Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
field_conversion.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Sergei], commit: 777717f6af324188ecd6bb68c3c86ee7befef94d}
3// external_1: { status: Complete, auditors: [@ed25519 (Spearbit)], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
14#pragma once
15
16#include "barretenberg/common/assert.hpp"
17#include "barretenberg/polynomials/univariate.hpp"
18#include "barretenberg/stdlib/primitives/bigfield/bigfield.hpp"
19#include "barretenberg/stdlib/primitives/bigfield/goblin_field.hpp"
20#include "barretenberg/stdlib/primitives/curves/bn254.hpp"
21#include "barretenberg/stdlib/primitives/field/field.hpp"
22#include "barretenberg/stdlib/primitives/field/field_utils.hpp"
23#include "barretenberg/stdlib/primitives/group/cycle_group.hpp"
24
25namespace bb::stdlib {
26
27template <typename Field> class StdlibCodec {
28 public:
29 using DataType = Field;
30 using Builder = typename Field::Builder;
31 using fr = field_t<Builder>;
32 using fq = bigfield<Builder, bb::Bn254FqParams>;
33 using bn254_commitment = element<Builder, fq, fr, curve::BN254::Group>;
34 using grumpkin_commitment = cycle_group<Builder>;
35
44 template <typename T> static T convert_challenge(const fr& challenge)
45 {
46 if constexpr (std::is_same_v<T, fr>) {
47 return challenge;
48 } else if constexpr (std::is_same_v<T, fq>) {
49 // Sanity check that the input challenge fits into the first 2 bigfield limbs.
50 BB_ASSERT_LT(static_cast<uint256_t>(challenge.get_value()).get_msb(),
51 T::NUM_LIMB_BITS * 2,
52 "field_conversion: convert_challenge");
53 Builder* builder = challenge.get_context();
54 // All challenges must be circuit witnesses.
55 BB_ASSERT(builder);
56 BB_ASSERT(!challenge.is_constant());
57 auto high_limb = fr::from_witness_index(builder, builder->zero_idx());
58 high_limb.set_origin_tag(challenge.get_origin_tag());
59 return T(challenge, high_limb);
60 }
61 }
62
63 static std::vector<fr> convert_goblin_fr_to_bn254_frs(const goblin_field<Builder>& input)
64 {
65 return { input.limbs[0], input.limbs[1] };
66 }
67
68 static std::vector<fr> convert_grumpkin_fr_to_bn254_frs(const fq& input)
69 {
70 static constexpr uint64_t NUM_LIMB_BITS = fq::NUM_LIMB_BITS;
71
72 static constexpr bb::fr shift(static_cast<uint256_t>(1) << NUM_LIMB_BITS);
73 std::vector<fr> result(2);
74 result[0] = input.binary_basis_limbs[0].element + (input.binary_basis_limbs[1].element * shift);
75 result[1] = input.binary_basis_limbs[2].element + (input.binary_basis_limbs[3].element * shift);
76 return result;
77 }
78
82 template <typename T> static constexpr size_t calc_num_fields()
83 {
84 if constexpr (IsAnyOf<T, fr>) {
85 return Bn254FrParams::NUM_BN254_SCALARS;
86 } else if constexpr (IsAnyOf<T, fq, goblin_field<Builder>>) {
87 return Bn254FqParams::NUM_BN254_SCALARS;
88 } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {
89 return 2 * calc_num_fields<typename T::BaseField>();
90 } else {
91 // Array or Univariate
92 return calc_num_fields<typename T::value_type>() * (std::tuple_size<T>::value);
93 }
94 }
95
132 template <typename T> static T deserialize_from_fields(std::span<const fr> fr_vec)
133 {
134 using field_ct = fr;
135 using bigfield_ct = fq;
136
137 constexpr size_t expected_size = calc_num_fields<T>();
138 BB_ASSERT_EQ(fr_vec.size(), expected_size);
139
140 BB_ASSERT(validate_context<Builder>(fr_vec));
141
142 if constexpr (IsAnyOf<T, field_ct>) {
143 // Case 1: input type matches the output type
144 return fr_vec[0];
145 } else if constexpr (IsAnyOf<T, bigfield_ct>) {
146 // Case 2: bigfield is reconstructed from low and high limbs with in-field validation.
147 // This ensures aliased values (>= Fq::modulus) are rejected.
148 T result(fr_vec[0], fr_vec[1]);
149 result.assert_is_in_field();
150 return result;
151 } else if constexpr (IsAnyOf<T, goblin_field<Builder>>) {
152 // Case 3: goblin_field stores limbs as-is; range validation is deferred to Translator circuit.
153 return T(fr_vec[0], fr_vec[1]);
154 } else if constexpr (IsAnyOf<T, bn254_commitment, grumpkin_commitment>) {
155 // Case 4 and 5: Convert a vector of frs to a group element
156 using Basefield = typename T::BaseField;
157
158 constexpr size_t base_field_frs = expected_size / 2;
159
160 Basefield x = deserialize_from_fields<Basefield>(fr_vec.subspan(0, base_field_frs));
161 Basefield y = deserialize_from_fields<Basefield>(fr_vec.subspan(base_field_frs, base_field_frs));
162
163 // Construct the group element (validates the point is on curve).
164 // The 2-arg constructor auto-detects infinity from (x == 0 && y == 0).
165 // For goblin_element (bn254 with Mega arithmetization), the on-curve check is delegated to ECCVM, see
166 // `on_curve_check` in `ECCVMTranscriptRelationImpl`.
167 return T(x, y, /*assert_on_curve=*/true);
168 } else {
169 // Case 6: Array or Univariate
170 T val;
171 using element_type = typename T::value_type;
172 const size_t scalar_frs = calc_num_fields<element_type>();
173
174 size_t i = 0;
175 for (auto& x : val) {
176 x = deserialize_from_fields<element_type>(fr_vec.subspan(scalar_frs * i, scalar_frs));
177 ++i;
178 }
179 return val;
180 }
181 }
182
233 template <typename T> static std::vector<fr> serialize_to_fields(const T& val)
234 {
235 using field_ct = fr;
236 using bigfield_ct = fq;
237
238 if constexpr (IsAnyOf<T, field_ct>) {
239 return std::vector<T>{ val };
240 } else if constexpr (IsAnyOf<T, bigfield_ct>) {
241 return convert_grumpkin_fr_to_bn254_frs(val);
242 } else if constexpr (IsAnyOf<T, goblin_field<Builder>>) {
243 return convert_goblin_fr_to_bn254_frs(val);
244 } else if constexpr (IsAnyOf<T, grumpkin_commitment>) {
245 // Canonicalize: output (0,0) for infinity points, critical for the IPA accumulation flow.
246 auto is_inf = val.is_point_at_infinity();
247 fr canon_x = fr::conditional_assign(is_inf, fr(0), val.x());
248 fr canon_y = fr::conditional_assign(is_inf, fr(0), val.y());
249 return { canon_x, canon_y };
250 } else if constexpr (IsAnyOf<T, bn254_commitment>) {
251 // bn254_commitment serialization does not standardize infinity (unlike grumpkin_commitment above).
252 // All existing code paths produce canonical (0,0) infinity, so just assert that invariant.
253 if (val.get_value().is_point_at_infinity()) {
254 BB_ASSERT(val.x().get_value() == 0 && val.y().get_value() == 0,
255 "serialize_to_fields: bn254_commitment point at infinity must be canonical (0,0)");
256 }
257 using BaseField = typename T::BaseField;
258
259 std::vector<field_ct> fr_vec_x = serialize_to_fields<BaseField>(val.x());
260 std::vector<field_ct> fr_vec_y = serialize_to_fields<BaseField>(val.y());
261 std::vector<field_ct> fr_vec(fr_vec_x.begin(), fr_vec_x.end());
262 fr_vec.insert(fr_vec.end(), fr_vec_y.begin(), fr_vec_y.end());
263 return fr_vec;
264 } else {
265 // Array or Univariate
266 std::vector<field_ct> fr_vec;
267 for (auto& x : val) {
268 auto tmp_vec = serialize_to_fields<typename T::value_type>(x);
269 fr_vec.insert(fr_vec.end(), tmp_vec.begin(), tmp_vec.end());
270 }
271 return fr_vec;
272 }
273 }
282 static std::array<fr, 2> split_challenge(const fr& challenge)
283 {
284 constexpr size_t TOTAL_BITS = fr::native::modulus.get_msb() + 1; // 254
285 constexpr size_t lo_bits = TOTAL_BITS / 2; // 127
286 // Construct a unique lo/hi decomposition of the challenge (hi_bits will be 127)
287 const auto [lo, hi] = split_unique(challenge, lo_bits);
288 return std::array<fr, 2>{ lo, hi };
289 }
290
301 template <typename TargetType> static TargetType deserialize_from_frs(std::span<fr> elements, size_t& num_frs_read)
302 {
303 constexpr size_t num_frs = calc_num_fields<TargetType>();
304 BB_ASSERT_GTE(elements.size(), num_frs_read + num_frs);
305 TargetType result = deserialize_from_fields<TargetType>(elements.subspan(num_frs_read, num_frs));
306 num_frs_read += num_frs;
307 return result;
308 }
309};
310} // namespace bb::stdlib
BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:70
BB_ASSERT_GTE
#define BB_ASSERT_GTE(left, right,...)
Definition assert.hpp:128
BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:83
BB_ASSERT_LT
#define BB_ASSERT_LT(left, right,...)
Definition assert.hpp:143
bb::Bn254FqParams::NUM_BN254_SCALARS
static constexpr size_t NUM_BN254_SCALARS
Definition fq.hpp:146
bb::Bn254FrParams::NUM_BN254_SCALARS
static constexpr size_t NUM_BN254_SCALARS
Definition fr.hpp:148
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::numeric::uint256_t::get_msb
constexpr uint64_t get_msb() const
Definition uint256_impl.hpp:376
bb::stdlib::StdlibCodec::calc_num_fields
static constexpr size_t calc_num_fields()
Calculates the size of a type (in its native form) in terms of frs.
Definition field_conversion.hpp:82
bb::stdlib::StdlibCodec::fq
bigfield< Builder, bb::Bn254FqParams > fq
Definition field_conversion.hpp:32
bb::stdlib::StdlibCodec::Builder
typename Field::Builder Builder
Definition field_conversion.hpp:30
bb::stdlib::StdlibCodec::convert_goblin_fr_to_bn254_frs
static std::vector< fr > convert_goblin_fr_to_bn254_frs(const goblin_field< Builder > &input)
Definition field_conversion.hpp:63
bb::stdlib::StdlibCodec::convert_grumpkin_fr_to_bn254_frs
static std::vector< fr > convert_grumpkin_fr_to_bn254_frs(const fq &input)
Definition field_conversion.hpp:68
bb::stdlib::StdlibCodec::bn254_commitment
element< Builder, fq, fr, curve::BN254::Group > bn254_commitment
Definition field_conversion.hpp:33
bb::stdlib::StdlibCodec::convert_challenge
static T convert_challenge(const fr &challenge)
A stdlib Transcript method needed to convert an fr challenge to a bigfield one. Assumes that challeng...
Definition field_conversion.hpp:44
bb::stdlib::StdlibCodec::split_challenge
static std::array< fr, 2 > split_challenge(const fr &challenge)
Split a challenge field element into two equal-width challenges.
Definition field_conversion.hpp:282
bb::stdlib::StdlibCodec::deserialize_from_fields
static T deserialize_from_fields(std::span< const fr > fr_vec)
Core stdlib Transcript deserialization method.
Definition field_conversion.hpp:132
bb::stdlib::StdlibCodec::deserialize_from_frs
static TargetType deserialize_from_frs(std::span< fr > elements, size_t &num_frs_read)
A stdlib VerificationKey-specific method.
Definition field_conversion.hpp:301
bb::stdlib::StdlibCodec::serialize_to_fields
static std::vector< fr > serialize_to_fields(const T &val)
Core stdlib Transcript serialization method.
Definition field_conversion.hpp:233
bb::stdlib::bigfield::binary_basis_limbs
std::array< Limb, NUM_LIMBS > binary_basis_limbs
Represents a bigfield element in the binary basis. A bigfield element is represented as a combination...
Definition bigfield.hpp:81
bb::stdlib::cycle_group
cycle_group represents a group Element of the proving system's embedded curve, i.e....
Definition cycle_group.hpp:40
bb::stdlib::field_t< Builder >
bb::stdlib::field_t< Builder >::from_witness_index
static field_t from_witness_index(Builder *ctx, uint32_t witness_index)
Definition field.cpp:67
bb::stdlib::field_t::get_context
Builder * get_context() const
Definition field.hpp:432
bb::stdlib::field_t::get_origin_tag
OriginTag get_origin_tag() const
Definition field.hpp:359
bb::stdlib::field_t::get_value
bb::fr get_value() const
Given a := *this, compute its value given by a.v * a.mul + a.add.
Definition field.cpp:838
bb::stdlib::field_t< Builder >::modulus
static constexpr uint256_t modulus
Definition field.hpp:237
bb::stdlib::field_t::is_constant
bool is_constant() const
Definition field.hpp:442
bb::stdlib::field_t< Builder >::conditional_assign
static field_t conditional_assign(const bool_t< Builder > &predicate, const field_t &lhs, const field_t &rhs)
Definition field.hpp:385
bb::stdlib::goblin_field
goblin_field wraps x/y coordinates of bn254 group elements when using goblin
Definition goblin_field.hpp:29
bb::stdlib::goblin_field::limbs
std::array< field_ct, 2 > limbs
Definition goblin_field.hpp:40
builder
AluTraceBuilder builder
Definition alu.test.cpp:124
cycle_group.hpp
field_utils.hpp
goblin_field.hpp
bb::stdlib::split_unique
std::pair< field_t< Builder >, field_t< Builder > > split_unique(const field_t< Builder > &field, const size_t lo_bits, const bool skip_range_constraints)
Split a bn254 scalar field element into unique lo and hi limbs.
Definition field_utils.cpp:65
bb::stdlib::element
std::conditional_t< IsGoblinBigGroup< C, Fq, Fr, G >, element_goblin::goblin_element< C, goblin_field< C >, Fr, G >, element_default::element< C, Fq, Fr, G > > element
element wraps either element_default::element or element_goblin::goblin_element depending on parametr...
Definition biggroup.hpp:1023
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13