Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
uintx_impl.hpp
Go to the documentation of this file.
1// === AUDIT STATUS ===
2// internal: { status: Complete, auditors: [Luke], commit: }
3// external_1: { status: not started, auditors: [], commit: }
4// external_2: { status: not started, auditors: [], commit: }
5// =====================
6
7#pragma once
8#include "./uintx.hpp"
9#include "barretenberg/common/assert.hpp"
10
11namespace bb::numeric {
12template <class base_uint>
13std::pair<uintx<base_uint>, uintx<base_uint>> uintx<base_uint>::divmod_base(const uintx& b) const
14
15{
16 BB_ASSERT(b != 0);
17 if (*this == 0) {
18 return { uintx(0), uintx(0) };
19 }
20 if (b == 1) {
21 return { *this, uintx(0) };
22 }
23 if (*this == b) {
24 return { uintx(1), uintx(0) };
25 }
26 if (b > *this) {
27 return { uintx(0), *this };
28 }
29
30 uintx quotient(0);
31 uintx remainder = *this;
32
33 uint64_t bit_difference = get_msb() - b.get_msb();
34
35 uintx divisor = b << bit_difference;
36 uintx accumulator = uintx(1) << bit_difference;
37
38 // if the divisor is bigger than the remainder, a and b have the same bit length
39 if (divisor > remainder) {
40 divisor >>= 1;
41 accumulator >>= 1;
42 }
43
44 // while the remainder is bigger than our original divisor, we can subtract multiples of b from the remainder,
45 // and add to the quotient
46 while (remainder >= b) {
47
48 // we've shunted 'divisor' up to have the same bit length as our remainder.
49 // If remainder >= divisor, then a is at least '1 << bit_difference' multiples of b
50 if (remainder >= divisor) {
51 remainder -= divisor;
52 // we can use OR here instead of +, as
53 // accumulator is always a nice power of two
54 quotient |= accumulator;
55 }
56 divisor >>= 1;
57 accumulator >>= 1;
58 }
59
60 return std::make_pair(quotient, remainder);
61}
62
73template <class base_uint> uintx<base_uint> uintx<base_uint>::unsafe_invmod(const uintx& modulus) const
74{
75
76 uintx t1 = 0;
77 uintx t2 = 1;
78 uintx r2 = (*this > modulus) ? *this % modulus : *this;
79 uintx r1 = modulus;
80 uintx q = 0;
81 while (r2 != 0) {
82 q = r1 / r2;
83 uintx temp_t1 = t1;
84 uintx temp_r1 = r1;
85 t1 = t2;
86 t2 = temp_t1 - q * t2;
87 r1 = r2;
88 r2 = temp_r1 - q * r2;
89 }
90
91 if (t1 > modulus) {
92 return modulus + t1;
93 }
94 return t1;
95}
96
105template <class base_uint> uintx<base_uint> uintx<base_uint>::invmod(const uintx& modulus) const
106{
107 BB_ASSERT((*this) != 0);
108 BB_ASSERT(modulus != 0);
109 if (modulus.get_msb() >= (2 * base_uint::length() - 1)) {
110 uintx<uintx<base_uint>> a_expanded(*this);
111 uintx<uintx<base_uint>> modulus_expanded(modulus);
112 return a_expanded.unsafe_invmod(modulus_expanded).lo;
113 }
114 return this->unsafe_invmod(modulus);
115}
116
117template <class base_uint> bool uintx<base_uint>::get_bit(const uint64_t bit_index) const
118{
119 if (bit_index >= base_uint::length()) {
120 return hi.get_bit(bit_index - base_uint::length());
121 }
122 return lo.get_bit(bit_index);
123}
124
125template <class base_uint> uintx<base_uint> uintx<base_uint>::operator-() const
126{
127 return uintx(0) - *this;
128}
129
130template <class base_uint> uintx<base_uint> uintx<base_uint>::operator*(const uintx& other) const
131{
132 const auto lolo = lo.mul_extended(other.lo);
133 const auto lohi = lo.mul_extended(other.hi);
134 const auto hilo = hi.mul_extended(other.lo);
135
136 base_uint top = lolo.second + hilo.first + lohi.first;
137 base_uint bottom = lolo.first;
138 return { bottom, top };
139}
140
141template <class base_uint>
142std::pair<uintx<base_uint>, uintx<base_uint>> uintx<base_uint>::mul_extended(const uintx& other) const
143{
144 const auto lolo = lo.mul_extended(other.lo);
145 const auto lohi = lo.mul_extended(other.hi);
146 const auto hilo = hi.mul_extended(other.lo);
147 const auto hihi = hi.mul_extended(other.hi);
148
149 base_uint t0 = lolo.first;
150 base_uint t1 = lolo.second;
151 base_uint t2 = hilo.second;
152 base_uint t3 = hihi.second;
153 base_uint t2_carry(0);
154 base_uint t3_carry(0);
155 t1 += hilo.first;
156 t2_carry += (t1 < hilo.first ? base_uint(1) : base_uint(0));
157 t1 += lohi.first;
158 t2_carry += (t1 < lohi.first ? base_uint(1) : base_uint(0));
159 t2 += lohi.second;
160 t3_carry += (t2 < lohi.second ? base_uint(1) : base_uint(0));
161 t2 += hihi.first;
162 t3_carry += (t2 < hihi.first ? base_uint(1) : base_uint(0));
163 t2 += t2_carry;
164 t3_carry += (t2 < t2_carry ? base_uint(1) : base_uint(0));
165 t3 += t3_carry;
166 return { uintx(t0, t1), uintx(t2, t3) };
167}
168
169template <class base_uint> uintx<base_uint> uintx<base_uint>::operator/(const uintx& other) const
170
171{
172 return divmod(other).first;
173}
174
175template <class base_uint> uintx<base_uint> uintx<base_uint>::operator%(const uintx& other) const
176
177{
178 return divmod(other).second;
179}
180
181template <class base_uint> uintx<base_uint> uintx<base_uint>::operator^(const uintx& other) const
182{
183 return { lo ^ other.lo, hi ^ other.hi };
184}
185
186template <class base_uint> uintx<base_uint> uintx<base_uint>::operator|(const uintx& other) const
187{
188 return { lo | other.lo, hi | other.hi };
189}
190
191template <class base_uint> uintx<base_uint> uintx<base_uint>::operator~() const
192{
193 return { ~lo, ~hi };
194}
195
196template <class base_uint> bool uintx<base_uint>::operator==(const uintx& other) const
197{
198 return ((lo == other.lo) && (hi == other.hi));
199}
200
201template <class base_uint> bool uintx<base_uint>::operator!=(const uintx& other) const
202{
203 return !(*this == other);
204}
205
206template <class base_uint> bool uintx<base_uint>::operator!() const
207{
208 return *this == uintx(0ULL);
209}
210
211template <class base_uint> bool uintx<base_uint>::operator>(const uintx& other) const
212{
213 bool hi_gt = hi > other.hi;
214 bool lo_gt = lo > other.lo;
215
216 bool gt = (hi_gt) || (lo_gt && (hi == other.hi));
217 return gt;
218}
219
220template <class base_uint> bool uintx<base_uint>::operator>=(const uintx& other) const
221{
222 return (*this > other) || (*this == other);
223}
224
225template <class base_uint> bool uintx<base_uint>::operator<(const uintx& other) const
226{
227 return other > *this;
228}
229
230template <class base_uint> bool uintx<base_uint>::operator<=(const uintx& other) const
231{
232 return (*this < other) || (*this == other);
233}
234
235template <class base_uint> std::pair<uintx<base_uint>, uintx<base_uint>> uintx<base_uint>::divmod(const uintx& b) const
236
237{
238 constexpr uint256_t BN254FQMODULUS256 =
239 uint256_t(0x3C208C16D87CFD47UL, 0x97816a916871ca8dUL, 0xb85045b68181585dUL, 0x30644e72e131a029UL);
240 constexpr uint256_t SECP256K1FQMODULUS256 =
241 uint256_t(0xFFFFFFFEFFFFFC2FULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL);
242 constexpr uint256_t SECP256R1FQMODULUS256 =
243 uint256_t(0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL, 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL);
244
245 if (b == uintx(BN254FQMODULUS256)) {
246 return (*this).template barrett_reduction<BN254FQMODULUS256>();
247 }
248 if (b == uintx(SECP256K1FQMODULUS256)) {
249 return (*this).template barrett_reduction<SECP256K1FQMODULUS256>();
250 }
251 if (b == uintx(SECP256R1FQMODULUS256)) {
252 return (*this).template barrett_reduction<SECP256R1FQMODULUS256>();
253 }
254
255 return divmod_base(b);
256}
257
269template <class base_uint>
270template <base_uint modulus>
271std::pair<uintx<base_uint>, uintx<base_uint>> uintx<base_uint>::barrett_reduction() const
272{
273 // N.B. k could be modulus.get_msb() + 1 if we have strong bounds on the max value of (*self)
274 // (a smaller k would allow us to fit `redc_parameter` into `base_uint` and not `uintx`)
275 constexpr size_t k = base_uint::length() - 1;
276 // N.B. computation of redc_parameter requires division operation - if this cannot be precomputed (or amortized over
277 // multiple reductions over the same modulus), barrett_reduction is much slower than divmod
278 static const uintx redc_parameter = ((uintx(1) << (k * 2)).divmod_base(uintx(modulus))).first;
279
280 const auto x = *this;
281
282 // compute x * redc_parameter
283 const auto mul_result = x.mul_extended(redc_parameter);
284 constexpr size_t shift = 2 * k;
285
286 // compute (x * redc_parameter) >> 2k
287 // This is equivalent to (x * (2^{2k} / modulus) / 2^{2k})
288 // which approximates to x / modulus
289 const uintx downshifted_hi_bits = mul_result.second & ((uintx(1) << shift) - 1);
290 const uintx mul_hi_underflow = uintx(downshifted_hi_bits) << (length() - shift);
291 uintx quotient = (mul_result.first >> shift) | mul_hi_underflow;
292
293 // compute remainder by determining value of x - quotient * modulus
294 uintx qm_lo(0);
295 {
296 const auto lolo = quotient.lo.mul_extended(modulus);
297 const auto lohi = quotient.hi.mul_extended(modulus);
298 base_uint t0 = lolo.first;
299 base_uint t1 = lolo.second;
300 t1 = t1 + lohi.first;
301 qm_lo = uintx(t0, t1);
302 }
303 uintx remainder = x - qm_lo;
304
305 // The quotient estimate can be off by up to 4. Classic Barrett guarantees at most 1 correction
306 // when k = ceil(log2(modulus)) and x < modulus^2. Here k = base_uint::length() - 1 (a fixed,
307 // conservative choice), so x / 2^{2k} can be up to 3, giving an error bound of 4.
308 size_t i = 0;
309 while (remainder >= uintx(modulus)) {
310 BB_ASSERT_LT(i, 4U);
311 remainder = remainder - modulus;
312 quotient = quotient + 1;
313 i++;
314 }
315 return std::make_pair(quotient, remainder);
316}
317} // namespace bb::numeric
BB_ASSERT
#define BB_ASSERT(expression,...)
Definition assert.hpp:70
BB_ASSERT_LT
#define BB_ASSERT_LT(left, right,...)
Definition assert.hpp:143
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::numeric::uintx::operator%
uintx operator%(const uintx &other) const
Definition uintx_impl.hpp:175
bb::numeric::uintx::divmod
std::pair< uintx, uintx > divmod(const uintx &b) const
Definition uintx_impl.hpp:235
bb::numeric::uintx::operator!=
bool operator!=(const uintx &other) const
Definition uintx_impl.hpp:201
bb::numeric::uintx::operator<
bool operator<(const uintx &other) const
Definition uintx_impl.hpp:225
bb::numeric::uintx::operator*
uintx operator*(const uintx &other) const
Definition uintx_impl.hpp:130
bb::numeric::uintx::unsafe_invmod
uintx unsafe_invmod(const uintx &modulus) const
Definition uintx_impl.hpp:73
bb::numeric::uintx::operator-
uintx operator-() const
Definition uintx_impl.hpp:125
bb::numeric::uintx::divmod_base
std::pair< uintx, uintx > divmod_base(const uintx &b) const
Definition uintx_impl.hpp:13
bb::numeric::uintx::operator!
bool operator!() const
Definition uintx_impl.hpp:206
bb::numeric::uintx::operator==
bool operator==(const uintx &other) const
Definition uintx_impl.hpp:196
bb::numeric::uintx::operator>
bool operator>(const uintx &other) const
Definition uintx_impl.hpp:211
bb::numeric::uintx::operator<=
bool operator<=(const uintx &other) const
Definition uintx_impl.hpp:230
bb::numeric::uintx::operator~
uintx operator~() const
Definition uintx_impl.hpp:191
bb::numeric::uintx::get_bit
bool get_bit(uint64_t bit_index) const
Definition uintx_impl.hpp:117
bb::numeric::uintx::get_msb
constexpr uint64_t get_msb() const
Definition uintx.hpp:68
bb::numeric::uintx::barrett_reduction
std::pair< uintx, uintx > barrett_reduction() const
bb::numeric::uintx::operator|
uintx operator|(const uintx &other) const
Definition uintx_impl.hpp:186
bb::numeric::uintx::operator>=
bool operator>=(const uintx &other) const
Definition uintx_impl.hpp:220
bb::numeric::uintx::operator/
uintx operator/(const uintx &other) const
Definition uintx_impl.hpp:169
bb::numeric::uintx::mul_extended
std::pair< uintx, uintx > mul_extended(const uintx &other) const
Definition uintx_impl.hpp:142
bb::numeric::uintx::invmod
uintx invmod(const uintx &modulus) const
Definition uintx_impl.hpp:105
bb::numeric::uintx::operator^
uintx operator^(const uintx &other) const
Definition uintx_impl.hpp:181
gt
GreaterThan gt
Definition data_copy.test.cpp:56
b
FF b
Definition field_gt.test.cpp:53
bb::numeric::get_msb
constexpr T get_msb(const T in)
Definition get_msb.hpp:50
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13