
size_t current_element_idx
In Round  of Sumcheck, it points to the -th element in .
Definition gate_separator.hpp:35

bb::GateSeparatorPolynomial::beta_products
Polynomial< FF > beta_products
The consecutive evaluations  for  identified with the integers .
Definition gate_separator.hpp:30

bb::GateSeparatorPolynomial::compute_beta_products
static BB_PROFILE Polynomial< FF > compute_beta_products(const std::vector< FF > &betas, const size_t log_num_monomials, const FF &scaling_factor=FF(1))
Given  compute  for .
Definition gate_separator.hpp:141

bb::field< bb::Bn254FrParams >

thread.hpp