40 const Fq& previous_accumulator,
41 const Fq& batching_challenge_v,
42 const Fq& evaluation_input_x)
61 auto uint_previous_accumulator =
uint512_t(previous_accumulator);
71 auto uint_v_squared =
uint512_t(v_squared);
73 auto uint_v_quarted =
uint512_t(v_quarted);
93 base_p_y * v_squared +
98 uint512_t quotient_by_modulus = uint_previous_accumulator * uint_x +
101 uint_p_y * uint_v_squared +
102 uint_z1 * uint_v_cubed +
103 uint_z2 * uint_v_quarted -
118 Fr low_wide_relation_limb_part_1 =
119 previous_accumulator_limbs[0] * x_witnesses[0] +
121 p_x_limbs[0] * v_witnesses[0] +
122 p_y_limbs[0] * v_squared_witnesses[0] +
123 z_1_limbs[0] * v_cubed_witnesses[0] +
124 z_2_limbs[0] * v_quarted_witnesses[0] +
128 Fr low_wide_relation_limb =
129 low_wide_relation_limb_part_1 +
130 (previous_accumulator_limbs[1] * x_witnesses[0] +
131 previous_accumulator_limbs[0] * x_witnesses[1] +
132 p_x_limbs[0] * v_witnesses[1] +
133 p_x_limbs[1] * v_witnesses[0] +
134 p_y_limbs[0] * v_squared_witnesses[1] +
135 p_y_limbs[1] * v_squared_witnesses[0] +
136 z_1_limbs[0] * v_cubed_witnesses[1] +
137 z_1_limbs[1] * v_cubed_witnesses[0] +
138 z_2_limbs[0] * v_quarted_witnesses[1] +
139 z_2_limbs[1] * v_quarted_witnesses[0] +
153 Fr high_wide_relation_limb_part_1 =
154 low_wide_relation_limb_divided +
155 previous_accumulator_limbs[2] * x_witnesses[0] +
156 previous_accumulator_limbs[1] * x_witnesses[1] +
157 previous_accumulator_limbs[0] * x_witnesses[2] +
158 p_x_limbs[0] * v_witnesses[2] +
159 p_x_limbs[1] * v_witnesses[1] +
160 p_x_limbs[2] * v_witnesses[0] +
161 p_y_limbs[0] * v_squared_witnesses[2] +
162 p_y_limbs[1] * v_squared_witnesses[1] +
163 p_y_limbs[2] * v_squared_witnesses[0] +
164 z_1_limbs[0] * v_cubed_witnesses[2] +
165 z_1_limbs[1] * v_cubed_witnesses[1] +
166 z_2_limbs[0] * v_quarted_witnesses[2] +
167 z_2_limbs[1] * v_quarted_witnesses[1] +
173 Fr high_wide_relation_limb =
174 high_wide_relation_limb_part_1 +
175 (previous_accumulator_limbs[3] * x_witnesses[0] +
176 previous_accumulator_limbs[2] * x_witnesses[1] +
177 previous_accumulator_limbs[1] * x_witnesses[2] +
178 previous_accumulator_limbs[0] * x_witnesses[3] +
179 p_x_limbs[0] * v_witnesses[3] +
180 p_x_limbs[1] * v_witnesses[2] +
181 p_x_limbs[2] * v_witnesses[1] +
182 p_x_limbs[3] * v_witnesses[0] +
183 p_y_limbs[0] * v_squared_witnesses[3] +
184 p_y_limbs[1] * v_squared_witnesses[2] +
185 p_y_limbs[2] * v_squared_witnesses[1] +
186 p_y_limbs[3] * v_squared_witnesses[0] +
187 z_1_limbs[0] * v_cubed_witnesses[3] +
188 z_1_limbs[1] * v_cubed_witnesses[2] +
189 z_2_limbs[0] * v_quarted_witnesses[3] +
190 z_2_limbs[1] * v_quarted_witnesses[2] +
202 auto high_wide_relation_limb_divided = high_wide_relation_limb *
SHIFT_2_INVERSE;
214 for (
size_t i = 0; i < last_limb_index; i++) {
224 current_accumulator_microlimbs[last_limb_index] =
226 quotient_microlimbs[last_limb_index] =
242 .P_x_limbs = p_x_limbs,
243 .P_x_microlimbs = P_x_microlimbs,
244 .P_y_limbs = p_y_limbs,
245 .P_y_microlimbs = P_y_microlimbs,
246 .z_1_limbs = z_1_limbs,
247 .z_1_microlimbs = z_1_microlimbs,
248 .z_2_limbs = z_2_limbs,
249 .z_2_microlimbs = z_2_microlimbs,
250 .previous_accumulator = previous_accumulator_limbs,
251 .current_accumulator = remainder_limbs,
252 .current_accumulator_microlimbs = current_accumulator_microlimbs,
253 .quotient_binary_limbs = quotient_limbs,
254 .quotient_microlimbs = quotient_microlimbs,
255 .relation_wide_limbs = { low_wide_relation_limb_divided, high_wide_relation_limb_divided },
270 BB_ASSERT(op_code == 0 || op_code == 3 || op_code == 4 || op_code == 8);
428 BB_BENCH_NAME(
"TranslatorCircuitBuilder::feed_ecc_op_queue_into_circuit");
433 const auto& ultra_ops =
434 avm_mode ? ecc_op_queue->get_no_zk_reconstructed_ultra_ops() : ecc_op_queue->get_zk_reconstructed_ultra_ops();
436 Fq current_accumulator(0);
437 if (ultra_ops.empty()) {
445 for (
auto& wire :
wires) {
452 BB_ASSERT(ultra_ops[i].op_code.value() == 0,
"Expected no-op at the start of the op queue");
463 BB_ASSERT(ultra_ops.size() >= min_ops,
"Op queue too small for Translator circuit construction");
477 for (
const auto& ultra_op : std::ranges::reverse_view(ultra_ops_span)) {
478 if (ultra_op.op_code.value() == 0) {
483 const auto [x_fq, y_fq] = ultra_op.get_base_point_standard_form();
484 current_accumulator +=
485 Fq(ultra_op.op_code.value()) +
490 accumulator_trace.push_back(current_accumulator);
494 Fq final_accumulator_state = accumulator_trace.back();
495 accumulator_trace.pop_back();
499 for (
const auto& ultra_op : ultra_ops_span) {
500 if (ultra_op.op_code.value() == 0) {
524 Fq previous_accumulator{ 0 };
526 if (!accumulator_trace.empty()) {
527 previous_accumulator = accumulator_trace.back();
528 accumulator_trace.pop_back();
542 for (
size_t i = ops_end; i < ultra_ops.size(); ++i) {
548 BB_ASSERT(
num_gates() % 2 == 0,
"Translator circuit gate count must be even for 2-row trace structure");
559 for (
size_t i = 0; i < num_full_micro_limbs; ++i) {
564 if (last_limb_bits > 0) {
565 microlimbs[num_full_micro_limbs] =
567 microlimbs[num_full_micro_limbs + 1] =
uint256_t(microlimbs[num_full_micro_limbs])
#define BB_ASSERT(expression,...)
#define BB_ASSERT_EQ(actual, expected,...)
#define BB_ASSERT_LTE(left, right,...)
#define BB_ASSERT_LT(left, right,...)
#define BB_BENCH_NAME(name)
virtual uint32_t add_variable(const FF &in)
Add a variable to variables.
uint32_t zero_idx() const
void increment_num_gates(size_t count=1)
static constexpr size_t NUM_RANDOM_OPS_END
static constexpr std::array< Fr, 5 > NEGATIVE_MODULUS_LIMBS
static constexpr size_t NUM_Z_LIMBS
static AccumulationInput generate_witness_values(const UltraOp &ultra_op, const Fq &previous_accumulator, const Fq &batching_challenge_v, const Fq &evaluation_input_x)
Given the transcript values from the EccOpQueue, the values of the previous accumulator,...
static constexpr auto MAX_Z_LIMB_SIZE
void feed_ecc_op_queue_into_circuit(const std::shared_ptr< ECCOpQueue > &ecc_op_queue)
Generate all the gates required to prove the correctness of batched evalution of column polynomials r...
static constexpr auto SHIFT_1
static void check_binary_limbs_maximum_values(const std::array< Fr, total_limbs > &limbs, const uint256_t &MAX_LAST_LIMB=(uint256_t(1)<< NUM_LAST_LIMB_BITS))
Assert that all standard limbs are < 2^68 and the last limb is < MAX_LAST_LIMB.
static void assert_well_formed_ultra_op(const UltraOp &ultra_op)
Ensures the ultra op is well-formed and can be used to create a gate.
@ ACCUMULATORS_BINARY_LIMBS_3
@ P_Y_LOW_LIMBS_RANGE_CONSTRAINT_0
@ P_X_HIGH_LIMBS_RANGE_CONSTRAINT_0
@ Z_HIGH_LIMBS_RANGE_CONSTRAINT_0
@ P_X_LOW_LIMBS_RANGE_CONSTRAINT_0
@ QUOTIENT_LOW_LIMBS_RANGE_CONSTRAIN_0
@ ACCUMULATOR_HIGH_LIMBS_RANGE_CONSTRAINT_0
@ RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_1
@ ACCUMULATORS_BINARY_LIMBS_0
@ QUOTIENT_HIGH_BINARY_LIMBS
@ Z_LOW_LIMBS_RANGE_CONSTRAINT_0
@ P_Y_HIGH_LIMBS_RANGE_CONSTRAINT_0
@ RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_3
@ QUOTIENT_LOW_BINARY_LIMBS
@ RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_2
@ ACCUMULATOR_LOW_LIMBS_RANGE_CONSTRAINT_0
@ RELATION_WIDE_LIMBS_RANGE_CONSTRAINT_0
@ QUOTIENT_HIGH_LIMBS_RANGE_CONSTRAIN_0
static constexpr size_t NUM_RANDOM_OPS_START
void create_accumulation_gate(const AccumulationInput &acc_step)
Create a single accumulation gate.
static std::array< Fr, NUM_BINARY_LIMBS > split_fq_into_limbs(const Fq &base)
A small function to transform a native element Fq into its bigfield representation in Fr scalars.
static constexpr size_t MICRO_LIMB_BITS
static constexpr size_t NUM_MICRO_LIMBS
static constexpr size_t RELATION_WIDE_LIMB_BITS
static constexpr size_t NUM_LAST_QUOTIENT_LIMB_BITS
void lay_limbs_in_row(std::array< Fr, array_size > input, WireIds starting_wire)
Place array_size Fr values into consecutive wire slots starting at starting_wire.
static constexpr size_t NUM_Z_BITS
void process_random_op(const UltraOp &ultra_op)
Populate wires for a random op (op wire filled, all other wires zero-filled).
static void check_micro_limbs_maximum_values(const std::array< std::array< Fr, micro_limb_count >, binary_limb_count > &limbs)
Assert that all micro-limbs are < 2^14.
static constexpr uint256_t MAX_RELATION_WIDE_LIMB_SIZE
static std::array< Fr, NUM_MICRO_LIMBS > split_limb_into_microlimbs(const Fr &limb, size_t num_bits)
Split a limb of arbitrary bit size into 14-bit micro-limbs for range constraints.
static constexpr auto MAX_HIGH_WIDE_LIMB_SIZE
void populate_wires_from_ultra_op(const UltraOp &ultra_op)
static void assert_well_formed_accumulation_input(const AccumulationInput &acc_step)
Ensures the accumulation input is well-formed and can be used to create a gate.
static constexpr size_t NUM_LIMB_BITS
static std::array< Fr, NUM_BINARY_LIMBS > uint512_t_to_limbs(const uint512_t &original)
Convert a uint512_t value into its 4 68-bit limbs as Fr scalars.
std::array< std::vector< uint32_t >, NUM_WIRES > wires
static constexpr size_t NUM_BINARY_LIMBS
static constexpr auto SHIFT_2_INVERSE
static std::array< Fr, NUM_Z_LIMBS > split_wide_limb_into_2_limbs(const Fr &wide_limb)
Split a 136-bit Fr value (wide limb) into two 68-bit limbs.
static constexpr auto MAX_LOW_WIDE_LIMB_SIZE
static constexpr size_t NUM_NO_OPS_START
void insert_pair_into_wire(WireIds wire_index, Fr first, Fr second)
static constexpr size_t NUM_LAST_LIMB_BITS
constexpr uint256_t slice(uint64_t start, uint64_t end) const
uintx< uint256_t > uint512_t
Entry point for Barretenberg command-line interface.
field< Bn254FqParams > fq
field< Bn254FrParams > fr
C slice(C const &container, size_t start)
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
std::array< Fq, 2 > get_base_point_standard_form() const
Get the point in standard form i.e. as two coordinates x and y in the base field or as a point at inf...
static constexpr uint256_t modulus
1.9.8