Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
Public Types | Static Public Member Functions | Static Public Attributes | List of all members
bb::ECCVMWnafShortRelationImpl< FF_ > Class Template Reference

#include <ecc_wnaf_short_relation.hpp>

Inheritance diagram for bb::ECCVMWnafShortRelationImpl< FF_ >:
bb::ECCVMWnafRelationImpl< FF_ >

Public Types

using FF = FF_
 
using Base = ECCVMWnafRelationImpl< FF >
 
- Public Types inherited from bb::ECCVMWnafRelationImpl< FF_ >
enum  SubrelationIndex : size_t {
  RANGE_S1HI = 0 , RANGE_S1LO = 1 , RANGE_S2HI = 2 , RANGE_S2LO = 3 ,
  RANGE_S3HI = 4 , RANGE_S3LO = 5 , RANGE_S4HI = 6 , RANGE_S4LO = 7 ,
  SCALAR_SUM_CHECK = 8 , ROUND_CHECK = 9 , ROUND_SHIFT_ZERO = 10 , SCALAR_SUM_SHIFT_ZERO = 11 ,
  PC_CHECK = 12 , SKEW_RANGE = 13 , INACTIVE_SLICE_W0 = 14 , INACTIVE_SLICE_W1 = 15 ,
  INACTIVE_SLICE_W2 = 16 , INACTIVE_SLICE_W3 = 17 , INACTIVE_ROUND = 18 , INACTIVE_PC = 19 ,
  FIRST_SLICE_POSITIVE = 20 , INACTIVE_POINT_TRANSITION = 21 , PRECOMPUTE_SELECT_SHAPE = 22 , NUM_SUBRELATIONS
}
 
using FF = FF_
 

Static Public Member Functions

template<typename AllEntities >
static bool skip (const AllEntities &in)
 Skip rows on which every subrelation contributes the identically-zero polynomial.
 
template<typename ContainerOverSubrelations , typename AllEntities , typename Parameters >
static void accumulate (ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters &params, const FF &scaling_factor)
 
- Static Public Member Functions inherited from bb::ECCVMWnafRelationImpl< FF_ >
template<typename ContainerOverSubrelations , typename AllEntities , typename Parameters >
static void accumulate (ContainerOverSubrelations &accumulator, const AllEntities &in, const Parameters &, const FF &scaling_factor)
 ECCVMWnafRelationImpl evaluates relations that convert scalar multipliers into 4-bit WNAF slices.
 

Static Public Attributes

static constexpr std::array< size_t, Base::NUM_SUBRELATIONSSUBRELATION_PARTIAL_LENGTHS
 
- Static Public Attributes inherited from bb::ECCVMWnafRelationImpl< FF_ >
static constexpr std::array< size_t, 23 > SUBRELATION_PARTIAL_LENGTHS
 

Detailed Description

template<typename FF_>
class bb::ECCVMWnafShortRelationImpl< FF_ >

Definition at line 15 of file ecc_wnaf_short_relation.hpp.

Member Typedef Documentation

◆ Base

template<typename FF_ >
using bb::ECCVMWnafShortRelationImpl< FF_ >::Base = ECCVMWnafRelationImpl<FF>

Definition at line 18 of file ecc_wnaf_short_relation.hpp.

◆ FF

template<typename FF_ >
using bb::ECCVMWnafShortRelationImpl< FF_ >::FF = FF_

Definition at line 17 of file ecc_wnaf_short_relation.hpp.

Member Function Documentation

◆ accumulate()

template<typename FF >
template<typename ContainerOverSubrelations , typename AllEntities , typename Parameters >
void bb::ECCVMWnafShortRelationImpl< FF >::accumulate ( ContainerOverSubrelations &  accumulator,
const AllEntities &  in,
const Parameters &  params,
const FF scaling_factor 
)
static

Definition at line 15 of file ecc_wnaf_short_relation_impl.hpp.

◆ skip()

template<typename FF_ >
template<typename AllEntities >
static bool bb::ECCVMWnafShortRelationImpl< FF_ >::skip ( const AllEntities &  in)
inlinestatic

Skip rows on which every subrelation contributes the identically-zero polynomial.

The wNAF relation is local to the precompute (point-table) region, gated by the boolean column precompute_select, which has shape 0 1 1 ... 1 0 ... 0 (0 at the region's initial row, 1 across the active rows, 0 elsewhere). Predicate: skip iff precompute_select == 0 && precompute_select_shift == 0. Both columns are constrained boolean by ECCVMBoolsRelation, so on any non-randomised row their sum is 0 iff both are 0 (no field cancellation). On the row-disabled rows the selectors are randomised, so the sum is nonzero w.h.p. and those rows are never skipped.

Per-subrelation soundness when precompute_select == 0 && precompute_select_shift == 0 on an honest row:

  • precompute_select-gated (SCALAR_SUM_CHECK, ROUND_CHECK, PC_CHECK, SKEW_RANGE): explicit precompute_select factor is 0.
  • precompute_select_shift gates FIRST_SLICE_POSITIVE and PRECOMPUTE_SELECT_SHAPE: explicit factor is 0. The shift must be in the predicate because at the region's initial row precompute_select == 0 yet precompute_select_shift == 1, where both subrelations are live, so that row is not skipped.
  • ROUND_SHIFT_ZERO / SCALAR_SUM_SHIFT_ZERO carry factor precompute_select * q_transition + lagrange_first. With precompute_select == 0 this is lagrange_first. The region begins at row 0, so precompute_select_shift == 1 on the lagrange_first row; hence the predicate is false there and that row is never skipped. On every skipped row lagrange_first == 0, so the factor is 0.
  • ungated RANGE_S* ((s-1)^2-1)((s-2)^2-1) and complement-gated INACTIVE_* (SLICE_W*, ROUND, PC, POINT_TRANSITION): the base relation forces all region body wires (slices, round, pc, point_transition) to 0 on inactive rows, so on an honest skipped row every slice is 0 (RANGE_S* = ((0-1)^2-1)((0-2)^2-1) = 0) and every inactive body is 0.

Correctness is checked end-to-end by ECCVMTests.ShortMonomialProverVerifies (a wrongly-skipped live row would desynchronise the prover's sumcheck round polynomials from the verifier's recomputation).

Definition at line 68 of file ecc_wnaf_short_relation.hpp.

Member Data Documentation

◆ SUBRELATION_PARTIAL_LENGTHS

template<typename FF_ >
constexpr std::array<size_t, Base::NUM_SUBRELATIONS> bb::ECCVMWnafShortRelationImpl< FF_ >::SUBRELATION_PARTIAL_LENGTHS
staticconstexpr
Initial value:
{
5, 5, 5, 5, 5, 5, 5, 5,
4,
4,
4,
4,
4,
4,
3, 3, 3, 3,
3,
3,
5,
3,
4,
}

Definition at line 23 of file ecc_wnaf_short_relation.hpp.

The documentation for this class was generated from the following files: